[web] Publishing F18 Security Guide in English, Italian, and Japanese
Eric Christensen
sparks at fedoraproject.org
Mon Oct 29 16:46:03 UTC 2012
commit acd6a841dfaecc4c54894e5bd8bb7036ba04ee38
Author: Eric Christensen <sparks at fedoraproject.org>
Date: Mon Oct 29 12:45:33 2012 -0400
Publishing F18 Security Guide in English, Italian, and Japanese
public_html/Sitemap | 118 +-
public_html/as-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/as-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/as-IN/opds-Fedora_Core.xml | 2 +-
.../as-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/as-IN/opds.xml | 12 +-
public_html/as-IN/toc.html | 33 +-
public_html/bg-BG/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bg-BG/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bg-BG/opds-Fedora_Core.xml | 2 +-
.../bg-BG/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bg-BG/opds.xml | 12 +-
public_html/bg-BG/toc.html | 33 +-
public_html/bn-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bn-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bn-IN/opds-Fedora_Core.xml | 2 +-
.../bn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bn-IN/opds.xml | 12 +-
public_html/bn-IN/toc.html | 33 +-
public_html/bs-BA/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bs-BA/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bs-BA/opds-Fedora_Core.xml | 2 +-
.../bs-BA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bs-BA/opds.xml | 12 +-
public_html/bs-BA/toc.html | 33 +-
public_html/ca-ES/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ca-ES/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ca-ES/opds-Fedora_Core.xml | 2 +-
.../ca-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ca-ES/opds.xml | 12 +-
public_html/ca-ES/toc.html | 33 +-
public_html/cs-CZ/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/cs-CZ/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Core.xml | 2 +-
.../cs-CZ/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/cs-CZ/opds.xml | 12 +-
public_html/cs-CZ/toc.html | 31 +-
public_html/da-DK/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/da-DK/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/da-DK/opds-Fedora_Core.xml | 2 +-
.../da-DK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/da-DK/opds.xml | 12 +-
public_html/da-DK/toc.html | 33 +-
public_html/de-DE/Site_Statistics.html | 30 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/de-DE/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/de-DE/opds-Fedora_Core.xml | 2 +-
.../de-DE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/de-DE/opds.xml | 12 +-
public_html/de-DE/toc.html | 89 +-
public_html/el-GR/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/el-GR/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/el-GR/opds-Fedora_Core.xml | 2 +-
.../el-GR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/el-GR/opds.xml | 12 +-
public_html/el-GR/toc.html | 33 +-
.../Fedora-18-Security_Guide-en-US.epub | Bin 0 -> 856287 bytes
.../Security_Guide/Common_Content/css/common.css | 1528 +++++++
.../Security_Guide/Common_Content/css/default.css | 3 +
.../Security_Guide/Common_Content/css/lang.css | 2 +
.../Common_Content/css/overrides.css | 51 +
.../Security_Guide/Common_Content/css/print.css | 16 +
.../Security_Guide/Common_Content/images/1.png | Bin 0 -> 710 bytes
.../Security_Guide/Common_Content/images/1.svg | 27 +
.../Security_Guide/Common_Content/images/10.png | Bin 0 -> 985 bytes
.../Security_Guide/Common_Content/images/10.svg | 31 +
.../Security_Guide/Common_Content/images/11.png | Bin 0 -> 810 bytes
.../Security_Guide/Common_Content/images/11.svg | 31 +
.../Security_Guide/Common_Content/images/12.png | Bin 0 -> 1012 bytes
.../Security_Guide/Common_Content/images/12.svg | 31 +
.../Security_Guide/Common_Content/images/13.png | Bin 0 -> 1048 bytes
.../Security_Guide/Common_Content/images/13.svg | 31 +
.../Security_Guide/Common_Content/images/14.png | Bin 0 -> 914 bytes
.../Security_Guide/Common_Content/images/14.svg | 31 +
.../Security_Guide/Common_Content/images/15.png | Bin 0 -> 989 bytes
.../Security_Guide/Common_Content/images/15.svg | 31 +
.../Security_Guide/Common_Content/images/16.png | Bin 0 -> 1047 bytes
.../Security_Guide/Common_Content/images/16.svg | 31 +
.../Security_Guide/Common_Content/images/17.png | Bin 0 -> 888 bytes
.../Security_Guide/Common_Content/images/17.svg | 31 +
.../Security_Guide/Common_Content/images/18.png | Bin 0 -> 1075 bytes
.../Security_Guide/Common_Content/images/18.svg | 31 +
.../Security_Guide/Common_Content/images/19.png | Bin 0 -> 1049 bytes
.../Security_Guide/Common_Content/images/19.svg | 31 +
.../Security_Guide/Common_Content/images/2.png | Bin 0 -> 896 bytes
.../Security_Guide/Common_Content/images/2.svg | 27 +
.../Security_Guide/Common_Content/images/20.png | Bin 0 -> 1151 bytes
.../Security_Guide/Common_Content/images/20.svg | 31 +
.../Security_Guide/Common_Content/images/21.png | Bin 0 -> 994 bytes
.../Security_Guide/Common_Content/images/21.svg | 31 +
.../Security_Guide/Common_Content/images/22.png | Bin 0 -> 1162 bytes
.../Security_Guide/Common_Content/images/22.svg | 31 +
.../Security_Guide/Common_Content/images/23.png | Bin 0 -> 1207 bytes
.../Security_Guide/Common_Content/images/23.svg | 31 +
.../Security_Guide/Common_Content/images/24.png | Bin 0 -> 1081 bytes
.../Security_Guide/Common_Content/images/24.svg | 31 +
.../Security_Guide/Common_Content/images/25.png | Bin 0 -> 1173 bytes
.../Security_Guide/Common_Content/images/25.svg | 31 +
.../Security_Guide/Common_Content/images/26.png | Bin 0 -> 1208 bytes
.../Security_Guide/Common_Content/images/26.svg | 31 +
.../Security_Guide/Common_Content/images/27.png | Bin 0 -> 1080 bytes
.../Security_Guide/Common_Content/images/27.svg | 31 +
.../Security_Guide/Common_Content/images/28.png | Bin 0 -> 1225 bytes
.../Security_Guide/Common_Content/images/28.svg | 31 +
.../Security_Guide/Common_Content/images/29.png | Bin 0 -> 1196 bytes
.../Security_Guide/Common_Content/images/29.svg | 31 +
.../Security_Guide/Common_Content/images/3.png | Bin 0 -> 958 bytes
.../Security_Guide/Common_Content/images/3.svg | 27 +
.../Security_Guide/Common_Content/images/30.png | Bin 0 -> 1250 bytes
.../Security_Guide/Common_Content/images/30.svg | 31 +
.../Security_Guide/Common_Content/images/31.png | Bin 0 -> 1078 bytes
.../Security_Guide/Common_Content/images/31.svg | 31 +
.../Security_Guide/Common_Content/images/32.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/32.svg | 31 +
.../Security_Guide/Common_Content/images/33.png | Bin 0 -> 1268 bytes
.../Security_Guide/Common_Content/images/33.svg | 31 +
.../Security_Guide/Common_Content/images/34.png | Bin 0 -> 1175 bytes
.../Security_Guide/Common_Content/images/34.svg | 31 +
.../Security_Guide/Common_Content/images/35.png | Bin 0 -> 1224 bytes
.../Security_Guide/Common_Content/images/35.svg | 31 +
.../Security_Guide/Common_Content/images/36.png | Bin 0 -> 1281 bytes
.../Security_Guide/Common_Content/images/36.svg | 31 +
.../Security_Guide/Common_Content/images/37.png | Bin 0 -> 1140 bytes
.../Security_Guide/Common_Content/images/37.svg | 31 +
.../Security_Guide/Common_Content/images/38.png | Bin 0 -> 1300 bytes
.../Security_Guide/Common_Content/images/38.svg | 31 +
.../Security_Guide/Common_Content/images/39.png | Bin 0 -> 1294 bytes
.../Security_Guide/Common_Content/images/39.svg | 31 +
.../Security_Guide/Common_Content/images/4.png | Bin 0 -> 849 bytes
.../Security_Guide/Common_Content/images/4.svg | 27 +
.../Security_Guide/Common_Content/images/40.png | Bin 0 -> 1130 bytes
.../Security_Guide/Common_Content/images/40.svg | 31 +
.../Security_Guide/Common_Content/images/5.png | Bin 0 -> 900 bytes
.../Security_Guide/Common_Content/images/5.svg | 27 +
.../Security_Guide/Common_Content/images/6.png | Bin 0 -> 929 bytes
.../Security_Guide/Common_Content/images/6.svg | 27 +
.../Security_Guide/Common_Content/images/7.png | Bin 0 -> 807 bytes
.../Security_Guide/Common_Content/images/7.svg | 27 +
.../Security_Guide/Common_Content/images/8.png | Bin 0 -> 962 bytes
.../Security_Guide/Common_Content/images/8.svg | 27 +
.../Security_Guide/Common_Content/images/9.png | Bin 0 -> 936 bytes
.../Security_Guide/Common_Content/images/9.svg | 27 +
.../Common_Content/images/bkgrnd_greydots.png | Bin 0 -> 157 bytes
.../Common_Content/images/bullet_arrowblue.png | Bin 0 -> 177 bytes
.../Common_Content/images/documentation.png | Bin 0 -> 623 bytes
.../Security_Guide/Common_Content/images/dot.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/dot2.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/green.png | Bin 0 -> 176 bytes
.../Security_Guide/Common_Content/images/h1-bg.png | Bin 0 -> 565 bytes
.../Common_Content/images/image_left.png | Bin 0 -> 1114 bytes
.../Common_Content/images/image_right.png | Bin 0 -> 2260 bytes
.../Common_Content/images/important.png | Bin 0 -> 2080 bytes
.../Common_Content/images/important.svg | 106 +
.../Security_Guide/Common_Content/images/logo.png | Bin 0 -> 1114 bytes
.../Security_Guide/Common_Content/images/note.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/note.svg | 111 +
.../Security_Guide/Common_Content/images/red.png | Bin 0 -> 163 bytes
.../Security_Guide/Common_Content/images/shade.png | Bin 0 -> 101 bytes
.../Security_Guide/Common_Content/images/shine.png | Bin 0 -> 146 bytes
.../Common_Content/images/stock-go-back.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-forward.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-up.png | Bin 0 -> 760 bytes
.../Common_Content/images/stock-home.png | Bin 0 -> 808 bytes
.../Common_Content/images/title_logo.png | Bin 0 -> 13399 bytes
.../Common_Content/images/title_logo.svg | 61 +
.../Common_Content/images/warning.png | Bin 0 -> 1340 bytes
.../Common_Content/images/warning.svg | 89 +
.../Common_Content/images/watermark-draft.png | Bin 0 -> 25365 bytes
.../Common_Content/images/yellow.png | Bin 0 -> 175 bytes
.../html-single/Security_Guide/images/SCLogin.png | Bin 0 -> 8088 bytes
.../Security_Guide/images/SCLoginEnrollment.png | Bin 0 -> 14924 bytes
.../Security_Guide/images/auth-panel.png | Bin 0 -> 9257 bytes
.../html-single/Security_Guide/images/authicon.png | Bin 0 -> 1163 bytes
.../images/fed-firefox_kerberos_SSO.png | Bin 0 -> 47794 bytes
.../Security_Guide/images/fed-firewall_config.png | Bin 0 -> 76857 bytes
.../Security_Guide/images/fed-ipsec_host2host.png | Bin 0 -> 39081 bytes
.../images/fed-ipsec_n_to_n_local.png | Bin 0 -> 30935 bytes
.../images/fed-ipsec_n_to_n_remote.png | Bin 0 -> 34860 bytes
.../Security_Guide/images/fed-service_config.png | Bin 0 -> 76914 bytes
.../Security_Guide/images/fed-user_pass_groups.png | Bin 0 -> 35369 bytes
.../Security_Guide/images/fed-user_pass_info.png | Bin 0 -> 35624 bytes
.../18/html-single/Security_Guide/images/icon.svg | 3936 +++++++++++++++++
.../Security_Guide/images/n-t-n-ipsec-diagram.png | Bin 0 -> 33470 bytes
.../Security_Guide/images/tcp_wrap_diagram.png | Bin 0 -> 25775 bytes
.../18/html-single/Security_Guide/index.html | 4442 ++++++++++++++++++++
.../Security_Guide/Common_Content/css/common.css | 1528 +++++++
.../Security_Guide/Common_Content/css/default.css | 3 +
.../Security_Guide/Common_Content/css/lang.css | 2 +
.../Common_Content/css/overrides.css | 51 +
.../Security_Guide/Common_Content/css/print.css | 16 +
.../Security_Guide/Common_Content/images/1.png | Bin 0 -> 710 bytes
.../Security_Guide/Common_Content/images/1.svg | 27 +
.../Security_Guide/Common_Content/images/10.png | Bin 0 -> 985 bytes
.../Security_Guide/Common_Content/images/10.svg | 31 +
.../Security_Guide/Common_Content/images/11.png | Bin 0 -> 810 bytes
.../Security_Guide/Common_Content/images/11.svg | 31 +
.../Security_Guide/Common_Content/images/12.png | Bin 0 -> 1012 bytes
.../Security_Guide/Common_Content/images/12.svg | 31 +
.../Security_Guide/Common_Content/images/13.png | Bin 0 -> 1048 bytes
.../Security_Guide/Common_Content/images/13.svg | 31 +
.../Security_Guide/Common_Content/images/14.png | Bin 0 -> 914 bytes
.../Security_Guide/Common_Content/images/14.svg | 31 +
.../Security_Guide/Common_Content/images/15.png | Bin 0 -> 989 bytes
.../Security_Guide/Common_Content/images/15.svg | 31 +
.../Security_Guide/Common_Content/images/16.png | Bin 0 -> 1047 bytes
.../Security_Guide/Common_Content/images/16.svg | 31 +
.../Security_Guide/Common_Content/images/17.png | Bin 0 -> 888 bytes
.../Security_Guide/Common_Content/images/17.svg | 31 +
.../Security_Guide/Common_Content/images/18.png | Bin 0 -> 1075 bytes
.../Security_Guide/Common_Content/images/18.svg | 31 +
.../Security_Guide/Common_Content/images/19.png | Bin 0 -> 1049 bytes
.../Security_Guide/Common_Content/images/19.svg | 31 +
.../Security_Guide/Common_Content/images/2.png | Bin 0 -> 896 bytes
.../Security_Guide/Common_Content/images/2.svg | 27 +
.../Security_Guide/Common_Content/images/20.png | Bin 0 -> 1151 bytes
.../Security_Guide/Common_Content/images/20.svg | 31 +
.../Security_Guide/Common_Content/images/21.png | Bin 0 -> 994 bytes
.../Security_Guide/Common_Content/images/21.svg | 31 +
.../Security_Guide/Common_Content/images/22.png | Bin 0 -> 1162 bytes
.../Security_Guide/Common_Content/images/22.svg | 31 +
.../Security_Guide/Common_Content/images/23.png | Bin 0 -> 1207 bytes
.../Security_Guide/Common_Content/images/23.svg | 31 +
.../Security_Guide/Common_Content/images/24.png | Bin 0 -> 1081 bytes
.../Security_Guide/Common_Content/images/24.svg | 31 +
.../Security_Guide/Common_Content/images/25.png | Bin 0 -> 1173 bytes
.../Security_Guide/Common_Content/images/25.svg | 31 +
.../Security_Guide/Common_Content/images/26.png | Bin 0 -> 1208 bytes
.../Security_Guide/Common_Content/images/26.svg | 31 +
.../Security_Guide/Common_Content/images/27.png | Bin 0 -> 1080 bytes
.../Security_Guide/Common_Content/images/27.svg | 31 +
.../Security_Guide/Common_Content/images/28.png | Bin 0 -> 1225 bytes
.../Security_Guide/Common_Content/images/28.svg | 31 +
.../Security_Guide/Common_Content/images/29.png | Bin 0 -> 1196 bytes
.../Security_Guide/Common_Content/images/29.svg | 31 +
.../Security_Guide/Common_Content/images/3.png | Bin 0 -> 958 bytes
.../Security_Guide/Common_Content/images/3.svg | 27 +
.../Security_Guide/Common_Content/images/30.png | Bin 0 -> 1250 bytes
.../Security_Guide/Common_Content/images/30.svg | 31 +
.../Security_Guide/Common_Content/images/31.png | Bin 0 -> 1078 bytes
.../Security_Guide/Common_Content/images/31.svg | 31 +
.../Security_Guide/Common_Content/images/32.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/32.svg | 31 +
.../Security_Guide/Common_Content/images/33.png | Bin 0 -> 1268 bytes
.../Security_Guide/Common_Content/images/33.svg | 31 +
.../Security_Guide/Common_Content/images/34.png | Bin 0 -> 1175 bytes
.../Security_Guide/Common_Content/images/34.svg | 31 +
.../Security_Guide/Common_Content/images/35.png | Bin 0 -> 1224 bytes
.../Security_Guide/Common_Content/images/35.svg | 31 +
.../Security_Guide/Common_Content/images/36.png | Bin 0 -> 1281 bytes
.../Security_Guide/Common_Content/images/36.svg | 31 +
.../Security_Guide/Common_Content/images/37.png | Bin 0 -> 1140 bytes
.../Security_Guide/Common_Content/images/37.svg | 31 +
.../Security_Guide/Common_Content/images/38.png | Bin 0 -> 1300 bytes
.../Security_Guide/Common_Content/images/38.svg | 31 +
.../Security_Guide/Common_Content/images/39.png | Bin 0 -> 1294 bytes
.../Security_Guide/Common_Content/images/39.svg | 31 +
.../Security_Guide/Common_Content/images/4.png | Bin 0 -> 849 bytes
.../Security_Guide/Common_Content/images/4.svg | 27 +
.../Security_Guide/Common_Content/images/40.png | Bin 0 -> 1130 bytes
.../Security_Guide/Common_Content/images/40.svg | 31 +
.../Security_Guide/Common_Content/images/5.png | Bin 0 -> 900 bytes
.../Security_Guide/Common_Content/images/5.svg | 27 +
.../Security_Guide/Common_Content/images/6.png | Bin 0 -> 929 bytes
.../Security_Guide/Common_Content/images/6.svg | 27 +
.../Security_Guide/Common_Content/images/7.png | Bin 0 -> 807 bytes
.../Security_Guide/Common_Content/images/7.svg | 27 +
.../Security_Guide/Common_Content/images/8.png | Bin 0 -> 962 bytes
.../Security_Guide/Common_Content/images/8.svg | 27 +
.../Security_Guide/Common_Content/images/9.png | Bin 0 -> 936 bytes
.../Security_Guide/Common_Content/images/9.svg | 27 +
.../Common_Content/images/bkgrnd_greydots.png | Bin 0 -> 157 bytes
.../Common_Content/images/bullet_arrowblue.png | Bin 0 -> 177 bytes
.../Common_Content/images/documentation.png | Bin 0 -> 623 bytes
.../Security_Guide/Common_Content/images/dot.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/dot2.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/green.png | Bin 0 -> 176 bytes
.../Security_Guide/Common_Content/images/h1-bg.png | Bin 0 -> 565 bytes
.../Common_Content/images/image_left.png | Bin 0 -> 1114 bytes
.../Common_Content/images/image_right.png | Bin 0 -> 2260 bytes
.../Common_Content/images/important.png | Bin 0 -> 2080 bytes
.../Common_Content/images/important.svg | 106 +
.../Security_Guide/Common_Content/images/logo.png | Bin 0 -> 1114 bytes
.../Security_Guide/Common_Content/images/note.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/note.svg | 111 +
.../Security_Guide/Common_Content/images/red.png | Bin 0 -> 163 bytes
.../Security_Guide/Common_Content/images/shade.png | Bin 0 -> 101 bytes
.../Security_Guide/Common_Content/images/shine.png | Bin 0 -> 146 bytes
.../Common_Content/images/stock-go-back.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-forward.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-up.png | Bin 0 -> 760 bytes
.../Common_Content/images/stock-home.png | Bin 0 -> 808 bytes
.../Common_Content/images/title_logo.png | Bin 0 -> 13399 bytes
.../Common_Content/images/title_logo.svg | 61 +
.../Common_Content/images/warning.png | Bin 0 -> 1340 bytes
.../Common_Content/images/warning.svg | 89 +
.../Common_Content/images/watermark-draft.png | Bin 0 -> 25365 bytes
.../Common_Content/images/yellow.png | Bin 0 -> 175 bytes
...ide-Encryption-Data_in_Motion-Secure_Shell.html | 31 +
.../Security_Guide-Encryption-Data_in_Motion.html | 403 ++
.../Fedora/18/html/Security_Guide/apas02.html | 46 +
.../Fedora/18/html/Security_Guide/apas02s02.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s03.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s04.html | 24 +
.../Fedora/18/html/Security_Guide/apas02s05.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s06.html | 14 +
.../appe-Publican-Revision_History.html | 105 +
.../chap-Security_Guide-Basic_Hardening.html | 16 +
.../Security_Guide/chap-Security_Guide-CVE.html | 18 +
.../chap-Security_Guide-Encryption.html | 24 +
.../chap-Security_Guide-Encryption_Standards.html | 38 +
...General_Principles_of_Information_Security.html | 38 +
.../chap-Security_Guide-References.html | 52 +
.../chap-Security_Guide-Secure_Installation.html | 20 +
.../chap-Security_Guide-Securing_Your_Network.html | 528 +++
.../chap-Security_Guide-Security_Overview.html | 128 +
.../chap-Security_Guide-Software_Maintenance.html | 14 +
.../18/html/Security_Guide/images/SCLogin.png | Bin 0 -> 8088 bytes
.../Security_Guide/images/SCLoginEnrollment.png | Bin 0 -> 14924 bytes
.../18/html/Security_Guide/images/auth-panel.png | Bin 0 -> 9257 bytes
.../18/html/Security_Guide/images/authicon.png | Bin 0 -> 1163 bytes
.../images/fed-firefox_kerberos_SSO.png | Bin 0 -> 47794 bytes
.../Security_Guide/images/fed-firewall_config.png | Bin 0 -> 76857 bytes
.../Security_Guide/images/fed-ipsec_host2host.png | Bin 0 -> 39081 bytes
.../images/fed-ipsec_n_to_n_local.png | Bin 0 -> 30935 bytes
.../images/fed-ipsec_n_to_n_remote.png | Bin 0 -> 34860 bytes
.../Security_Guide/images/fed-service_config.png | Bin 0 -> 76914 bytes
.../Security_Guide/images/fed-user_pass_groups.png | Bin 0 -> 35369 bytes
.../Security_Guide/images/fed-user_pass_info.png | Bin 0 -> 35624 bytes
.../Fedora/18/html/Security_Guide/images/icon.svg | 3936 +++++++++++++++++
.../Security_Guide/images/n-t-n-ipsec-diagram.png | Bin 0 -> 33470 bytes
.../Security_Guide/images/tcp_wrap_diagram.png | Bin 0 -> 25775 bytes
.../en-US/Fedora/18/html/Security_Guide/index.html | 35 +
.../Fedora/18/html/Security_Guide/pr01s02.html | 16 +
.../pref-Security_Guide-Preface.html | 95 +
...y_Guide-Additional_Resources-Related_Books.html | 12 +
...Additional_Resources-Related_Documentation.html | 14 +
...itional_Resources-Useful_Firewall_Websites.html | 16 +
...tional_Resources-Useful_IP_Tables_Websites.html | 12 +
...itional_Resources-Useful_Kerberos_Websites.html | 22 +
...e-Additional_Resources-Useful_PAM_Websites.html | 14 +
...nal_Resources-Useful_TCP_Wrappers_Websites.html | 14 +
...Configuration_Files-Access_Control_Options.html | 60 +
...tion_Files-Binding_and_Redirection_Options.html | 37 +
...guration_Files-Resource_Management_Options.html | 22 +
...ulnerabilities-Threats_to_Network_Security.html | 18 +
...Vulnerabilities-Threats_to_Server_Security.html | 16 +
...hreats_to_Workstation_and_Home_PC_Security.html | 14 +
...curity_Guide-Attackers_and_Vulnerabilities.html | 30 +
...figuration-Activating_the_IPTables_Service.html | 14 +
...ration-Enabling_and_Disabling_the_Firewall.html | 20 +
...e-Basic_Firewall_Configuration-Other_Ports.html | 14 +
...Firewall_Configuration-Saving_the_Settings.html | 16 +
...ic_Firewall_Configuration-Trusted_Services.html | 28 +
...g-General_Principles-Why_is_this_important.html | 12 +
.../sect-Security_Guide-Basic_Hardening-NTP.html | 12 +
...rity_Guide-Basic_Hardening-Networking-IPv6.html | 18 +
...-Security_Guide-Basic_Hardening-Networking.html | 14 +
...ening-Physical_Security-What_else_can_I_do.html | 12 +
...ng-Physical_Security-Why_is_this_important.html | 12 +
...ty_Guide-Basic_Hardening-Physical_Security.html | 16 +
...ct-Security_Guide-Basic_Hardening-Services.html | 12 +
...-Security_Guide-Basic_Hardening-Up_to_date.html | 12 +
...e-CVE-yum_plugin-using_yum_plugin_security.html | 45 +
...mmand_Options_for_IPTables-Command_Options.html | 48 +
...ptions_for_IPTables-IPTables_Match_Options.html | 71 +
...ns_for_IPTables-IPTables_Parameter_Options.html | 56 +
...mmand_Options_for_IPTables-Listing_Options.html | 22 +
...ommand_Options_for_IPTables-Target_Options.html | 50 +
...Security_Guide-Common_Exploits_and_Attacks.html | 67 +
...de-Encryption-7_Zip_Encrypted_Archives-GUI.html | 32 +
...crypted_Archives-Installation-Instructions.html | 16 +
...on-7_Zip_Encrypted_Archives-Things_of_note.html | 12 +
..._Zip_Encrypted_Archives-Usage_Instructions.html | 34 +
..._Guide-Encryption-7_Zip_Encrypted_Archives.html | 14 +
...tion-Using_GPG-About_Public_Key_Encryption.html | 14 +
...ryption-Using_GPG-Creating_GPG_Keys_in_KDE.html | 66 +
...yption-Using_GPG-Creating_GPG_Keys_in_KDE1.html | 16 +
...Encryption-Using_GPG-Using_GPG_with_Alpine.html | 28 +
..._GPG_with_Evolution-Signing_and_Encrypting.html | 14 +
...ing_GPG-Using_GPG_with_Evolution-Verifying.html | 12 +
...ryption-Using_GPG-Using_GPG_with_Evolution.html | 16 +
...ption-Using_GPG-Using_GPG_with_Thunderbird.html | 24 +
.../sect-Security_Guide-Encryption-Using_GPG.html | 24 +
...g_the_Tools-Anticipating_Your_Future_Needs.html | 12 +
...Security_Guide-Evaluating_the_Tools-Nessus.html | 18 +
...-Security_Guide-Evaluating_the_Tools-Nikto.html | 16 +
...uide-Evaluating_the_Tools-VLAD_the_Scanner.html | 18 +
...de-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html | 18 +
...ity_Guide-FORWARD_and_NAT_Rules-Prerouting.html | 20 +
...urity_Guide-Firewalls-Additional_Resources.html | 16 +
...ide-Firewalls-Basic_Firewall_Configuration.html | 24 +
..._Guide-Firewalls-Common_IPTables_Filtering.html | 39 +
...rity_Guide-Firewalls-FORWARD_and_NAT_Rules.html | 45 +
...Firewalls-IPTables_and_Connection_Tracking.html | 22 +
.../sect-Security_Guide-Firewalls-IPv6.html | 18 +
...alicious_Software_and_Spoofed_IP_Addresses.html | 31 +
...ct-Security_Guide-Firewalls-Using_IPTables.html | 28 +
.../sect-Security_Guide-Firewalls.html | 62 +
...curity_Guide-IPTables-Additional_Resources.html | 16 +
...uide-IPTables-Command_Options_for_IPTables.html | 42 +
...ty_Guide-IPTables-IPTables_Control_Scripts.html | 78 +
...-Security_Guide-IPTables-IPTables_and_IPv6.html | 20 +
...urity_Guide-IPTables-Saving_IPTables_Rules.html | 22 +
.../sect-Security_Guide-IPTables.html | 70 +
...ch_Options-Additional_Match_Option_Modules.html | 62 +
...Guide-IPTables_Match_Options-ICMP_Protocol.html | 14 +
..._Guide-IPTables_Match_Options-UDP_Protocol.html | 18 +
...curity_Guide-Kerberos-Additional_Resources.html | 38 +
...e-Kerberos-Configuring_a_Kerberos_5_Client.html | 38 +
...e-Kerberos-Configuring_a_Kerberos_5_Server.html | 48 +
...ity_Guide-Kerberos-Domain_to_Realm_Mapping.html | 23 +
...Security_Guide-Kerberos-How_Kerberos_Works.html | 38 +
...curity_Guide-Kerberos-Kerberos_Terminology.html | 52 +
...t-Security_Guide-Kerberos-Kerberos_and_PAM.html | 14 +
...eros-Setting_Up_Cross_Realm_Authentication.html | 97 +
...y_Guide-Kerberos-Setting_Up_Secondary_KDCs.html | 70 +
.../sect-Security_Guide-Kerberos.html | 42 +
...ide-LUKS_Disk_Encryption-Links_of_Interest.html | 16 +
...ting_Directories-Step_by_Step_Instructions.html | 46 +
...irectories-What_you_have_just_accomplished.html | 12 +
...Encryption-Manually_Encrypting_Directories.html | 18 +
.../sect-Security_Guide-LUKS_Disk_Encryption.html | 26 +
...ecurity_Guide-Option_Fields-Access_Control.html | 17 +
...ct-Security_Guide-Option_Fields-Expansions.html | 49 +
...ecurity_Guide-Option_Fields-Shell_Commands.html | 25 +
...PAM_Configuration_File_Format-Control_Flag.html | 28 +
...Configuration_File_Format-Module_Arguments.html | 18 +
...-PAM_Configuration_File_Format-Module_Name.html | 12 +
...al_Caching-Common_pam_timestamp_Directives.html | 18 +
...AM_and_Device_Ownership-Application_Access.html | 28 +
...ntication_Modules_PAM-Additional_Resources.html | 30 +
...ntication_Modules_PAM-Creating_PAM_Modules.html | 18 +
..._Modules_PAM-PAM_Configuration_File_Format.html | 49 +
...cation_Modules_PAM-PAM_Configuration_Files.html | 16 +
...-PAM_and_Administrative_Credential_Caching.html | 38 +
...ation_Modules_PAM-PAM_and_Device_Ownership.html | 35 +
...Modules_PAM-Sample_PAM_Configuration_Files.html | 51 +
...Guide-Pluggable_Authentication_Modules_PAM.html | 26 +
...allation-Utilize_LUKS_Partition_Encryption.html | 12 +
...curity_Guide-Securing_FTP-Anonymous_Access.html | 30 +
...ing_FTP-Use_TCP_Wrappers_To_Control_Access.html | 12 +
...-Security_Guide-Securing_FTP-User_Accounts.html | 20 +
...Guide-Securing_NFS-Beware_of_Syntax_Errors.html | 18 +
...g_NFS-Do_Not_Use_the_no_root_squash_Option.html | 14 +
...de-Securing_NFS-NFS_Firewall_Configuration.html | 24 +
...Assign_Static_Ports_and_Use_iptables_Rules.html | 21 +
...Securing_NIS-Edit_the_varypsecurenets_File.html | 18 +
...e-Securing_NIS-Use_Kerberos_Authentication.html | 14 +
...Password_like_NIS_Domain_Name_and_Hostname.html | 20 +
...ring_Portmap-Protect_portmap_With_iptables.html | 19 +
...ty_Guide-Securing_Sendmail-Mail_only_Users.html | 12 +
...y_Guide-Securing_Sendmail-NFS_and_Sendmail.html | 16 +
.../sect-Security_Guide-Security_Updates.html | 18 +
...ecurity_Guide-Server_Security-Securing_FTP.html | 36 +
...ecurity_Guide-Server_Security-Securing_NFS.html | 14 +
...ecurity_Guide-Server_Security-Securing_NIS.html | 28 +
...ity_Guide-Server_Security-Securing_Portmap.html | 20 +
...ty_Guide-Server_Security-Securing_Sendmail.html | 26 +
...r_Security-Securing_the_Apache_HTTP_Server.html | 27 +
...curity-Verifying_Which_Ports_Are_Listening.html | 57 +
.../sect-Security_Guide-Server_Security.html | 102 +
...onfiguring_Firefox_to_use_Kerberos_for_SSO.html | 67 +
...O-Getting_Started_with_your_new_Smart_Card.html | 74 +
...ign_on_SSO-How_Smart_Card_Enrollment_Works.html | 20 +
...gle_Sign_on_SSO-How_Smart_Card_Login_Works.html | 24 +
.../sect-Security_Guide-Single_Sign_on_SSO.html | 44 +
...gned_Packages_from_Well_Known_Repositories.html | 14 +
...curity_Updates-Adjusting_Automatic_Updates.html | 14 +
...enance-Plan_and_Configure_Security_Updates.html | 16 +
...Wrappers_Configuration_Files-Option_Fields.html | 20 +
...P_Wrappers_and_xinetd-Additional_Resources.html | 28 +
...nd_xinetd-TCP_Wrappers_Configuration_Files.html | 118 +
...urity_Guide-TCP_Wrappers_and_xinetd-xinetd.html | 18 +
...pers_and_xinetd-xinetd_Configuration_Files.html | 42 +
...ect-Security_Guide-TCP_Wrappers_and_xinetd.html | 44 +
...Server_Security-Inattentive_Administration.html | 16 +
...rver_Security-Inherently_Insecure_Services.html | 20 +
...eats_to_Server_Security-Unpatched_Services.html | 18 +
...PC_Security-Vulnerable_Client_Applications.html | 16 +
...ide-Updating_Packages-Applying_the_Changes.html | 50 +
...dating_Packages-Installing_Signed_Packages.html | 24 +
...pdating_Packages-Verifying_Signed_Packages.html | 28 +
...ide-Using_IPTables-Basic_Firewall_Policies.html | 23 +
...Tables-Saving_and_Restoring_IPTables_Rules.html | 14 +
...Assessment-Defining_Assessment_and_Testing.html | 50 +
...nerability_Assessment-Evaluating_the_Tools.html | 41 +
...ct-Security_Guide-Vulnerability_Assessment.html | 30 +
.../sect-Security_Guide-Yubikey-Web_Sites.html | 12 +
.../sect-Security_Guide-Yubikey.html | 36 +
..._Files-Altering_xinetd_Configuration_Files.html | 30 +
...figuration_Files-The_etcxinetd.d_Directory.html | 47 +
.../Fedora-18-Security_Guide-en-US.pdf | Bin 0 -> 1593650 bytes
public_html/en-US/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/en-US/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/en-US/opds-Fedora_Core.xml | 2 +-
.../en-US/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/en-US/opds.xml | 12 +-
public_html/en-US/toc.html | 28 +-
public_html/es-ES/Site_Statistics.html | 34 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/es-ES/opds-Fedora.xml | 21 +-
public_html/es-ES/opds-Fedora_15.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/es-ES/opds-Fedora_Core.xml | 2 +-
.../es-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/es-ES/opds.xml | 14 +-
public_html/es-ES/toc.html | 91 +-
public_html/fa-IR/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fa-IR/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fa-IR/opds-Fedora_Core.xml | 2 +-
.../fa-IR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fa-IR/opds.xml | 12 +-
public_html/fa-IR/toc.html | 33 +-
public_html/fi-FI/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fi-FI/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fi-FI/opds-Fedora_Core.xml | 2 +-
.../fi-FI/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fi-FI/opds.xml | 12 +-
public_html/fi-FI/toc.html | 39 +-
public_html/fr-FR/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fr-FR/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fr-FR/opds-Fedora_Core.xml | 2 +-
.../fr-FR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fr-FR/opds.xml | 12 +-
public_html/fr-FR/toc.html | 33 +-
public_html/gu-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/gu-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/gu-IN/opds-Fedora_Core.xml | 2 +-
.../gu-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/gu-IN/opds.xml | 12 +-
public_html/gu-IN/toc.html | 33 +-
public_html/he-IL/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/he-IL/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/he-IL/opds-Fedora_Core.xml | 2 +-
.../he-IL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/he-IL/opds.xml | 12 +-
public_html/he-IL/toc.html | 35 +-
public_html/hi-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/hi-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hi-IN/opds-Fedora_Core.xml | 2 +-
.../hi-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hi-IN/opds.xml | 12 +-
public_html/hi-IN/toc.html | 33 +-
public_html/hu-HU/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/hu-HU/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hu-HU/opds-Fedora_Core.xml | 2 +-
.../hu-HU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hu-HU/opds.xml | 12 +-
public_html/hu-HU/toc.html | 33 +-
public_html/id-ID/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/id-ID/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/id-ID/opds-Fedora_Core.xml | 2 +-
.../id-ID/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/id-ID/opds.xml | 12 +-
public_html/id-ID/toc.html | 33 +-
.../Fedora-18-Security_Guide-it-IT.epub | Bin 0 -> 868224 bytes
.../Security_Guide/Common_Content/css/common.css | 1528 +++++++
.../Security_Guide/Common_Content/css/default.css | 3 +
.../Security_Guide/Common_Content/css/lang.css | 2 +
.../Common_Content/css/overrides.css | 51 +
.../Security_Guide/Common_Content/css/print.css | 16 +
.../Security_Guide/Common_Content/images/1.png | Bin 0 -> 710 bytes
.../Security_Guide/Common_Content/images/1.svg | 27 +
.../Security_Guide/Common_Content/images/10.png | Bin 0 -> 985 bytes
.../Security_Guide/Common_Content/images/10.svg | 31 +
.../Security_Guide/Common_Content/images/11.png | Bin 0 -> 810 bytes
.../Security_Guide/Common_Content/images/11.svg | 31 +
.../Security_Guide/Common_Content/images/12.png | Bin 0 -> 1012 bytes
.../Security_Guide/Common_Content/images/12.svg | 31 +
.../Security_Guide/Common_Content/images/13.png | Bin 0 -> 1048 bytes
.../Security_Guide/Common_Content/images/13.svg | 31 +
.../Security_Guide/Common_Content/images/14.png | Bin 0 -> 914 bytes
.../Security_Guide/Common_Content/images/14.svg | 31 +
.../Security_Guide/Common_Content/images/15.png | Bin 0 -> 989 bytes
.../Security_Guide/Common_Content/images/15.svg | 31 +
.../Security_Guide/Common_Content/images/16.png | Bin 0 -> 1047 bytes
.../Security_Guide/Common_Content/images/16.svg | 31 +
.../Security_Guide/Common_Content/images/17.png | Bin 0 -> 888 bytes
.../Security_Guide/Common_Content/images/17.svg | 31 +
.../Security_Guide/Common_Content/images/18.png | Bin 0 -> 1075 bytes
.../Security_Guide/Common_Content/images/18.svg | 31 +
.../Security_Guide/Common_Content/images/19.png | Bin 0 -> 1049 bytes
.../Security_Guide/Common_Content/images/19.svg | 31 +
.../Security_Guide/Common_Content/images/2.png | Bin 0 -> 896 bytes
.../Security_Guide/Common_Content/images/2.svg | 27 +
.../Security_Guide/Common_Content/images/20.png | Bin 0 -> 1151 bytes
.../Security_Guide/Common_Content/images/20.svg | 31 +
.../Security_Guide/Common_Content/images/21.png | Bin 0 -> 994 bytes
.../Security_Guide/Common_Content/images/21.svg | 31 +
.../Security_Guide/Common_Content/images/22.png | Bin 0 -> 1162 bytes
.../Security_Guide/Common_Content/images/22.svg | 31 +
.../Security_Guide/Common_Content/images/23.png | Bin 0 -> 1207 bytes
.../Security_Guide/Common_Content/images/23.svg | 31 +
.../Security_Guide/Common_Content/images/24.png | Bin 0 -> 1081 bytes
.../Security_Guide/Common_Content/images/24.svg | 31 +
.../Security_Guide/Common_Content/images/25.png | Bin 0 -> 1173 bytes
.../Security_Guide/Common_Content/images/25.svg | 31 +
.../Security_Guide/Common_Content/images/26.png | Bin 0 -> 1208 bytes
.../Security_Guide/Common_Content/images/26.svg | 31 +
.../Security_Guide/Common_Content/images/27.png | Bin 0 -> 1080 bytes
.../Security_Guide/Common_Content/images/27.svg | 31 +
.../Security_Guide/Common_Content/images/28.png | Bin 0 -> 1225 bytes
.../Security_Guide/Common_Content/images/28.svg | 31 +
.../Security_Guide/Common_Content/images/29.png | Bin 0 -> 1196 bytes
.../Security_Guide/Common_Content/images/29.svg | 31 +
.../Security_Guide/Common_Content/images/3.png | Bin 0 -> 958 bytes
.../Security_Guide/Common_Content/images/3.svg | 27 +
.../Security_Guide/Common_Content/images/30.png | Bin 0 -> 1250 bytes
.../Security_Guide/Common_Content/images/30.svg | 31 +
.../Security_Guide/Common_Content/images/31.png | Bin 0 -> 1078 bytes
.../Security_Guide/Common_Content/images/31.svg | 31 +
.../Security_Guide/Common_Content/images/32.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/32.svg | 31 +
.../Security_Guide/Common_Content/images/33.png | Bin 0 -> 1268 bytes
.../Security_Guide/Common_Content/images/33.svg | 31 +
.../Security_Guide/Common_Content/images/34.png | Bin 0 -> 1175 bytes
.../Security_Guide/Common_Content/images/34.svg | 31 +
.../Security_Guide/Common_Content/images/35.png | Bin 0 -> 1224 bytes
.../Security_Guide/Common_Content/images/35.svg | 31 +
.../Security_Guide/Common_Content/images/36.png | Bin 0 -> 1281 bytes
.../Security_Guide/Common_Content/images/36.svg | 31 +
.../Security_Guide/Common_Content/images/37.png | Bin 0 -> 1140 bytes
.../Security_Guide/Common_Content/images/37.svg | 31 +
.../Security_Guide/Common_Content/images/38.png | Bin 0 -> 1300 bytes
.../Security_Guide/Common_Content/images/38.svg | 31 +
.../Security_Guide/Common_Content/images/39.png | Bin 0 -> 1294 bytes
.../Security_Guide/Common_Content/images/39.svg | 31 +
.../Security_Guide/Common_Content/images/4.png | Bin 0 -> 849 bytes
.../Security_Guide/Common_Content/images/4.svg | 27 +
.../Security_Guide/Common_Content/images/40.png | Bin 0 -> 1130 bytes
.../Security_Guide/Common_Content/images/40.svg | 31 +
.../Security_Guide/Common_Content/images/5.png | Bin 0 -> 900 bytes
.../Security_Guide/Common_Content/images/5.svg | 27 +
.../Security_Guide/Common_Content/images/6.png | Bin 0 -> 929 bytes
.../Security_Guide/Common_Content/images/6.svg | 27 +
.../Security_Guide/Common_Content/images/7.png | Bin 0 -> 807 bytes
.../Security_Guide/Common_Content/images/7.svg | 27 +
.../Security_Guide/Common_Content/images/8.png | Bin 0 -> 962 bytes
.../Security_Guide/Common_Content/images/8.svg | 27 +
.../Security_Guide/Common_Content/images/9.png | Bin 0 -> 936 bytes
.../Security_Guide/Common_Content/images/9.svg | 27 +
.../Common_Content/images/bkgrnd_greydots.png | Bin 0 -> 157 bytes
.../Common_Content/images/bullet_arrowblue.png | Bin 0 -> 177 bytes
.../Common_Content/images/documentation.png | Bin 0 -> 623 bytes
.../Security_Guide/Common_Content/images/dot.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/dot2.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/green.png | Bin 0 -> 176 bytes
.../Security_Guide/Common_Content/images/h1-bg.png | Bin 0 -> 565 bytes
.../Common_Content/images/image_left.png | Bin 0 -> 1114 bytes
.../Common_Content/images/image_right.png | Bin 0 -> 3269 bytes
.../Common_Content/images/important.png | Bin 0 -> 2080 bytes
.../Common_Content/images/important.svg | 106 +
.../Security_Guide/Common_Content/images/logo.png | Bin 0 -> 1114 bytes
.../Security_Guide/Common_Content/images/note.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/note.svg | 111 +
.../Security_Guide/Common_Content/images/red.png | Bin 0 -> 163 bytes
.../Security_Guide/Common_Content/images/shade.png | Bin 0 -> 101 bytes
.../Security_Guide/Common_Content/images/shine.png | Bin 0 -> 146 bytes
.../Common_Content/images/stock-go-back.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-forward.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-up.png | Bin 0 -> 760 bytes
.../Common_Content/images/stock-home.png | Bin 0 -> 808 bytes
.../Common_Content/images/title_logo.png | Bin 0 -> 13399 bytes
.../Common_Content/images/title_logo.svg | 61 +
.../Common_Content/images/warning.png | Bin 0 -> 1340 bytes
.../Common_Content/images/warning.svg | 89 +
.../Common_Content/images/watermark-draft.png | Bin 0 -> 25365 bytes
.../Common_Content/images/yellow.png | Bin 0 -> 175 bytes
.../html-single/Security_Guide/images/SCLogin.png | Bin 0 -> 8088 bytes
.../Security_Guide/images/SCLoginEnrollment.png | Bin 0 -> 14924 bytes
.../Security_Guide/images/auth-panel.png | Bin 0 -> 9257 bytes
.../html-single/Security_Guide/images/authicon.png | Bin 0 -> 1163 bytes
.../images/fed-firefox_kerberos_SSO.png | Bin 0 -> 47794 bytes
.../Security_Guide/images/fed-firewall_config.png | Bin 0 -> 76857 bytes
.../Security_Guide/images/fed-ipsec_host2host.png | Bin 0 -> 39081 bytes
.../images/fed-ipsec_n_to_n_local.png | Bin 0 -> 30935 bytes
.../images/fed-ipsec_n_to_n_remote.png | Bin 0 -> 34860 bytes
.../Security_Guide/images/fed-service_config.png | Bin 0 -> 76914 bytes
.../Security_Guide/images/fed-user_pass_groups.png | Bin 0 -> 35369 bytes
.../Security_Guide/images/fed-user_pass_info.png | Bin 0 -> 35624 bytes
.../18/html-single/Security_Guide/images/icon.svg | 3936 +++++++++++++++++
.../Security_Guide/images/n-t-n-ipsec-diagram.png | Bin 0 -> 33470 bytes
.../Security_Guide/images/tcp_wrap_diagram.png | Bin 0 -> 25775 bytes
.../18/html-single/Security_Guide/index.html | 4433 +++++++++++++++++++
.../Security_Guide/Common_Content/css/common.css | 1528 +++++++
.../Security_Guide/Common_Content/css/default.css | 3 +
.../Security_Guide/Common_Content/css/lang.css | 2 +
.../Common_Content/css/overrides.css | 51 +
.../Security_Guide/Common_Content/css/print.css | 16 +
.../Security_Guide/Common_Content/images/1.png | Bin 0 -> 710 bytes
.../Security_Guide/Common_Content/images/1.svg | 27 +
.../Security_Guide/Common_Content/images/10.png | Bin 0 -> 985 bytes
.../Security_Guide/Common_Content/images/10.svg | 31 +
.../Security_Guide/Common_Content/images/11.png | Bin 0 -> 810 bytes
.../Security_Guide/Common_Content/images/11.svg | 31 +
.../Security_Guide/Common_Content/images/12.png | Bin 0 -> 1012 bytes
.../Security_Guide/Common_Content/images/12.svg | 31 +
.../Security_Guide/Common_Content/images/13.png | Bin 0 -> 1048 bytes
.../Security_Guide/Common_Content/images/13.svg | 31 +
.../Security_Guide/Common_Content/images/14.png | Bin 0 -> 914 bytes
.../Security_Guide/Common_Content/images/14.svg | 31 +
.../Security_Guide/Common_Content/images/15.png | Bin 0 -> 989 bytes
.../Security_Guide/Common_Content/images/15.svg | 31 +
.../Security_Guide/Common_Content/images/16.png | Bin 0 -> 1047 bytes
.../Security_Guide/Common_Content/images/16.svg | 31 +
.../Security_Guide/Common_Content/images/17.png | Bin 0 -> 888 bytes
.../Security_Guide/Common_Content/images/17.svg | 31 +
.../Security_Guide/Common_Content/images/18.png | Bin 0 -> 1075 bytes
.../Security_Guide/Common_Content/images/18.svg | 31 +
.../Security_Guide/Common_Content/images/19.png | Bin 0 -> 1049 bytes
.../Security_Guide/Common_Content/images/19.svg | 31 +
.../Security_Guide/Common_Content/images/2.png | Bin 0 -> 896 bytes
.../Security_Guide/Common_Content/images/2.svg | 27 +
.../Security_Guide/Common_Content/images/20.png | Bin 0 -> 1151 bytes
.../Security_Guide/Common_Content/images/20.svg | 31 +
.../Security_Guide/Common_Content/images/21.png | Bin 0 -> 994 bytes
.../Security_Guide/Common_Content/images/21.svg | 31 +
.../Security_Guide/Common_Content/images/22.png | Bin 0 -> 1162 bytes
.../Security_Guide/Common_Content/images/22.svg | 31 +
.../Security_Guide/Common_Content/images/23.png | Bin 0 -> 1207 bytes
.../Security_Guide/Common_Content/images/23.svg | 31 +
.../Security_Guide/Common_Content/images/24.png | Bin 0 -> 1081 bytes
.../Security_Guide/Common_Content/images/24.svg | 31 +
.../Security_Guide/Common_Content/images/25.png | Bin 0 -> 1173 bytes
.../Security_Guide/Common_Content/images/25.svg | 31 +
.../Security_Guide/Common_Content/images/26.png | Bin 0 -> 1208 bytes
.../Security_Guide/Common_Content/images/26.svg | 31 +
.../Security_Guide/Common_Content/images/27.png | Bin 0 -> 1080 bytes
.../Security_Guide/Common_Content/images/27.svg | 31 +
.../Security_Guide/Common_Content/images/28.png | Bin 0 -> 1225 bytes
.../Security_Guide/Common_Content/images/28.svg | 31 +
.../Security_Guide/Common_Content/images/29.png | Bin 0 -> 1196 bytes
.../Security_Guide/Common_Content/images/29.svg | 31 +
.../Security_Guide/Common_Content/images/3.png | Bin 0 -> 958 bytes
.../Security_Guide/Common_Content/images/3.svg | 27 +
.../Security_Guide/Common_Content/images/30.png | Bin 0 -> 1250 bytes
.../Security_Guide/Common_Content/images/30.svg | 31 +
.../Security_Guide/Common_Content/images/31.png | Bin 0 -> 1078 bytes
.../Security_Guide/Common_Content/images/31.svg | 31 +
.../Security_Guide/Common_Content/images/32.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/32.svg | 31 +
.../Security_Guide/Common_Content/images/33.png | Bin 0 -> 1268 bytes
.../Security_Guide/Common_Content/images/33.svg | 31 +
.../Security_Guide/Common_Content/images/34.png | Bin 0 -> 1175 bytes
.../Security_Guide/Common_Content/images/34.svg | 31 +
.../Security_Guide/Common_Content/images/35.png | Bin 0 -> 1224 bytes
.../Security_Guide/Common_Content/images/35.svg | 31 +
.../Security_Guide/Common_Content/images/36.png | Bin 0 -> 1281 bytes
.../Security_Guide/Common_Content/images/36.svg | 31 +
.../Security_Guide/Common_Content/images/37.png | Bin 0 -> 1140 bytes
.../Security_Guide/Common_Content/images/37.svg | 31 +
.../Security_Guide/Common_Content/images/38.png | Bin 0 -> 1300 bytes
.../Security_Guide/Common_Content/images/38.svg | 31 +
.../Security_Guide/Common_Content/images/39.png | Bin 0 -> 1294 bytes
.../Security_Guide/Common_Content/images/39.svg | 31 +
.../Security_Guide/Common_Content/images/4.png | Bin 0 -> 849 bytes
.../Security_Guide/Common_Content/images/4.svg | 27 +
.../Security_Guide/Common_Content/images/40.png | Bin 0 -> 1130 bytes
.../Security_Guide/Common_Content/images/40.svg | 31 +
.../Security_Guide/Common_Content/images/5.png | Bin 0 -> 900 bytes
.../Security_Guide/Common_Content/images/5.svg | 27 +
.../Security_Guide/Common_Content/images/6.png | Bin 0 -> 929 bytes
.../Security_Guide/Common_Content/images/6.svg | 27 +
.../Security_Guide/Common_Content/images/7.png | Bin 0 -> 807 bytes
.../Security_Guide/Common_Content/images/7.svg | 27 +
.../Security_Guide/Common_Content/images/8.png | Bin 0 -> 962 bytes
.../Security_Guide/Common_Content/images/8.svg | 27 +
.../Security_Guide/Common_Content/images/9.png | Bin 0 -> 936 bytes
.../Security_Guide/Common_Content/images/9.svg | 27 +
.../Common_Content/images/bkgrnd_greydots.png | Bin 0 -> 157 bytes
.../Common_Content/images/bullet_arrowblue.png | Bin 0 -> 177 bytes
.../Common_Content/images/documentation.png | Bin 0 -> 623 bytes
.../Security_Guide/Common_Content/images/dot.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/dot2.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/green.png | Bin 0 -> 176 bytes
.../Security_Guide/Common_Content/images/h1-bg.png | Bin 0 -> 565 bytes
.../Common_Content/images/image_left.png | Bin 0 -> 1114 bytes
.../Common_Content/images/image_right.png | Bin 0 -> 3269 bytes
.../Common_Content/images/important.png | Bin 0 -> 2080 bytes
.../Common_Content/images/important.svg | 106 +
.../Security_Guide/Common_Content/images/logo.png | Bin 0 -> 1114 bytes
.../Security_Guide/Common_Content/images/note.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/note.svg | 111 +
.../Security_Guide/Common_Content/images/red.png | Bin 0 -> 163 bytes
.../Security_Guide/Common_Content/images/shade.png | Bin 0 -> 101 bytes
.../Security_Guide/Common_Content/images/shine.png | Bin 0 -> 146 bytes
.../Common_Content/images/stock-go-back.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-forward.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-up.png | Bin 0 -> 760 bytes
.../Common_Content/images/stock-home.png | Bin 0 -> 808 bytes
.../Common_Content/images/title_logo.png | Bin 0 -> 13399 bytes
.../Common_Content/images/title_logo.svg | 61 +
.../Common_Content/images/warning.png | Bin 0 -> 1340 bytes
.../Common_Content/images/warning.svg | 89 +
.../Common_Content/images/watermark-draft.png | Bin 0 -> 25365 bytes
.../Common_Content/images/yellow.png | Bin 0 -> 175 bytes
...ide-Encryption-Data_in_Motion-Secure_Shell.html | 31 +
.../Security_Guide-Encryption-Data_in_Motion.html | 403 ++
.../Fedora/18/html/Security_Guide/apas02.html | 46 +
.../Fedora/18/html/Security_Guide/apas02s02.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s03.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s04.html | 24 +
.../Fedora/18/html/Security_Guide/apas02s05.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s06.html | 14 +
.../appe-Publican-Revision_History.html | 105 +
.../chap-Security_Guide-Basic_Hardening.html | 16 +
.../Security_Guide/chap-Security_Guide-CVE.html | 18 +
.../chap-Security_Guide-Encryption.html | 24 +
.../chap-Security_Guide-Encryption_Standards.html | 38 +
...General_Principles_of_Information_Security.html | 38 +
.../chap-Security_Guide-References.html | 52 +
.../chap-Security_Guide-Secure_Installation.html | 20 +
.../chap-Security_Guide-Securing_Your_Network.html | 528 +++
.../chap-Security_Guide-Security_Overview.html | 128 +
.../chap-Security_Guide-Software_Maintenance.html | 14 +
.../18/html/Security_Guide/images/SCLogin.png | Bin 0 -> 8088 bytes
.../Security_Guide/images/SCLoginEnrollment.png | Bin 0 -> 14924 bytes
.../18/html/Security_Guide/images/auth-panel.png | Bin 0 -> 9257 bytes
.../18/html/Security_Guide/images/authicon.png | Bin 0 -> 1163 bytes
.../images/fed-firefox_kerberos_SSO.png | Bin 0 -> 47794 bytes
.../Security_Guide/images/fed-firewall_config.png | Bin 0 -> 76857 bytes
.../Security_Guide/images/fed-ipsec_host2host.png | Bin 0 -> 39081 bytes
.../images/fed-ipsec_n_to_n_local.png | Bin 0 -> 30935 bytes
.../images/fed-ipsec_n_to_n_remote.png | Bin 0 -> 34860 bytes
.../Security_Guide/images/fed-service_config.png | Bin 0 -> 76914 bytes
.../Security_Guide/images/fed-user_pass_groups.png | Bin 0 -> 35369 bytes
.../Security_Guide/images/fed-user_pass_info.png | Bin 0 -> 35624 bytes
.../Fedora/18/html/Security_Guide/images/icon.svg | 3936 +++++++++++++++++
.../Security_Guide/images/n-t-n-ipsec-diagram.png | Bin 0 -> 33470 bytes
.../Security_Guide/images/tcp_wrap_diagram.png | Bin 0 -> 25775 bytes
.../it-IT/Fedora/18/html/Security_Guide/index.html | 35 +
.../Fedora/18/html/Security_Guide/pr01s02.html | 16 +
.../pref-Security_Guide-Preface.html | 95 +
...y_Guide-Additional_Resources-Related_Books.html | 12 +
...Additional_Resources-Related_Documentation.html | 14 +
...itional_Resources-Useful_Firewall_Websites.html | 16 +
...tional_Resources-Useful_IP_Tables_Websites.html | 12 +
...itional_Resources-Useful_Kerberos_Websites.html | 22 +
...e-Additional_Resources-Useful_PAM_Websites.html | 14 +
...nal_Resources-Useful_TCP_Wrappers_Websites.html | 14 +
...Configuration_Files-Access_Control_Options.html | 60 +
...tion_Files-Binding_and_Redirection_Options.html | 37 +
...guration_Files-Resource_Management_Options.html | 22 +
...ulnerabilities-Threats_to_Network_Security.html | 18 +
...Vulnerabilities-Threats_to_Server_Security.html | 16 +
...hreats_to_Workstation_and_Home_PC_Security.html | 14 +
...curity_Guide-Attackers_and_Vulnerabilities.html | 30 +
...figuration-Activating_the_IPTables_Service.html | 14 +
...ration-Enabling_and_Disabling_the_Firewall.html | 20 +
...e-Basic_Firewall_Configuration-Other_Ports.html | 14 +
...Firewall_Configuration-Saving_the_Settings.html | 16 +
...ic_Firewall_Configuration-Trusted_Services.html | 28 +
...g-General_Principles-Why_is_this_important.html | 12 +
.../sect-Security_Guide-Basic_Hardening-NTP.html | 12 +
...rity_Guide-Basic_Hardening-Networking-IPv6.html | 18 +
...-Security_Guide-Basic_Hardening-Networking.html | 14 +
...ening-Physical_Security-What_else_can_I_do.html | 12 +
...ng-Physical_Security-Why_is_this_important.html | 12 +
...ty_Guide-Basic_Hardening-Physical_Security.html | 16 +
...ct-Security_Guide-Basic_Hardening-Services.html | 12 +
...-Security_Guide-Basic_Hardening-Up_to_date.html | 12 +
...e-CVE-yum_plugin-using_yum_plugin_security.html | 45 +
...mmand_Options_for_IPTables-Command_Options.html | 48 +
...ptions_for_IPTables-IPTables_Match_Options.html | 71 +
...ns_for_IPTables-IPTables_Parameter_Options.html | 56 +
...mmand_Options_for_IPTables-Listing_Options.html | 22 +
...ommand_Options_for_IPTables-Target_Options.html | 50 +
...Security_Guide-Common_Exploits_and_Attacks.html | 67 +
...de-Encryption-7_Zip_Encrypted_Archives-GUI.html | 32 +
...crypted_Archives-Installation-Instructions.html | 16 +
...on-7_Zip_Encrypted_Archives-Things_of_note.html | 12 +
..._Zip_Encrypted_Archives-Usage_Instructions.html | 34 +
..._Guide-Encryption-7_Zip_Encrypted_Archives.html | 14 +
...tion-Using_GPG-About_Public_Key_Encryption.html | 14 +
...ryption-Using_GPG-Creating_GPG_Keys_in_KDE.html | 54 +
...yption-Using_GPG-Creating_GPG_Keys_in_KDE1.html | 16 +
...Encryption-Using_GPG-Using_GPG_with_Alpine.html | 28 +
..._GPG_with_Evolution-Signing_and_Encrypting.html | 14 +
...ing_GPG-Using_GPG_with_Evolution-Verifying.html | 12 +
...ryption-Using_GPG-Using_GPG_with_Evolution.html | 16 +
...ption-Using_GPG-Using_GPG_with_Thunderbird.html | 24 +
.../sect-Security_Guide-Encryption-Using_GPG.html | 24 +
...g_the_Tools-Anticipating_Your_Future_Needs.html | 12 +
...Security_Guide-Evaluating_the_Tools-Nessus.html | 18 +
...-Security_Guide-Evaluating_the_Tools-Nikto.html | 16 +
...uide-Evaluating_the_Tools-VLAD_the_Scanner.html | 18 +
...de-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html | 18 +
...ity_Guide-FORWARD_and_NAT_Rules-Prerouting.html | 20 +
...urity_Guide-Firewalls-Additional_Resources.html | 16 +
...ide-Firewalls-Basic_Firewall_Configuration.html | 24 +
..._Guide-Firewalls-Common_IPTables_Filtering.html | 39 +
...rity_Guide-Firewalls-FORWARD_and_NAT_Rules.html | 45 +
...Firewalls-IPTables_and_Connection_Tracking.html | 22 +
.../sect-Security_Guide-Firewalls-IPv6.html | 18 +
...alicious_Software_and_Spoofed_IP_Addresses.html | 31 +
...ct-Security_Guide-Firewalls-Using_IPTables.html | 28 +
.../sect-Security_Guide-Firewalls.html | 62 +
...curity_Guide-IPTables-Additional_Resources.html | 16 +
...uide-IPTables-Command_Options_for_IPTables.html | 42 +
...ty_Guide-IPTables-IPTables_Control_Scripts.html | 78 +
...-Security_Guide-IPTables-IPTables_and_IPv6.html | 20 +
...urity_Guide-IPTables-Saving_IPTables_Rules.html | 22 +
.../sect-Security_Guide-IPTables.html | 70 +
...ch_Options-Additional_Match_Option_Modules.html | 62 +
...Guide-IPTables_Match_Options-ICMP_Protocol.html | 14 +
..._Guide-IPTables_Match_Options-UDP_Protocol.html | 18 +
...curity_Guide-Kerberos-Additional_Resources.html | 38 +
...e-Kerberos-Configuring_a_Kerberos_5_Client.html | 38 +
...e-Kerberos-Configuring_a_Kerberos_5_Server.html | 48 +
...ity_Guide-Kerberos-Domain_to_Realm_Mapping.html | 23 +
...Security_Guide-Kerberos-How_Kerberos_Works.html | 38 +
...curity_Guide-Kerberos-Kerberos_Terminology.html | 52 +
...t-Security_Guide-Kerberos-Kerberos_and_PAM.html | 14 +
...eros-Setting_Up_Cross_Realm_Authentication.html | 100 +
...y_Guide-Kerberos-Setting_Up_Secondary_KDCs.html | 70 +
.../sect-Security_Guide-Kerberos.html | 42 +
...ide-LUKS_Disk_Encryption-Links_of_Interest.html | 16 +
...ting_Directories-Step_by_Step_Instructions.html | 46 +
...irectories-What_you_have_just_accomplished.html | 12 +
...Encryption-Manually_Encrypting_Directories.html | 18 +
.../sect-Security_Guide-LUKS_Disk_Encryption.html | 26 +
...ecurity_Guide-Option_Fields-Access_Control.html | 17 +
...ct-Security_Guide-Option_Fields-Expansions.html | 49 +
...ecurity_Guide-Option_Fields-Shell_Commands.html | 25 +
...PAM_Configuration_File_Format-Control_Flag.html | 28 +
...Configuration_File_Format-Module_Arguments.html | 18 +
...-PAM_Configuration_File_Format-Module_Name.html | 12 +
...al_Caching-Common_pam_timestamp_Directives.html | 18 +
...AM_and_Device_Ownership-Application_Access.html | 28 +
...ntication_Modules_PAM-Additional_Resources.html | 30 +
...ntication_Modules_PAM-Creating_PAM_Modules.html | 18 +
..._Modules_PAM-PAM_Configuration_File_Format.html | 49 +
...cation_Modules_PAM-PAM_Configuration_Files.html | 16 +
...-PAM_and_Administrative_Credential_Caching.html | 38 +
...ation_Modules_PAM-PAM_and_Device_Ownership.html | 35 +
...Modules_PAM-Sample_PAM_Configuration_Files.html | 51 +
...Guide-Pluggable_Authentication_Modules_PAM.html | 26 +
...allation-Utilize_LUKS_Partition_Encryption.html | 12 +
...curity_Guide-Securing_FTP-Anonymous_Access.html | 30 +
...ing_FTP-Use_TCP_Wrappers_To_Control_Access.html | 12 +
...-Security_Guide-Securing_FTP-User_Accounts.html | 20 +
...Guide-Securing_NFS-Beware_of_Syntax_Errors.html | 18 +
...g_NFS-Do_Not_Use_the_no_root_squash_Option.html | 14 +
...de-Securing_NFS-NFS_Firewall_Configuration.html | 24 +
...Assign_Static_Ports_and_Use_iptables_Rules.html | 21 +
...Securing_NIS-Edit_the_varypsecurenets_File.html | 18 +
...e-Securing_NIS-Use_Kerberos_Authentication.html | 14 +
...Password_like_NIS_Domain_Name_and_Hostname.html | 20 +
...ring_Portmap-Protect_portmap_With_iptables.html | 19 +
...ty_Guide-Securing_Sendmail-Mail_only_Users.html | 12 +
...y_Guide-Securing_Sendmail-NFS_and_Sendmail.html | 16 +
.../sect-Security_Guide-Security_Updates.html | 18 +
...ecurity_Guide-Server_Security-Securing_FTP.html | 36 +
...ecurity_Guide-Server_Security-Securing_NFS.html | 14 +
...ecurity_Guide-Server_Security-Securing_NIS.html | 28 +
...ity_Guide-Server_Security-Securing_Portmap.html | 20 +
...ty_Guide-Server_Security-Securing_Sendmail.html | 26 +
...r_Security-Securing_the_Apache_HTTP_Server.html | 27 +
...curity-Verifying_Which_Ports_Are_Listening.html | 57 +
.../sect-Security_Guide-Server_Security.html | 102 +
...onfiguring_Firefox_to_use_Kerberos_for_SSO.html | 67 +
...O-Getting_Started_with_your_new_Smart_Card.html | 74 +
...ign_on_SSO-How_Smart_Card_Enrollment_Works.html | 20 +
...gle_Sign_on_SSO-How_Smart_Card_Login_Works.html | 24 +
.../sect-Security_Guide-Single_Sign_on_SSO.html | 44 +
...gned_Packages_from_Well_Known_Repositories.html | 14 +
...curity_Updates-Adjusting_Automatic_Updates.html | 14 +
...enance-Plan_and_Configure_Security_Updates.html | 16 +
...Wrappers_Configuration_Files-Option_Fields.html | 20 +
...P_Wrappers_and_xinetd-Additional_Resources.html | 28 +
...nd_xinetd-TCP_Wrappers_Configuration_Files.html | 118 +
...urity_Guide-TCP_Wrappers_and_xinetd-xinetd.html | 18 +
...pers_and_xinetd-xinetd_Configuration_Files.html | 42 +
...ect-Security_Guide-TCP_Wrappers_and_xinetd.html | 44 +
...Server_Security-Inattentive_Administration.html | 16 +
...rver_Security-Inherently_Insecure_Services.html | 20 +
...eats_to_Server_Security-Unpatched_Services.html | 18 +
...PC_Security-Vulnerable_Client_Applications.html | 16 +
...ide-Updating_Packages-Applying_the_Changes.html | 50 +
...dating_Packages-Installing_Signed_Packages.html | 24 +
...pdating_Packages-Verifying_Signed_Packages.html | 28 +
...ide-Using_IPTables-Basic_Firewall_Policies.html | 23 +
...Tables-Saving_and_Restoring_IPTables_Rules.html | 14 +
...Assessment-Defining_Assessment_and_Testing.html | 50 +
...nerability_Assessment-Evaluating_the_Tools.html | 41 +
...ct-Security_Guide-Vulnerability_Assessment.html | 30 +
.../sect-Security_Guide-Yubikey-Web_Sites.html | 12 +
.../sect-Security_Guide-Yubikey.html | 36 +
..._Files-Altering_xinetd_Configuration_Files.html | 30 +
...figuration_Files-The_etcxinetd.d_Directory.html | 47 +
.../Fedora-18-Security_Guide-it-IT.pdf | Bin 0 -> 1620370 bytes
public_html/it-IT/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/it-IT/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/it-IT/opds-Fedora_Core.xml | 2 +-
.../it-IT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/it-IT/opds.xml | 12 +-
public_html/it-IT/toc.html | 32 +-
.../Fedora-18-Security_Guide-ja-JP.epub | Bin 0 -> 888550 bytes
.../Security_Guide/Common_Content/css/common.css | 1528 +++++++
.../Security_Guide/Common_Content/css/default.css | 3 +
.../Security_Guide/Common_Content/css/lang.css | 2 +
.../Common_Content/css/overrides.css | 51 +
.../Security_Guide/Common_Content/css/print.css | 16 +
.../Security_Guide/Common_Content/images/1.png | Bin 0 -> 710 bytes
.../Security_Guide/Common_Content/images/1.svg | 27 +
.../Security_Guide/Common_Content/images/10.png | Bin 0 -> 985 bytes
.../Security_Guide/Common_Content/images/10.svg | 31 +
.../Security_Guide/Common_Content/images/11.png | Bin 0 -> 810 bytes
.../Security_Guide/Common_Content/images/11.svg | 31 +
.../Security_Guide/Common_Content/images/12.png | Bin 0 -> 1012 bytes
.../Security_Guide/Common_Content/images/12.svg | 31 +
.../Security_Guide/Common_Content/images/13.png | Bin 0 -> 1048 bytes
.../Security_Guide/Common_Content/images/13.svg | 31 +
.../Security_Guide/Common_Content/images/14.png | Bin 0 -> 914 bytes
.../Security_Guide/Common_Content/images/14.svg | 31 +
.../Security_Guide/Common_Content/images/15.png | Bin 0 -> 989 bytes
.../Security_Guide/Common_Content/images/15.svg | 31 +
.../Security_Guide/Common_Content/images/16.png | Bin 0 -> 1047 bytes
.../Security_Guide/Common_Content/images/16.svg | 31 +
.../Security_Guide/Common_Content/images/17.png | Bin 0 -> 888 bytes
.../Security_Guide/Common_Content/images/17.svg | 31 +
.../Security_Guide/Common_Content/images/18.png | Bin 0 -> 1075 bytes
.../Security_Guide/Common_Content/images/18.svg | 31 +
.../Security_Guide/Common_Content/images/19.png | Bin 0 -> 1049 bytes
.../Security_Guide/Common_Content/images/19.svg | 31 +
.../Security_Guide/Common_Content/images/2.png | Bin 0 -> 896 bytes
.../Security_Guide/Common_Content/images/2.svg | 27 +
.../Security_Guide/Common_Content/images/20.png | Bin 0 -> 1151 bytes
.../Security_Guide/Common_Content/images/20.svg | 31 +
.../Security_Guide/Common_Content/images/21.png | Bin 0 -> 994 bytes
.../Security_Guide/Common_Content/images/21.svg | 31 +
.../Security_Guide/Common_Content/images/22.png | Bin 0 -> 1162 bytes
.../Security_Guide/Common_Content/images/22.svg | 31 +
.../Security_Guide/Common_Content/images/23.png | Bin 0 -> 1207 bytes
.../Security_Guide/Common_Content/images/23.svg | 31 +
.../Security_Guide/Common_Content/images/24.png | Bin 0 -> 1081 bytes
.../Security_Guide/Common_Content/images/24.svg | 31 +
.../Security_Guide/Common_Content/images/25.png | Bin 0 -> 1173 bytes
.../Security_Guide/Common_Content/images/25.svg | 31 +
.../Security_Guide/Common_Content/images/26.png | Bin 0 -> 1208 bytes
.../Security_Guide/Common_Content/images/26.svg | 31 +
.../Security_Guide/Common_Content/images/27.png | Bin 0 -> 1080 bytes
.../Security_Guide/Common_Content/images/27.svg | 31 +
.../Security_Guide/Common_Content/images/28.png | Bin 0 -> 1225 bytes
.../Security_Guide/Common_Content/images/28.svg | 31 +
.../Security_Guide/Common_Content/images/29.png | Bin 0 -> 1196 bytes
.../Security_Guide/Common_Content/images/29.svg | 31 +
.../Security_Guide/Common_Content/images/3.png | Bin 0 -> 958 bytes
.../Security_Guide/Common_Content/images/3.svg | 27 +
.../Security_Guide/Common_Content/images/30.png | Bin 0 -> 1250 bytes
.../Security_Guide/Common_Content/images/30.svg | 31 +
.../Security_Guide/Common_Content/images/31.png | Bin 0 -> 1078 bytes
.../Security_Guide/Common_Content/images/31.svg | 31 +
.../Security_Guide/Common_Content/images/32.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/32.svg | 31 +
.../Security_Guide/Common_Content/images/33.png | Bin 0 -> 1268 bytes
.../Security_Guide/Common_Content/images/33.svg | 31 +
.../Security_Guide/Common_Content/images/34.png | Bin 0 -> 1175 bytes
.../Security_Guide/Common_Content/images/34.svg | 31 +
.../Security_Guide/Common_Content/images/35.png | Bin 0 -> 1224 bytes
.../Security_Guide/Common_Content/images/35.svg | 31 +
.../Security_Guide/Common_Content/images/36.png | Bin 0 -> 1281 bytes
.../Security_Guide/Common_Content/images/36.svg | 31 +
.../Security_Guide/Common_Content/images/37.png | Bin 0 -> 1140 bytes
.../Security_Guide/Common_Content/images/37.svg | 31 +
.../Security_Guide/Common_Content/images/38.png | Bin 0 -> 1300 bytes
.../Security_Guide/Common_Content/images/38.svg | 31 +
.../Security_Guide/Common_Content/images/39.png | Bin 0 -> 1294 bytes
.../Security_Guide/Common_Content/images/39.svg | 31 +
.../Security_Guide/Common_Content/images/4.png | Bin 0 -> 849 bytes
.../Security_Guide/Common_Content/images/4.svg | 27 +
.../Security_Guide/Common_Content/images/40.png | Bin 0 -> 1130 bytes
.../Security_Guide/Common_Content/images/40.svg | 31 +
.../Security_Guide/Common_Content/images/5.png | Bin 0 -> 900 bytes
.../Security_Guide/Common_Content/images/5.svg | 27 +
.../Security_Guide/Common_Content/images/6.png | Bin 0 -> 929 bytes
.../Security_Guide/Common_Content/images/6.svg | 27 +
.../Security_Guide/Common_Content/images/7.png | Bin 0 -> 807 bytes
.../Security_Guide/Common_Content/images/7.svg | 27 +
.../Security_Guide/Common_Content/images/8.png | Bin 0 -> 962 bytes
.../Security_Guide/Common_Content/images/8.svg | 27 +
.../Security_Guide/Common_Content/images/9.png | Bin 0 -> 936 bytes
.../Security_Guide/Common_Content/images/9.svg | 27 +
.../Common_Content/images/bkgrnd_greydots.png | Bin 0 -> 157 bytes
.../Common_Content/images/bullet_arrowblue.png | Bin 0 -> 177 bytes
.../Common_Content/images/documentation.png | Bin 0 -> 623 bytes
.../Security_Guide/Common_Content/images/dot.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/dot2.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/green.png | Bin 0 -> 176 bytes
.../Security_Guide/Common_Content/images/h1-bg.png | Bin 0 -> 565 bytes
.../Common_Content/images/image_left.png | Bin 0 -> 1114 bytes
.../Common_Content/images/image_right.png | Bin 0 -> 2327 bytes
.../Common_Content/images/important.png | Bin 0 -> 2080 bytes
.../Common_Content/images/important.svg | 106 +
.../Security_Guide/Common_Content/images/logo.png | Bin 0 -> 1114 bytes
.../Security_Guide/Common_Content/images/note.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/note.svg | 111 +
.../Security_Guide/Common_Content/images/red.png | Bin 0 -> 163 bytes
.../Security_Guide/Common_Content/images/shade.png | Bin 0 -> 101 bytes
.../Security_Guide/Common_Content/images/shine.png | Bin 0 -> 146 bytes
.../Common_Content/images/stock-go-back.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-forward.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-up.png | Bin 0 -> 760 bytes
.../Common_Content/images/stock-home.png | Bin 0 -> 808 bytes
.../Common_Content/images/title_logo.png | Bin 0 -> 13399 bytes
.../Common_Content/images/title_logo.svg | 61 +
.../Common_Content/images/warning.png | Bin 0 -> 1340 bytes
.../Common_Content/images/warning.svg | 89 +
.../Common_Content/images/watermark-draft.png | Bin 0 -> 25365 bytes
.../Common_Content/images/yellow.png | Bin 0 -> 175 bytes
.../html-single/Security_Guide/images/SCLogin.png | Bin 0 -> 8088 bytes
.../Security_Guide/images/SCLoginEnrollment.png | Bin 0 -> 14924 bytes
.../Security_Guide/images/auth-panel.png | Bin 0 -> 9257 bytes
.../html-single/Security_Guide/images/authicon.png | Bin 0 -> 1163 bytes
.../images/fed-firefox_kerberos_SSO.png | Bin 0 -> 47794 bytes
.../Security_Guide/images/fed-firewall_config.png | Bin 0 -> 76857 bytes
.../Security_Guide/images/fed-ipsec_host2host.png | Bin 0 -> 39081 bytes
.../images/fed-ipsec_n_to_n_local.png | Bin 0 -> 30935 bytes
.../images/fed-ipsec_n_to_n_remote.png | Bin 0 -> 34860 bytes
.../Security_Guide/images/fed-service_config.png | Bin 0 -> 76914 bytes
.../Security_Guide/images/fed-user_pass_groups.png | Bin 0 -> 35369 bytes
.../Security_Guide/images/fed-user_pass_info.png | Bin 0 -> 35624 bytes
.../18/html-single/Security_Guide/images/icon.svg | 3936 +++++++++++++++++
.../Security_Guide/images/n-t-n-ipsec-diagram.png | Bin 0 -> 33470 bytes
.../Security_Guide/images/tcp_wrap_diagram.png | Bin 0 -> 25775 bytes
.../18/html-single/Security_Guide/index.html | 4442 ++++++++++++++++++++
.../Security_Guide/Common_Content/css/common.css | 1528 +++++++
.../Security_Guide/Common_Content/css/default.css | 3 +
.../Security_Guide/Common_Content/css/lang.css | 2 +
.../Common_Content/css/overrides.css | 51 +
.../Security_Guide/Common_Content/css/print.css | 16 +
.../Security_Guide/Common_Content/images/1.png | Bin 0 -> 710 bytes
.../Security_Guide/Common_Content/images/1.svg | 27 +
.../Security_Guide/Common_Content/images/10.png | Bin 0 -> 985 bytes
.../Security_Guide/Common_Content/images/10.svg | 31 +
.../Security_Guide/Common_Content/images/11.png | Bin 0 -> 810 bytes
.../Security_Guide/Common_Content/images/11.svg | 31 +
.../Security_Guide/Common_Content/images/12.png | Bin 0 -> 1012 bytes
.../Security_Guide/Common_Content/images/12.svg | 31 +
.../Security_Guide/Common_Content/images/13.png | Bin 0 -> 1048 bytes
.../Security_Guide/Common_Content/images/13.svg | 31 +
.../Security_Guide/Common_Content/images/14.png | Bin 0 -> 914 bytes
.../Security_Guide/Common_Content/images/14.svg | 31 +
.../Security_Guide/Common_Content/images/15.png | Bin 0 -> 989 bytes
.../Security_Guide/Common_Content/images/15.svg | 31 +
.../Security_Guide/Common_Content/images/16.png | Bin 0 -> 1047 bytes
.../Security_Guide/Common_Content/images/16.svg | 31 +
.../Security_Guide/Common_Content/images/17.png | Bin 0 -> 888 bytes
.../Security_Guide/Common_Content/images/17.svg | 31 +
.../Security_Guide/Common_Content/images/18.png | Bin 0 -> 1075 bytes
.../Security_Guide/Common_Content/images/18.svg | 31 +
.../Security_Guide/Common_Content/images/19.png | Bin 0 -> 1049 bytes
.../Security_Guide/Common_Content/images/19.svg | 31 +
.../Security_Guide/Common_Content/images/2.png | Bin 0 -> 896 bytes
.../Security_Guide/Common_Content/images/2.svg | 27 +
.../Security_Guide/Common_Content/images/20.png | Bin 0 -> 1151 bytes
.../Security_Guide/Common_Content/images/20.svg | 31 +
.../Security_Guide/Common_Content/images/21.png | Bin 0 -> 994 bytes
.../Security_Guide/Common_Content/images/21.svg | 31 +
.../Security_Guide/Common_Content/images/22.png | Bin 0 -> 1162 bytes
.../Security_Guide/Common_Content/images/22.svg | 31 +
.../Security_Guide/Common_Content/images/23.png | Bin 0 -> 1207 bytes
.../Security_Guide/Common_Content/images/23.svg | 31 +
.../Security_Guide/Common_Content/images/24.png | Bin 0 -> 1081 bytes
.../Security_Guide/Common_Content/images/24.svg | 31 +
.../Security_Guide/Common_Content/images/25.png | Bin 0 -> 1173 bytes
.../Security_Guide/Common_Content/images/25.svg | 31 +
.../Security_Guide/Common_Content/images/26.png | Bin 0 -> 1208 bytes
.../Security_Guide/Common_Content/images/26.svg | 31 +
.../Security_Guide/Common_Content/images/27.png | Bin 0 -> 1080 bytes
.../Security_Guide/Common_Content/images/27.svg | 31 +
.../Security_Guide/Common_Content/images/28.png | Bin 0 -> 1225 bytes
.../Security_Guide/Common_Content/images/28.svg | 31 +
.../Security_Guide/Common_Content/images/29.png | Bin 0 -> 1196 bytes
.../Security_Guide/Common_Content/images/29.svg | 31 +
.../Security_Guide/Common_Content/images/3.png | Bin 0 -> 958 bytes
.../Security_Guide/Common_Content/images/3.svg | 27 +
.../Security_Guide/Common_Content/images/30.png | Bin 0 -> 1250 bytes
.../Security_Guide/Common_Content/images/30.svg | 31 +
.../Security_Guide/Common_Content/images/31.png | Bin 0 -> 1078 bytes
.../Security_Guide/Common_Content/images/31.svg | 31 +
.../Security_Guide/Common_Content/images/32.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/32.svg | 31 +
.../Security_Guide/Common_Content/images/33.png | Bin 0 -> 1268 bytes
.../Security_Guide/Common_Content/images/33.svg | 31 +
.../Security_Guide/Common_Content/images/34.png | Bin 0 -> 1175 bytes
.../Security_Guide/Common_Content/images/34.svg | 31 +
.../Security_Guide/Common_Content/images/35.png | Bin 0 -> 1224 bytes
.../Security_Guide/Common_Content/images/35.svg | 31 +
.../Security_Guide/Common_Content/images/36.png | Bin 0 -> 1281 bytes
.../Security_Guide/Common_Content/images/36.svg | 31 +
.../Security_Guide/Common_Content/images/37.png | Bin 0 -> 1140 bytes
.../Security_Guide/Common_Content/images/37.svg | 31 +
.../Security_Guide/Common_Content/images/38.png | Bin 0 -> 1300 bytes
.../Security_Guide/Common_Content/images/38.svg | 31 +
.../Security_Guide/Common_Content/images/39.png | Bin 0 -> 1294 bytes
.../Security_Guide/Common_Content/images/39.svg | 31 +
.../Security_Guide/Common_Content/images/4.png | Bin 0 -> 849 bytes
.../Security_Guide/Common_Content/images/4.svg | 27 +
.../Security_Guide/Common_Content/images/40.png | Bin 0 -> 1130 bytes
.../Security_Guide/Common_Content/images/40.svg | 31 +
.../Security_Guide/Common_Content/images/5.png | Bin 0 -> 900 bytes
.../Security_Guide/Common_Content/images/5.svg | 27 +
.../Security_Guide/Common_Content/images/6.png | Bin 0 -> 929 bytes
.../Security_Guide/Common_Content/images/6.svg | 27 +
.../Security_Guide/Common_Content/images/7.png | Bin 0 -> 807 bytes
.../Security_Guide/Common_Content/images/7.svg | 27 +
.../Security_Guide/Common_Content/images/8.png | Bin 0 -> 962 bytes
.../Security_Guide/Common_Content/images/8.svg | 27 +
.../Security_Guide/Common_Content/images/9.png | Bin 0 -> 936 bytes
.../Security_Guide/Common_Content/images/9.svg | 27 +
.../Common_Content/images/bkgrnd_greydots.png | Bin 0 -> 157 bytes
.../Common_Content/images/bullet_arrowblue.png | Bin 0 -> 177 bytes
.../Common_Content/images/documentation.png | Bin 0 -> 623 bytes
.../Security_Guide/Common_Content/images/dot.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/dot2.png | Bin 0 -> 98 bytes
.../Security_Guide/Common_Content/images/green.png | Bin 0 -> 176 bytes
.../Security_Guide/Common_Content/images/h1-bg.png | Bin 0 -> 565 bytes
.../Common_Content/images/image_left.png | Bin 0 -> 1114 bytes
.../Common_Content/images/image_right.png | Bin 0 -> 2327 bytes
.../Common_Content/images/important.png | Bin 0 -> 2080 bytes
.../Common_Content/images/important.svg | 106 +
.../Security_Guide/Common_Content/images/logo.png | Bin 0 -> 1114 bytes
.../Security_Guide/Common_Content/images/note.png | Bin 0 -> 1241 bytes
.../Security_Guide/Common_Content/images/note.svg | 111 +
.../Security_Guide/Common_Content/images/red.png | Bin 0 -> 163 bytes
.../Security_Guide/Common_Content/images/shade.png | Bin 0 -> 101 bytes
.../Security_Guide/Common_Content/images/shine.png | Bin 0 -> 146 bytes
.../Common_Content/images/stock-go-back.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-forward.png | Bin 0 -> 828 bytes
.../Common_Content/images/stock-go-up.png | Bin 0 -> 760 bytes
.../Common_Content/images/stock-home.png | Bin 0 -> 808 bytes
.../Common_Content/images/title_logo.png | Bin 0 -> 13399 bytes
.../Common_Content/images/title_logo.svg | 61 +
.../Common_Content/images/warning.png | Bin 0 -> 1340 bytes
.../Common_Content/images/warning.svg | 89 +
.../Common_Content/images/watermark-draft.png | Bin 0 -> 25365 bytes
.../Common_Content/images/yellow.png | Bin 0 -> 175 bytes
...ide-Encryption-Data_in_Motion-Secure_Shell.html | 31 +
.../Security_Guide-Encryption-Data_in_Motion.html | 401 ++
.../Fedora/18/html/Security_Guide/apas02.html | 46 +
.../Fedora/18/html/Security_Guide/apas02s02.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s03.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s04.html | 24 +
.../Fedora/18/html/Security_Guide/apas02s05.html | 14 +
.../Fedora/18/html/Security_Guide/apas02s06.html | 14 +
.../appe-Publican-Revision_History.html | 105 +
.../chap-Security_Guide-Basic_Hardening.html | 16 +
.../Security_Guide/chap-Security_Guide-CVE.html | 18 +
.../chap-Security_Guide-Encryption.html | 24 +
.../chap-Security_Guide-Encryption_Standards.html | 38 +
...General_Principles_of_Information_Security.html | 38 +
.../chap-Security_Guide-References.html | 52 +
.../chap-Security_Guide-Secure_Installation.html | 20 +
.../chap-Security_Guide-Securing_Your_Network.html | 528 +++
.../chap-Security_Guide-Security_Overview.html | 128 +
.../chap-Security_Guide-Software_Maintenance.html | 14 +
.../18/html/Security_Guide/images/SCLogin.png | Bin 0 -> 8088 bytes
.../Security_Guide/images/SCLoginEnrollment.png | Bin 0 -> 14924 bytes
.../18/html/Security_Guide/images/auth-panel.png | Bin 0 -> 9257 bytes
.../18/html/Security_Guide/images/authicon.png | Bin 0 -> 1163 bytes
.../images/fed-firefox_kerberos_SSO.png | Bin 0 -> 47794 bytes
.../Security_Guide/images/fed-firewall_config.png | Bin 0 -> 76857 bytes
.../Security_Guide/images/fed-ipsec_host2host.png | Bin 0 -> 39081 bytes
.../images/fed-ipsec_n_to_n_local.png | Bin 0 -> 30935 bytes
.../images/fed-ipsec_n_to_n_remote.png | Bin 0 -> 34860 bytes
.../Security_Guide/images/fed-service_config.png | Bin 0 -> 76914 bytes
.../Security_Guide/images/fed-user_pass_groups.png | Bin 0 -> 35369 bytes
.../Security_Guide/images/fed-user_pass_info.png | Bin 0 -> 35624 bytes
.../Fedora/18/html/Security_Guide/images/icon.svg | 3936 +++++++++++++++++
.../Security_Guide/images/n-t-n-ipsec-diagram.png | Bin 0 -> 33470 bytes
.../Security_Guide/images/tcp_wrap_diagram.png | Bin 0 -> 25775 bytes
.../ja-JP/Fedora/18/html/Security_Guide/index.html | 35 +
.../Fedora/18/html/Security_Guide/pr01s02.html | 16 +
.../pref-Security_Guide-Preface.html | 95 +
...y_Guide-Additional_Resources-Related_Books.html | 12 +
...Additional_Resources-Related_Documentation.html | 14 +
...itional_Resources-Useful_Firewall_Websites.html | 16 +
...tional_Resources-Useful_IP_Tables_Websites.html | 12 +
...itional_Resources-Useful_Kerberos_Websites.html | 22 +
...e-Additional_Resources-Useful_PAM_Websites.html | 14 +
...nal_Resources-Useful_TCP_Wrappers_Websites.html | 14 +
...Configuration_Files-Access_Control_Options.html | 60 +
...tion_Files-Binding_and_Redirection_Options.html | 37 +
...guration_Files-Resource_Management_Options.html | 22 +
...ulnerabilities-Threats_to_Network_Security.html | 18 +
...Vulnerabilities-Threats_to_Server_Security.html | 16 +
...hreats_to_Workstation_and_Home_PC_Security.html | 14 +
...curity_Guide-Attackers_and_Vulnerabilities.html | 30 +
...figuration-Activating_the_IPTables_Service.html | 14 +
...ration-Enabling_and_Disabling_the_Firewall.html | 20 +
...e-Basic_Firewall_Configuration-Other_Ports.html | 14 +
...Firewall_Configuration-Saving_the_Settings.html | 16 +
...ic_Firewall_Configuration-Trusted_Services.html | 28 +
...g-General_Principles-Why_is_this_important.html | 12 +
.../sect-Security_Guide-Basic_Hardening-NTP.html | 12 +
...rity_Guide-Basic_Hardening-Networking-IPv6.html | 18 +
...-Security_Guide-Basic_Hardening-Networking.html | 14 +
...ening-Physical_Security-What_else_can_I_do.html | 12 +
...ng-Physical_Security-Why_is_this_important.html | 12 +
...ty_Guide-Basic_Hardening-Physical_Security.html | 16 +
...ct-Security_Guide-Basic_Hardening-Services.html | 12 +
...-Security_Guide-Basic_Hardening-Up_to_date.html | 12 +
...e-CVE-yum_plugin-using_yum_plugin_security.html | 45 +
...mmand_Options_for_IPTables-Command_Options.html | 48 +
...ptions_for_IPTables-IPTables_Match_Options.html | 71 +
...ns_for_IPTables-IPTables_Parameter_Options.html | 56 +
...mmand_Options_for_IPTables-Listing_Options.html | 22 +
...ommand_Options_for_IPTables-Target_Options.html | 50 +
...Security_Guide-Common_Exploits_and_Attacks.html | 67 +
...de-Encryption-7_Zip_Encrypted_Archives-GUI.html | 32 +
...crypted_Archives-Installation-Instructions.html | 16 +
...on-7_Zip_Encrypted_Archives-Things_of_note.html | 12 +
..._Zip_Encrypted_Archives-Usage_Instructions.html | 34 +
..._Guide-Encryption-7_Zip_Encrypted_Archives.html | 14 +
...tion-Using_GPG-About_Public_Key_Encryption.html | 14 +
...ryption-Using_GPG-Creating_GPG_Keys_in_KDE.html | 66 +
...yption-Using_GPG-Creating_GPG_Keys_in_KDE1.html | 16 +
...Encryption-Using_GPG-Using_GPG_with_Alpine.html | 28 +
..._GPG_with_Evolution-Signing_and_Encrypting.html | 14 +
...ing_GPG-Using_GPG_with_Evolution-Verifying.html | 12 +
...ryption-Using_GPG-Using_GPG_with_Evolution.html | 16 +
...ption-Using_GPG-Using_GPG_with_Thunderbird.html | 24 +
.../sect-Security_Guide-Encryption-Using_GPG.html | 24 +
...g_the_Tools-Anticipating_Your_Future_Needs.html | 12 +
...Security_Guide-Evaluating_the_Tools-Nessus.html | 18 +
...-Security_Guide-Evaluating_the_Tools-Nikto.html | 16 +
...uide-Evaluating_the_Tools-VLAD_the_Scanner.html | 18 +
...de-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html | 18 +
...ity_Guide-FORWARD_and_NAT_Rules-Prerouting.html | 20 +
...urity_Guide-Firewalls-Additional_Resources.html | 16 +
...ide-Firewalls-Basic_Firewall_Configuration.html | 24 +
..._Guide-Firewalls-Common_IPTables_Filtering.html | 39 +
...rity_Guide-Firewalls-FORWARD_and_NAT_Rules.html | 45 +
...Firewalls-IPTables_and_Connection_Tracking.html | 22 +
.../sect-Security_Guide-Firewalls-IPv6.html | 18 +
...alicious_Software_and_Spoofed_IP_Addresses.html | 31 +
...ct-Security_Guide-Firewalls-Using_IPTables.html | 28 +
.../sect-Security_Guide-Firewalls.html | 62 +
...curity_Guide-IPTables-Additional_Resources.html | 16 +
...uide-IPTables-Command_Options_for_IPTables.html | 42 +
...ty_Guide-IPTables-IPTables_Control_Scripts.html | 78 +
...-Security_Guide-IPTables-IPTables_and_IPv6.html | 20 +
...urity_Guide-IPTables-Saving_IPTables_Rules.html | 22 +
.../sect-Security_Guide-IPTables.html | 70 +
...ch_Options-Additional_Match_Option_Modules.html | 62 +
...Guide-IPTables_Match_Options-ICMP_Protocol.html | 14 +
..._Guide-IPTables_Match_Options-UDP_Protocol.html | 18 +
...curity_Guide-Kerberos-Additional_Resources.html | 38 +
...e-Kerberos-Configuring_a_Kerberos_5_Client.html | 38 +
...e-Kerberos-Configuring_a_Kerberos_5_Server.html | 48 +
...ity_Guide-Kerberos-Domain_to_Realm_Mapping.html | 23 +
...Security_Guide-Kerberos-How_Kerberos_Works.html | 38 +
...curity_Guide-Kerberos-Kerberos_Terminology.html | 52 +
...t-Security_Guide-Kerberos-Kerberos_and_PAM.html | 14 +
...eros-Setting_Up_Cross_Realm_Authentication.html | 100 +
...y_Guide-Kerberos-Setting_Up_Secondary_KDCs.html | 70 +
.../sect-Security_Guide-Kerberos.html | 42 +
...ide-LUKS_Disk_Encryption-Links_of_Interest.html | 16 +
...ting_Directories-Step_by_Step_Instructions.html | 46 +
...irectories-What_you_have_just_accomplished.html | 12 +
...Encryption-Manually_Encrypting_Directories.html | 18 +
.../sect-Security_Guide-LUKS_Disk_Encryption.html | 26 +
...ecurity_Guide-Option_Fields-Access_Control.html | 17 +
...ct-Security_Guide-Option_Fields-Expansions.html | 49 +
...ecurity_Guide-Option_Fields-Shell_Commands.html | 25 +
...PAM_Configuration_File_Format-Control_Flag.html | 28 +
...Configuration_File_Format-Module_Arguments.html | 18 +
...-PAM_Configuration_File_Format-Module_Name.html | 12 +
...al_Caching-Common_pam_timestamp_Directives.html | 18 +
...AM_and_Device_Ownership-Application_Access.html | 28 +
...ntication_Modules_PAM-Additional_Resources.html | 30 +
...ntication_Modules_PAM-Creating_PAM_Modules.html | 18 +
..._Modules_PAM-PAM_Configuration_File_Format.html | 49 +
...cation_Modules_PAM-PAM_Configuration_Files.html | 16 +
...-PAM_and_Administrative_Credential_Caching.html | 38 +
...ation_Modules_PAM-PAM_and_Device_Ownership.html | 34 +
...Modules_PAM-Sample_PAM_Configuration_Files.html | 51 +
...Guide-Pluggable_Authentication_Modules_PAM.html | 26 +
...allation-Utilize_LUKS_Partition_Encryption.html | 12 +
...curity_Guide-Securing_FTP-Anonymous_Access.html | 30 +
...ing_FTP-Use_TCP_Wrappers_To_Control_Access.html | 12 +
...-Security_Guide-Securing_FTP-User_Accounts.html | 20 +
...Guide-Securing_NFS-Beware_of_Syntax_Errors.html | 18 +
...g_NFS-Do_Not_Use_the_no_root_squash_Option.html | 14 +
...de-Securing_NFS-NFS_Firewall_Configuration.html | 24 +
...Assign_Static_Ports_and_Use_iptables_Rules.html | 21 +
...Securing_NIS-Edit_the_varypsecurenets_File.html | 18 +
...e-Securing_NIS-Use_Kerberos_Authentication.html | 14 +
...Password_like_NIS_Domain_Name_and_Hostname.html | 20 +
...ring_Portmap-Protect_portmap_With_iptables.html | 19 +
...ty_Guide-Securing_Sendmail-Mail_only_Users.html | 12 +
...y_Guide-Securing_Sendmail-NFS_and_Sendmail.html | 16 +
.../sect-Security_Guide-Security_Updates.html | 18 +
...ecurity_Guide-Server_Security-Securing_FTP.html | 36 +
...ecurity_Guide-Server_Security-Securing_NFS.html | 14 +
...ecurity_Guide-Server_Security-Securing_NIS.html | 28 +
...ity_Guide-Server_Security-Securing_Portmap.html | 20 +
...ty_Guide-Server_Security-Securing_Sendmail.html | 26 +
...r_Security-Securing_the_Apache_HTTP_Server.html | 27 +
...curity-Verifying_Which_Ports_Are_Listening.html | 57 +
.../sect-Security_Guide-Server_Security.html | 102 +
...onfiguring_Firefox_to_use_Kerberos_for_SSO.html | 67 +
...O-Getting_Started_with_your_new_Smart_Card.html | 74 +
...ign_on_SSO-How_Smart_Card_Enrollment_Works.html | 20 +
...gle_Sign_on_SSO-How_Smart_Card_Login_Works.html | 24 +
.../sect-Security_Guide-Single_Sign_on_SSO.html | 44 +
...gned_Packages_from_Well_Known_Repositories.html | 14 +
...curity_Updates-Adjusting_Automatic_Updates.html | 14 +
...enance-Plan_and_Configure_Security_Updates.html | 16 +
...Wrappers_Configuration_Files-Option_Fields.html | 20 +
...P_Wrappers_and_xinetd-Additional_Resources.html | 28 +
...nd_xinetd-TCP_Wrappers_Configuration_Files.html | 118 +
...urity_Guide-TCP_Wrappers_and_xinetd-xinetd.html | 18 +
...pers_and_xinetd-xinetd_Configuration_Files.html | 42 +
...ect-Security_Guide-TCP_Wrappers_and_xinetd.html | 44 +
...Server_Security-Inattentive_Administration.html | 16 +
...rver_Security-Inherently_Insecure_Services.html | 20 +
...eats_to_Server_Security-Unpatched_Services.html | 18 +
...PC_Security-Vulnerable_Client_Applications.html | 16 +
...ide-Updating_Packages-Applying_the_Changes.html | 50 +
...dating_Packages-Installing_Signed_Packages.html | 24 +
...pdating_Packages-Verifying_Signed_Packages.html | 28 +
...ide-Using_IPTables-Basic_Firewall_Policies.html | 23 +
...Tables-Saving_and_Restoring_IPTables_Rules.html | 14 +
...Assessment-Defining_Assessment_and_Testing.html | 50 +
...nerability_Assessment-Evaluating_the_Tools.html | 41 +
...ct-Security_Guide-Vulnerability_Assessment.html | 30 +
.../sect-Security_Guide-Yubikey-Web_Sites.html | 12 +
.../sect-Security_Guide-Yubikey.html | 36 +
..._Files-Altering_xinetd_Configuration_Files.html | 30 +
...figuration_Files-The_etcxinetd.d_Directory.html | 47 +
.../Fedora-18-Security_Guide-ja-JP.pdf | Bin 0 -> 1786804 bytes
public_html/ja-JP/Site_Statistics.html | 34 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ja-JP/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ja-JP/opds-Fedora_Core.xml | 2 +-
.../ja-JP/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ja-JP/opds.xml | 12 +-
public_html/ja-JP/toc.html | 92 +-
public_html/kn-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/kn-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/kn-IN/opds-Fedora_Core.xml | 2 +-
.../kn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/kn-IN/opds.xml | 12 +-
public_html/kn-IN/toc.html | 33 +-
public_html/ko-KR/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ko-KR/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ko-KR/opds-Fedora_Core.xml | 2 +-
.../ko-KR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ko-KR/opds.xml | 12 +-
public_html/ko-KR/toc.html | 33 +-
public_html/ml-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ml-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ml-IN/opds-Fedora_Core.xml | 2 +-
.../ml-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ml-IN/opds.xml | 12 +-
public_html/ml-IN/toc.html | 33 +-
public_html/mr-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/mr-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/mr-IN/opds-Fedora_Core.xml | 2 +-
.../mr-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/mr-IN/opds.xml | 12 +-
public_html/mr-IN/toc.html | 33 +-
public_html/nb-NO/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/nb-NO/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nb-NO/opds-Fedora_Core.xml | 2 +-
.../nb-NO/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nb-NO/opds.xml | 12 +-
public_html/nb-NO/toc.html | 33 +-
public_html/nl-NL/Site_Statistics.html | 32 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/nl-NL/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nl-NL/opds-Fedora_Core.xml | 2 +-
.../nl-NL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nl-NL/opds.xml | 12 +-
public_html/nl-NL/toc.html | 91 +-
public_html/opds.xml | 88 +-
public_html/or-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/or-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/or-IN/opds-Fedora_Core.xml | 2 +-
.../or-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/or-IN/opds.xml | 12 +-
public_html/or-IN/toc.html | 33 +-
public_html/pa-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pa-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pa-IN/opds-Fedora_Core.xml | 2 +-
.../pa-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pa-IN/opds.xml | 12 +-
public_html/pa-IN/toc.html | 33 +-
public_html/pl-PL/Site_Statistics.html | 34 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pl-PL/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pl-PL/opds-Fedora_Core.xml | 2 +-
.../pl-PL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pl-PL/opds.xml | 12 +-
public_html/pl-PL/toc.html | 105 +-
public_html/pt-BR/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pt-BR/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-BR/opds-Fedora_Core.xml | 2 +-
.../pt-BR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-BR/opds.xml | 12 +-
public_html/pt-BR/toc.html | 33 +-
public_html/pt-PT/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pt-PT/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-PT/opds-Fedora_Core.xml | 2 +-
.../pt-PT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-PT/opds.xml | 12 +-
public_html/pt-PT/toc.html | 33 +-
public_html/ro/Site_Statistics.html | 14 +-
.../ro/opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ro/opds-Fedora.xml | 21 +-
.../ro/opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Core.xml | 2 +-
public_html/ro/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ro/opds.xml | 12 +-
public_html/ro/toc.html | 33 +-
public_html/ru-RU/Site_Statistics.html | 32 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ru-RU/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ru-RU/opds-Fedora_Core.xml | 2 +-
.../ru-RU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ru-RU/opds.xml | 12 +-
public_html/ru-RU/toc.html | 87 +-
public_html/sk-SK/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sk-SK/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sk-SK/opds-Fedora_Core.xml | 2 +-
.../sk-SK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sk-SK/opds.xml | 12 +-
public_html/sk-SK/toc.html | 33 +-
public_html/sr-Latn-RS/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora_Core.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sr-Latn-RS/opds.xml | 12 +-
public_html/sr-Latn-RS/toc.html | 33 +-
public_html/sr-RS/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sr-RS/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-RS/opds-Fedora_Core.xml | 2 +-
.../sr-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sr-RS/opds.xml | 12 +-
public_html/sr-RS/toc.html | 33 +-
public_html/sv-SE/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sv-SE/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sv-SE/opds-Fedora_Core.xml | 2 +-
.../sv-SE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sv-SE/opds.xml | 12 +-
public_html/sv-SE/toc.html | 35 +-
public_html/ta-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ta-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ta-IN/opds-Fedora_Core.xml | 2 +-
.../ta-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ta-IN/opds.xml | 12 +-
public_html/ta-IN/toc.html | 33 +-
public_html/te-IN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/te-IN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/te-IN/opds-Fedora_Core.xml | 2 +-
.../te-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/te-IN/opds.xml | 12 +-
public_html/te-IN/toc.html | 33 +-
public_html/toc.html | 100 +-
public_html/uk-UA/Site_Statistics.html | 34 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/uk-UA/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/uk-UA/opds-Fedora_Core.xml | 2 +-
.../uk-UA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/uk-UA/opds.xml | 12 +-
public_html/uk-UA/toc.html | 99 +-
public_html/zh-CN/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/zh-CN/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-CN/opds-Fedora_Core.xml | 2 +-
.../zh-CN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-CN/opds.xml | 12 +-
public_html/zh-CN/toc.html | 37 +-
public_html/zh-TW/Site_Statistics.html | 14 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/zh-TW/opds-Fedora.xml | 21 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-TW/opds-Fedora_Core.xml | 2 +-
.../zh-TW/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-TW/opds.xml | 12 +-
public_html/zh-TW/toc.html | 33 +-
1656 files changed, 77816 insertions(+), 1455 deletions(-)
---
diff --git a/public_html/Sitemap b/public_html/Sitemap
index 8cfc84c..342cdef 100644
--- a/public_html/Sitemap
+++ b/public_html/Sitemap
@@ -1807,6 +1807,30 @@
<priority>0.8</priority>
</url>
<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/18/html/Security_Guide/index.html</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/18/html-single/Security_Guide/index.html</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</loc>
<lastmod>2012-05-28</lastmod>
<changefreq>monthly</changefreq>
@@ -1849,7 +1873,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf</loc>
<lastmod>2012-05-29</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -1921,7 +1945,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf</loc>
<lastmod>2012-05-29</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -2017,7 +2041,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf</loc>
<lastmod>2012-08-07</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -3703,7 +3727,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf</loc>
<lastmod>2009-11-17</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -4135,7 +4159,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf</loc>
<lastmod>2010-11-23</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -4585,7 +4609,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf</loc>
<lastmod>2011-04-03</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -4927,7 +4951,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf</loc>
+ <loc>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf</loc>
<lastmod>2012-09-06</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -6109,7 +6133,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/es-ES/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-es-ES.pdf</loc>
+ <loc>http://docs.fedoraproject.org/es-ES/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-es-ES.pdf</loc>
<lastmod>2010-06-13</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -6859,7 +6883,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf</loc>
+ <loc>http://docs.fedoraproject.org/fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf</loc>
<lastmod>2010-06-14</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -6907,7 +6931,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf</loc>
+ <loc>http://docs.fedoraproject.org/fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf</loc>
<lastmod>2010-06-14</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -6931,7 +6955,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf</loc>
+ <loc>http://docs.fedoraproject.org/fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf</loc>
<lastmod>2010-06-14</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -7873,7 +7897,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/he-IL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-he-IL.pdf</loc>
+ <loc>http://docs.fedoraproject.org/he-IL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-he-IL.pdf</loc>
<lastmod>2011-09-10</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -8215,6 +8239,30 @@
<priority>0.8</priority>
</url>
<url>
+ <loc>http://docs.fedoraproject.org/it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/it-IT/Fedora/18/html/Security_Guide/index.html</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/it-IT/Fedora/18/html-single/Security_Guide/index.html</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/it-IT/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
<loc>http://docs.fedoraproject.org/it-IT/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-it-IT.epub</loc>
<lastmod>2012-06-03</lastmod>
<changefreq>monthly</changefreq>
@@ -9301,6 +9349,30 @@
<priority>0.8</priority>
</url>
<url>
+ <loc>http://docs.fedoraproject.org/ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/ja-JP/Fedora/18/html/Security_Guide/index.html</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/ja-JP/Fedora/18/html-single/Security_Guide/index.html</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
+ <loc>http://docs.fedoraproject.org/ja-JP/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf</loc>
+ <lastmod>2012-10-29</lastmod>
+ <changefreq>monthly</changefreq>
+ <priority>0.8</priority>
+</url>
+<url>
<loc>http://docs.fedoraproject.org/ja-JP/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-ja-JP.epub</loc>
<lastmod>2012-06-03</lastmod>
<changefreq>monthly</changefreq>
@@ -9367,7 +9439,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/ja-JP/Fedora/16/pdf/Accessibility_Guide/Fedora-14-Accessibility_Guide-ja-JP.pdf</loc>
+ <loc>http://docs.fedoraproject.org/ja-JP/Fedora/16/pdf/Accessibility_Guide/Fedora-16-Accessibility_Guide-ja-JP.pdf</loc>
<lastmod>2011-12-01</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -9415,7 +9487,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/ja-JP/Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora_Draft_Documentation-0.1-Burning_ISO_images_to_disc-ja-JP.pdf</loc>
+ <loc>http://docs.fedoraproject.org/ja-JP/Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora-0.1-Burning_ISO_images_to_disc-ja-JP.pdf</loc>
<lastmod>2011-11-23</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -11041,7 +11113,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/nl-NL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-nl-NL.pdf</loc>
+ <loc>http://docs.fedoraproject.org/nl-NL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-nl-NL.pdf</loc>
<lastmod>2011-09-10</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -11287,7 +11359,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/nl-NL/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf</loc>
+ <loc>http://docs.fedoraproject.org/nl-NL/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf</loc>
<lastmod>2010-05-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -12439,7 +12511,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/pl-PL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-pl-PL.pdf</loc>
+ <loc>http://docs.fedoraproject.org/pl-PL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-pl-PL.pdf</loc>
<lastmod>2011-09-10</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -14917,7 +14989,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/ru-RU/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-ru-RU.pdf</loc>
+ <loc>http://docs.fedoraproject.org/ru-RU/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-ru-RU.pdf</loc>
<lastmod>2010-05-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -16489,7 +16561,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/sv-SE/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-sv-SE.pdf</loc>
+ <loc>http://docs.fedoraproject.org/sv-SE/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-sv-SE.pdf</loc>
<lastmod>2011-09-10</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -17371,7 +17443,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/uk-UA/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-uk-UA.pdf</loc>
+ <loc>http://docs.fedoraproject.org/uk-UA/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-uk-UA.pdf</loc>
<lastmod>2011-09-10</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -17533,7 +17605,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/uk-UA/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf</loc>
+ <loc>http://docs.fedoraproject.org/uk-UA/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf</loc>
<lastmod>2010-05-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -18229,7 +18301,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/zh-CN/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-zh-CN.pdf</loc>
+ <loc>http://docs.fedoraproject.org/zh-CN/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-zh-CN.pdf</loc>
<lastmod>2011-09-10</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
@@ -18307,7 +18379,7 @@
<priority>0.8</priority>
</url>
<url>
- <loc>http://docs.fedoraproject.org/zh-CN/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf</loc>
+ <loc>http://docs.fedoraproject.org/zh-CN/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf</loc>
<lastmod>2010-05-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
diff --git a/public_html/as-IN/Site_Statistics.html b/public_html/as-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/as-IN/Site_Statistics.html
+++ b/public_html/as-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/as-IN/opds-Community_Services_Infrastructure.xml b/public_html/as-IN/opds-Community_Services_Infrastructure.xml
index beb62cd..0aa84e4 100644
--- a/public_html/as-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/as-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora.xml b/public_html/as-IN/opds-Fedora.xml
index b73939c..5a1cff3 100644
--- a/public_html/as-IN/opds-Fedora.xml
+++ b/public_html/as-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>as-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
index aed16ae..8500331 100644
--- a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Core.xml b/public_html/as-IN/opds-Fedora_Core.xml
index b7b1a81..8a687c3 100644
--- a/public_html/as-IN/opds-Fedora_Core.xml
+++ b/public_html/as-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
index c2c45d9..4ef77df 100644
--- a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds.xml b/public_html/as-IN/opds.xml
index 95b34a3..22c1872 100644
--- a/public_html/as-IN/opds.xml
+++ b/public_html/as-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/as-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/as-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/as-IN/toc.html b/public_html/as-IN/toc.html
index d802af5..9e92145 100644
--- a/public_html/as-IN/toc.html
+++ b/public_html/as-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/bg-BG/Site_Statistics.html b/public_html/bg-BG/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/bg-BG/Site_Statistics.html
+++ b/public_html/bg-BG/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/bg-BG/opds-Community_Services_Infrastructure.xml b/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
index b7763b3..1dd7f15 100644
--- a/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora.xml b/public_html/bg-BG/opds-Fedora.xml
index 1d02729..d592cd6 100644
--- a/public_html/bg-BG/opds-Fedora.xml
+++ b/public_html/bg-BG/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>bg-BG</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Запис на ISO образ върху диск</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-bg-BG.epub</id>
<!--author>
diff --git a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
index a8cde55..7d2704a 100644
--- a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Core.xml b/public_html/bg-BG/opds-Fedora_Core.xml
index 8b091a5..04b04af 100644
--- a/public_html/bg-BG/opds-Fedora_Core.xml
+++ b/public_html/bg-BG/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
index 3d72b7d..7396fd2 100644
--- a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds.xml b/public_html/bg-BG/opds.xml
index 934b508..658e702 100644
--- a/public_html/bg-BG/opds.xml
+++ b/public_html/bg-BG/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bg-BG/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bg-BG/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bg-BG/toc.html b/public_html/bg-BG/toc.html
index a4977fb..d8344ff 100644
--- a/public_html/bg-BG/toc.html
+++ b/public_html/bg-BG/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -128,7 +147,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -155,7 +174,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -876,7 +895,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1091,7 +1110,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1364,7 +1383,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1504,7 +1523,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/bn-IN/Site_Statistics.html b/public_html/bn-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/bn-IN/Site_Statistics.html
+++ b/public_html/bn-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/bn-IN/opds-Community_Services_Infrastructure.xml b/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
index 027a263..1cc898f 100644
--- a/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora.xml b/public_html/bn-IN/opds-Fedora.xml
index ef9b1fd..33aa4ef 100644
--- a/public_html/bn-IN/opds-Fedora.xml
+++ b/public_html/bn-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>bn-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
index cc5e722..2ad1428 100644
--- a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Core.xml b/public_html/bn-IN/opds-Fedora_Core.xml
index 6353278..d5400cd 100644
--- a/public_html/bn-IN/opds-Fedora_Core.xml
+++ b/public_html/bn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
index 5c0c070..22f8a73 100644
--- a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds.xml b/public_html/bn-IN/opds.xml
index 5d32349..8816c29 100644
--- a/public_html/bn-IN/opds.xml
+++ b/public_html/bn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bn-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bn-IN/toc.html b/public_html/bn-IN/toc.html
index 11cb9ad..59e34aa 100644
--- a/public_html/bn-IN/toc.html
+++ b/public_html/bn-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/bs-BA/Site_Statistics.html b/public_html/bs-BA/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/bs-BA/Site_Statistics.html
+++ b/public_html/bs-BA/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/bs-BA/opds-Community_Services_Infrastructure.xml b/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
index a61e1a5..eb78124 100644
--- a/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora.xml b/public_html/bs-BA/opds-Fedora.xml
index 86136bc..673a9fc 100644
--- a/public_html/bs-BA/opds-Fedora.xml
+++ b/public_html/bs-BA/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>bs-BA</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
index 3330471..b190324 100644
--- a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Core.xml b/public_html/bs-BA/opds-Fedora_Core.xml
index c3e49ad..b2575ae 100644
--- a/public_html/bs-BA/opds-Fedora_Core.xml
+++ b/public_html/bs-BA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
index 8ddccd3..f1b714d 100644
--- a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds.xml b/public_html/bs-BA/opds.xml
index e18c6e4..c19eca7 100644
--- a/public_html/bs-BA/opds.xml
+++ b/public_html/bs-BA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bs-BA/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bs-BA/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bs-BA/toc.html b/public_html/bs-BA/toc.html
index 36642f8..4e579de 100644
--- a/public_html/bs-BA/toc.html
+++ b/public_html/bs-BA/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -887,7 +906,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ca-ES/Site_Statistics.html b/public_html/ca-ES/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/ca-ES/Site_Statistics.html
+++ b/public_html/ca-ES/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ca-ES/opds-Community_Services_Infrastructure.xml b/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
index 464ee1c..d488b54 100644
--- a/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora.xml b/public_html/ca-ES/opds-Fedora.xml
index 35d739e..ee1b5d1 100644
--- a/public_html/ca-ES/opds-Fedora.xml
+++ b/public_html/ca-ES/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ca-ES</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
index 2c87aff..d127c81 100644
--- a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Core.xml b/public_html/ca-ES/opds-Fedora_Core.xml
index 33a7e7a..ca726a1 100644
--- a/public_html/ca-ES/opds-Fedora_Core.xml
+++ b/public_html/ca-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
index 4bc408e..b280231 100644
--- a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds.xml b/public_html/ca-ES/opds.xml
index a1f39ce..3fa7d50 100644
--- a/public_html/ca-ES/opds.xml
+++ b/public_html/ca-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ca-ES/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ca-ES/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ca-ES/toc.html b/public_html/ca-ES/toc.html
index 21bf810..42297bb 100644
--- a/public_html/ca-ES/toc.html
+++ b/public_html/ca-ES/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/cs-CZ/Site_Statistics.html b/public_html/cs-CZ/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/cs-CZ/Site_Statistics.html
+++ b/public_html/cs-CZ/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml b/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
index 632730d..d34a084 100644
--- a/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
+++ b/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora.xml b/public_html/cs-CZ/opds-Fedora.xml
index 0df610e..db6cf6e 100644
--- a/public_html/cs-CZ/opds-Fedora.xml
+++ b/public_html/cs-CZ/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>cs-CZ</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
index 26d649b..011b7b9 100644
--- a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Core.xml b/public_html/cs-CZ/opds-Fedora_Core.xml
index c2ca54c..846cb6d 100644
--- a/public_html/cs-CZ/opds-Fedora_Core.xml
+++ b/public_html/cs-CZ/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
index 60d66f6..9e619e7 100644
--- a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds.xml b/public_html/cs-CZ/opds.xml
index d0a04c8..88d41e5 100644
--- a/public_html/cs-CZ/opds.xml
+++ b/public_html/cs-CZ/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/cs-CZ/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/cs-CZ/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/cs-CZ/toc.html b/public_html/cs-CZ/toc.html
index 8be8dfc..dd789c8 100644
--- a/public_html/cs-CZ/toc.html
+++ b/public_html/cs-CZ/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -128,7 +147,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/da-DK/Site_Statistics.html b/public_html/da-DK/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/da-DK/Site_Statistics.html
+++ b/public_html/da-DK/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/da-DK/opds-Community_Services_Infrastructure.xml b/public_html/da-DK/opds-Community_Services_Infrastructure.xml
index 70bcab7..4523940 100644
--- a/public_html/da-DK/opds-Community_Services_Infrastructure.xml
+++ b/public_html/da-DK/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora.xml b/public_html/da-DK/opds-Fedora.xml
index 0f569a8..bbdc2a8 100644
--- a/public_html/da-DK/opds-Fedora.xml
+++ b/public_html/da-DK/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>da-DK</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
index d0d01e8..7697872 100644
--- a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Core.xml b/public_html/da-DK/opds-Fedora_Core.xml
index f6008b2..c23dc2f 100644
--- a/public_html/da-DK/opds-Fedora_Core.xml
+++ b/public_html/da-DK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
index 60c65da..c78737c 100644
--- a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds.xml b/public_html/da-DK/opds.xml
index 3b95a3a..60a39c0 100644
--- a/public_html/da-DK/opds.xml
+++ b/public_html/da-DK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/da-DK/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/da-DK/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/da-DK/toc.html b/public_html/da-DK/toc.html
index 787961f..8b93961 100644
--- a/public_html/da-DK/toc.html
+++ b/public_html/da-DK/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/de-DE/Site_Statistics.html b/public_html/de-DE/Site_Statistics.html
index 80c879b..560a149 100644
--- a/public_html/de-DE/Site_Statistics.html
+++ b/public_html/de-DE/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>Statistik</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">Statistik</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>Sprache</th>
+ <th>Language</th>
<th>Code</th>
- <th>Produkte</th>
- <th>Bücher</th>
- <th>Versionen</th>
- <th>Pakete</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>Sprachen gesamt: </b>43<br />
- <b>Pakete gesamt: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/de-DE/opds-Community_Services_Infrastructure.xml b/public_html/de-DE/opds-Community_Services_Infrastructure.xml
index a895289..4f62cea 100644
--- a/public_html/de-DE/opds-Community_Services_Infrastructure.xml
+++ b/public_html/de-DE/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora.xml b/public_html/de-DE/opds-Fedora.xml
index da0be9f..8507182 100644
--- a/public_html/de-DE/opds-Fedora.xml
+++ b/public_html/de-DE/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>de-DE</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>ISO-Abbilder auf Medien schreiben</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-de-DE.epub</id>
<!--author>
diff --git a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
index 7f7957e..d1a73f1 100644
--- a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Core.xml b/public_html/de-DE/opds-Fedora_Core.xml
index b396203..f44bcf8 100644
--- a/public_html/de-DE/opds-Fedora_Core.xml
+++ b/public_html/de-DE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
index 3111665..97dd659 100644
--- a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds.xml b/public_html/de-DE/opds.xml
index c60293d..3615778 100644
--- a/public_html/de-DE/opds.xml
+++ b/public_html/de-DE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/de-DE/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/de-DE/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/de-DE/toc.html b/public_html/de-DE/toc.html
index d3f4bb6..c02b61b 100644
--- a/public_html/de-DE/toc.html
+++ b/public_html/de-DE/toc.html
@@ -22,10 +22,10 @@
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">Alles einklappen</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">Sprache</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -79,7 +79,7 @@
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -111,7 +130,7 @@
</div>
</div>
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.17.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/17/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -220,7 +239,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -346,7 +365,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.Deployment_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.Deployment_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/Deployment_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/Deployment_Guide/index.html'"><span class="book">Deployment Guide</span></a>
@@ -435,7 +454,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -571,7 +590,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -725,7 +744,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -834,7 +853,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -934,7 +953,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/10/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -978,7 +997,7 @@
<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -1025,7 +1044,7 @@
</div>
</div>
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/9/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1071,7 +1090,7 @@
</div>
</div>
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.8.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/8/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1117,7 +1136,7 @@
</div>
</div>
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.7.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/7/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/7/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1139,7 +1158,7 @@
<div id='Fedora_Contributor_Documentation' class="versions hidden">
<div id='Fedora_Contributor_Documentation.1' class="version collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.books');"> <div id='Fedora_Contributor_Documentation.1.books' class="books">
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a>
@@ -1147,7 +1166,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1208,7 +1227,7 @@
</div>
</div>
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1245,7 +1264,7 @@
</div>
</div>
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1282,7 +1301,7 @@
<span class="version">4</span>
<div id='Fedora_Core.4.books' class="books hidden">
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1314,7 +1333,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1354,7 +1373,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1385,7 +1404,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1412,7 +1431,7 @@
<div id='Fedora_Draft_Documentation' class="versions hidden">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1420,7 +1439,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1429,7 +1448,7 @@
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.books');"> <div id='Fedora_Draft_Documentation.0.1.books' class="books">
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1560,7 +1579,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1580,7 +1599,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">Nicht übersetzt</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1601,9 +1620,9 @@
<p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >Sitemap</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistik</a>
- <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Site-Technologie</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
+ <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
</div>
diff --git a/public_html/el-GR/Site_Statistics.html b/public_html/el-GR/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/el-GR/Site_Statistics.html
+++ b/public_html/el-GR/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/el-GR/opds-Community_Services_Infrastructure.xml b/public_html/el-GR/opds-Community_Services_Infrastructure.xml
index fcdf11a..c496907 100644
--- a/public_html/el-GR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/el-GR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora.xml b/public_html/el-GR/opds-Fedora.xml
index 7e44d8e..4ec3899 100644
--- a/public_html/el-GR/opds-Fedora.xml
+++ b/public_html/el-GR/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>el-GR</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
index 2e03d0d..015d220 100644
--- a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Core.xml b/public_html/el-GR/opds-Fedora_Core.xml
index 0143a36..b1cd71c 100644
--- a/public_html/el-GR/opds-Fedora_Core.xml
+++ b/public_html/el-GR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
index 1f3ed1f..c4f9d1a 100644
--- a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds.xml b/public_html/el-GR/opds.xml
index e7dc173..20a0784 100644
--- a/public_html/el-GR/opds.xml
+++ b/public_html/el-GR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/el-GR/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/el-GR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/el-GR/toc.html b/public_html/el-GR/toc.html
index 0306b2e..0a2ce5c 100644
--- a/public_html/el-GR/toc.html
+++ b/public_html/el-GR/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub b/public_html/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub
new file mode 100644
index 0000000..d9b5198
Binary files /dev/null and b/public_html/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..d7dc3f2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css
@@ -0,0 +1,1528 @@
+* {
+ widows: 2 !important;
+ orphans: 2 !important;
+}
+
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+ line-height: 1.29em;
+}
+
+body {
+ background-color: white;
+ margin:0 auto;
+ font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+ font-size:12px;
+ max-width:55em;
+ color:black;
+}
+
+body.toc_embeded {
+ /*for web hosting system only*/
+ margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+ /*for web hosting system only*/
+ border-style:none;
+ position:fixed;
+ width:290px;
+ height:99.99%;
+ top:0;
+ left:0;
+ z-index: 100;
+ border-style:none;
+ border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+ margin-left: 3em;
+}
+
+iframe.notoc {
+ border-style:none;
+ border: none;
+ padding: 0em;
+ position:fixed;
+ width: 21px;
+ height: 29px;
+ top: 0px;
+ left:0;
+ overflow: hidden;
+ margin: 0em;
+ margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+ margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+ display:block;
+ width:24em;
+ height:99%;
+ position:fixed;
+ overflow:auto;
+ top:0px;
+ left:0px;
+ padding-left:1em;
+ background-color:#EEEEEE;
+}
+
+.toc {
+ line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+ margin-top:1em;
+}
+
+.toc .part {
+ margin-top:1em;
+ display:block;
+}
+
+span.glossary,
+span.appendix {
+ display:block;
+ margin-top:0.5em;
+}
+
+div {
+ padding-top:0px;
+}
+
+div.section {
+ padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+ padding-top:0px;
+ margin-top:0.3em;
+ padding-bottom:0px;
+ margin-bottom:1em;
+}
+
+/*Links*/
+a {
+ outline: none;
+}
+
+a:link {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#3366cc;
+}
+
+a:visited {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#003366;
+}
+
+div.longdesc-link {
+ float:right;
+ color:#999;
+}
+
+.toc a, .qandaset a {
+ font-weight:normal;
+ border:none;
+}
+
+.toc a:hover, .qandaset a:hover
+{
+ border-bottom: 1px dotted;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+ color: #336699;
+ margin-top: 0em;
+ margin-bottom: 0em;
+ background-color: transparent;
+ page-break-inside: avoid;
+ page-break-after: avoid;
+}
+
+h1 {
+ font-size:2.0em;
+}
+
+.titlepage h1.title {
+ font-size: 3.0em;
+ padding-top: 1em;
+ text-align:left;
+}
+
+.book > .titlepage h1.title {
+ text-align:center;
+}
+
+.article > .titlepage h1.title {
+ text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+ text-align:center;
+}
+
+.producttitle {
+ margin-top: 0em;
+ margin-bottom: 0em;
+ font-size: 3.0em;
+ font-weight: bold;
+ background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+ color: white;
+ text-align: center;
+ padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+ margin-top: 1em;
+ text-align: center;
+}
+
+.section h1.title {
+ font-size: 1.6em;
+ padding: 0em;
+ color: #336699;
+ text-align: left;
+ background: white;
+}
+
+h2 {
+ font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+.appendix h2 {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+
+
+h3 {
+ font-size:1.3em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+h4 {
+ font-size:1.1em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+
+h5 {
+ font-size:1em;
+}
+
+h6 {
+ font-size:1em;
+}
+
+h5.formalpara {
+ font-size:1em;
+ margin-top:2em;
+ margin-bottom:.8em;
+}
+
+.abstract h6 {
+ margin-top:1em;
+ margin-bottom:.5em;
+ font-size:2em;
+}
+
+/*element rules*/
+hr {
+ border-collapse: collapse;
+ border-style:none;
+ border-top: 1px dotted #ccc;
+ width:100%;
+ margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+ display:inline;
+ padding:0em;
+}
+
+.languages li a {
+ padding:0em .5em;
+ text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+ display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+ color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+ color:black;
+}
+
+ul.languages {
+ display:block;
+ background-color:#eee;
+ padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+ position:relative;
+}
+
+.versions li {
+ width:100%;
+ clear:both;
+ display:block;
+}
+
+a.version {
+ font-size:2em;
+ text-decoration:none;
+ width:100%;
+ display:block;
+ padding:1em 0em .2em 0em;
+ clear:both;
+}
+
+a.version:before {
+ content:"Version";
+ font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+ color:#666;
+}
+
+a.version:focus, a.version:hover {
+ color:black;
+}
+
+.books {
+ display:block;
+ position:relative;
+ clear:both;
+ width:100%;
+}
+
+.books li {
+ display:block;
+ width:200px;
+ float:left;
+ position:relative;
+ clear: none ;
+}
+
+.books .html {
+ width:170px;
+ display:block;
+}
+
+.books .pdf {
+ position:absolute;
+ left:170px;
+ top:0px;
+ font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+ color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+ color:#000;
+}
+
+.books li a {
+ text-decoration:none;
+}
+
+.books li a:hover {
+ color:black;
+}
+
+/*products*/
+.products li {
+ display: block;
+ width:300px;
+ float:left;
+}
+
+.products li a {
+ width:300px;
+ padding:.5em 0em;
+}
+
+.products ul {
+ clear:both;
+}
+
+/*revision history*/
+.revhistory {
+ display:block;
+}
+
+.revhistory table {
+ background-color:transparent;
+ border-color:#fff;
+ padding:0em;
+ margin: 0;
+ border-collapse:collapse;
+ border-style:none;
+}
+
+.revhistory td {
+ text-align :left;
+ padding:0em;
+ border: none;
+ border-top: 1px solid #fff;
+ font-weight: bold;
+}
+
+.revhistory .simplelist td {
+ font-weight: normal;
+}
+
+.revhistory .simplelist {
+ margin-bottom: 1.5em;
+ margin-left: 1em;
+}
+
+.revhistory table th {
+ display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+ clear:both;
+ text-align: center;
+}
+
+h3.author {
+ margin: 0em;
+ padding: 0em;
+ padding-top: 1em;
+}
+
+.authorgroup h4 {
+ padding: 0em;
+ margin: 0em;
+ padding-top: 1em;
+ margin-top: 1em;
+}
+
+.author,
+.editor,
+.translator,
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
+}
+
+.othercredit h3 {
+ padding-top: 1em;
+}
+
+
+.othercredit {
+ margin:0em;
+ padding:0em;
+}
+
+.releaseinfo {
+ clear: both;
+}
+
+.copyright {
+ margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+ margin-bottom:1em;
+ border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+ border-bottom:1px dotted #ccc;
+}
+
+.question {
+ font-weight:bold;
+}
+
+.answer .data, .question .data {
+ padding-left: 2.6em;
+}
+
+.answer label, .question label {
+ float:left;
+ font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+ color: #0000ff;
+}
+
+.perl_BaseN {
+ color: #007f00;
+}
+
+.perl_BString {
+ color: #5C3566;
+}
+
+.perl_Char {
+ color: #ff00ff;
+}
+
+.perl_Comment {
+ color: #FF00FF;
+}
+
+
+.perl_DataType {
+ color: #0000ff;
+}
+
+
+.perl_DecVal {
+ color: #00007f;
+}
+
+
+.perl_Error {
+ color: #ff0000;
+}
+
+
+.perl_Float {
+ color: #00007f;
+}
+
+
+.perl_Function {
+ color: #007f00;
+}
+
+
+.perl_IString {
+ color: #5C3566;
+}
+
+
+.perl_Keyword {
+ color: #002F5D;
+}
+
+
+.perl_Operator {
+ color: #ffa500;
+}
+
+
+.perl_Others {
+ color: #b03060;
+}
+
+
+.perl_RegionMarker {
+ color: #96b9ff;
+}
+
+
+.perl_Reserved {
+ color: #9b30ff;
+}
+
+
+.perl_String {
+ color: #5C3566;
+}
+
+
+.perl_Variable {
+ color: #0000ff;
+}
+
+
+.perl_Warning {
+ color: #0000ff;
+}
+
+/*Lists*/
+ul {
+ padding-left:1.6em;
+ list-style-image:url(../images/dot.png);
+ list-style-type: circle;
+}
+
+ul ul {
+ list-style-image:url(../images/dot2.png);
+ list-style-type: circle;
+}
+
+ol {
+ list-style-image:none;
+ list-style-type: decimal;
+}
+
+ol ol {
+ list-style-type: lower-alpha;
+}
+
+ol.arabic {
+ list-style-type: decimal;
+}
+
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
+dt {
+ font-weight:bold;
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+dd {
+ margin:0em;
+ margin-left:2em;
+ padding-top:0em;
+ padding-bottom: 1em;
+}
+
+li {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.4em;
+}
+
+li p, li div.para {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+ display:block;
+ margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+ display:inline;
+ margin:0em;
+}
+
+.figure img {
+ display:block;
+ margin:0;
+ page-break-inside: avoid;
+}
+
+.figure .title {
+ margin:0em;
+ margin-bottom:2em;
+ padding:0px;
+}
+
+/*document modes*/
+.confidential {
+ background-color:#900;
+ color:White;
+ padding:.5em .5em;
+ text-transform:uppercase;
+ text-align:center;
+}
+
+.longdesc-link {
+ display:none;
+}
+
+.longdesc {
+ display:none;
+}
+
+.prompt {
+ padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+ font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight: bold;
+ white-space: nowrap;
+}
+
+.example {
+ background-color: #ffffff;
+ border-left: 3px solid #aaaaaa;
+ padding-top: 1em;
+ padding-bottom: 0.1em;
+}
+
+.example h6 {
+ padding-left: 10px;
+}
+
+.example-contents {
+ padding-left: 10px;
+ background-color: #ffffff;
+}
+
+.example-contents .para {
+/* padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput,
+.option {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+.replaceable {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+ font-weight: inherit;
+}
+
+pre {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ display:block;
+ background-color: #f5f5f5;
+ color: #000000;
+ border: 1px solid #aaaaaa;
+ margin-bottom: 0.3em;
+ padding:.5em 1em;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+ font-size: 0.9em;
+}
+
+pre .replaceable,
+pre .keycap {
+}
+
+code {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+/* white-space: nowrap;*/
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-weight:bold;
+}
+
+.parameter code {
+ display: inline;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+ content:url(../images/warning.png);
+ padding-left: 5px;
+}
+
+div.note:before {
+ content:url(../images/note.png);
+ padding-left: 5px;
+}
+
+div.important:before {
+ content:url(../images/important.png);
+ padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+ color: black;
+ margin: 0em;
+ padding: 0em;
+ background: none;
+ background-color: white;
+ margin-bottom: 1em;
+ border-bottom: 1px solid #aaaaaa;
+ page-break-inside: avoid;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+ margin: 0em;
+ padding: 0em;
+ color: #eeeeec;
+ padding-top: 0px;
+ padding-bottom: 0px;
+ height: 1.4em;
+ line-height: 1.4em;
+ font-size: 1.4em;
+ display:inline;
+}
+
+div.admonition_header {
+ clear: both;
+ margin: 0em;
+ padding: 0em;
+ margin-top: -3.3em;
+ padding-left: 58px;
+ line-height: 1.0em;
+ font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+ background: url(../images/red.png) top left repeat-x;
+ background-color: #590000;
+}
+
+div.note div.admonition_header {
+ background: url(../images/green.png) top right repeat-x;
+ background-color: #597800;
+}
+
+div.important div.admonition_header {
+ background: url(../images/yellow.png) top right repeat-x;
+ background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+ padding: 0em;
+ margin: 0em;
+}
+
+div.admonition {
+ border: none;
+ border-left: 1px solid #aaaaaa;
+ border-right: 1px solid #aaaaaa;
+ padding:0em;
+ margin:0em;
+ padding-top: 1.5em;
+ padding-bottom: 1em;
+ padding-left: 2em;
+ padding-right: 1em;
+ background-color: #eeeeec;
+ -moz-border-radius: 0px;
+ -webkit-border-radius: 0px;
+ border-radius: 0px;
+}
+
+/*Page Title*/
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
+}
+
+#title a.left{
+ display:inline;
+ border:none;
+}
+
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
+ padding-bottom:1em;
+}
+
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+ margin-top:.7em;
+}
+
+/*Table*/
+div.table {
+ page-break-inside: avoid;
+}
+
+table {
+ border:1px solid #6c614b;
+ width:100%;
+ border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+ border-style: none;
+}
+
+table th {
+ text-align:left;
+ background-color:#6699cc;
+ padding:.3em .5em;
+ color:white;
+}
+
+table td {
+ padding:.15em .5em;
+}
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
+ margin-top:0em;
+ padding-top:0em;
+ display:inline;
+}
+
+th, td {
+ border-style:none;
+ vertical-align: top;
+ border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+ border: none;
+}
+
+table table td {
+ border-bottom:1px dotted #aaa;
+ background-color:white;
+ padding:.6em 0em;
+}
+
+table table {
+ border:1px solid white;
+}
+
+td.remarkval {
+ color:#444;
+}
+
+td.fieldval {
+ font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+ color:white;
+ font-weight:bold;
+ background-color:#999;
+ width:120px;
+}
+
+td.remarkval {
+ width:230px;
+}
+
+td.tname {
+ font-weight:bold;
+}
+
+th.dbfield {
+ width:120px;
+}
+
+th.dbtype {
+ width:70px;
+}
+
+th.dbdefault {
+ width:70px;
+}
+
+th.dbnul {
+ width:70px;
+}
+
+th.dbkey {
+ width:70px;
+}
+
+span.book {
+ margin-top:4em;
+ display:block;
+ font-size:11pt;
+}
+
+span.book a{
+ font-weight:bold;
+}
+span.chapter {
+ display:block;
+ margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+ border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+ content:" ";
+}
+
+#breadcrumbs {
+ color:#900;
+ padding:3px;
+ margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+ margin-left:0;
+ padding-left:0;
+ display:inline;
+ border:none;
+}
+
+#breadcrumbs ul li {
+ margin-left:0;
+ padding-left:2px;
+ border:none;
+ list-style:none;
+ display:inline;
+}
+
+#breadcrumbs ul li:before {
+ content:"\0020 \0020 \0020 \00BB \0020";
+ color:#333;
+}
+
+/*index*/
+.glossary h3,
+.index h3 {
+ font-size: 2em;
+ color:#aaa;
+ margin:0em;
+}
+
+.indexdiv {
+ margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+ color:#444;
+ padding-top:.5em;
+}
+
+.glossary dl dl dt,
+.index dl dl dt {
+ color:#777;
+ font-weight:normal;
+ padding-top:0em;
+}
+
+.index dl dl dt:before {
+ content:"- ";
+ color:#ccc;
+}
+
+/*changes*/
+.footnote {
+ font-size: .7em;
+ margin:0em;
+ color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+ color:#999;
+ margin:0em;
+ padding:0em;
+ line-height: .4em;
+ font-size: 1em;
+ padding-left:0em;
+}
+
+.footnote {
+ position:relative;
+}
+
+.footnote sup {
+ color:#e3dcc0;
+ position:absolute;
+ left: .4em;
+}
+
+.footnote sup a:link,
+.footnote sup a:visited {
+ color:#92917d;
+ text-decoration:none;
+}
+
+.footnote:hover sup a {
+ text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+ padding-left:2em;
+}
+
+.footnote a:link,
+.footnote a:visited {
+ color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+ margin-top:3em;
+ page-break-inside: avoid;
+}
+
+div.preface {
+ page-break-inside: avoid;
+}
+
+div.section {
+ margin-top:1em;
+ page-break-inside: auto;
+}
+
+div.note .replaceable,
+div.important .replaceable,
+div.warning .replaceable,
+div.note .keycap,
+div.important .keycap,
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+ border:none;
+ text-decoration:none;
+ font-weight:normal;
+}
+
+.docnav {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ position:relative;
+ width:100%;
+ padding-bottom:2em;
+ padding-top:1em;
+ border-top:1px dotted #ccc;
+}
+
+.docnav li {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ display:inline;
+ font-size:.8em;
+}
+
+.docnav li:before {
+ content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+ position:absolute;
+ top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+ margin:0em 1.5em;
+}
+
+.docnav li.previous {
+ left:0px;
+ text-align:left;
+}
+
+.docnav li.next {
+ right:0px;
+ text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+ height:22px;
+ display:block;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+.docnav li.next a strong {
+ background: url(../images/stock-go-forward.png) top right no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-right:28px;
+ font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+ background: url(../images/stock-go-back.png) top left no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-left:28px;
+ padding-right:0.5em;
+ font-size:1.2em;
+}
+
+.docnav li.home a strong {
+ background: url(../images/stock-home.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav li.up a strong {
+ background: url(../images/stock-go-up.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+ color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+ color:black;
+}
+
+.docnav a {
+ max-width: 10em;
+ overflow:hidden;
+}
+
+.docnav a:link strong {
+ text-decoration:none;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+ul.docnav {
+ margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.reports li{
+ margin:0em;
+ padding:0em;
+}
+
+.reports li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.reports dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+ max-width:57em ;
+ padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+ display:block;
+ float:left;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ height:1em;
+}
+
+div.progress span {
+ height:1em;
+ float:left;
+}
+
+div.progress span.translated {
+ background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+ background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.results li{
+ margin:0em;
+ padding:0em;
+}
+
+.results li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.results h2, .results h3 {
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+ -moz-border-radius:11px;
+ -webkit-border-radius:11px;
+ border-radius: 11px;
+ page-break-inside: avoid;
+}
+
+.example {
+ -moz-border-radius:0px;
+ -webkit-border-radius:0px;
+ border-radius: 0px;
+ page-break-inside: avoid;
+}
+
+.package, .citetitle {
+ font-style: italic;
+}
+
+.titlepage .edition {
+ color: #336699;
+ background-color: transparent;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ font-weight: bold;
+ text-align: center;
+}
+
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
+}
+
+
+.strikethrough {
+ text-decoration: line-through;
+}
+
+.underline {
+ text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+ padding: 0em;
+ margin: 0em;
+ width: 12pt;
+ display: inline;
+ vertical-align: middle;
+}
+
+.stepalternatives {
+ list-style-image: none;
+ list-style-type: none;
+}
+
+
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css
new file mode 100644
index 0000000..bf38ebb
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css
@@ -0,0 +1,3 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..057be29
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,51 @@
+a:link {
+ color:#0066cc;
+}
+
+a:hover, a:active {
+ color:#003366;
+}
+
+a:visited {
+ color:#6699cc;
+}
+
+
+h1 {
+ color:#3c6eb4
+}
+
+.producttitle {
+ background: #3c6eb4 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+ color:#3c6eb4;
+}
+
+
+h2,h3,h4,h5,h6 {
+ color:#3c6eb4;
+}
+
+table {
+ border:1px solid #3c6eb4;
+}
+
+table th {
+ background-color:#3c6eb4;
+}
+
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+.revhistory table th {
+ color:#3c6eb4;
+}
+
+.titlepage .edition {
+ color: #3c6eb4;
+}
+
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css
new file mode 100644
index 0000000..773d8ae
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css
@@ -0,0 +1,16 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
+
+#tocframe {
+ display: none;
+}
+
+body.toc_embeded {
+ margin-left: 30px;
+}
+
+.producttitle {
+ color: #336699;
+}
+
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..c21d7a3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..a2b3903
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..15b81da
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..af015ab
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..2fcc2dd
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..cb82b70
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..edebe20
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..3b6d822
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..ec48cef
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..226e461
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..33d5637
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..5aaa3a3
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..f1a4eb2
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..f51dd96
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2839"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2841"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..d38a155
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..cb7e2f5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d83e898
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..5d6f0ad
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..9e39de4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..9ea672c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..9eeedfb
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..80d1d09
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..ff9cc57
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..8e94260
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b28b4aa
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..409ac6e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..eda952c
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..7bc03af
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..90b14b0
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..fe086f6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..8b35a74
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..f17ec29
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..6041b02
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..42a5333
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..ecb15e6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..a8d4672
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..4b2f560
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..3cf00ec
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..ecf058e
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..c8d6440
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..e64efb2
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..5acce93
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..dbbca1b
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..507dd44
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..4febe43
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..5e87e1f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..f4ffb14
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..434e663
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..0b29e87
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..08c3f2d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..a4740a3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..aa099c3
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..f23ccea
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..fce979c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..7e2ab31
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..c67f8ec
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..02118e3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..da7780a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..30f4fdf
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..348549a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..6174706
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..7bc04d9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..161661d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..ec2ad98
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..2d46b24
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..664ffdd
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..9b9dd88
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..bc06c73
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..fe2a68f
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..5a94d1b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..f239fb6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..82fb03d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..18866e6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..e2f62af
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+ id="path2846"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..52c3a18
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..a43460f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+ id="path2832"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..8a8cb21
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..2c82d3f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..0ae412f
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..b0f04c4
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png
new file mode 100644
index 0000000..2333a6d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png
new file mode 100644
index 0000000..c235534
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..79d0a80
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png
new file mode 100644
index 0000000..36a6859
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png
new file mode 100644
index 0000000..40aff92
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..a2aad24
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..e8fe7a4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..5b67443
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..f7594a3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..2d33045
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="important.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/important.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2611">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="681"
+ inkscape:window-width="738"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2613" />
+ </defs>
+ <g
+ transform="matrix(0.4626799,0,0,0.4626799,-5.2934127,-3.3160376)"
+ id="g5485">
+ <path
+ d="M 29.97756,91.885882 L 55.586992,80.409826 L 81.231619,91.807015 L 78.230933,63.90468 L 96.995009,43.037218 L 69.531053,37.26873 L 55.483259,12.974592 L 41.510292,37.311767 L 14.064204,43.164717 L 32.892392,63.97442 L 29.97756,91.885882 z"
+ id="path6799"
+ style="fill:#f3de82;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.536215,56.538729 L 55.48324,12.974601 L 41.51028,37.311813 L 55.536215,56.538729 z"
+ id="path6824"
+ style="opacity:0.91005291;fill:#f9f2cb;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 78.241135,63.937979 L 96.976198,43.044318 L 55.57947,56.614318 z"
+ id="use6833"
+ style="opacity:1;fill:#d0bc64;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 55.667994,80.684281 L 81.379011,91.931065 L 55.523838,56.869126 z"
+ id="use6835"
+ style="opacity:1;fill:#e0c656;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 13.877363,43.200977 L 32.640089,64.069652 L 55.283346,56.742618 z"
+ id="use6831"
+ style="opacity:1;fill:#d1ba59;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 55.32792,80.684281 L 29.616903,91.931065 L 55.472076,56.869126 z"
+ id="use6837"
+ style="opacity:1;fill:#d2b951;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 96.976198,43.044318 L 69.504294,37.314027 L 55.57947,56.614318 z"
+ id="path7073"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 81.379011,91.931065 L 78.214821,64.046881 L 55.523838,56.869126 z"
+ id="path7075"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 41.341708,37.434209 L 13.877363,43.200977 L 55.283346,56.742618 z"
+ id="path7077"
+ style="opacity:1;fill:#f6e59d;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 29.616903,91.931065 L 32.781093,64.046881 L 55.472076,56.869126 z"
+ id="path7079"
+ style="opacity:1;fill:#f3df8b;fill-opacity:1;enable-background:new" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png
new file mode 100644
index 0000000..66a3104
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..d6c4518
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..70e43b6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="note.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/note.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata16">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="1024"
+ inkscape:window-width="1205"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="22.217181"
+ inkscape:cy="20"
+ inkscape:window-x="334"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective18" />
+ </defs>
+ <g
+ transform="matrix(0.468275,0,0,0.468275,-5.7626904,-7.4142703)"
+ id="layer1">
+ <g
+ transform="matrix(0.115136,0,0,0.115136,9.7283,21.77356)"
+ id="g8014"
+ style="enable-background:new">
+ <g
+ id="g8518"
+ style="opacity:1">
+ <path
+ d="M -2512.4524,56.33197 L 3090.4719,56.33197 L 3090.4719,4607.3813 L -2512.4524,4607.3813 L -2512.4524,56.33197 z"
+ transform="matrix(0.1104659,-2.3734892e-2,2.2163258e-2,0.1031513,308.46782,74.820675)"
+ id="rect8018"
+ style="fill:#ffe680;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ <g
+ transform="matrix(0.5141653,-7.1944682e-2,7.1944682e-2,0.5141653,146.04015,-82.639785)"
+ id="g8020">
+ <path
+ d="M 511.14114,441.25315 C 527.3248,533.52772 464.31248,622.82928 370.39916,640.71378 C 276.48584,658.59828 187.23462,598.29322 171.05095,506.01865 C 154.86728,413.74408 217.8796,324.44253 311.79292,306.55803 C 405.70624,288.67353 494.95747,348.97858 511.14114,441.25315 z"
+ id="path8022"
+ style="opacity:1;fill:#e0c96f;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(1.2585415,-0.2300055,0.2168789,1.1867072,-248.76141,68.254424)"
+ id="path8024"
+ style="opacity:1;fill:#c00000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 358.5625,281.15625 C 348.09597,281.05155 337.43773,281.94729 326.71875,283.90625 C 240.96686,299.57789 183.37901,377.92385 198.15625,458.78125 C 209.70749,521.98673 262.12957,567.92122 325.40625,577.5625 L 357.25,433.6875 L 509.34375,405.875 C 509.14405,404.58166 509.0804,403.29487 508.84375,402 C 495.91366,331.24978 431.82821,281.88918 358.5625,281.15625 z"
+ id="path8026"
+ style="opacity:1;fill:#b60000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 294.2107,361.9442 L 282.79367,370.38482 L 261.73414,386.13346 C 253.13706,404.40842 254.3359,423.7989 259.7176,444.39774 C 273.6797,497.83861 313.42636,523.96124 369.50989,517.58957 C 398.21848,514.32797 424.51832,504.67345 440.64696,484.15958 L 469.89512,447.48298 L 294.2107,361.9442 z"
+ id="path8028"
+ style="fill:#750000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.09999999;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-78.013985,79.234385)"
+ id="path8030"
+ style="opacity:1;fill:#d40000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-69.306684,71.273294)"
+ id="path8032"
+ style="opacity:1;fill:#e11212;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png
new file mode 100644
index 0000000..a73afdf
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png
new file mode 100644
index 0000000..a18f7c4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..d320f26
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..1ee5a29
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..1cd7332
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..122536d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..d5182b4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..e8fd52b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="220"
+ height="70"
+ id="svg6180">
+ <defs
+ id="defs6182" />
+ <g
+ transform="translate(-266.55899,-345.34488)"
+ id="layer1">
+ <path
+ d="m 316.7736,397.581 c 0,0 0,0 -20.53889,0 0.3327,4.45245 3.92157,7.77609 8.70715,7.77609 3.38983,0 6.31456,-1.39616 8.64094,-3.65507 0.46553,-0.46679 0.99726,-0.59962 1.59519,-0.59962 0.79781,0 1.59561,0.39932 2.12692,1.06388 0.3327,0.46553 0.53216,0.99726 0.53216,1.52857 0,0.73118 -0.3327,1.52857 -0.93106,2.12734 -2.7919,2.99052 -7.51086,4.98503 -12.16403,4.98503 -8.44149,0 -15.22074,-6.77967 -15.22074,-15.22158 0,-8.44149 6.58022,-15.22074 15.02171,-15.22074 8.37529,0 14.62323,6.51317 14.62323,15.08749 0,1.26418 -1.12924,2.12861 -2.39258,2.12861 z m -12.23065,-11.76512 c -4.45329,0 -7.51085,2.92473 -8.17499,7.17731 10.03626,0 16.35083,0 16.35083,0 -0.59836,-4.05355 -3.78874,-7.17731 -8.17584,-7.17731 z"
+ id="path11"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 375.46344,410.80807 c -8.44106,0 -15.22074,-6.77968 -15.22074,-15.22159 0,-8.44149 6.77968,-15.22074 15.22074,-15.22074 8.44234,0 15.22159,6.77925 15.22159,15.22074 -4.2e-4,8.44149 -6.77968,15.22159 -15.22159,15.22159 z m 0,-24.65992 c -5.31688,0 -8.77377,4.25427 -8.77377,9.43833 0,5.18364 3.45689,9.43833 8.77377,9.43833 5.31731,0 8.77504,-4.25469 8.77504,-9.43833 -4.2e-4,-5.18406 -3.45773,-9.43833 -8.77504,-9.43833 z"
+ id="path13"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 412.66183,380.36574 c -4.45963,0 -7.40966,1.319 -10.01391,4.62956 l -0.24036,-1.53995 0,0 c -0.20198,-1.60743 -1.57326,-2.84926 -3.23382,-2.84926 -1.80139,0 -3.26206,1.459 -3.26206,3.26081 0,0.003 0,0.005 0,0.008 l 0,0 0,0.003 0,0 0,23.40712 c 0,1.79464 1.46194,3.25743 3.257,3.25743 1.79465,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-12.56209 c 0,-5.71621 4.98502,-8.57432 10.23613,-8.57432 1.59519,0 2.85726,-1.32953 2.85726,-2.92515 0,-1.59561 -1.26207,-2.85726 -2.85768,-2.85726 z"
+ id="path15"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 447.02614,395.58648 c 0.0666,-8.17541 -5.78326,-15.22074 -15.222,-15.22074 -8.44192,0 -15.28779,6.77925 -15.28779,15.22074 0,8.44191 6.64684,15.22159 14.68985,15.22159 4.01434,0 7.62682,-2.06621 9.23846,-4.22518 l 0.79359,2.01434 0,0 c 0.42589,1.13177 1.5176,1.93717 2.7978,1.93717 1.65001,0 2.98756,-1.33671 2.99009,-2.98545 l 0,0 0,-7.80687 0,0 0,-4.1556 z m -15.222,9.43833 c -5.31773,0 -8.77419,-4.25469 -8.77419,-9.43833 0,-5.18406 3.45604,-9.43833 8.77419,-9.43833 5.3173,0 8.77419,4.25427 8.77419,9.43833 0,5.18364 -3.45689,9.43833 -8.77419,9.43833 z"
+ id="path17"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 355.01479,368.3337 c 0,-1.7938 -1.46194,-3.18997 -3.25659,-3.18997 -1.79422,0 -3.25743,1.39659 -3.25743,3.18997 l 0,17.1499 c -1.66097,-3.05756 -5.25026,-5.11786 -9.50495,-5.11786 -8.64052,0 -14.42336,6.51318 -14.42336,15.22074 0,8.70757 5.98229,15.22159 14.42336,15.22159 3.76555,0 7.03057,-1.55429 8.98587,-4.25554 l 0.72317,1.83428 c 0.44782,1.25912 1.64917,2.16024 3.06051,2.16024 1.78621,0 3.24984,-1.45435 3.24984,-3.24815 0,-0.005 0,-0.009 0,-0.0139 l 0,0 0,-38.95128 -4.2e-4,0 z m -15.22116,36.69111 c -5.31731,0 -8.70715,-4.25469 -8.70715,-9.43833 0,-5.18406 3.38984,-9.43833 8.70715,-9.43833 5.31773,0 8.70714,4.0544 8.70714,9.43833 0,5.38309 -3.38941,9.43833 -8.70714,9.43833 z"
+ id="path19"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 287.21553,365.34023 c -0.59414,-0.0877 -1.19966,-0.13198 -1.80097,-0.13198 -6.73118,0 -12.20746,5.4767 -12.20746,12.20788 l 0,3.8132 -3.98903,0 c -1.46237,0 -2.65908,1.19671 -2.65908,2.65781 0,1.46321 1.19671,2.93738 2.65908,2.93738 l 3.98819,0 0,20.46004 c 0,1.79464 1.46236,3.25743 3.25658,3.25743 1.79507,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-20.46004 4.40986,0 c 1.46194,0 2.65823,-1.47417 2.65823,-2.93738 0,-1.46152 -1.19629,-2.65823 -2.65823,-2.65823 l -4.40733,0 0,-3.8132 c 0,-3.13852 2.55323,-6.11469 5.69175,-6.11469 0.28294,0 0.56757,0.0211 0.84672,0.062 1.78031,0.26355 3.4358,-0.54269 3.70019,-2.32342 0.2627,-1.77904 -0.96606,-3.43538 -2.74594,-3.69935 z"
+ id="path21"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 482.01243,363.57426 c 0,-10.06788 -8.16108,-18.22938 -18.22897,-18.22938 -10.06282,0 -18.22179,8.15475 -18.22854,18.21631 l -4.2e-4,-4.2e-4 0,14.1071 4.2e-4,4.2e-4 c 0.005,2.28463 1.85832,4.13409 4.14463,4.13409 0.007,0 0.0127,-8.4e-4 0.0194,-8.4e-4 l 0.001,8.4e-4 14.07083,0 0,0 c 10.06409,-0.004 18.22138,-8.16276 18.22138,-18.22812 z"
+ id="path25"
+ style="fill:#294172" />
+ <path
+ d="m 469.13577,349.66577 c -4.72528,0 -8.55576,3.83049 -8.55576,8.55577 0,0.002 0,0.004 0,0.006 l 0,4.52836 -4.51444,0 c -8.5e-4,0 -8.5e-4,0 -0.001,0 -4.72528,0 -8.55576,3.81193 -8.55576,8.53678 0,4.72528 3.83048,8.55577 8.55576,8.55577 4.72486,0 8.55534,-3.83049 8.55534,-8.55577 0,-0.002 0,-0.004 0,-0.006 l 0,-4.54733 4.51444,0 c 8.5e-4,0 0.001,0 0.002,0 4.72486,0 8.55534,-3.79296 8.55534,-8.51781 0,-4.72528 -3.83048,-8.55577 -8.55534,-8.55577 z m -8.55576,21.63483 c -0.004,2.48998 -2.02446,4.50811 -4.51571,4.50811 -2.49378,0 -4.53426,-2.02193 -4.53426,-4.5157 0,-2.49421 2.04048,-4.55366 4.53426,-4.55366 0.002,0 0.004,4.2e-4 0.006,4.2e-4 l 3.86971,0 c 0.001,0 0.002,-4.2e-4 0.003,-4.2e-4 0.35209,0 0.63799,0.28505 0.63799,0.63715 0,4.2e-4 -4.2e-4,8.4e-4 -4.2e-4,0.001 l 0,3.92284 -4.2e-4,0 z m 8.55534,-8.5448 c -0.001,0 -0.003,0 -0.004,0 l -3.87223,0 c -8.4e-4,0 -0.002,0 -0.002,0 -0.35252,0 -0.63757,-0.28506 -0.63757,-0.63758 l 0,-4.2e-4 0,-3.90343 c 0.004,-2.49083 2.02
446,-4.50854 4.51571,-4.50854 2.49378,0 4.53468,2.02193 4.53468,4.51613 4.2e-4,2.49336 -2.04048,4.53384 -4.53426,4.53384 z"
+ id="path29"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 460.58001,362.7558 0,-4.52836 c 0,-0.002 0,-0.004 0,-0.006 0,-4.72528 3.83048,-8.55577 8.55576,-8.55577 0.71685,0 1.22623,0.0805 1.88952,0.25469 0.96774,0.25385 1.75796,1.04618 1.75838,1.96922 4.2e-4,1.11575 -0.80919,1.92621 -2.0194,1.92621 -0.57642,0 -0.78473,-0.11048 -1.62892,-0.11048 -2.49125,0 -4.51149,2.01771 -4.51571,4.50854 l 0,3.90385 0,4.2e-4 c 0,0.35252 0.28505,0.63758 0.63757,0.63758 4.3e-4,0 0.001,0 0.002,0 l 2.96521,0 c 1.10521,0 1.99747,0.88467 1.99832,1.99283 0,1.10816 -0.89353,1.99114 -1.99832,1.99114 l -3.60489,0 0,4.54733 c 0,0.002 0,0.004 0,0.006 0,4.72485 -3.83048,8.55534 -8.55534,8.55534 -0.71684,0 -1.22623,-0.0805 -1.88952,-0.25469 -0.96774,-0.25343 -1.75838,-1.04618 -1.7588,-1.9688 0,-1.11575 0.80919,-1.92663 2.01982,-1.92663 0.576,0 0.78473,0.11048 1.6285,0.11048 2.49125,0 4.51191,-2.01771 4.51613,-4.50811 0,0 0,-3.92368 0,-3.9241 0,-0.35168 -0.2859,-0.63673 -0.63799,-0.63673 -4.3e-4,0 -8.5e-4,0 -0.002,0 l -2.96521,-4.2e-4 c -1.10521,0 -1.
99831,-0.88214 -1.99831,-1.9903 -4.3e-4,-1.11533 0.90238,-1.99367 2.01939,-1.99367 l 3.58339,0 0,0 z"
+ id="path31"
+ style="fill:#ffffff" />
+ <path
+ d="m 477.41661,378.55292 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="text6223"
+ style="fill:#294172;enable-background:new" />
+ </g>
+ <path
+ d="m 181.98344,61.675273 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="path2391"
+ style="fill:#294172;enable-background:new" />
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..ce09951
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..5f2612c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="warning.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/warning.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2482">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="910"
+ inkscape:window-width="1284"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2484" />
+ </defs>
+ <g
+ transform="matrix(0.4536635,0,0,0.4536635,-5.1836431,-4.6889387)"
+ id="layer1">
+ <g
+ transform="translate(2745.6887,-1555.5977)"
+ id="g8304"
+ style="enable-background:new">
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.8233528,8.9983906e-3,-8.9983906e-3,0.8233528,-1398.5561,740.7914)"
+ id="path8034"
+ style="opacity:1;fill:#efd259;fill-opacity:1;stroke:#efd259;stroke-opacity:1" />
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.6467652,7.0684723e-3,-7.0684723e-3,0.6467652,-1675.7492,927.16391)"
+ id="path8036"
+ style="opacity:1;fill:#a42324;fill-opacity:1;stroke:#a42324;stroke-opacity:1" />
+ <path
+ d="M -2686.7886,1597.753 C -2686.627,1596.5292 -2686.5462,1595.6987 -2686.5462,1595.218 C -2686.5462,1593.1637 -2688.0814,1592.0711 -2690.9899,1592.0711 C -2693.8985,1592.0711 -2695.4336,1593.12 -2695.4336,1595.218 C -2695.4336,1595.961 -2695.3528,1596.7914 -2695.1912,1597.753 L -2692.929,1614.4491 L -2689.0508,1614.4491 L -2686.7886,1597.753"
+ id="path8038"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ <path
+ d="M -2690.9899,1617.8197 C -2693.6124,1617.8197 -2695.8118,1619.9346 -2695.8118,1622.6416 C -2695.8118,1625.3486 -2693.6124,1627.4635 -2690.9899,1627.4635 C -2688.2829,1627.4635 -2686.168,1625.264 -2686.168,1622.6416 C -2686.168,1619.9346 -2688.2829,1617.8197 -2690.9899,1617.8197"
+ id="path8040"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ </g>
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..0ead5af
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/SCLogin.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/SCLogin.png
new file mode 100644
index 0000000..5bdef58
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/SCLogin.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png
new file mode 100644
index 0000000..2809b32
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/auth-panel.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/auth-panel.png
new file mode 100644
index 0000000..6335d2f
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/auth-panel.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/authicon.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/authicon.png
new file mode 100644
index 0000000..e397b63
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/authicon.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png
new file mode 100644
index 0000000..1dbf27d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png
new file mode 100644
index 0000000..6abd4b0
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png
new file mode 100644
index 0000000..4a236a7
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png
new file mode 100644
index 0000000..e49a5c1
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png
new file mode 100644
index 0000000..5457d97
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-service_config.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-service_config.png
new file mode 100644
index 0000000..71b4c21
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-service_config.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png
new file mode 100644
index 0000000..9527476
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png
new file mode 100644
index 0000000..54ccc33
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/icon.svg b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/icon.svg
new file mode 100644
index 0000000..c471a60
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/icon.svg
@@ -0,0 +1,3936 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
+ xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg3017"
+ sodipodi:version="0.32"
+ inkscape:version="0.44+devel"
+ sodipodi:docname="book.svg"
+ sodipodi:docbase="/home/andy/Desktop">
+ <metadata
+ id="metadata489">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="480"
+ inkscape:window-width="858"
+ inkscape:pageshadow="0"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ inkscape:zoom="1"
+ inkscape:cx="16"
+ inkscape:cy="15.944056"
+ inkscape:window-x="0"
+ inkscape:window-y="33"
+ inkscape:current-layer="svg3017" />
+ <defs
+ id="defs3019">
+ <linearGradient
+ id="linearGradient2381">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop2383" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop2385" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="XMLID_1758_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop3903" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3905" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3890" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3892" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1755_">
+ <use
+ id="use3874"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3877" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3879" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3881" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3883" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="XMLID_1754_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop3863" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop3865" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop3867" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop3869" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop3851" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3853" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1751_">
+ <use
+ id="use3837"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3840" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3842" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3844" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3846" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="XMLID_1750_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3830" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3832" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3818" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3820" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="XMLID_1748_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3803" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3805" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3807" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3809" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="XMLID_2275_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9947" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9949" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9951" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9953" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_2273_">
+ <use
+ id="use9933"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="XMLID_2274_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9936" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9938" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9940" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9942" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="XMLID_2272_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9917" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9919" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9921" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9923" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleInM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(-0.4,-0.4)"
+ style="fill:#5c5c4f"
+ id="path3197" />
+ </marker>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="XMLID_3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#bfbfbf;stop-opacity:1"
+ offset="0"
+ id="stop20103" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop20105" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="linearGradient36592"
+ xlink:href="#XMLID_3298_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="XMLID_3297_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop20096" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20098" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="linearGradient36595"
+ xlink:href="#XMLID_3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="XMLID_3296_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#0f6124;stop-opacity:1"
+ offset="0"
+ id="stop20087" />
+ <stop
+ style="stop-color:#219630;stop-opacity:1"
+ offset="1"
+ id="stop20089" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#219630" />
+ </linearGradient>
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="linearGradient36677"
+ xlink:href="#XMLID_3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="XMLID_3295_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20076" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.5"
+ id="stop20078" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20080" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="linearGradient36604"
+ xlink:href="#XMLID_3295_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="XMLID_3294_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop20069" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20071" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="linearGradient36607"
+ xlink:href="#XMLID_3294_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="XMLID_3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20056" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20058" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20060" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20062" />
+ <stop
+ style="stop-color:#c2c2c2;stop-opacity:1"
+ offset="0.5"
+ id="stop20064" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C2C2C2" />
+ </linearGradient>
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="linearGradient36610"
+ xlink:href="#XMLID_3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="XMLID_3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20043" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20045" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20047" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20049" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20051" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="linearGradient36613"
+ xlink:href="#XMLID_3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleOutM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(0.4,0.4)"
+ style="fill:#5c5c4f;fill-rule:evenodd;stroke-width:1pt;marker-start:none"
+ id="path3238" />
+ </marker>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="XMLID_3457_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="stop8309" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8311" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="stop8313" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#B2B2B2" />
+ </linearGradient>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="lg1997"
+ xlink:href="#XMLID_3457_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="XMLID_3456_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="stop8300" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8302" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8304" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="lg2000"
+ xlink:href="#XMLID_3456_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="XMLID_3455_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8291" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.69999999"
+ id="stop8293" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8295" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.7"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="lg2003"
+ xlink:href="#XMLID_3455_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ id="lg63694">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop63696" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop63698" />
+ </linearGradient>
+ <linearGradient
+ x1="458"
+ y1="483"
+ x2="465.20001"
+ y2="271.39999"
+ id="lg2006"
+ xlink:href="#lg63694"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(6.3e-2,0,0,6.3e-2,-1.3,-9.8)" />
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="XMLID_3453_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8271" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0.2"
+ id="stop8273" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8275" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="lg2009"
+ xlink:href="#XMLID_3453_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="XMLID_3449_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8232" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8234" />
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="1"
+ id="stop8236" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#ECD600" />
+ </linearGradient>
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="lg2016"
+ xlink:href="#XMLID_3449_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8219" />
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8221" />
+ <stop
+ style="stop-color:#c96b00;stop-opacity:1"
+ offset="0.89999998"
+ id="stop8223" />
+ <stop
+ style="stop-color:#9a5500;stop-opacity:1"
+ offset="1"
+ id="stop8225" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.9"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#9A5500" />
+ </radialGradient>
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="rg2020"
+ xlink:href="#XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.513992,0,0,2.347576,-689.1621,-378.5717)" />
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="XMLID_3447_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="0"
+ id="stop8204" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8206" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8208" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="lg2026"
+ xlink:href="#XMLID_3447_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop8197" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="1"
+ id="stop8199" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFF95E" />
+ </radialGradient>
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="rg2029"
+ xlink:href="#XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.7,0,0,1.7,-457.5,-266.8)" />
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="XMLID_3445_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8184" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8186" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8188" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8190" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8192" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="lg2032"
+ xlink:href="#XMLID_3445_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="XMLID_3444_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8171" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8173" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8175" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8177" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8179" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="lg2035"
+ xlink:href="#XMLID_3444_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="379.70001"
+ y1="167.89999"
+ x2="383.89999"
+ y2="172.89999"
+ id="lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16159" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16161" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s16163" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="379.60001"
+ y1="167.8"
+ x2="383.79999"
+ y2="172"
+ id="lg6416"
+ xlink:href="#lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.622156,0.623859,-0.623859,2.62182,-882.9706,-673.7921)" />
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="s16152" />
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="1"
+ id="s16154" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg6453"
+ xlink:href="#lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="0"
+ id="s16145" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="s16147" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#E5E5E5"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg6456"
+ xlink:href="#lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <radialGradient
+ cx="347.29999"
+ cy="244.5"
+ r="5.1999998"
+ fx="347.29999"
+ fy="244.5"
+ id="lg4282_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#333;stop-opacity:1"
+ offset="0"
+ id="s16135" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s16137" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0"
+ id="s16111" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.60000002"
+ id="s16113" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="1"
+ id="s16115" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.6" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg6467"
+ xlink:href="#lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16100" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.40000001"
+ id="s16102" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0.89999998"
+ id="s16104" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16106" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.9" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg6465"
+ xlink:href="#lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="307.79999"
+ y1="395.20001"
+ x2="313.79999"
+ y2="413.60001"
+ id="lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16091" />
+ <stop
+ style="stop-color:#fcd72f;stop-opacity:1"
+ offset="0.40000001"
+ id="s16093" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16095" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="306.5"
+ y1="393"
+ x2="309"
+ y2="404"
+ id="lg6400"
+ xlink:href="#lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="352.10001"
+ y1="253.60001"
+ x2="348.5"
+ y2="237.8"
+ id="lg4276_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16077" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16079" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s16057" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.80000001"
+ id="s16059" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="s16061" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.8" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg6463"
+ xlink:href="#lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16048" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16050" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16052" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg6461"
+ xlink:href="#lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16041" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16043" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="5.6e-003" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg6381"
+ xlink:href="#lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="348.39999"
+ y1="247.39999"
+ x2="354.10001"
+ y2="242"
+ id="lg4271_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s16025" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.40000001"
+ id="s16027" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="s16029" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#000000"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg4270_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16007" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16009" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg6459"
+ xlink:href="#lg4270_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)" />
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="XMLID_2708_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop75318" />
+ <stop
+ style="stop-color:#fffcea;stop-opacity:1"
+ offset="1"
+ id="stop75320" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#FFFCEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="lg1907"
+ xlink:href="#XMLID_2708_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="XMLID_2707_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffdea0;stop-opacity:1"
+ offset="0"
+ id="stop75305" />
+ <stop
+ style="stop-color:#ffd89e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75307" />
+ <stop
+ style="stop-color:#ffd79e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75309" />
+ <stop
+ style="stop-color:#dbaf6d;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75311" />
+ <stop
+ style="stop-color:#6f4c24;stop-opacity:1"
+ offset="1"
+ id="stop75313" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.3" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6F4C24"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="lg1910"
+ xlink:href="#XMLID_2707_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="58"
+ y1="73.199997"
+ x2="44.5"
+ y2="19"
+ id="XMLID_2704_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)">
+ <stop
+ style="stop-color:#d4a96c;stop-opacity:1"
+ offset="0.5"
+ id="stop75284" />
+ <stop
+ style="stop-color:#dcb273;stop-opacity:1"
+ offset="0.60000002"
+ id="stop75286" />
+ <stop
+ style="stop-color:#f0ca87;stop-opacity:1"
+ offset="0.80000001"
+ id="stop75288" />
+ <stop
+ style="stop-color:#ffdc96;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75290" />
+ <stop
+ style="stop-color:#c18a42;stop-opacity:1"
+ offset="1"
+ id="stop75292" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C18A42"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="XMLID_2703_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0"
+ id="stop75268" />
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0.40000001"
+ id="stop75270" />
+ <stop
+ style="stop-color:#c0aa94;stop-opacity:1"
+ offset="1"
+ id="stop75272" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.4" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C0AA94"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="lg1916"
+ xlink:href="#XMLID_2703_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="224.31"
+ y1="19.450001"
+ x2="214.33"
+ y2="11.46"
+ id="XMLID_419_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#404040;stop-opacity:1"
+ offset="0"
+ id="s1903" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1905" />
+ <stop
+ style="stop-color:#e9e9e9;stop-opacity:1"
+ offset="1"
+ id="s1907" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E9E9E9" />
+ </linearGradient>
+ <linearGradient
+ x1="221.84"
+ y1="32.779999"
+ x2="212.2"
+ y2="20.27"
+ id="lg1988"
+ xlink:href="#XMLID_419_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1900"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s1902" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s1906" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.33" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D3D3D3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="234.81"
+ y1="33.279999"
+ x2="228.27"
+ y2="33.279999"
+ id="lg1908"
+ xlink:href="#lg1900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="XMLID_416_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#575757;stop-opacity:1"
+ offset="0"
+ id="s1874" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1876" />
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1"
+ offset="1"
+ id="s1878" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#D3D3D3" />
+ </linearGradient>
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1991"
+ xlink:href="#XMLID_416_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.1,0,0,1.1,-54.33,-75.4)">
+ <stop
+ style="stop-color:#c9ffc9;stop-opacity:1"
+ offset="0"
+ id="stop29201" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="stop29203" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#23A11F" />
+ </radialGradient>
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="radialGradient5711"
+ xlink:href="#x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.23,0,0,1.23,-709.93,-245.02)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5722"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="x5002_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29134" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.2"
+ id="stop29136" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="stop29138" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.20"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#999999" />
+ </linearGradient>
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="lg5725"
+ xlink:href="#x5002_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29157" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29159" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="lg5728"
+ xlink:href="#x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="x5003_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="stop29143" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="stop29145" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E5E5E5" />
+ </linearGradient>
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5732"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29124" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29126" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="lg5735"
+ xlink:href="#x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="XMLID_2433_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d6d6d6;stop-opacity:1"
+ offset="0"
+ id="71615" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71617" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="lg1952"
+ xlink:href="#XMLID_2433_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.98,0,0,0.98,2.88,2.75)">
+ <stop
+ style="stop-color:#d2d2d2;stop-opacity:1"
+ offset="0.19"
+ id="71592" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.44999999"
+ id="71594" />
+ <stop
+ style="stop-color:#c7c7c7;stop-opacity:1"
+ offset="0.60000002"
+ id="71596" />
+ <stop
+ style="stop-color:#b9b9b9;stop-opacity:1"
+ offset="0.74000001"
+ id="71598" />
+ <stop
+ style="stop-color:#a4a4a4;stop-opacity:1"
+ offset="0.86000001"
+ id="71600" />
+ <stop
+ style="stop-color:#8a8a8a;stop-opacity:1"
+ offset="0.95999998"
+ id="71602" />
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="1"
+ id="71604" />
+ <a:midPointStop
+ offset="0.19"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="0.8"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#808080" />
+ </radialGradient>
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="radialGradient2331"
+ xlink:href="#XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-276.62,-121.54)" />
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="XMLID_2430_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b5d8ff;stop-opacity:1"
+ offset="0"
+ id="71582" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="71584" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#000000" />
+ </linearGradient>
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="lg2820"
+ xlink:href="#XMLID_2430_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="XMLID_2429_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0"
+ id="71564" />
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0.25"
+ id="71566" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="0.44"
+ id="71568" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71570" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.25"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.44"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="lg2818"
+ xlink:href="#XMLID_2429_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.851,0,0,0.849,69.297,51.658)">
+ <stop
+ style="stop-color:#23468e;stop-opacity:1"
+ offset="0"
+ id="stop10972" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10974" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </radialGradient>
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="rg5791"
+ xlink:href="#lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.858,0,0,0.857,-511.7,9.02)" />
+ <linearGradient
+ x1="616.112"
+ y1="76.247002"
+ x2="588.14099"
+ y2="60.742001"
+ id="lg3497_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#01326e;stop-opacity:1"
+ offset="0"
+ id="stop10962" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10964" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg3496_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop10950" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10952" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg5794"
+ xlink:href="#lg3496_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg3495_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10941" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10943" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10945" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg5771"
+ xlink:href="#lg3495_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.615,-43.098)" />
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg3494_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10932" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10934" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10936" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg5774"
+ xlink:href="#lg3494_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.616,-43.098)" />
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="g3302_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#005e00;stop-opacity:1"
+ offset="0"
+ id="s6504" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="s6506" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#23A11F"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="lg5851"
+ xlink:href="#g3302_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s6483" />
+ <stop
+ style="stop-color:#eee;stop-opacity:1"
+ offset="0.17"
+ id="s6485" />
+ <stop
+ style="stop-color:#e3e3e3;stop-opacity:1"
+ offset="0.34"
+ id="s6487" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.50999999"
+ id="s6489" />
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1"
+ offset="0.67000002"
+ id="s6491" />
+ <stop
+ style="stop-color:#919191;stop-opacity:1"
+ offset="0.83999997"
+ id="s6493" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6495" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.71" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="lg5855"
+ xlink:href="#g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,103.123)" />
+ <clipPath
+ id="g3299_">
+ <use
+ id="use6469"
+ x="0"
+ y="0"
+ width="1005.92"
+ height="376.97"
+ xlink:href="#g101_" />
+ </clipPath>
+ <radialGradient
+ cx="1189.9301"
+ cy="100.05"
+ r="40.400002"
+ fx="1189.9301"
+ fy="100.05"
+ id="g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,-8.46e-2,0,0.34,394.16,137.13)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6472" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s6474" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#000000"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1199.74"
+ cy="97.150002"
+ r="40.400002"
+ fx="1199.74"
+ fy="97.150002"
+ id="rg5860"
+ xlink:href="#g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.409,-0.107,0,0.429,-451.489,113.149)" />
+ <linearGradient
+ x1="796.38"
+ y1="67.580002"
+ x2="781.28003"
+ y2="58.549999"
+ id="g3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#4c8bca;stop-opacity:1"
+ offset="0"
+ id="s6462" />
+ <stop
+ style="stop-color:#b7e9ff;stop-opacity:1"
+ offset="1"
+ id="s6464" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B7E9FF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6448" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6450" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="lg5890"
+ xlink:href="#g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)" />
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(0,70.17)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6439" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.51999998"
+ id="s6441" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6443" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.52" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="lg5866"
+ xlink:href="#g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,28.6)" />
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="g3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6412" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6414" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="lg5871"
+ xlink:href="#g3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="g3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="s6403" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.28"
+ id="s6405" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6407" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.28" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="lg5874"
+ xlink:href="#g3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,137.29)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6380" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="s6382" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="lg5878"
+ xlink:href="#g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,113.351)" />
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6371" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6373" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="rg5881"
+ xlink:href="#g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,0,0,0.36,238.56,86.87)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6362" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.63999999"
+ id="s6364" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6366" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.64" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="rg5884"
+ xlink:href="#g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.408,0,0,0.448,-638.943,49.495)" />
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6347" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.38999999"
+ id="s6349" />
+ <stop
+ style="stop-color:#b1b1b1;stop-opacity:1"
+ offset="0.75"
+ id="s6351" />
+ <stop
+ style="stop-color:#aaa;stop-opacity:1"
+ offset="0.88"
+ id="s6353" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.97000003"
+ id="s6355" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6357" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.39" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.87" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="rg5887"
+ xlink:href="#g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <pattern
+ patternTransform="matrix(0.592927,0,0,0.592927,78,462)"
+ id="cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-365.3146,-513.505)"
+ id="g3047">
+ id="path2858" />
+ <path
+ inkscape:label="#path2854"
+ sodipodi:nodetypes="czzzz"
+ style="fill:#e3dcc0"
+ id="path3060"
+ d="M 390.31462,529.50504 C 390.31462,534.47304 386.28262,538.50504 381.31462,538.50504 C 376.34662,538.50504 372.31462,534.47304 372.31462,529.50504 C 372.31462,524.53704 376.34662,520.50504 381.31462,520.50504 C 386.28262,520.50504 390.31462,524.53704 390.31462,529.50504 z " />
+</g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.733751,0,0,0.733751,67,367)"
+ id="dark-cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-408.0946,-513.505)"
+ id="dark-cream-spot"
+ inkscape:label="#g3043">
+ <path
+ sodipodi:nodetypes="czzzz"
+ style="fill:#c8c5ac"
+ d="M 433.09458,529.50504 C 433.09458,534.47304 429.06258,538.50504 424.09458,538.50504 C 419.12658,538.50504 415.09458,534.47304 415.09458,529.50504 C 415.09458,524.53704 419.12658,520.50504 424.09458,520.50504 C 429.06258,520.50504 433.09458,524.53704 433.09458,529.50504 z "
+ id="path2953" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.375,0,0,0.375,379,400)"
+ id="white-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-484.3997,-513.505)"
+ id="white-spot"
+ inkscape:label="#g3035">
+ <path
+ style="opacity:0.25;fill:white"
+ id="path3033"
+ d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+ sodipodi:nodetypes="czzzz" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.455007,0,0,0.455007,-5e-5,1.9e-5)"
+ id="black-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-448.3997,-513.505)"
+ id="black-spot"
+ inkscape:label="#g3039">
+ <path
+ sodipodi:nodetypes="czzzz"
+ d="M 473.39967,529.50504 C 473.39967,534.47304 469.36767,538.50504 464.39967,538.50504 C 459.43167,538.50504 455.39967,534.47304 455.39967,529.50504 C 455.39967,524.53704 459.43167,520.50504 464.39967,520.50504 C 469.36767,520.50504 473.39967,524.53704 473.39967,529.50504 z "
+ id="path2961"
+ style="opacity:0.25;fill:black" />
+ </g>
+ </pattern>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="linearGradient17334"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17336" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17338" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17340" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17342" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5112"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.6461"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#16336E" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="linearGradient17426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop17428" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17430" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="linearGradient17434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17436" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17438" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17440" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17442" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="0.4213"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A6100C" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17709"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17711"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17713"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17715"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17717"
+ xlink:href="#XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17721"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17723"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17418" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17420" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <defs
+ id="defs9929">
+ <path
+ d="M 489.21,209.35 L 485.35,203.63 C 483.63,204.25 473.47,208.93 471.5,210.18 C 470.57,210.77 470.17,211.16 469.72,212.48 C 470.93,212.31 471.72,212.49 473.42,213.04 C 473.26,214.77 473.24,215.74 473.57,218.2 C 474.01,216.88 474.41,216.49 475.34,215.9 C 477.33,214.65 487.49,209.97 489.21,209.35 z "
+ id="XMLID_960_" />
+ </defs>
+ <clipPath
+ id="clipPath17448">
+ <use
+ id="use17450"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17452"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17454" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17456" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17458" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17460" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17463"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17465" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17467" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17469" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17471" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17807"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17810"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17812"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17814"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17816"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17818"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17349" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17351" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#96BAD6" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop17381" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17383" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17862"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,-166.1427,-0.18283)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17864"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3859">
+ <polygon
+ points="465.54,213.52 481.94,217.46 482.74,216.71 487.46,198.05 471.08,194.07 470.26,194.83 465.54,213.52 "
+ id="XMLID_343_" />
+ </defs>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="linearGradient17389"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop17391" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop17393" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop17395" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop17397" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17400">
+ <use
+ id="use17402"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17406" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17408" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17410" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17412" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17882"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3826">
+ <polygon
+ points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
+ id="XMLID_338_" />
+ </defs>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="linearGradient17357"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17359" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17361" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17364">
+ <use
+ id="use17366"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17370" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17372" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17374" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17376" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient2387"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5105"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5145"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient2381"
+ id="linearGradient2371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398" />
+ </defs>
+ <g
+ transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
+ id="g5089">
+ <path
+ d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
+ transform="translate(282.8327,227.1903)"
+ style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
+ id="path5091" />
+ <rect
+ width="27.85074"
+ height="29.369793"
+ rx="1.1414107"
+ ry="1.1414107"
+ x="286.96509"
+ y="227.63805"
+ style="fill:#032c87"
+ id="rect5093" />
+ <path
+ d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
+ style="fill:white"
+ id="rect5095" />
+ <path
+ d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
+ style="fill:#a70000;fill-opacity:1;stroke-width:2"
+ id="path5097" />
+ <rect
+ width="25.241802"
+ height="29.736675"
+ rx="0.89682275"
+ ry="0.89682275"
+ x="290.73544"
+ y="220.92249"
+ style="fill:#809cc9"
+ id="rect5099" />
+ <path
+ d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
+ transform="matrix(0.499065,-0.866565,0,1,0,0)"
+ style="fill:#4573b3;fill-opacity:1"
+ id="rect5101" />
+ <path
+ d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
+ style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
+ id="path5103" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png
new file mode 100644
index 0000000..281afd6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png
new file mode 100644
index 0000000..38ee5ea
Binary files /dev/null and b/public_html/en-US/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png differ
diff --git a/public_html/en-US/Fedora/18/html-single/Security_Guide/index.html b/public_html/en-US/Fedora/18/html-single/Security_Guide/index.html
new file mode 100644
index 0000000..43957a6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html-single/Security_Guide/index.html
@@ -0,0 +1,4442 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Security Guide</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><meta name="description" content="The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and to
ols, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="idp800784" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora</span> <span class="productnumber">18</span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idp800784" class="title">Security Guide</h1></div><div font
-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 18.0.1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ <span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
+
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat
.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:gent86 at fedoraproject.org">gent86 at fedoraproject.org</a></code></
div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm55382816" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2007-2012 Fedora Project Contributors.
+ </div><div class="para">
+ The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+ </div><div class="para">
+ Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+ </div><div class="para">
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+ </div><div class="para">
+ For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+ </div><div class="para">
+ <span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+ </div><div class="para">
+ <span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+ </div><div class="para">
+ <span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+ </div><div class="para">
+ <span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+ </div><div class="para">
+ All other trademarks are the property of their respective owners.
+ </div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Abstract</h6><div class="para">
+ The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#idm66696208">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="#idm92885824">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="#idm119129504">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="#idm121179040">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="#idm84121136">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. Security Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Securi
ty">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_a
nd_Vulnerabilities-Threats_to_Server_Security">1.2.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.3. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and
_Attacks">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Basic_Hardening">2. Basic Hardening Guide</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Gen
eral Principles</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Why is this important?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Physical Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Why this is important</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. What else can I do?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</a></span></dt></dl
></dd><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Keeping software up to date</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Services">2.8. Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">3. Securing Your Network</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_G
uide-Workstation_Security-Password_Security">3.1.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">3.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Securing Services With TCP Wrapper
s and xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><d
t><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduction</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Gu
ide-Yubikey">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Using Yubikey with a centralized server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Authenticating to websites with your Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM Configuration File Format</a><
/span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers and xinet
d</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. What is Kerberos?</a></span></dt><dt><span c
lass="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#sect-S
ecurity_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">3.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_N
AT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Co
mmand_Options_for_IPTables">3.9.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Additional Resources</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">4. Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Data at Rest</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Full Disk Encryptio
n</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. File Based Encryption</a></span></dt></dl></dd><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">4.2. Data in Motion</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS Disk Encryption</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip Encrypted Archives</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">4.2.5. Using GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></dd><dt><spa
n class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">5. General Principles of Information Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Tips, Guides, and Tools</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">6. Secure Installation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilize LUKS Partition Encryption</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">7. Software Maintenance</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Softwar
e">7.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-CVE">8. Common Vulnerabilities and Exposures</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin">8.1. YUM Plugin</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Using yum-plugin-security</a></span><
/dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">9. References</a></span></dt><dt><span class="appendix"><a href="#chap-Security_Guide-Encryption_Standards">A. Encryption Standards</a></span></dt><dd><dl><dt><span class="section"><a href="#idm85077008">A.1. Synchronous Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#idm60011744">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="#idm49745120">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section"><a href="#idm84238304">A.2. Public-key Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="#idm94639488">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="#idm78768064">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="#idm78623040">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="#idm77901920">A.2.4. SSL/TLS</a></span></dt><dt><span class="se
ction"><a href="#idm71985120">A.2.5. Cramer-Shoup Cryptosystem</a></span></dt><dt><span class="section"><a href="#idm71983744">A.2.6. ElGamal Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Publican-Revision_History">B. Revision History</a></span></dt></dl></div><div xml:lang="en-US" class="preface" id="pref-Security_Guide-Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div xml:lang="en-US" class="section" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm66696208">1. Document Conventions</h2></div></div></div><div class="para">
+ This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
+ </div><div class="para">
+ In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm92885824">1.1. Typographic Conventions</h3></div></div></div><div class="para">
+ Four typographic conventions are used to call attention to specific words and phrases. These conventions, and the circumstances they apply to, are as follows.
+ </div><div class="para">
+ <code class="literal">Mono-spaced Bold</code>
+ </div><div class="para">
+ Used to highlight system input, including shell commands, file names and paths. Also used to highlight keycaps and key combinations. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ To see the contents of the file <code class="filename">my_next_bestselling_novel</code> in your current working directory, enter the <code class="command">cat my_next_bestselling_novel</code> command at the shell prompt and press <span class="keycap"><strong>Enter</strong></span> to execute the command.
+ </div></blockquote></div><div class="para">
+ The above includes a file name, a shell command and a keycap, all presented in mono-spaced bold and all distinguishable thanks to context.
+ </div><div class="para">
+ Key combinations can be distinguished from keycaps by the hyphen connecting each part of a key combination. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Press <span class="keycap"><strong>Enter</strong></span> to execute the command.
+ </div><div class="para">
+ Press <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F2</strong></span> to switch to the first virtual terminal. Press <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> to return to your X-Windows session.
+ </div></blockquote></div><div class="para">
+ The first paragraph highlights the particular keycap to press. The second highlights two key combinations (each a set of three keycaps with each set pressed simultaneously).
+ </div><div class="para">
+ If source code is discussed, class names, methods, functions, variable names and returned values mentioned within a paragraph will be presented as above, in <code class="literal">mono-spaced bold</code>. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ File-related classes include <code class="classname">filesystem</code> for file systems, <code class="classname">file</code> for files, and <code class="classname">dir</code> for directories. Each class has its own associated set of permissions.
+ </div></blockquote></div><div class="para">
+ <span class="application"><strong>Proportional Bold</strong></span>
+ </div><div class="para">
+ This denotes words or phrases encountered on a system, including application names; dialog box text; labeled buttons; check-box and radio button labels; menu titles and sub-menu titles. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Choose <span class="guimenu"><strong>System</strong></span> → <span class="guisubmenu"><strong>Preferences</strong></span> → <span class="guimenuitem"><strong>Mouse</strong></span> from the main menu bar to launch <span class="application"><strong>Mouse Preferences</strong></span>. In the <span class="guilabel"><strong>Buttons</strong></span> tab, click the <span class="guilabel"><strong>Left-handed mouse</strong></span> check box and click <span class="guibutton"><strong>Close</strong></span> to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).
+ </div><div class="para">
+ To insert a special character into a <span class="application"><strong>gedit</strong></span> file, choose <span class="guimenu"><strong>Applications</strong></span> → <span class="guisubmenu"><strong>Accessories</strong></span> → <span class="guimenuitem"><strong>Character Map</strong></span> from the main menu bar. Next, choose <span class="guimenu"><strong>Search</strong></span> → <span class="guimenuitem"><strong>Find…</strong></span> from the <span class="application"><strong>Character Map</strong></span> menu bar, type the name of the character in the <span class="guilabel"><strong>Search</strong></span> field and click <span class="guibutton"><strong>Next</strong></span>. The character you sought will be highlighted in the <span class="guilabel"><strong>Character Table</strong></span>. Double-click this highlighted character to place it in the <span class="guilabel"><strong>Text to copy</strong></span> field and then click the <span class="guibutton"><stron
g>Copy</strong></span> button. Now switch back to your document and choose <span class="guimenu"><strong>Edit</strong></span> → <span class="guimenuitem"><strong>Paste</strong></span> from the <span class="application"><strong>gedit</strong></span> menu bar.
+ </div></blockquote></div><div class="para">
+ The above text includes application names; system-wide menu names and items; application-specific menu names; and buttons and text found within a GUI interface, all presented in proportional bold and all distinguishable by context.
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>Mono-spaced Bold Italic</code></em></code> or <span class="application"><strong><em class="replaceable"><code>Proportional Bold Italic</code></em></strong></span>
+ </div><div class="para">
+ Whether mono-spaced bold or proportional bold, the addition of italics indicates replaceable or variable text. Italics denotes text you do not input literally or displayed text that changes depending on circumstance. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ To connect to a remote machine using ssh, type <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> at a shell prompt. If the remote machine is <code class="filename">example.com</code> and your username on that machine is john, type <code class="command">ssh john at example.com</code>.
+ </div><div class="para">
+ The <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> command remounts the named file system. For example, to remount the <code class="filename">/home</code> file system, the command is <code class="command">mount -o remount /home</code>.
+ </div><div class="para">
+ To see the version of a currently installed package, use the <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code> command. It will return a result as follows: <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>.
+ </div></blockquote></div><div class="para">
+ Note the words in bold italics above — username, domain.name, file-system, package, version and release. Each word is a placeholder, either for text you enter when issuing a command or for text displayed by the system.
+ </div><div class="para">
+ Aside from standard usage for presenting the title of a work, italics denotes the first use of a new and important term. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Publican is a <em class="firstterm">DocBook</em> publishing system.
+ </div></blockquote></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm119129504">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
+ Terminal output and source code listings are set off visually from the surrounding text.
+ </div><div class="para">
+ Output sent to a terminal is set in <code class="computeroutput">mono-spaced roman</code> and presented thus:
+ </div><pre class="screen">books Desktop documentation drafts mss photos stuff svn
+books_tests Desktop1 downloads images notes scripts svgs</pre><div class="para">
+ Source-code listings are also set in <code class="computeroutput">mono-spaced roman</code> but add syntax highlighting as follows:
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+
+<span class="perl_Keyword">import</span> javax.naming.InitialContext;
+
+<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> ExClient
+{
+ <span class="perl_Keyword">public</span> <span class="perl_DataType">static</span> <span class="perl_DataType">void</span> <span class="perl_Function">main</span>(String args[])
+ <span class="perl_Keyword">throws</span> Exception
+ {
+ InitialContext iniCtx = <span class="perl_Keyword">new</span> InitialContext();
+ Object ref = iniCtx.<span class="perl_Function">lookup</span>(<span class="perl_String">"EchoBean"</span>);
+ EchoHome home = (EchoHome) ref;
+ Echo echo = home.<span class="perl_Function">create</span>();
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Created Echo"</span>);
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
+ }
+}</pre></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm121179040">1.3. Notes and Warnings</h3></div></div></div><div class="para">
+ Finally, we use three visual styles to draw attention to information that might otherwise be overlooked.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Notes are tips, shortcuts or alternative approaches to the task at hand. Ignoring a note should have no negative consequences, but you might miss out on a trick that makes your life easier.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Important boxes detail things that are easily missed: configuration changes that only apply to the current session, or services that need restarting before an update will apply. Ignoring a box labeled 'Important' will not cause data loss but may cause irritation and frustration.
+ </div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Warnings should not be ignored. Ignoring warnings will most likely cause data loss.
+ </div></div></div></div></div><div xml:lang="en-US" class="section" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm84121136">2. We Need Feedback!</h2></div></div></div><a id="idm88665392" class="indexterm"></a><div class="para">
+ If you find a typographical error in this manual, or if you have thought of a way to make this manual better, we would love to hear from you! Please submit a report in Bugzilla: <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a> against the product <span class="application"><strong>Fedora.</strong></span>
+ </div><div class="para">
+ When submitting a bug report, be sure to mention the manual's identifier: <em class="citetitle">security-guide</em>
+ </div><div class="para">
+ If you have a suggestion for improving the documentation, try to be as specific as possible when describing it. If you have found an error, please include the section number and some of the surrounding text so we can find it easily.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Security_Overview" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Security Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attacke
rs_and_Vulnerabilities">1.2. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.3. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Asse
ssment-Thinking_Like_the_Enemy">1.3.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guid
e-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></div><div class="para">
+ Because of the increased reliance on powerful, networked computers to help run businesses and keep track of our personal information, entire industries have been formed around the practice of network and computer security. Enterprises have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of the organization. Because most organizations are increasingly dynamic in nature, with workers accessing company IT resources locally and remotely, the need for secure computing environments has become more pronounced.
+ </div><div class="para">
+ Unfortunately, most organizations (as well as individual users) regard security as an afterthought, a process that is overlooked in favor of increased power, productivity, and budgetary concerns. Proper security implementation is often enacted postmortem — <span class="emphasis"><em>after</em></span> an unauthorized intrusion has already occurred. Security experts agree that taking the correct measures prior to connecting a site to an untrusted network, such as the Internet, is an effective means of thwarting most attempts at intrusion.
+ </div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Introduction_to_Security" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</h2></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</h3></div></div></div><div class="para">
+ Computer security is a general term that covers a wide area of computing and information processing. Industries that depend on computer systems and networks to conduct daily business transactions and access crucial information regard their data as an important part of their overall assets. Several terms and metrics have entered our daily business vocabulary, such as total cost of ownership (TCO) and quality of service (QoS). Using these metrics, industries can calculate aspects such as data integrity and high-availability as part of their planning and process management costs. In some industries, such as electronic commerce, the availability and trustworthiness of data can be the difference between success and failure.
+ </div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. How did Computer Security Come about?</h4></div></div></div><div class="para">
+ Information security has evolved over the years due to the increasing reliance on public networks not to disclose personal, financial, and other restricted information. There are numerous instances such as the Mitnick <sup>[<a id="idm99690592" href="#ftn.idm99690592" class="footnote">1</a>]</sup>and the Vladimir Levin <sup>[<a id="idm99691488" href="#ftn.idm99691488" class="footnote">2</a>]</sup>cases that prompted organizations across all industries to re-think the way they handle information, as well as its transmission and disclosure. The popularity of the Internet was one of the most important developments that prompted an intensified effort in data security.
+ </div><div class="para">
+ An ever-growing number of people are using their personal computers to gain access to the resources that the Internet has to offer. From research and information retrieval to electronic mail and commerce transaction, the Internet has been regarded as one of the most important developments of the 20th century.
+ </div><div class="para">
+ The Internet and its earlier protocols, however, were developed as a <em class="firstterm">trust-based</em> system. That is, the Internet Protocol was not designed to be secure in itself. There are no approved security standards built into the TCP/IP communications stack, leaving it open to potentially malicious users and processes across the network. Modern developments have made Internet communication more secure, but there are still several incidents that gain national attention and alert us to the fact that nothing is completely safe.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Security_Today"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. Security Today</h4></div></div></div><div class="para">
+ In February of 2000, a Distributed Denial of Service (DDoS) attack was unleashed on several of the most heavily-trafficked sites on the Internet. The attack rendered yahoo.com, cnn.com, amazon.com, fbi.gov, and several other sites completely unreachable to normal users, as it tied up routers for several hours with large-byte ICMP packet transfers, also called a <em class="firstterm">ping flood</em>. The attack was brought on by unknown assailants using specially created, widely available programs that scanned vulnerable network servers, installed client applications called <em class="firstterm">trojans</em> on the servers, and timed an attack with every infected server flooding the victim sites and rendering them unavailable. Many blame the attack on fundamental flaws in the way routers and the protocols used are structured to accept all incoming data, no matter where or for what purpose the packets are sent.
+ </div><div class="para">
+ In 2007, a data breach exploiting the widely-known weaknesses of the Wired Equivalent Privacy (WEP) wireless encryption protocol resulted in the theft from a global financial institution of over 45 million credit card numbers.<sup>[<a id="idm81502160" href="#ftn.idm81502160" class="footnote">3</a>]</sup>
+ </div><div class="para">
+ In a separate incident, the billing records of over 2.2 million patients stored on a backup tape were stolen from the front seat of a courier's car.<sup>[<a id="idm81503616" href="#ftn.idm81503616" class="footnote">4</a>]</sup>
+ </div><div class="para">
+ Currently, an estimated 1.8 billion people use or have used the Internet worldwide.<sup>[<a id="idm124053712" href="#ftn.idm124053712" class="footnote">5</a>]</sup> At the same time:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ On any given day, there are approximately 225 major incidences of security breach reported to the CERT Coordination Center at Carnegie Mellon University.<sup>[<a id="idm124055808" href="#ftn.idm124055808" class="footnote">6</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ In 2003, the number of CERT reported incidences jumped to 137,529 from 82,094 in 2002 and from 52,658 in 2001.<sup>[<a id="idm124057712" href="#ftn.idm124057712" class="footnote">7</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ The worldwide economic impact of the three most dangerous Internet Viruses of the last three years was estimated at US$13.2 Billion.<sup>[<a id="idm81552016" href="#ftn.idm81552016" class="footnote">8</a>]</sup>
+ </div></li></ul></div><div class="para">
+ From a 2008 global survey of business and technology executives "The Global State of Information Security"<sup>[<a id="idm81554272" href="#ftn.idm81554272" class="footnote">9</a>]</sup>, undertaken by <span class="emphasis"><em>CIO Magazine</em></span>, some points are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Just 43% of respondents audit or monitor user compliance with security policies
+ </div></li><li class="listitem"><div class="para">
+ Only 22% keep an inventory of the outside companies that use their data
+ </div></li><li class="listitem"><div class="para">
+ The source of nearly half of security incidents was marked as "Unknown"
+ </div></li><li class="listitem"><div class="para">
+ 44% of respondents plan to increase security spending in the next year
+ </div></li><li class="listitem"><div class="para">
+ 59% have an information security strategy
+ </div></li></ul></div><div class="para">
+ These results enforce the reality that computer security has become a quantifiable and justifiable expense for IT budgets. Organizations that require data integrity and high availability elicit the skills of system administrators, developers, and engineers to ensure 24x7 reliability of their systems, services, and information. Falling victim to malicious users, processes, or coordinated attacks is a direct threat to the success of the organization.
+ </div><div class="para">
+ Unfortunately, system and network security can be a difficult proposition, requiring an intricate knowledge of how an organization regards, uses, manipulates, and transmits its information. Understanding the way an organization (and the people that make up the organization) conducts business is paramount to implementing a proper security plan.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">1.1.1.3. Standardizing Security</h4></div></div></div><div class="para">
+ Enterprises in every industry rely on regulations and rules that are set by standards-making bodies such as the American Medical Association (AMA) or the Institute of Electrical and Electronics Engineers (IEEE). The same ideals hold true for information security. Many security consultants and vendors agree upon the standard security model known as CIA, or <em class="firstterm">Confidentiality, Integrity, and Availability</em>. This three-tiered model is a generally accepted component to assessing risks of sensitive information and establishing security policy. The following describes the CIA model in further detail:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Confidentiality — Sensitive information must be available only to a set of pre-defined individuals. Unauthorized transmission and usage of information should be restricted. For example, confidentiality of information ensures that a customer's personal or financial information is not obtained by an unauthorized individual for malicious purposes such as identity theft or credit fraud.
+ </div></li><li class="listitem"><div class="para">
+ Integrity — Information should not be altered in ways that render it incomplete or incorrect. Unauthorized users should be restricted from the ability to modify or destroy sensitive information.
+ </div></li><li class="listitem"><div class="para">
+ Availability — Information should be accessible to authorized users any time that it is needed. Availability is a warranty that information can be obtained with an agreed-upon frequency and timeliness. This is often measured in terms of percentages and agreed to formally in Service Level Agreements (SLAs) used by network service providers and their enterprise clients.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-SELinux"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</h3></div></div></div><div class="para">
+ Fedora includes an enhancement to the Linux kernel called SELinux, which implements a Mandatory Access Control (MAC) architecture that provides a fine-grained level of control over files, processes, users and applications in the system. Detailed discussion of SELinux is beyond the scope of this document; however, for more information on SELinux and its use in Fedora, refer to the Fedora SELinux User Guide available at <a href="http://docs.fedoraproject.org/">http://docs.fedoraproject.org/</a>. For more information on configuring and running services in Fedora that are protected by SELinux, refer to the SELinux Managing Confined Services Guide available at <a href="http://docs.fedoraproject.org">http://docs.fedoraproject.org/</a>. Other available resources for SELinux are listed in <a class="xref" href="#chap-Security_Guide-References">Chapter 9, <em>References</em></a>.
+ </div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Security_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</h3></div></div></div><div class="para">
+ Computer security is often divided into three distinct master categories, commonly referred to as <em class="wordasword">controls</em>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Physical
+ </div></li><li class="listitem"><div class="para">
+ Technical
+ </div></li><li class="listitem"><div class="para">
+ Administrative
+ </div></li></ul></div><div class="para">
+ These three broad categories define the main objectives of proper security implementation. Within these controls are sub-categories that further detail the controls and how to implement them.
+ </div><div class="section" id="sect-Security_Guide-Security_Controls-Physical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Physical_Controls">1.1.3.1. Physical Controls</h4></div></div></div><div class="para">
+ Physical control is the implementation of security measures in a defined structure used to deter or prevent unauthorized access to sensitive material. Examples of physical controls are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Closed-circuit surveillance cameras
+ </div></li><li class="listitem"><div class="para">
+ Motion or thermal alarm systems
+ </div></li><li class="listitem"><div class="para">
+ Security guards
+ </div></li><li class="listitem"><div class="para">
+ Picture IDs
+ </div></li><li class="listitem"><div class="para">
+ Locked and dead-bolted steel doors
+ </div></li><li class="listitem"><div class="para">
+ Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated methods used to recognize individuals)
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Technical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Technical_Controls">1.1.3.2. Technical Controls</h4></div></div></div><div class="para">
+ Technical controls use technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. Technical controls are far-reaching in scope and encompass such technologies as:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Encryption
+ </div></li><li class="listitem"><div class="para">
+ Smart cards
+ </div></li><li class="listitem"><div class="para">
+ Network authentication
+ </div></li><li class="listitem"><div class="para">
+ Access control lists (ACLs)
+ </div></li><li class="listitem"><div class="para">
+ File integrity auditing software
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Administrative_Controls">1.1.3.3. Administrative Controls</h4></div></div></div><div class="para">
+ Administrative controls define the human factors of security. They involve all levels of personnel within an organization and determine which users have access to what resources and information by such means as:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Training and awareness
+ </div></li><li class="listitem"><div class="para">
+ Disaster preparedness and recovery plans
+ </div></li><li class="listitem"><div class="para">
+ Personnel recruitment and separation strategies
+ </div></li><li class="listitem"><div class="para">
+ Personnel registration and accounting
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Conclusion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</h3></div></div></div><div class="para">
+ Now that you have learned about the origins, reasons, and aspects of security, you will find it easier to determine the appropriate course of action with regard to Fedora. It is important to know what factors and conditions make up security in order to plan and implement a proper strategy. With this information in mind, the process can be formalized and the path becomes clearer as you delve deeper into the specifics of the security process.
+ </div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attackers and Vulnerabilities</h2></div></div></div><div class="para">
+ To plan and implement a good security strategy, first be aware of some of the issues which determined, motivated attackers exploit to compromise systems. However, before detailing these issues, the terminology used when identifying an attacker must be defined.
+ </div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. A Quick History of Hackers</h3></div></div></div><div class="para">
+ The modern meaning of the term <em class="firstterm">hacker</em> has origins dating back to the 1960s and the Massachusetts Institute of Technology (MIT) Tech Model Railroad Club, which designed train sets of large scale and intricate detail. Hacker was a name used for club members who discovered a clever trick or workaround for a problem.
+ </div><div class="para">
+ The term hacker has since come to describe everything from computer buffs to gifted programmers. A common trait among most hackers is a willingness to explore in detail how computer systems and networks function with little or no outside motivation. Open source software developers often consider themselves and their colleagues to be hackers, and use the word as a term of respect.
+ </div><div class="para">
+ Typically, hackers follow a form of the <em class="firstterm">hacker ethic</em> which dictates that the quest for information and expertise is essential, and that sharing this knowledge is the hackers duty to the community. During this quest for knowledge, some hackers enjoy the academic challenges of circumventing security controls on computer systems. For this reason, the press often uses the term hacker to describe those who illicitly access systems and networks with unscrupulous, malicious, or criminal intent. The more accurate term for this type of computer hacker is <em class="firstterm">cracker</em> — a term created by hackers in the mid-1980s to differentiate the two communities.
+ </div><div class="section" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray">1.2.1.1. Shades of Gray</h4></div></div></div><div class="para">
+ Within the community of individuals who find and exploit vulnerabilities in systems and networks are several distinct groups. These groups are often described by the shade of hat that they "wear" when performing their security investigations and this shade is indicative of their intent.
+ </div><div class="para">
+ The <em class="firstterm">white hat hacker</em> is one who tests networks and systems to examine their performance and determine how vulnerable they are to intrusion. Usually, white hat hackers crack their own systems or the systems of a client who has specifically employed them for the purposes of security auditing. Academic researchers and professional security consultants are two examples of white hat hackers.
+ </div><div class="para">
+ A <em class="firstterm">black hat hacker</em> is synonymous with a cracker. In general, crackers are less focused on programming and the academic side of breaking into systems. They often rely on available cracking programs and exploit well known vulnerabilities in systems to uncover sensitive information for personal gain or to inflict damage on the target system or network.
+ </div><div class="para">
+ The <em class="firstterm">gray hat hacker</em>, on the other hand, has the skills and intent of a white hat hacker in most situations but uses his knowledge for less than noble purposes on occasion. A gray hat hacker can be thought of as a white hat hacker who wears a black hat at times to accomplish his own agenda.
+ </div><div class="para">
+ Gray hat hackers typically subscribe to another form of the hacker ethic, which says it is acceptable to break into systems as long as the hacker does not commit theft or breach confidentiality. Some would argue, however, that the act of breaking into a system is in itself unethical.
+ </div><div class="para">
+ Regardless of the intent of the intruder, it is important to know the weaknesses a cracker may likely attempt to exploit. The remainder of the chapter focuses on these issues.
+ </div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Threats to Network Security</h3></div></div></div><div class="para">
+ Bad practices when configuring the following aspects of a network can increase the risk of attack.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.2.2.1. Insecure Architectures</h4></div></div></div><div class="para">
+ A misconfigured network is a primary entry point for unauthorized users. Leaving a trust-based, open local network vulnerable to the highly-insecure Internet is much like leaving a door ajar in a crime-ridden neighborhood — nothing may happen for an arbitrary amount of time, but <span class="emphasis"><em>eventually</em></span> someone exploits the opportunity.
+ </div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks">1.2.2.1.1. Broadcast Networks</h5></div></div></div><div class="para">
+ System administrators often fail to realize the importance of networking hardware in their security schemes. Simple hardware such as hubs and routers rely on the broadcast or non-switched principle; that is, whenever a node transmits data across the network to a recipient node, the hub or router sends a broadcast of the data packets until the recipient node receives and processes the data. This method is the most vulnerable to address resolution protocol (<em class="firstterm">ARP</em>) or media access control (<em class="firstterm">MAC</em>) address spoofing by both outside intruders and unauthorized users on local hosts.
+ </div></div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers">1.2.2.1.2. Centralized Servers</h5></div></div></div><div class="para">
+ Another potential networking pitfall is the use of centralized computing. A common cost-cutting measure for many businesses is to consolidate all services to a single powerful machine. This can be convenient as it is easier to manage and costs considerably less than multiple-server configurations. However, a centralized server introduces a single point of failure on the network. If the central server is compromised, it may render the network completely useless or worse, prone to data manipulation or theft. In these situations, a central server becomes an open door which allows access to the entire network.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Threats to Server Security</h3></div></div></div><div class="para">
+ Server security is as important as network security because servers often hold a great deal of an organization's vital information. If a server is compromised, all of its contents may become available for the cracker to steal or manipulate at will. The following sections detail some of the main issues.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.2.3.1. Unused Services and Open Ports</h4></div></div></div><div class="para">
+ A full installation of Fedora contains 1000+ application and library packages. However, most server administrators do not opt to install every single package in the distribution, preferring instead to install a base installation of packages, including several server applications.
+ </div><div class="para">
+ A common occurrence among system administrators is to install the operating system without paying attention to what programs are actually being installed. This can be problematic because unneeded services may be installed, configured with the default settings, and possibly turned on. This can cause unwanted services, such as Telnet, DHCP, or DNS, to run on a server or workstation without the administrator realizing it, which in turn can cause unwanted traffic to the server, or even, a potential pathway into the system for crackers. Refer To <a class="xref" href="#sect-Security_Guide-Server_Security">Section 3.2, “Server Security”</a> for information on closing ports and disabling unused services.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.2.3.2. Unpatched Services</h4></div></div></div><div class="para">
+ Most server applications that are included in a default installation are solid, thoroughly tested pieces of software. Having been in use in production environments for many years, their code has been thoroughly refined and many of the bugs have been found and fixed.
+ </div><div class="para">
+ However, there is no such thing as perfect software and there is always room for further refinement. Moreover, newer software is often not as rigorously tested as one might expect, because of its recent arrival to production environments or because it may not be as popular as other server software.
+ </div><div class="para">
+ Developers and system administrators often find exploitable bugs in server applications and publish the information on bug tracking and security-related websites such as the Bugtraq mailing list (<a href="http://www.securityfocus.com">http://www.securityfocus.com</a>) or the Computer Emergency Response Team (CERT) website (<a href="http://www.cert.org">http://www.cert.org</a>). Although these mechanisms are an effective way of alerting the community to security vulnerabilities, it is up to system administrators to patch their systems promptly. This is particularly true because crackers have access to these same vulnerability tracking services and will use the information to crack unpatched systems whenever they can. Good system administration requires vigilance, constant bug tracking, and proper system maintenance to ensure a more secure computing environment.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Security_Updates">Section 1.5, “Security Updates”</a> for more information about keeping a system up-to-date.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.2.3.3. Inattentive Administration</h4></div></div></div><div class="para">
+ Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="idm65176880" href="#ftn.idm65176880" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
+ </div><div class="para">
+ Some administrators fail to patch their servers and workstations, while others fail to watch log messages from the system kernel or network traffic. Another common error is when default passwords or keys to services are left unchanged. For example, some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If a database administrator fails to change this password, even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. These are only a few examples of how inattentive administration can lead to compromised servers.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.2.3.4. Inherently Insecure Services</h4></div></div></div><div class="para">
+ Even the most vigilant organization can fall victim to vulnerabilities if the network services they choose are inherently insecure. For instance, there are many services developed under the assumption that they are used over trusted networks; however, this assumption fails as soon as the service becomes available over the Internet — which is itself inherently untrusted.
+ </div><div class="para">
+ One category of insecure network services are those that require unencrypted usernames and passwords for authentication. Telnet and FTP are two such services. If packet sniffing software is monitoring traffic between the remote user and such a service usernames and passwords can be easily intercepted.
+ </div><div class="para">
+ Inherently, such services can also more easily fall prey to what the security industry terms the <em class="firstterm">man-in-the-middle</em> attack. In this type of attack, a cracker redirects network traffic by tricking a cracked name server on the network to point to his machine instead of the intended server. Once someone opens a remote session to the server, the attacker's machine acts as an invisible conduit, sitting quietly between the remote service and the unsuspecting user capturing information. In this way a cracker can gather administrative passwords and raw data without the server or the user realizing it.
+ </div><div class="para">
+ Another category of insecure services include network file systems and information services such as NFS or NIS, which are developed explicitly for LAN usage but are, unfortunately, extended to include WANs (for remote users). NFS does not, by default, have any authentication or security mechanisms configured to prevent a cracker from mounting the NFS share and accessing anything contained therein. NIS, as well, has vital information that must be known by every computer on a network, including passwords and file permissions, within a plain text ASCII or DBM (ASCII-derived) database. A cracker who gains access to this database can then access every user account on a network, including the administrator's account.
+ </div><div class="para">
+ By default, Fedora is released with all such services turned off. However, since administrators often find themselves forced to use these services, careful configuration is critical. Refer to <a class="xref" href="#sect-Security_Guide-Server_Security">Section 3.2, “Server Security”</a> for more information about setting up services in a safe manner.
+ </div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Threats to Workstation and Home PC Security</h3></div></div></div><div class="para">
+ Workstations and home PCs may not be as prone to attack as networks or servers, but since they often contain sensitive data, such as credit card information, they are targeted by system crackers. Workstations can also be co-opted without the user's knowledge and used by attackers as "slave" machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can save users the headache of reinstalling the operating system, or worse, recovering from data theft.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.2.4.1. Bad Passwords</h4></div></div></div><div class="para">
+ Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, refer to <a class="xref" href="#sect-Security_Guide-Workstation_Security-Password_Security">Section 3.1.3, “Password Security”</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.2.4.2. Vulnerable Client Applications</h4></div></div></div><div class="para">
+ Although an administrator may have a fully secure and patched server, that does not mean remote users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public network, an attacker can capture the plain text usernames and passwords as they pass over the network, and then use the account information to access the remote user's workstation.
+ </div><div class="para">
+ Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.
+ </div><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Workstation_Security">Section 3.1, “Workstation Security”</a> discusses in more detail what steps administrators and home users should take to limit the vulnerability of computer workstations.
+ </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Vulnerability_Assessment" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.3. Vulnerability Assessment</h2></div></div></div><div class="para">
+ Given time, resources, and motivation, a cracker can break into nearly any system. At the end of the day, all of the security procedures and technologies currently available cannot guarantee that any systems are completely safe from intrusion. Routers help secure gateways to the Internet. Firewalls help secure the edge of the network. Virtual Private Networks safely pass data in an encrypted stream. Intrusion detection systems warn you of malicious activity. However, the success of each of these technologies is dependent upon a number of variables, including:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The expertise of the staff responsible for configuring, monitoring, and maintaining the technologies.
+ </div></li><li class="listitem"><div class="para">
+ The ability to patch and update services and kernels quickly and efficiently.
+ </div></li><li class="listitem"><div class="para">
+ The ability of those responsible to keep constant vigilance over the network.
+ </div></li></ul></div><div class="para">
+ Given the dynamic state of data systems and technologies, securing corporate resources can be quite complex. Due to this complexity, it is often difficult to find expert resources for all of your systems. While it is possible to have personnel knowledgeable in many areas of information security at a high level, it is difficult to retain staff who are experts in more than a few subject areas. This is mainly because each subject area of information security requires constant attention and focus. Information security does not stand still.
+ </div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Thinking Like the Enemy</h3></div></div></div><div class="para">
+ Suppose that you administer an enterprise network. Such networks are commonly comprised of operating systems, applications, servers, network monitors, firewalls, intrusion detection systems, and more. Now imagine trying to keep current with each of these. Given the complexity of today's software and networking environments, exploits and bugs are a certainty. Keeping current with patches and updates for an entire network can prove to be a daunting task in a large organization with heterogeneous systems.
+ </div><div class="para">
+ Combine the expertise requirements with the task of keeping current, and it is inevitable that adverse incidents occur, systems are breached, data is corrupted, and service is interrupted.
+ </div><div class="para">
+ To augment security technologies and aid in protecting systems, networks, and data, you must think like a cracker and gauge the security of your systems by checking for weaknesses. Preventative vulnerability assessments against your own systems and network resources can reveal potential issues that can be addressed before a cracker exploits it.
+ </div><div class="para">
+ A vulnerability assessment is an internal audit of your network and system security; the results of which indicate the confidentiality, integrity, and availability of your network (as explained in <a class="xref" href="#sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">Section 1.1.1.3, “Standardizing Security”</a>). Typically, vulnerability assessment starts with a reconnaissance phase, during which important data regarding the target systems and resources is gathered. This phase leads to the system readiness phase, whereby the target is essentially checked for all known vulnerabilities. The readiness phase culminates in the reporting phase, where the findings are classified into categories of high, medium, and low risk; and methods for improving the security (or mitigating the risk of vulnerability) of the target are discussed.
+ </div><div class="para">
+ If you were to perform a vulnerability assessment of your home, you would likely check each door to your home to see if they are closed and locked. You would also check every window, making sure that they closed completely and latch correctly. This same concept applies to systems, networks, and electronic data. Malicious users are the thieves and vandals of your data. Focus on their tools, mentality, and motivations, and you can then react swiftly to their actions.
+ </div></div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Defining Assessment and Testing</h3></div></div></div><div class="para">
+ Vulnerability assessments may be broken down into one of two types: <em class="firstterm">Outside looking in</em> and <em class="firstterm">inside looking around</em>.
+ </div><div class="para">
+ When performing an outside looking in vulnerability assessment, you are attempting to compromise your systems from the outside. Being external to your company provides you with the cracker's viewpoint. You see what a cracker sees — publicly-routable IP addresses, systems on your <em class="firstterm">DMZ</em>, external interfaces of your firewall, and more. DMZ stands for "demilitarized zone", which corresponds to a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
+ </div><div class="para">
+ When you perform an inside looking around vulnerability assessment, you are somewhat at an advantage since you are internal and your status is elevated to trusted. This is the viewpoint you and your co-workers have once logged on to your systems. You see print servers, file servers, databases, and other resources.
+ </div><div class="para">
+ There are striking distinctions between these two types of vulnerability assessments. Being internal to your company gives you elevated privileges more so than any outsider. Still today in most organizations, security is configured in such a manner as to keep intruders out. Very little is done to secure the internals of the organization (such as departmental firewalls, user-level access controls, authentication procedures for internal resources, and more). Typically, there are many more resources when looking around inside as most systems are internal to a company. Once you set yourself outside of the company, you immediately are given an untrusted status. The systems and resources available to you externally are usually very limited.
+ </div><div class="para">
+ Consider the difference between vulnerability assessments and <em class="firstterm">penetration tests</em>. Think of a vulnerability assessment as the first step to a penetration test. The information gleaned from the assessment is used for testing. Whereas the assessment is undertaken to check for holes and potential vulnerabilities, the penetration testing actually attempts to exploit the findings.
+ </div><div class="para">
+ Assessing network infrastructure is a dynamic process. Security, both information and physical, is dynamic. Performing an assessment shows an overview, which can turn up false positives and false negatives.
+ </div><div class="para">
+ Security administrators are only as good as the tools they use and the knowledge they retain. Take any of the assessment tools currently available, run them against your system, and it is almost a guarantee that there are some false positives. Whether by program fault or user error, the result is the same. The tool may find vulnerabilities which in reality do not exist (false positive); or, even worse, the tool may not find vulnerabilities that actually do exist (false negative).
+ </div><div class="para">
+ Now that the difference between a vulnerability assessment and a penetration test is defined, take the findings of the assessment and review them carefully before conducting a penetration test as part of your new best practices approach.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Attempting to exploit vulnerabilities on production resources can have adverse effects to the productivity and efficiency of your systems and network.
+ </div></div></div><div class="para">
+ The following list examines some of the benefits to performing vulnerability assessments.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Creates proactive focus on information security
+ </div></li><li class="listitem"><div class="para">
+ Finds potential exploits before crackers find them
+ </div></li><li class="listitem"><div class="para">
+ Results in systems being kept up to date and patched
+ </div></li><li class="listitem"><div class="para">
+ Promotes growth and aids in developing staff expertise
+ </div></li><li class="listitem"><div class="para">
+ Abates financial loss and negative publicity
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology">1.3.2.1. Establishing a Methodology</h4></div></div></div><div class="para">
+ To aid in the selection of tools for a vulnerability assessment, it is helpful to establish a vulnerability assessment methodology. Unfortunately, there is no predefined or industry approved methodology at this time; however, common sense and best practices can act as a sufficient guide.
+ </div><div class="para">
+ <span class="emphasis"><em>What is the target? Are we looking at one server, or are we looking at our entire network and everything within the network? Are we external or internal to the company?</em></span> The answers to these questions are important as they help determine not only which tools to select but also the manner in which they are used.
+ </div><div class="para">
+ To learn more about establishing methodologies, refer to the following websites:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.isecom.org/osstmm/">http://www.isecom.org/osstmm/</a> <em class="citetitle">The Open Source Security Testing Methodology Manual</em> (OSSTMM)
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.owasp.org/">http://www.owasp.org/</a> <em class="citetitle">The Open Web Application Security Project</em>
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Evaluating the Tools</h3></div></div></div><div class="para">
+ An assessment can start by using some form of an information gathering tool. When assessing the entire network, map the layout first to find the hosts that are running. Once located, examine each host individually. Focusing on these hosts requires another set of tools. Knowing which tools to use may be the most crucial step in finding vulnerabilities.
+ </div><div class="para">
+ Just as in any aspect of everyday life, there are many different tools that perform the same job. This concept applies to performing vulnerability assessments as well. There are tools specific to operating systems, applications, and even networks (based on the protocols used). Some tools are free; others are not. Some tools are intuitive and easy to use, while others are cryptic and poorly documented but have features that other tools do not.
+ </div><div class="para">
+ Finding the right tools may be a daunting task and in the end, experience counts. If possible, set up a test lab and try out as many tools as you can, noting the strengths and weaknesses of each. Review the README file or man page for the tool. Additionally, look to the Internet for more information, such as articles, step-by-step guides, or even mailing lists specific to a tool.
+ </div><div class="para">
+ The tools discussed below are just a small sampling of the available tools.
+ </div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap">1.3.3.1. Scanning Hosts with Nmap</h4></div></div></div><div class="para">
+ Nmap is a popular tool included in Fedora that can be used to determine the layout of a network. Nmap has been available for many years and is probably the most often used tool when gathering information. An excellent man page is included that provides a detailed description of its options and usage. Administrators can use Nmap on a network to find host systems and open ports on those systems.
+ </div><div class="para">
+ Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host. Nmap is a good foundation for establishing a policy of using secure services and stopping unused services.
+ </div><div class="section" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap">1.3.3.1.1. Using Nmap</h5></div></div></div><div class="para">
+ Nmap can be run from a shell prompt by typing the <code class="command">nmap</code> command followed by the hostname or IP address of the machine to scan.
+ </div><pre class="screen"><code class="command">nmap foo.example.com</code></pre><div class="para">
+ The results of a basic scan (which could take up to a few minutes, depending on where the host is located and other network conditions) should look similar to the following:
+ </div><pre class="screen">
+Starting Nmap 4.68 ( http://nmap.org )
+Interesting ports on foo.example.com:
+Not shown: 1710 filtered ports
+PORT STATE SERVICE
+22/tcp open ssh
+53/tcp open domain
+70/tcp closed gopher
+80/tcp open http
+113/tcp closed auth</pre><div class="para">
+ Nmap tests the most common network communication ports for listening or waiting services. This knowledge can be helpful to an administrator who wants to close down unnecessary or unused services.
+ </div><div class="para">
+ For more information about using Nmap, refer to the official homepage at the following URL:
+ </div><div class="para">
+ <a href="http://www.insecure.org/">http://www.insecure.org/</a>
+ </div></div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nessus"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.3.3.2. Nessus</h4></div></div></div><div class="para">
+ Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The Nessus client and server software is included in Fedora repositories but requires a subscription to use. It has been included in this document as a reference to users who may be interested in using this popular application.
+ </div></div></div><div class="para">
+ For more information about Nessus, refer to the official website at the following URL:
+ </div><div class="para">
+ <a href="http://www.nessus.org/">http://www.nessus.org/</a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nikto"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.3.3.3. Nikto</h4></div></div></div><div class="para">
+ Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It comes with thorough documentation which should be carefully reviewed prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
+ </div><div class="para">
+ More information about Nikto can be found at the following URL:
+ </div><div class="para">
+ <a href="http://www.cirt.net/code/nikto.shtml">http://www.cirt.net/code/nikto.shtml</a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.3.3.4. VLAD the Scanner</h4></div></div></div><div class="para">
+ VLAD is a vulnerabilities scanner developed by the <acronym class="acronym">RAZOR</acronym> team at Bindview, Inc., which checks for the SANS Top Ten list of common security issues (SNMP issues, file sharing issues, etc.). While not as full-featured as Nessus, VLAD is worth investigating.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ VLAD is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
+ </div></div></div><div class="para">
+ More information about VLAD can be found on the RAZOR team website at the following URL:
+ </div><div class="para">
+ <a href="http://www.bindview.com/Support/Razor/Utilities/">http://www.bindview.com/Support/Razor/Utilities/</a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.3.3.5. Anticipating Your Future Needs</h4></div></div></div><div class="para">
+ Depending upon your target and resources, there are many tools available. There are tools for wireless networks, Novell networks, Windows systems, Linux systems, and more. Another essential part of performing assessments may include reviewing physical security, personnel screening, or voice/PBX network assessment. New concepts, such as <em class="firstterm">war walking</em>, which involves scanning the perimeter of your enterprise's physical structures for wireless network vulnerabilities, are some emerging concepts that you can investigate and, if needed, incorporate into your assessments. Imagination and exposure are the only limits of planning and conducting vulnerability assessments.
+ </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Common_Exploits_and_Attacks" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><div class="para">
+ <a class="xref" href="#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits">Table 1.1, “Common Exploits”</a> details some of the most common exploits and entry points used by intruders to access organizational network resources. Key to these common exploits are the explanations of how they are performed and how administrators can properly safeguard their network against such attacks.
+ </div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><h6>Table 1.1. Common Exploits</h6><div class="table-contents"><table summary="Common Exploits" border="1"><colgroup><col width="20%" class="Exploit" /><col width="40%" class="Description" /><col width="40%" class="Notes" /></colgroup><thead><tr><th>
+ Exploit
+ </th><th>
+ Description
+ </th><th>
+ Notes
+ </th></tr></thead><tbody><tr><td>
+ Null or Default Passwords
+ </td><td>
+ Leaving administrative passwords blank or using a default password set by the product vendor. This is most common in hardware such as routers and firewalls, though some services that run on Linux can contain default administrator passwords (though Fedora 12 does not ship with them).
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Commonly associated with networking hardware such as routers, firewalls, VPNs, and network attached storage (NAS) appliances. </td></tr><tr><td> Common in many legacy operating systems, especially those that bundle services (such as UNIX and Windows.) </td></tr><tr><td> Administrators sometimes create privileged user accounts in a rush and leave the password null, creating a perfect entry point for malicious users who discover the account. </td></tr></table>
+
+ </td></tr><tr><td>
+ Default Shared Keys
+ </td><td>
+ Secure services sometimes package default security keys for development or evaluation testing purposes. If these keys are left unchanged and are placed in a production environment on the Internet, <span class="emphasis"><em>all</em></span> users with the same default keys have access to that shared-key resource, and any sensitive information that it contains.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Most common in wireless access points and preconfigured secure server appliances. </td></tr></table>
+
+ </td></tr><tr><td>
+ IP Spoofing
+ </td><td>
+ A remote machine acts as a node on your local network, finds vulnerabilities with your servers, and installs a backdoor program or trojan horse to gain control over your network resources.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Spoofing is quite difficult as it involves the attacker predicting TCP/IP sequence numbers to coordinate a connection to target systems, but several tools are available to assist crackers in performing such a vulnerability. </td></tr><tr><td> Depends on target system running services (such as <code class="command">rsh</code>, <code class="command">telnet</code>, FTP and others) that use <em class="firstterm">source-based</em> authentication techniques, which are not recommended when compared to PKI or other forms of encrypted authentication used in <code class="command">ssh</code> or SSL/TLS. </td></tr></table>
+
+ </td></tr><tr><td>
+ Eavesdropping
+ </td><td>
+ Collecting data that passes between two active nodes on a network by eavesdropping on the connection between the two nodes.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> This type of attack works mostly with plain text transmission protocols such as Telnet, FTP, and HTTP transfers. </td></tr><tr><td> Remote attacker must have access to a compromised system on a LAN in order to perform such an attack; usually the cracker has used an active attack (such as IP spoofing or man-in-the-middle) to compromise a system on the LAN. </td></tr><tr><td> Preventative measures include services with cryptographic key exchange, one-time passwords, or encrypted authentication to prevent password snooping; strong encryption during transmission is also advised. </td></tr></table>
+
+ </td></tr><tr><td>
+ Service Vulnerabilities
+ </td><td>
+ An attacker finds a flaw or loophole in a service run over the Internet; through this vulnerability, the attacker compromises the entire system and any data that it may hold, and could possibly compromise other systems on the network.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> HTTP-based services such as CGI are vulnerable to remote command execution and even interactive shell access. Even if the HTTP service runs as a non-privileged user such as "nobody", information such as configuration files and network maps can be read, or the attacker can start a denial of service attack which drains system resources or renders it unavailable to other users. </td></tr><tr><td> Services sometimes can have vulnerabilities that go unnoticed during development and testing; these vulnerabilities (such as <em class="firstterm">buffer overflows</em>, where attackers crash a service using arbitrary values that fill the memory buffer of an application, giving the attacker an interactive command prompt from which they may execute arbitrary commands) can give complete administrative control to an attacker. </td></tr><tr><td> Administrators should make sure that services do not run as the root use
r, and should stay vigilant of patches and errata updates for applications from vendors or security organizations such as CERT and CVE. </td></tr></table>
+
+ </td></tr><tr><td>
+ Application Vulnerabilities
+ </td><td>
+ Attackers find faults in desktop and workstation applications (such as e-mail clients) and execute arbitrary code, implant trojan horses for future compromise, or crash systems. Further exploitation can occur if the compromised workstation has administrative privileges on the rest of the network.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Workstations and desktops are more prone to exploitation as workers do not have the expertise or experience to prevent or detect a compromise; it is imperative to inform individuals of the risks they are taking when they install unauthorized software or open unsolicited email attachments. </td></tr><tr><td> Safeguards can be implemented such that email client software does not automatically open or execute attachments. Additionally, the automatic update of workstation software via Red Hat Network or other system management services can alleviate the burdens of multi-seat security deployments. </td></tr></table>
+
+ </td></tr><tr><td>
+ Denial of Service (DoS) Attacks
+ </td><td>
+ Attacker or group of attackers coordinate against an organization's network or server resources by sending unauthorized packets to the target host (either server, router, or workstation). This forces the resource to become unavailable to legitimate users.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> The most reported DoS case in the US occurred in 2000. Several highly-trafficked commercial and government sites were rendered unavailable by a coordinated ping flood attack using several compromised systems with high bandwidth connections acting as <em class="firstterm">zombies</em>, or redirected broadcast nodes. </td></tr><tr><td> Source packets are usually forged (as well as rebroadcasted), making investigation as to the true source of the attack difficult. </td></tr><tr><td> Advances in ingress filtering (IETF rfc2267) using <code class="command">iptables</code> and Network Intrusion Detection Systems such as <code class="command">snort</code> assist administrators in tracking down and preventing distributed DoS attacks. </td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Security_Updates" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Security Updates</h2></div></div></div><div class="para">
+ As security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks. If the software is part of a package within a Fedora distribution that is currently supported, Fedora is committed to releasing updated packages that fix the vulnerability as soon as is possible. Often, announcements about a given security exploit are accompanied with a patch (or source code that fixes the problem). This patch is then applied to the Fedora package and tested and released as an errata update. However, if an announcement does not include a patch, a developer first works with the maintainer of the software to fix the problem. Once the problem is fixed, the package is tested and released as an errata update.
+ </div><div class="para">
+ If an errata update is released for software used on your system, it is highly recommended that you update the affected packages as soon as possible to minimize the amount of time the system is potentially vulnerable.
+ </div><div class="section" id="sect-Security_Guide-Security_Updates-Updating_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</h3></div></div></div><div class="para">
+ When updating software on a system, it is important to download the update from a trusted source. An attacker can easily rebuild a package with the same version number as the one that is supposed to fix the problem but with a different security exploit and release it on the Internet. If this happens, using security measures such as verifying files against the original RPM does not detect the exploit. Thus, it is very important to only download RPMs from trusted sources, such as from Fedora and to check the signature of the package to verify its integrity.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Fedora includes a convenient panel icon that displays visible alerts when there is an update for a Fedora system.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</h3></div></div></div><div class="para">
+ All Fedora packages are signed with the Fedora <em class="firstterm">GPG</em> key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Fedora does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.
+ </div><div class="para">
+ The RPM utility within Fedora automatically tries to verify the GPG signature of an RPM package before installing it. If the Fedora GPG key is not installed, install it from a secure, static location, such as an Fedora installation CD-ROM or DVD.
+ </div><div class="para">
+ Assuming the disc is mounted in <code class="filename">/mnt/cdrom</code>, use the following command to import it into the <em class="firstterm">keyring</em> (a database of trusted keys on the system):
+ </div><pre class="screen"><code class="command">rpm --import /mnt/cdrom/RPM-GPG-KEY</code></pre><div class="para">
+ To display a list of all keys installed for RPM verification, execute the following command:
+ </div><pre class="screen"><code class="command">rpm -qa gpg-pubkey*</code></pre><div class="para">
+ The output will look similar to the following:
+ </div><pre class="screen"><code class="computeroutput">gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ To display details about a specific key, use the <code class="command">rpm -qi</code> command followed by the output from the previous command, as in this example:
+ </div><pre class="screen"><code class="command">rpm -qi gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:
+ </div><pre class="screen"><code class="command">rpm -K /tmp/updates/*.rpm</code></pre><div class="para">
+ For each package, if the GPG key verifies successfully, the command returns <code class="computeroutput">gpg OK</code>. If it doesn't, make sure you are using the correct Fedora public key, as well as verifying the source of the content. Packages that do not pass GPG verifications should not be installed, as they may have been altered by a third party.
+ </div><div class="para">
+ After verifying the GPG key and downloading all the packages associated with the errata report, install the packages as root at a shell prompt.
+ </div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</h3></div></div></div><div class="para">
+ Installation for most packages can be done safely (except kernel packages) by issuing the following command:
+ </div><pre class="screen"><code class="command">rpm -Uvh /tmp/updates/*.rpm</code></pre><div class="para">
+ For kernel packages use the following command:
+ </div><pre class="screen"><code class="command">rpm -ivh /tmp/updates/<em class="replaceable"><code><kernel-package></code></em></code></pre><div class="para">
+ Replace <em class="replaceable"><code><kernel-package></code></em> in the previous example with the name of the kernel RPM.
+ </div><div class="para">
+ Once the machine has been safely rebooted using the new kernel, the old kernel may be removed using the following command:
+ </div><pre class="screen"><code class="command">rpm -e <em class="replaceable"><code><old-kernel-package></code></em></code></pre><div class="para">
+ Replace <em class="replaceable"><code><old-kernel-package></code></em> in the previous example with the name of the older kernel RPM.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ It is not a requirement that the old kernel be removed. The default boot loader, GRUB, allows for multiple kernels to be installed, then chosen from a menu at boot time.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Before installing any security errata, be sure to read any special instructions contained in the errata report and execute them accordingly. Refer to <a class="xref" href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">Section 1.5.4, “Applying the Changes”</a> for general instructions about applying the changes made by an errata update.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</h3></div></div></div><div class="para">
+ After downloading and installing security errata and updates, it is important to halt usage of the older software and begin using the new software. How this is done depends on the type of software that has been updated. The following list itemizes the general categories of software and provides instructions for using the updated versions after a package upgrade.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ In general, rebooting the system is the surest way to ensure that the latest version of a software package is used; however, this option is not always required, or available to the system administrator.
+ </div></div></div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applications</span></dt><dd><div class="para">
+ User-space applications are any programs that can be initiated by a system user. Typically, such applications are used only when a user, script, or automated task utility launches them and they do not persist for long periods of time.
+ </div><div class="para">
+ Once such a user-space application is updated, halt any instances of the application on the system and launch the program again to use the updated version.
+ </div></dd><dt class="varlistentry"><span class="term">Kernel</span></dt><dd><div class="para">
+ The kernel is the core software component for the Fedora operating system. It manages access to memory, the processor, and peripherals as well as schedules all tasks.
+ </div><div class="para">
+ Because of its central role, the kernel cannot be restarted without also stopping the computer. Therefore, an updated version of the kernel cannot be used until the system is rebooted.
+ </div></dd><dt class="varlistentry"><span class="term">Shared Libraries</span></dt><dd><div class="para">
+ Shared libraries are units of code, such as <code class="filename">glibc</code>, which are used by a number of applications and services. Applications utilizing a shared library typically load the shared code when the application is initialized, so any applications using the updated library must be halted and relaunched.
+ </div><div class="para">
+ To determine which running applications link against a particular library, use the <code class="command">lsof</code> command as in the following example:
+ </div><pre class="screen"><code class="command">lsof /lib/libwrap.so*</code></pre><div class="para">
+ This command returns a list of all the running programs which use TCP wrappers for host access control. Therefore, any program listed must be halted and relaunched if the <code class="filename">tcp_wrappers</code> package is updated.
+ </div></dd><dt class="varlistentry"><span class="term">SysV Services</span></dt><dd><div class="para">
+ SysV services are persistent server programs launched during the boot process. Examples of SysV services include <code class="command">sshd</code>, <code class="command">vsftpd</code>, and <code class="command">xinetd</code>.
+ </div><div class="para">
+ Because these programs usually persist in memory as long as the machine is booted, each updated SysV service must be halted and relaunched after the package is upgraded. This can be done using the <span class="application"><strong>Services Configuration Tool</strong></span> or by logging into a root shell prompt and issuing the <code class="command">/sbin/service</code> command as in the following example:
+ </div><pre class="screen"><code class="command">/sbin/service <em class="replaceable"><code><service-name></code></em> restart</code></pre><div class="para">
+ In the previous example, replace <em class="replaceable"><code><service-name></code></em> with the name of the service, such as <code class="command">sshd</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="command">xinetd</code> Services</span></dt><dd><div class="para">
+ Services controlled by the <code class="command">xinetd</code> super service only run when a there is an active connection. Examples of services controlled by <code class="command">xinetd</code> include Telnet, IMAP, and POP3.
+ </div><div class="para">
+ Because new instances of these services are launched by <code class="command">xinetd</code> each time a new request is received, connections that occur after an upgrade are handled by the updated software. However, if there are active connections at the time the <code class="command">xinetd</code> controlled service is upgraded, they are serviced by the older version of the software.
+ </div><div class="para">
+ To kill off older instances of a particular <code class="command">xinetd</code> controlled service, upgrade the package for the service then halt all processes currently running. To determine if the process is running, use the <code class="command">ps</code> command and then use the <code class="command">kill</code> or <code class="command">killall</code> command to halt current instances of the service.
+ </div><div class="para">
+ For example, if security errata <code class="filename">imap</code> packages are released, upgrade the packages, then type the following command as root into a shell prompt:
+ </div><pre class="screen"><code class="command">ps -aux | grep imap</code></pre><div class="para">
+ This command returns all active IMAP sessions. Individual sessions can then be terminated by issuing the following command:
+ </div><pre class="screen"><code class="command">kill <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ If this fails to terminate the session, use the following command instead:
+ </div><pre class="screen"><code class="command">kill -9 <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ In the previous examples, replace <em class="replaceable"><code><PID></code></em> with the process identification number (found in the second column of the <code class="command">ps</code> command) for an IMAP session.
+ </div><div class="para">
+ To kill all active IMAP sessions, issue the following command:
+ </div><pre class="screen"><code class="command">killall imapd</code></pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm99690592" href="#idm99690592" class="para">1</a>] </sup>
+ http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm99691488" href="#idm99691488" class="para">2</a>] </sup>
+ http://www.livinginternet.com/i/ia_hackers_levin.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm81502160" href="#idm81502160" class="para">3</a>] </sup>
+ http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm81503616" href="#idm81503616" class="para">4</a>] </sup>
+ http://www.healthcareitnews.com/story.cms?id=9408
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm124053712" href="#idm124053712" class="para">5</a>] </sup>
+ http://www.internetworldstats.com/stats.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm124055808" href="#idm124055808" class="para">6</a>] </sup>
+ http://www.cert.org
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm124057712" href="#idm124057712" class="para">7</a>] </sup>
+ http://www.cert.org/stats/fullstats.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm81552016" href="#idm81552016" class="para">8</a>] </sup>
+ http://www.newsfactor.com/perl/story/16407.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm81554272" href="#idm81554272" class="para">9</a>] </sup>
+ http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm65176880" href="#idm65176880" class="para">10</a>] </sup>
+ http://www.sans.org/resources/errors.php
+ </div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Basic_Hardening" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Basic Hardening Guide</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. General Principles</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Why is this important?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Physical Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Why this is important</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. What else can I do?</a></span></dt><dt><span class="s
ection"><a href="#sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Keeping software up to date</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Services">2.8. Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</a></span></dt></dl></div><div class="para">
+ The <a href="http://www.nsa.gov">US National Security Agency</a> (NSA) has developed two guides for hardening a default installation of Red Hat Enterprise Linux 5. Many of the tips provided in these guides are also valid for installations of Fedora. This Basic Hardening Guide will cover portions of the NSA's Hardening Tips and will explain why implementing these tips are important. This document does not represent the full NSA Hardening Guide.
+ </div><div class="para">
+ As with any change to a system these changes could cause unintended results. Changes should be evaluated for appropriateness on your system before implementing.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles">2.1. General Principles</h2></div></div></div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Encrypt all data transmitted over the network. Encrypting authentication information (such as passwords) is particularly important.</td></tr><tr><td>Minimize the amount of software installed and running in order to minimize vulnerability.</td></tr><tr><td>Use security-enhancing software and tools whenever available (e.g. SELinux and IPTables).</td></tr><tr><td>Run each network service on a separate server whenever possible. This minimizes the risk that a compromise of one service could lead to a compromise of others.</td></tr><tr><td>Maintain user accounts. Create a good password policy and enforce its use. Delete unused user accounts.</td></tr><tr><td>Review system and application logs on a routine basis. Send logs to a dedicated log server. This prevents intruders from easily avoiding detection by modifying the local logs.</td></tr><tr><td>Never log in directly as root, unless absolutely necessary. Admin
istrators should use <code class="command">sudo</code> to execute commands as root when required. The accounts capable of using sudo are specified in <code class="filename">/etc/sudoers</code>, which is edited with the visudo utility. By default, relevant logs are written to <code class="filename">/var/log/secure</code>.</td></tr></table>
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Why is this important?</h2></div></div></div><div class="para">
+ The general principles from the NSA represent a best practices overview of security. There are items in the above list that probably won't be used by everyone and there are items missing that should be stressed as a best practice. Additional information on these ideas and others will be explained below.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Physical Security</h2></div></div></div><div class="para">
+ Physical security of the system is of utmost importance. Many of the suggestions given here won't protect your system if the attacker has physical access to the system.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ This section contains information regarding GRUB Legacy and not the current release of GRUB (also known as GRUB2). Fedora 16 does not use GRUB Legacy so many of the commands below will not function in Fedora 16 or later versions.
+ </div></div></div><div class="para">
+ Configure the BIOS to disable booting from CDs/DVDs, floppies, and external devices, and set a password to protect these settings. Next, set a password for the GRUB bootloader. Generate a password hash using the command <code class="command">/sbin/grub-md5-crypt</code>. Add the hash to the first line of <code class="command">/etc/grub.conf</code> using <code class="command">password --md5 'passwordhash'</code>. This prevents users from entering single user mode or changing settings at boot time.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Why this is important</h2></div></div></div><div class="para">
+ An attacker could take complete control of your system by booting from an external source. By booting from an external source (e.g. a live Linux CD) many of the security settings are bypassed. If the attacker can modify the GRUB settings they can boot into single user mode which allows admin access to the system.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. What else can I do?</h2></div></div></div><div class="para">
+ Ever since Fedora 9, LUKS encryption has been natively supported to protect data stored in a LUKS encrypted partition. When you install Fedora 9, check the box to encrypt your file system when you setup your file system. By encrypting your root partition and your <code class="filename">/home</code> partition (or the single / partition if you accept the default file system) attackers using an external source or booting into single user mode. Of course you use a strong passphrase to protect your data.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</h2></div></div></div><div class="para">
+ The computer's network connection is the gateway to your system. Your files and processor time could be available to anyone who successfully connects to your system via this network connection if other safeguards have not been implemented. One of the primary ways to keep you in control of your system is to prevent the attackers from gaining access to your system in the first place.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> is the most widely used firewall software on Linux systems today. This program intercepts packets coming into your computer via the network connection and filters them according to rules you have specified. Additional information can be found in <a class="xref" href="#sect-Security_Guide-IPTables">Section 3.9, “IPTables”</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</h3></div></div></div><div class="para">
+ IPv6 is the latest Internet protocol which aims to solve the address quantity shortfall inherent to IPv4. And while there are no security risks directly associated with the new protocol there are a few things to understand before utilizing this new technology.
+ </div><div class="para">
+ Most system administrators are familiar with IPv4 and the work-arounds that were put in place to make IPv4 work. One of these work-arounds is network address translation, or <em class="firstterm">NAT</em>. NAT is traditionally used to keep the number of needed public IP addresses to a minimum when setting up a local area network. Systems on these networks do not all require public IP addresses and valuable address space can be saved by implementing this technology. There are some security features that were side effects to NAT; the biggest being that outside traffic cannot make it inside the network unless a port is forwarded across the router. Because IPv6 solves the addressing problem there is no longer a need to use NAT. Everything can have a public IP address and, by extension, everything is not publically routable across the Internet when physical and logical connections are made.
+ </div><div class="para">
+ Another thing to worry about is how security software deals with this new protocol. <span class="application"><strong>iptables</strong></span> does not know or understand IPv6 and so it ignores those packets altogether. That means if your network is utilizing IPv6 and you have not activated <span class="application"><strong>ip6tables</strong></span> then you have just left the door to your system open to the world.
+ </div><div class="para">
+ Using IPv6 is not dangerous as long as you know and understand the changes that your system's software went through to make it possible to use this new network protocol.
+ </div></div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Up_to_date"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Keeping software up to date</h2></div></div></div><div class="para">
+ Software gets patched everyday. Some of these updates fix security problems that were identified by the developers. When these patches become available it is important that they are applied to your system as soon as possible. One of the easier ways to manage updates for your system is using <span class="application"><strong>yum</strong></span>. A special plugin is available to allow only security updates to be installed while ignoring bugfixes and enhancements. This plugin is explained better at <a class="xref" href="#sect-Security_Guide-CVE-yum_plugin">Section 8.1, “YUM Plugin”</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Services"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Services">2.8. Services</h2></div></div></div><div class="para">
+ Services in Linux are programs that run as daemons in the background. It is important to audit these programs regularly to determine if they need to be running. Many daemons open network ports in order to listen for calls. Having unnecessary ports open can harm the overall security of the system. An unknown security flaw in a piece of software can allow a hacker into a system for no good reason.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-NTP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</h2></div></div></div><div class="para">
+ Network Time Protocol, or <em class="firstterm">NTP</em>, keeps the time on your systems accurate. Time is a very important piece of the security puzzle and should be maintained as precisely as possible. Time is used in log files, timestamps, and in encryption. If someone is able to control the time settings on one of your systems then they are able to make the recreation of a break-in that much more difficult.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Securing_Your_Network" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Password Security</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Administrative Controls</a></span></dt><dt><sp
an class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">3.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NI
S">3.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Securing FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduction</a></spa
n></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Yubikey">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Using Yubikey with a centralized server</a></span></dt><dt><span class="section"><a href="#sect-Secu
rity_Guide-Yubikey-Web_Sites">3.4.2. Authenticating to websites with your Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_G
uide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wr
appers_Configuration_Files">3.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. How Kerberos Works</a></span>
</dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Additional Resources</a
></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">3.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.
6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a
href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Additional Resources</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Workstation_Security" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Workstation_Security">3.1. Workstation Security</h2></div></div></div><div class="para">
+ Securing a Linux environment begins with the workstation. Whether locking down a personal machine or securing an enterprise system, sound security policy begins with the individual computer. A computer network is only as secure as its weakest node.
+ </div><div class="section" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Evaluating Workstation Security</h3></div></div></div><div class="para">
+ When evaluating the security of a Fedora workstation, consider the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>BIOS and Boot Loader Security</em></span> — Can an unauthorized user physically access the machine and boot into single user or rescue mode without a password?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Password Security</em></span> — How secure are the user account passwords on the machine?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Administrative Controls</em></span> — Who has an account on the system and how much administrative control do they have?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Available Network Services</em></span> — What services are listening for requests from the network and should they be running at all?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Personal Firewalls</em></span> — What type of firewall, if any, is necessary?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Security Enhanced Communication Tools</em></span> — Which tools should be used to communicate between workstations and which should be avoided?
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS and Boot Loader Security</h3></div></div></div><div class="para">
+ Password protection for the BIOS (or BIOS equivalent) and the boot loader can prevent unauthorized users who have physical access to systems from booting using removable media or obtaining root privileges through single user mode. The security measures you should take to protect against such attacks depends both on the sensitivity of the information on the workstation and the location of the machine.
+ </div><div class="para">
+ For example, if a machine is used in a secure location where only trusted people have access and the computer contains no sensitive information, then it may not be critical to prevent such attacks. However, if an employee's laptop with private, unencrypted SSH keys for the corporate network is left unattended at a trade show, it could lead to a major security breach with ramifications for the entire company.
+ </div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">3.1.2.1. BIOS Passwords</h4></div></div></div><div class="para">
+ The two primary reasons for password protecting the BIOS of a computer are<sup>[<a id="idm88604832" href="#ftn.idm88604832" class="footnote">11</a>]</sup>:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Changes to BIOS Settings</em></span> — If an intruder has access to the BIOS, they can set it to boot from a diskette or CD-ROM. This makes it possible for them to enter rescue mode or single user mode, which in turn allows them to start arbitrary processes on the system or copy sensitive data.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing System Booting</em></span> — Some BIOSes allow password protection of the boot process. When activated, an attacker is forced to enter a password before the BIOS launches the boot loader.
+ </div></li></ol></div><div class="para">
+ Because the methods for setting a BIOS password vary between computer manufacturers, consult the computer's manual for specific instructions.
+ </div><div class="para">
+ If you forget the BIOS password, it can either be reset with jumpers on the motherboard or by disconnecting the CMOS battery. For this reason, it is good practice to lock the computer case if possible. However, consult the manual for the computer or motherboard before attempting to disconnect the CMOS battery.
+ </div><div class="section" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms">3.1.2.1.1. Securing Non-x86 Platforms</h5></div></div></div><div class="para">
+ Other architectures use different programs to perform low-level tasks roughly equivalent to those of the BIOS on x86 systems. For instance, <span class="trademark">Intel</span>® <span class="trademark">Itanium</span>™ computers use the <em class="firstterm">Extensible Firmware Interface</em> (<em class="firstterm">EFI</em>) shell.
+ </div><div class="para">
+ For instructions on password protecting BIOS-like programs on other architectures, refer to the manufacturer's instructions.
+ </div></div></div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">3.1.2.2. Boot Loader Passwords</h4></div></div></div><div class="para">
+ The primary reasons for password protecting a Linux boot loader are as follows:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Access to Single User Mode</em></span> — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Access to the GRUB Console</em></span> — If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the <code class="command">cat</code> command.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Access to Insecure Operating Systems</em></span> — If it is a dual-boot system, an attacker can select an operating system at boot time (for example, DOS), which ignores access controls and file permissions.
+ </div></li></ol></div><div class="para">
+ Fedora ships with the GRUB boot loader on the x86 platform. For a detailed look at GRUB, refer to the Red Hat Installation Guide.
+ </div><div class="section" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB">3.1.2.2.1. Password Protecting GRUB</h5></div></div></div><div class="para">
+ You can configure GRUB to address the first two issues listed in <a class="xref" href="#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Section 3.1.2.2, “Boot Loader Passwords”</a> by adding a password directive to its configuration file. To do this, first choose a strong password, open a shell, log in as root, and then type the following command:
+ </div><pre class="screen"><code class="command">/sbin/grub-md5-crypt</code></pre><div class="para">
+ When prompted, type the GRUB password and press <span class="keycap"><strong>Enter</strong></span>. This returns an MD5 hash of the password.
+ </div><div class="para">
+ Next, edit the GRUB configuration file <code class="filename">/boot/grub/grub.conf</code>. Open the file and below the <code class="command">timeout</code> line in the main section of the document, add the following line:
+ </div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre><div class="para">
+ Replace <em class="replaceable"><code><password-hash></code></em> with the value returned by <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="idm82596208" href="#ftn.idm82596208" class="footnote">12</a>]</sup>.
+ </div><div class="para">
+ The next time the system boots, the GRUB menu prevents access to the editor or command interface without first pressing <span class="keycap"><strong>p</strong></span> followed by the GRUB password.
+ </div><div class="para">
+ Unfortunately, this solution does not prevent an attacker from booting into an insecure operating system in a dual-boot environment. For this, a different part of the <code class="filename">/boot/grub/grub.conf</code> file must be edited.
+ </div><div class="para">
+ Look for the <code class="computeroutput">title</code> line of the operating system that you want to secure, and add a line with the <code class="command">lock</code> directive immediately beneath it.
+ </div><div class="para">
+ For a DOS system, the stanza should begin similar to the following:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock</code></pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ A <code class="computeroutput">password</code> line must be present in the main section of the <code class="filename">/boot/grub/grub.conf</code> file for this method to work properly. Otherwise, an attacker can access the GRUB editor interface and remove the lock line.
+ </div></div></div><div class="para">
+ To create a different password for a particular kernel or operating system, add a <code class="command">lock</code> line to the stanza, followed by a password line.
+ </div><div class="para">
+ Each stanza protected with a unique password should begin with lines similar to the following example:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Password_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Password Security</h3></div></div></div><div class="para">
+ Passwords are the primary method that Fedora uses to verify a user's identity. This is why password security is so important for protection of the user, the workstation, and the network.
+ </div><div class="para">
+ For security purposes, the installation program configures the system to use <em class="firstterm">Message-Digest Algorithm</em> (<span class="emphasis"><em>MD5</em></span>) and shadow passwords. It is highly recommended that you do not alter these settings.
+ </div><div class="para">
+ If MD5 passwords are deselected during installation, the older <em class="firstterm">Data Encryption Standard</em> (<em class="firstterm"><acronym class="acronym">DES</acronym></em>) format is used. This format limits passwords to eight alphanumeric characters (disallowing punctuation and other special characters), and provides a modest 56-bit level of encryption.
+ </div><div class="para">
+ If shadow passwords are deselected during installation, all passwords are stored as a one-way hash in the world-readable <code class="filename">/etc/passwd</code> file, which makes the system vulnerable to offline password cracking attacks. If an intruder can gain access to the machine as a regular user, he can copy the <code class="filename">/etc/passwd</code> file to his own machine and run any number of password cracking programs against it. If there is an insecure password in the file, it is only a matter of time before the password cracker discovers it.
+ </div><div class="para">
+ Shadow passwords eliminate this type of attack by storing the password hashes in the file <code class="filename">/etc/shadow</code>, which is readable only by the root user.
+ </div><div class="para">
+ This forces a potential attacker to attempt password cracking remotely by logging into a network service on the machine, such as SSH or FTP. This sort of brute-force attack is much slower and leaves an obvious trail as hundreds of failed login attempts are written to system files. Of course, if the cracker starts an attack in the middle of the night on a system with weak passwords, the cracker may have gained access before dawn and edited the log files to cover his tracks.
+ </div><div class="para">
+ In addition to format and storage considerations is the issue of content. The single most important thing a user can do to protect his account against a password cracking attack is create a strong password.
+ </div><div class="section" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords">3.1.3.1. Creating Strong Passwords</h4></div></div></div><div class="para">
+ When creating a secure password, it is a good idea to follow these guidelines:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Only Words or Numbers</em></span> — Never use only numbers or words in a password.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 8675309
+ </div></li><li class="listitem"><div class="para">
+ juan
+ </div></li><li class="listitem"><div class="para">
+ hackme
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Recognizable Words</em></span> — Words such as proper names, dictionary words, or even terms from television shows or novels should be avoided, even if they are bookended with numbers.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ john1
+ </div></li><li class="listitem"><div class="para">
+ DS-9
+ </div></li><li class="listitem"><div class="para">
+ mentat123
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Words in Foreign Languages</em></span> — Password cracking programs often check against word lists that encompass dictionaries of many languages. Relying on foreign languages for secure passwords is not secure.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cheguevara
+ </div></li><li class="listitem"><div class="para">
+ bienvenido1
+ </div></li><li class="listitem"><div class="para">
+ 1dumbKopf
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Hacker Terminology</em></span> — If you think you are elite because you use hacker terminology — also called l337 (LEET) speak — in your password, think again. Many word lists include LEET speak.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ H4X0R
+ </div></li><li class="listitem"><div class="para">
+ 1337
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Personal Information</em></span> — Avoid using any personal information in your passwords. If the attacker knows your identity, the task of deducing your password becomes easier. The following is a list of the types of information to avoid when creating a password:
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Your name
+ </div></li><li class="listitem"><div class="para">
+ The names of pets
+ </div></li><li class="listitem"><div class="para">
+ The names of family members
+ </div></li><li class="listitem"><div class="para">
+ Any birth dates
+ </div></li><li class="listitem"><div class="para">
+ Your phone number or zip code
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Invert Recognizable Words</em></span> — Good password checkers always reverse common words, so inverting a bad password does not make it any more secure.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ R0X4H
+ </div></li><li class="listitem"><div class="para">
+ nauj
+ </div></li><li class="listitem"><div class="para">
+ 9-DS
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Write Down Your Password</em></span> — Never store a password on paper. It is much safer to memorize it.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use the Same Password For All Machines</em></span> — It is important to make separate passwords for each machine. This way if one system is compromised, all of your machines are not immediately at risk.
+ </div></li></ul></div><div class="para">
+ The following guidelines will help you to create a strong password:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Make the Password at Least Eight Characters Long</em></span> — The longer the password, the better. If using MD5 passwords, it should be 15 characters or longer. With DES passwords, use the maximum length (eight characters).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Mix Upper and Lower Case Letters</em></span> — Fedora is case sensitive, so mix cases to enhance the strength of the password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Mix Letters and Numbers</em></span> — Adding numbers to passwords, especially when added to the middle (not just at the beginning or the end), can enhance password strength.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Include Non-Alphanumeric Characters</em></span> — Special characters such as &, $, and > can greatly improve the strength of a password (this is not possible if using DES passwords).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Pick a Password You Can Remember</em></span> — The best password in the world does little good if you cannot remember it; use acronyms or other mnemonic devices to aid in memorizing passwords.
+ </div></li></ul></div><div class="para">
+ With all these rules, it may seem difficult to create a password that meets all of the criteria for good passwords while avoiding the traits of a bad one. Fortunately, there are some steps you can take to generate an easily-remembered, secure password.
+ </div><div class="section" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology">3.1.3.1.1. Secure Password Creation Methodology</h5></div></div></div><div class="para">
+ There are many methods that people use to create secure passwords. One of the more popular methods involves acronyms. For example:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Think of an easily-remembered phrase, such as:
+ </div><div class="para">
+ "over the river and through the woods, to grandmother's house we go."
+ </div></li><li class="listitem"><div class="para">
+ Next, turn it into an acronym (including the punctuation).
+ </div><div class="para">
+ <strong class="userinput"><code>otrattw,tghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Add complexity by substituting numbers and symbols for letters in the acronym. For example, substitute <strong class="userinput"><code>7</code></strong> for <strong class="userinput"><code>t</code></strong> and the at symbol (<strong class="userinput"><code>@</code></strong>) for <strong class="userinput"><code>a</code></strong>:
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7ghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Add more complexity by capitalizing at least one letter, such as <strong class="userinput"><code>H</code></strong>.
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7gHwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Finally, do not use the example password above for any systems, ever</em></span>.
+ </div></li></ul></div><div class="para">
+ While creating secure passwords is imperative, managing them properly is also important, especially for system administrators within larger organizations. The following section details good practices for creating and managing user passwords within an organization.
+ </div></div></div><div class="section" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization">3.1.3.2. Creating User Passwords Within an Organization</h4></div></div></div><div class="para">
+ If an organization has a large number of users, the system administrators have two basic options available to force the use of good passwords. They can create passwords for the user, or they can let users create their own passwords, while verifying the passwords are of acceptable quality.
+ </div><div class="para">
+ Creating the passwords for the users ensures that the passwords are good, but it becomes a daunting task as the organization grows. It also increases the risk of users writing their passwords down.
+ </div><div class="para">
+ For these reasons, most system administrators prefer to have the users create their own passwords, but actively verify that the passwords are good and, in some cases, force users to change their passwords periodically through password aging.
+ </div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords">3.1.3.2.1. Forcing Strong Passwords</h5></div></div></div><div class="para">
+ To protect the network from intrusion it is a good idea for system administrators to verify that the passwords used within an organization are strong ones. When users are asked to create or change passwords, they can use the command line application <code class="command">passwd</code>, which is <em class="firstterm">Pluggable Authentication Manager</em> (<em class="firstterm">PAM</em>) aware and therefore checks to see if the password is too short or otherwise easy to crack. This check is performed using the <code class="filename">pam_cracklib.so</code> PAM module. Since PAM is customizable, it is possible to add more password integrity checkers, such as <code class="filename">pam_passwdqc</code> (available from <a href="http://www.openwall.com/passwdqc/">http://www.openwall.com/passwdqc/</a>) or to write a new module. For a list of available PAM modules, refer to <a href="http://www.kernel.org/pub/linux/libs/pam/modules.html">http://www.kernel.org/pub/linux/libs/pam/mo
dules.html</a>. For more information about PAM, refer to <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Section 3.5, “Pluggable Authentication Modules (PAM)”</a>.
+ </div><div class="para">
+ The password check that is performed at the time of their creation does not discover bad passwords as effectively as running a password cracking program against the passwords.
+ </div><div class="para">
+ Many password cracking programs are available that run under Fedora, although none ship with the operating system. Below is a brief list of some of the more popular password cracking programs:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>John The Ripper</strong></span></em></span> — A fast and flexible password cracking program. It allows the use of multiple word lists and is capable of brute-force password cracking. It is available online at <a href="http://www.openwall.com/john/">http://www.openwall.com/john/</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Crack</strong></span></em></span> — Perhaps the most well known password cracking software, <span class="application"><strong>Crack</strong></span> is also very fast, though not as easy to use as <span class="application"><strong>John The Ripper</strong></span>. It can be found online at <a href="http://www.crypticide.com/alecm/security/crack/c50-faq.html">http://www.crypticide.com/alecm/security/crack/c50-faq.html</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Slurpie</strong></span></em></span> — <span class="application"><strong>Slurpie</strong></span> is similar to <span class="application"><strong>John The Ripper</strong></span> and <span class="application"><strong>Crack</strong></span>, but it is designed to run on multiple computers simultaneously, creating a distributed password cracking attack. It can be found along with a number of other distributed attack security evaluation tools online at <a href="http://www.ussrback.com/distributed.htm">http://www.ussrback.com/distributed.htm</a>.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Always get authorization in writing before attempting to crack passwords within an organization.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Passphrases"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Passphrases">3.1.3.2.2. Passphrases</h5></div></div></div><div class="para">
+ Passphrases and passwords are the cornerstone to security in most of today's systems. Unfortunately, techniques such as biometrics and two-factor authentication have not yet become mainstream in many systems. If passwords are going to be used to secure a system, then the use of passphrases should be considered. Passphrases are longer than passwords and provide better protection than a password even when implemented with non-standard characters such as numbers and symbols.
+ </div></div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging">3.1.3.2.3. Password Aging</h5></div></div></div><div class="para">
+ Password aging is another technique used by system administrators to defend against bad passwords within an organization. Password aging means that after a specified period (usually 90 days), the user is prompted to create a new password. The theory behind this is that if a user is forced to change his password periodically, a cracked password is only useful to an intruder for a limited amount of time. The downside to password aging, however, is that users are more likely to write their passwords down.
+ </div><div class="para">
+ There are two primary programs used to specify password aging under Fedora: the <code class="command">chage</code> command or the graphical <span class="application"><strong>User Manager</strong></span> (<code class="command">system-config-users</code>) application.
+ </div><div class="para">
+ The <code class="option">-M</code> option of the <code class="command">chage</code> command specifies the maximum number of days the password is valid. For example, to set a user's password to expire in 90 days, use the following command:
+ </div><pre class="screen"><code class="command">chage -M 90 <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ In the above command, replace <em class="replaceable"><code><username></code></em> with the name of the user. To disable password expiration, it is traditional to use a value of <code class="command">99999</code> after the <code class="option">-M</code> option (this equates to a little over 273 years).
+ </div><div class="para">
+ You can also use the <code class="command">chage</code> command in interactive mode to modify multiple password aging and account details. Use the following command to enter interactive mode:
+ </div><pre class="screen"><code class="command">chage <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ The following is a sample interactive session using this command:
+ </div><pre class="screen">[root at myServer ~]# chage davido
+Changing the aging information for davido
+Enter the new value, or press ENTER for the default
+Minimum Password Age [0]: 10
+Maximum Password Age [99999]: 90
+Last Password Change (YYYY-MM-DD) [2006-08-18]:
+Password Expiration Warning [7]:
+Password Inactive [-1]:
+Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
+[root at myServer ~]#</pre><div class="para">
+ Refer to the man page for chage for more information on the available options.
+ </div><div class="para">
+ You can also use the graphical <span class="application"><strong>User Manager</strong></span> application to create password aging policies, as follows. Note: you need Administrator privileges to perform this procedure.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Click the <span class="guimenu"><strong>System</strong></span> menu on the Panel, point to <span class="guisubmenu"><strong>Administration</strong></span> and then click <span class="guimenuitem"><strong>Users and Groups</strong></span> to display the User Manager. Alternatively, type the command <code class="command">system-config-users</code> at a shell prompt.
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Users</strong></span> tab, and select the required user in the list of users.
+ </div></li><li class="step"><div class="para">
+ Click <span class="guibutton"><strong>Properties</strong></span> on the toolbar to display the User Properties dialog box (or choose <span class="guimenuitem"><strong>Properties</strong></span> on the <span class="guimenu"><strong>File</strong></span> menu).
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Password Info</strong></span> tab, and select the check box for <span class="guilabel"><strong>Enable password expiration</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Enter the required value in the <span class="guilabel"><strong>Days before change required</strong></span> field, and click <span class="guibutton"><strong>OK</strong></span>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Password_Aging-Specifying_password_aging_options"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_info.png" width="444" alt="Specifying password aging options" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>Password Info</strong></span> pane illustration.
+ </div></div></div></div><h6>Figure 3.1. Specifying password aging options</h6></div><br class="figure-break" /></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Administrative Controls</h3></div></div></div><div class="para">
+ When administering a home machine, the user must perform some tasks as the root user or by acquiring effective root privileges via a <em class="firstterm">setuid</em> program, such as <code class="command">sudo</code> or <code class="command">su</code>. A setuid program is one that operates with the user ID (<span class="emphasis"><em>UID</em></span>) of the program's owner rather than the user operating the program. Such programs are denoted by an <code class="computeroutput">s</code> in the owner section of a long format listing, as in the following example:
+ </div><pre class="screen"><code class="computeroutput">-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su</code></pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="computeroutput">s</code> may be upper case or lower case. If it appears as upper case, it means that the underlying permission bit has not been set.
+ </div></div></div><div class="para">
+ For the system administrators of an organization, however, choices must be made as to how much administrative access users within the organization should have to their machine. Through a PAM module called <code class="filename">pam_console.so</code>, some activities normally reserved only for the root user, such as rebooting and mounting removable media are allowed for the first user that logs in at the physical console (refer to <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Section 3.5, “Pluggable Authentication Modules (PAM)”</a> for more information about the <code class="filename">pam_console.so</code> module.) However, other important system administration tasks, such as altering network settings, configuring a new mouse, or mounting network devices, are not possible without administrative privileges. As a result, system administrators must decide how much access the users on their network should receive.
+ </div><div class="section" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access">3.1.4.1. Allowing Root Access</h4></div></div></div><div class="para">
+ If the users within an organization are trusted and computer-literate, then allowing them root access may not be an issue. Allowing root access by users means that minor activities, like adding devices or configuring network interfaces, can be handled by the individual users, leaving system administrators free to deal with network security and other important issues.
+ </div><div class="para">
+ On the other hand, giving root access to individual users can lead to the following issues:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Machine Misconfiguration</em></span> — Users with root access can misconfigure their machines and require assistance to resolve issues. Even worse, they might open up security holes without knowing it.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Running Insecure Services</em></span> — Users with root access might run insecure servers on their machine, such as FTP or Telnet, potentially putting usernames and passwords at risk. These services transmit this information over the network in plain text.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Running Email Attachments As Root</em></span> — Although rare, email viruses that affect Linux do exist. The only time they are a threat, however, is when they are run by the root user.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access">3.1.4.2. Disallowing Root Access</h4></div></div></div><div class="para">
+ If an administrator is uncomfortable allowing users to log in as root for these or other reasons, the root password should be kept secret, and access to runlevel one or single user mode should be disallowed through boot loader password protection (refer to <a class="xref" href="#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Section 3.1.2.2, “Boot Loader Passwords”</a> for more information on this topic.)
+ </div><div class="para">
+ <a class="xref" href="#tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account">Table 3.1, “Methods of Disabling the Root Account”</a> describes ways that an administrator can further ensure that root logins are disallowed:
+ </div><div class="table" id="tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account"><h6>Table 3.1. Methods of Disabling the Root Account</h6><div class="table-contents"><table summary="Methods of Disabling the Root Account" border="1"><colgroup><col width="12%" class="method" /><col width="29%" class="description" /><col width="29%" class="effect" /><col width="29%" class="noaffect" /></colgroup><thead><tr><th>
+ Method
+ </th><th>
+ Description
+ </th><th>
+ Effects
+ </th><th>
+ Does Not Affect
+ </th></tr></thead><tbody><tr><td>
+ Changing the root shell.
+ </td><td>
+ Edit the <code class="filename">/etc/passwd</code> file and change the shell from <code class="command">/bin/bash</code> to <code class="command">/sbin/nologin</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents access to the root shell and logs any such attempts. </td></tr><tr><td> The following programs are prevented from accessing the root account: </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · <code class="command">su</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Programs that do not require a shell, such as FTP clients, mail clients, and many setuid programs. </td></tr><tr><td> The following programs are <span class="emphasis"><em>not</em></span> prevented from accessing the root account: </td></tr><tr><td> · <code class="command">sudo</code></td></tr><tr><td> · FTP clients </td></tr><tr><td> · Email clients </td></tr></table>
+
+ </td></tr><tr><td>
+ Disabling root access via any console device (tty).
+ </td><td>
+ An empty <code class="filename">/etc/securetty</code> file prevents root login on any devices attached to the computer.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents access to the root account via the console or the network. The following programs are prevented from accessing the root account: </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · Other network services that open a tty </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Programs that do not log in as root, but perform administrative tasks through setuid or other mechanisms. </td></tr><tr><td> The following programs are <span class="emphasis"><em>not</em></span> prevented from accessing the root account: </td></tr><tr><td> · <code class="command">su</code></td></tr><tr><td> · <code class="command">sudo</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr></table>
+
+ </td></tr><tr><td>
+ Disabling root SSH logins.
+ </td><td>
+ Edit the <code class="filename">/etc/ssh/sshd_config</code> file and set the <code class="command">PermitRootLogin</code> parameter to <code class="command">no</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents root access via the OpenSSH suite of tools. The following programs are prevented from accessing the root account: </td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> This only prevents root access to the OpenSSH suite of tools. </td></tr></table>
+
+ </td></tr><tr><td>
+ Use PAM to limit root access to services.
+ </td><td>
+ Edit the file for the target service in the <code class="filename">/etc/pam.d/</code> directory. Make sure the <code class="filename">pam_listfile.so</code> is required for authentication.<sup>[<a id="idm65168576" href="#ftn.idm65168576" class="footnote">a</a>]</sup>
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents root access to network services that are PAM aware. </td></tr><tr><td> The following services are prevented from accessing the root account: </td></tr><tr><td> · FTP clients </td></tr><tr><td> · Email clients </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr><tr><td> · Any PAM aware services </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Programs and services that are not PAM aware. </td></tr></table>
+
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><div class="para"><sup>[<a id="ftn.idm65168576" href="#idm65168576" class="para">a</a>] </sup>
+ Refer to <a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Section 3.1.4.2.4, “Disabling Root Using PAM”</a> for details.
+ </div></div></td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">3.1.4.2.1. Disabling the Root Shell</h5></div></div></div><div class="para">
+ To prevent users from logging in directly as root, the system administrator can set the root account's shell to <code class="command">/sbin/nologin</code> in the <code class="filename">/etc/passwd</code> file. This prevents access to the root account through commands that require a shell, such as the <code class="command">su</code> and the <code class="command">ssh</code> commands.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Programs that do not require access to the shell, such as email clients or the <code class="command">sudo</code> command, can still access the root account.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins">3.1.4.2.2. Disabling Root Logins</h5></div></div></div><div class="para">
+ To further limit access to the root account, administrators can disable root logins at the console by editing the <code class="filename">/etc/securetty</code> file. This file lists all devices the root user is allowed to log into. If the file does not exist at all, the root user can log in through any communication device on the system, whether via the console or a raw network interface. This is dangerous, because a user can log in to his machine as root via Telnet, which transmits the password in plain text over the network. By default, Fedora's <code class="filename">/etc/securetty</code> file only allows the root user to log in at the console physically attached to the machine. To prevent root from logging in, remove the contents of this file by typing the following command:
+ </div><pre class="screen"><code class="command">echo > /etc/securetty</code></pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ A blank <code class="filename">/etc/securetty</code> file does <span class="emphasis"><em>not</em></span> prevent the root user from logging in remotely using the OpenSSH suite of tools because the console is not opened until after authentication.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins">3.1.4.2.3. Disabling Root SSH Logins</h5></div></div></div><div class="para">
+ Root logins via the SSH protocol are disabled by default in Fedora; however, if this option has been enabled, it can be disabled again by editing the SSH daemon's configuration file (<code class="filename">/etc/ssh/sshd_config</code>). Change the line that reads:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin yes</code></pre><div class="para">
+ to read as follows:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin no</code></pre><div class="para">
+ For these changes to take effect, the SSH daemon must be restarted. This can be done via the following command:
+ </div><pre class="screen"><code class="computeroutput">kill -HUP `cat /var/run/sshd.pid`</code></pre></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">3.1.4.2.4. Disabling Root Using PAM</h5></div></div></div><div class="para">
+ PAM, through the <code class="filename">/lib/security/pam_listfile.so</code> module, allows great flexibility in denying specific accounts. The administrator can use this module to reference a list of users who are not allowed to log in. Below is an example of how the module is used for the <code class="command">vsftpd</code> FTP server in the <code class="filename">/etc/pam.d/vsftpd</code> PAM configuration file (the <code class="computeroutput">\</code> character at the end of the first line in the following example is <span class="emphasis"><em>not</em></span> necessary if the directive is on one line):
+ </div><pre class="screen">auth required /lib/security/pam_listfile.so item=user \
+sense=deny file=/etc/vsftpd.ftpusers onerr=succeed</pre><div class="para">
+ This instructs PAM to consult the <code class="filename">/etc/vsftpd.ftpusers</code> file and deny access to the service for any listed user. The administrator can change the name of this file, and can keep separate lists for each service or use one central list to deny access to multiple services.
+ </div><div class="para">
+ If the administrator wants to deny access to multiple services, a similar line can be added to the PAM configuration files, such as <code class="filename">/etc/pam.d/pop</code> and <code class="filename">/etc/pam.d/imap</code> for mail clients, or <code class="filename">/etc/pam.d/ssh</code> for SSH clients.
+ </div><div class="para">
+ For more information about PAM, refer to <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Section 3.5, “Pluggable Authentication Modules (PAM)”</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access">3.1.4.3. Limiting Root Access</h4></div></div></div><div class="para">
+ Rather than completely denying access to the root user, the administrator may want to allow access only via setuid programs, such as <code class="command">su</code> or <code class="command">sudo</code>.
+ </div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">3.1.4.3.1. The <code class="command">su</code> Command</h5></div></div></div><div class="para">
+ When a user executes the <code class="command">su</code> command, they are prompted for the root password and, after authentication, is given a root shell prompt.
+ </div><div class="para">
+ Once logged in via the <code class="command">su</code> command, the user <span class="emphasis"><em>is</em></span> the root user and has absolute administrative access to the system<sup>[<a id="idm64009136" href="#ftn.idm64009136" class="footnote">13</a>]</sup>. In addition, once a user has become root, it is possible for them to use the <code class="command">su</code> command to change to any other user on the system without being prompted for a password.
+ </div><div class="para">
+ Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.
+ </div><div class="para">
+ One of the simplest ways to do this is to add users to the special administrative group called <em class="firstterm">wheel</em>. To do this, type the following command as root:
+ </div><pre class="screen"><code class="command">usermod -G wheel <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ In the previous command, replace <em class="replaceable"><code><username></code></em> with the username you want to add to the <code class="command">wheel</code> group.
+ </div><div class="para">
+ You can also use the <span class="application"><strong>User Manager</strong></span> to modify group memberships, as follows. Note: you need Administrator privileges to perform this procedure.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Click the <span class="guimenu"><strong>System</strong></span> menu on the Panel, point to <span class="guisubmenu"><strong>Administration</strong></span> and then click <span class="guimenuitem"><strong>Users and Groups</strong></span> to display the User Manager. Alternatively, type the command <code class="command">system-config-users</code> at a shell prompt.
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Users</strong></span> tab, and select the required user in the list of users.
+ </div></li><li class="step"><div class="para">
+ Click <span class="guibutton"><strong>Properties</strong></span> on the toolbar to display the User Properties dialog box (or choose <span class="guimenuitem"><strong>Properties</strong></span> on the <span class="guimenu"><strong>File</strong></span> menu).
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Groups</strong></span> tab, select the check box for the wheel group, and then click <span class="guibutton"><strong>OK</strong></span>. Refer to <a class="xref" href="#figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group.">Figure 3.2, “Adding users to the "wheel" group.”</a>.
+ </div></li><li class="step"><div class="para">
+ Open the PAM configuration file for <code class="command">su</code> (<code class="filename">/etc/pam.d/su</code>) in a text editor and remove the comment <span class="keycap"><strong>#</strong></span> from the following line:
+ </div><pre class="screen">auth required /lib/security/$ISA/pam_wheel.so use_uid</pre><div class="para">
+ This change means that only members of the administrative group <code class="computeroutput">wheel</code> can use this program.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group."><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_groups.png" width="444" alt="Adding users to the "wheel" group." /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>Groups</strong></span> pane illustration
+ </div></div></div></div><h6>Figure 3.2. Adding users to the "wheel" group.</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The root user is part of the <code class="computeroutput">wheel</code> group by default.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command">3.1.4.3.2. The <code class="command">sudo</code> Command</h5></div></div></div><div class="para">
+ The <code class="command">sudo</code> command offers another approach to giving users administrative access. When trusted users precede an administrative command with <code class="command">sudo</code>, they are prompted for <span class="emphasis"><em>their own</em></span> password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user.
+ </div><div class="para">
+ The basic format of the <code class="command">sudo</code> command is as follows:
+ </div><pre class="screen"><code class="command">sudo <em class="replaceable"><code><command></code></em></code></pre><div class="para">
+ In the above example, <em class="replaceable"><code><command></code></em> would be replaced by a command normally reserved for the root user, such as <code class="command">mount</code>.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Users of the <code class="command">sudo</code> command should take extra care to log out before walking away from their machines since sudoers can use the command again without being asked for a password within a five minute period. This setting can be altered via the configuration file, <code class="filename">/etc/sudoers</code>.
+ </div></div></div><div class="para">
+ The <code class="command">sudo</code> command allows for a high degree of flexibility. For instance, only users listed in the <code class="filename">/etc/sudoers</code> configuration file are allowed to use the <code class="command">sudo</code> command and the command is executed in <span class="emphasis"><em>the user's</em></span> shell, not a root shell. This means the root shell can be completely disabled, as shown in <a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">Section 3.1.4.2.1, “Disabling the Root Shell”</a>.
+ </div><div class="para">
+ The <code class="command">sudo</code> command also provides a comprehensive audit trail. Each successful authentication is logged to the file <code class="filename">/var/log/messages</code> and the command issued along with the issuer's user name is logged to the file <code class="filename">/var/log/secure</code>.
+ </div><div class="para">
+ Another advantage of the <code class="command">sudo</code> command is that an administrator can allow different users access to specific commands based on their needs.
+ </div><div class="para">
+ Administrators wanting to edit the <code class="command">sudo</code> configuration file, <code class="filename">/etc/sudoers</code>, should use the <code class="command">visudo</code> command.
+ </div><div class="para">
+ To give someone full administrative privileges, type <code class="command">visudo</code> and add a line similar to the following in the user privilege specification section:
+ </div><pre class="screen"><code class="command">juan ALL=(ALL) ALL</code></pre><div class="para">
+ This example states that the user, <code class="computeroutput">juan</code>, can use <code class="command">sudo</code> from any host and execute any command.
+ </div><div class="para">
+ The example below illustrates the granularity possible when configuring <code class="command">sudo</code>:
+ </div><pre class="screen"><code class="command">%users localhost=/sbin/shutdown -h now</code></pre><div class="para">
+ This example states that any user can issue the command <code class="command">/sbin/shutdown -h now</code> as long as it is issued from the console.
+ </div><div class="para">
+ The man page for <code class="filename">sudoers</code> has a detailed listing of options for this file.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Available_Network_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Available Network Services</h3></div></div></div><div class="para">
+ While user access to administrative controls is an important issue for system administrators within an organization, monitoring which network services are active is of paramount importance to anyone who administers and operates a Linux system.
+ </div><div class="para">
+ Many services under Fedora behave as network servers. If a network service is running on a machine, then a server application (called a <em class="firstterm">daemon</em>), is listening for connections on one or more network ports. Each of these servers should be treated as a potential avenue of attack.
+ </div><div class="section" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services">3.1.5.1. Risks To Services</h4></div></div></div><div class="para">
+ Network services can pose many risks for Linux systems. Below is a list of some of the primary issues:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Denial of Service Attacks (DoS)</em></span> — By flooding a service with requests, a denial of service attack can render a system unusable as it tries to log and answer each request.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Distributed Denial of Service Attack (DDoS)</em></span> — A type of DoS attack which uses multiple compromised machines (often numbering in the thousands or more) to direct a co-ordinated attack on a service, flooding it with requests and making it unusable.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Script Vulnerability Attacks</em></span> — If a server is using scripts to execute server-side actions, as Web servers commonly do, a cracker can attack improperly written scripts. These script vulnerability attacks can lead to a buffer overflow condition or allow the attacker to alter files on the system.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Buffer Overflow Attacks</em></span> — Services that connect to ports numbered 0 through 1023 must run as an administrative user. If the application has an exploitable buffer overflow, an attacker could gain access to the system as the user running the daemon. Because exploitable buffer overflows exist, crackers use automated tools to identify systems with vulnerabilities, and once they have gained access, they use automated rootkits to maintain their access to the system.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The threat of buffer overflow vulnerabilities is mitigated in Fedora by <em class="firstterm">ExecShield</em>, an executable memory segmentation and protection technology supported by x86-compatible uni- and multi-processor kernels. ExecShield reduces the risk of buffer overflow by separating virtual memory into executable and non-executable segments. Any program code that tries to execute outside of the executable segment (such as malicious code injected from a buffer overflow exploit) triggers a segmentation fault and terminates.
+ </div><div class="para">
+ Execshield also includes support for <em class="firstterm">No eXecute</em> (<acronym class="acronym">NX</acronym>) technology on AMD64 platforms and <em class="firstterm">eXecute Disable</em> (<acronym class="acronym">XD</acronym>) technology on Itanium and <span class="trademark">Intel</span>® 64 systems. These technologies work in conjunction with ExecShield to prevent malicious code from running in the executable portion of virtual memory with a granularity of 4KB of executable code, lowering the risk of attack from stealthy buffer overflow exploits.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ To limit exposure to attacks over the network, all services that are unused should be turned off.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">3.1.5.2. Identifying and Configuring Services</h4></div></div></div><div class="para">
+ To enhance security, most network services installed with Fedora are turned off by default. There are, however, some notable exceptions:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">cupsd</code> — The default print server for Fedora.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">lpd</code> — An alternative print server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">xinetd</code> — A super server that controls connections to a range of subordinate servers, such as <code class="command">gssftp</code> and <code class="command">telnet</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code> — The Sendmail <em class="firstterm">Mail Transport Agent</em> (<abbr class="abbrev">MTA</abbr>) is enabled by default, but only listens for connections from the <span class="interface">localhost</span>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sshd</code> — The OpenSSH server, which is a secure replacement for Telnet.
+ </div></li></ul></div><div class="para">
+ When determining whether to leave these services running, it is best to use common sense and err on the side of caution. For example, if a printer is not available, do not leave <code class="command">cupsd</code> running. The same is true for <code class="command">portmap</code>. If you do not mount NFSv3 volumes or use NIS (the <code class="command">ypbind</code> service), then <code class="command">portmap</code> should be disabled.
+ </div><div class="figure" id="figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-service_config.png" width="444" alt="Services Configuration Tool" /><div class="longdesc"><div class="para">
+ <span class="application"><strong>Services Configuration Tool</strong></span> illustration
+ </div></div></div></div><h6>Figure 3.3. <span class="application">Services Configuration Tool</span></h6></div><br class="figure-break" /><div class="para">
+ If unsure of the purpose for a particular service, the <span class="application"><strong>Services Configuration Tool</strong></span> has a description field, illustrated in <a class="xref" href="#figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool">Figure 3.3, “<span class="application">Services Configuration Tool</span>”</a>, that provides additional information.
+ </div><div class="para">
+ Checking which network services are available to start at boot time is only part of the story. You should also check which ports are open and listening. Refer to <a class="xref" href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">Section 3.2.8, “Verifying Which Ports Are Listening”</a> for more information.
+ </div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Insecure_Services">3.1.5.3. Insecure Services</h4></div></div></div><div class="para">
+ Potentially, any network service is insecure. This is why turning off unused services is so important. Exploits for services are routinely revealed and patched, making it very important to regularly update packages associated with any network service. Refer to <a class="xref" href="#sect-Security_Guide-Security_Updates">Section 1.5, “Security Updates”</a> for more information.
+ </div><div class="para">
+ Some network protocols are inherently more insecure than others. These include any services that:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transmit Usernames and Passwords Over a Network Unencrypted</em></span> — Many older protocols, such as Telnet and FTP, do not encrypt the authentication session and should be avoided whenever possible.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transmit Sensitive Data Over a Network Unencrypted</em></span> — Many protocols transmit data over the network unencrypted. These protocols include Telnet, FTP, HTTP, and SMTP. Many network file systems, such as NFS and SMB, also transmit information over the network unencrypted. It is the user's responsibility when using these protocols to limit what type of data is transmitted.
+ </div><div class="para">
+ Remote memory dump services, like <code class="command">netdump</code>, transmit the contents of memory over the network unencrypted. Memory dumps can contain passwords or, even worse, database entries and other sensitive information.
+ </div><div class="para">
+ Other services like <code class="command">finger</code> and <code class="command">rwhod</code> reveal information about users of the system.
+ </div></li></ul></div><div class="para">
+ Examples of inherently insecure services include <code class="command">rlogin</code>, <code class="command">rsh</code>, <code class="command">telnet</code>, and <code class="command">vsftpd</code>.
+ </div><div class="para">
+ All remote login and shell programs (<code class="command">rlogin</code>, <code class="command">rsh</code>, and <code class="command">telnet</code>) should be avoided in favor of SSH. Refer to <a class="xref" href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">Section 3.1.7, “Security Enhanced Communication Tools”</a> for more information about <code class="command">sshd</code>.
+ </div><div class="para">
+ FTP is not as inherently dangerous to the security of the system as remote shells, but FTP servers must be carefully configured and monitored to avoid problems. Refer to <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_FTP">Section 3.2.6, “Securing FTP”</a> for more information about securing FTP servers.
+ </div><div class="para">
+ Services that should be carefully implemented and behind a firewall include:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">finger</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">authd</code> (this was called <code class="command">identd</code> in previous Fedora releases.)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump-server</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">nfs</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rwhod</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">smb</code> (Samba)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">yppasswdd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypserv</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypxfrd</code>
+ </div></li></ul></div><div class="para">
+ More information on securing network services is available in <a class="xref" href="#sect-Security_Guide-Server_Security">Section 3.2, “Server Security”</a>.
+ </div><div class="para">
+ The next section discusses tools available to set up a simple firewall.
+ </div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Personal Firewalls</h3></div></div></div><div class="para">
+ After the <span class="emphasis"><em>necessary</em></span> network services are configured, it is important to implement a firewall.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ You should configure the necessary services and implement a firewall <span class="emphasis"><em>before</em></span> connecting to the Internet or any other network that you do not trust.
+ </div></div></div><div class="para">
+ Firewalls prevent network packets from accessing the system's network interface. If a request is made to a port that is blocked by a firewall, the request is ignored. If a service is listening on one of these blocked ports, it does not receive the packets and is effectively disabled. For this reason, care should be taken when configuring a firewall to block access to ports not in use, while not blocking access to ports used by configured services.
+ </div><div class="para">
+ For most users, the best tool for configuring a simple firewall is the graphical firewall configuration tool which ships with Fedora: the <span class="application"><strong>Firewall Administration Tool</strong></span> (<code class="command">system-config-firewall</code>). This tool creates broad <code class="command">iptables</code> rules for a general-purpose firewall using a control panel interface.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">Section 3.8.2, “Basic Firewall Configuration”</a> for more information about using this application and its available options.
+ </div><div class="para">
+ For advanced users and server administrators, manually configuring a firewall with <code class="command">iptables</code> is probably a better option. Refer to <a class="xref" href="#sect-Security_Guide-Firewalls">Section 3.8, “Firewalls”</a> for more information. Refer to <a class="xref" href="#sect-Security_Guide-IPTables">Section 3.9, “IPTables”</a> for a comprehensive guide to the <code class="command">iptables</code> command.
+ </div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Security Enhanced Communication Tools</h3></div></div></div><div class="para">
+ As the size and popularity of the Internet has grown, so has the threat of communication interception. Over the years, tools have been developed to encrypt communications as they are transferred over the network.
+ </div><div class="para">
+ Fedora ships with two basic tools that use high-level, public-key-cryptography-based encryption algorithms to protect information as it travels over the network.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>OpenSSH</em></span> — A free implementation of the SSH protocol for encrypting network communication.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gnu Privacy Guard (GPG)</em></span> — A free implementation of the PGP (Pretty Good Privacy) encryption application for encrypting data.
+ </div></li></ul></div><div class="para">
+ OpenSSH is a safer way to access a remote machine and replaces older, unencrypted services like <code class="command">telnet</code> and <code class="command">rsh</code>. OpenSSH includes a network service called <code class="command">sshd</code> and three command line client applications:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — A secure remote console access client.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">scp</code> — A secure remote copy command.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sftp</code> — A secure pseudo-ftp client that allows interactive file transfer sessions.
+ </div></li></ul></div><div class="para">
+ Refer to <a class="xref" href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">Section 4.2.2, “Secure Shell”</a> for more information regarding OpenSSH.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Although the <code class="command">sshd</code> service is inherently secure, the service <span class="emphasis"><em>must</em></span> be kept up-to-date to prevent security threats. Refer to <a class="xref" href="#sect-Security_Guide-Security_Updates">Section 1.5, “Security Updates”</a> for more information.
+ </div></div></div><div class="para">
+ GPG is one way to ensure private email communication. It can be used both to email sensitive data over public networks and to protect sensitive data on hard drives.
+ </div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Server_Security" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Server_Security">3.2. Server Security</h2></div></div></div><div class="para">
+ When a system is used as a server on a public network, it becomes a target for attacks. Hardening the system and locking down services is therefore of paramount importance for the system administrator.
+ </div><div class="para">
+ Before delving into specific issues, review the following general tips for enhancing server security:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Keep all services current, to protect against the latest threats.
+ </div></li><li class="listitem"><div class="para">
+ Use secure protocols whenever possible.
+ </div></li><li class="listitem"><div class="para">
+ Serve only one type of network service per machine whenever possible.
+ </div></li><li class="listitem"><div class="para">
+ Monitor all servers carefully for suspicious activity.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Securing Services With TCP Wrappers and xinetd</h3></div></div></div><div class="para">
+ <em class="firstterm">TCP Wrappers</em> provide access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make use of TCP Wrappers, which stand guard between an incoming request and the requested service.
+ </div><div class="para">
+ The benefits offered by TCP Wrappers are enhanced when used in conjunction with <code class="command">xinetd</code>, a super server that provides additional access, logging, binding, redirection, and resource utilization control.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ It is a good idea to use iptables firewall rules in conjunction with TCP Wrappers and <code class="command">xinetd</code> to create redundancy within service access controls. Refer to <a class="xref" href="#sect-Security_Guide-Firewalls">Section 3.8, “Firewalls”</a> for more information about implementing firewalls with iptables commands.
+ </div></div></div><div class="para">
+ The following subsections assume a basic knowledge of each topic and focus on specific security options.
+ </div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">3.2.1.1. Enhancing Security With TCP Wrappers</h4></div></div></div><div class="para">
+ TCP Wrappers are capable of much more than denying access to services. This section illustrates how they can be used to send connection banners, warn of attacks from particular hosts, and enhance logging functionality. Refer to the <code class="filename">hosts_options</code> man page for information about the TCP Wrapper functionality and control language.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">3.2.1.1.1. TCP Wrappers and Connection Banners</h5></div></div></div><div class="para">
+ Displaying a suitable banner when users connect to a service is a good way to let potential attackers know that the system administrator is being vigilant. You can also control what information about the system is presented to users. To implement a TCP Wrappers banner for a service, use the <code class="option">banner</code> option.
+ </div><div class="para">
+ This example implements a banner for <code class="command">vsftpd</code>. To begin, create a banner file. It can be anywhere on the system, but it must have same name as the daemon. For this example, the file is called <code class="filename">/etc/banners/vsftpd</code> and contains the following line:
+ </div><pre class="screen">220-Hello, %c
+220-All activity on ftp.example.com is logged.
+220-Inappropriate use will result in your access privileges being removed.</pre><div class="para">
+ The <code class="command">%c</code> token supplies a variety of client information, such as the username and hostname, or the username and IP address to make the connection even more intimidating.
+ </div><div class="para">
+ For this banner to be displayed to incoming connections, add the following line to the <code class="filename">/etc/hosts.allow</code> file:
+ </div><pre class="screen"><code class="command"> vsftpd : ALL : banners /etc/banners/ </code></pre></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings">3.2.1.1.2. TCP Wrappers and Attack Warnings</h5></div></div></div><div class="para">
+ If a particular host or network has been detected attacking the server, TCP Wrappers can be used to warn the administrator of subsequent attacks from that host or network using the <code class="command">spawn</code> directive.
+ </div><div class="para">
+ In this example, assume that a cracker from the 206.182.68.0/24 network has been detected attempting to attack the server. Place the following line in the <code class="filename">/etc/hosts.deny</code> file to deny any connection attempts from that network, and to log the attempts to a special file:
+ </div><pre class="screen"><code class="command"> ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert </code></pre><div class="para">
+ The <code class="command">%d</code> token supplies the name of the service that the attacker was trying to access.
+ </div><div class="para">
+ To allow the connection and log it, place the <code class="command">spawn</code> directive in the <code class="filename">/etc/hosts.allow</code> file.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Because the <code class="command">spawn</code> directive executes any shell command, it is a good idea to create a special script to notify the administrator or execute a chain of commands in the event that a particular client attempts to connect to the server.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">3.2.1.1.3. TCP Wrappers and Enhanced Logging</h5></div></div></div><div class="para">
+ If certain types of connections are of more concern than others, the log level can be elevated for that service using the <code class="command">severity</code> option.
+ </div><div class="para">
+ For this example, assume that anyone attempting to connect to port 23 (the Telnet port) on an FTP server is a cracker. To denote this, place an <code class="command">emerg</code> flag in the log files instead of the default flag, <code class="command">info</code>, and deny the connection.
+ </div><div class="para">
+ To do this, place the following line in <code class="filename">/etc/hosts.deny</code>:
+ </div><pre class="screen"><code class="command"> in.telnetd : ALL : severity emerg </code></pre><div class="para">
+ This uses the default <code class="command">authpriv</code> logging facility, but elevates the priority from the default value of <code class="command">info</code> to <code class="command">emerg</code>, which posts log messages directly to the console.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd">3.2.1.2. Enhancing Security With xinetd</h4></div></div></div><div class="para">
+ This section focuses on using <code class="command">xinetd</code> to set a trap service and using it to control resource levels available to any given <code class="command">xinetd</code> service. Setting resource limits for services can help thwart <em class="firstterm">Denial of Service</em> (<acronym class="acronym">DoS</acronym>) attacks. Refer to the man pages for <code class="command">xinetd</code> and <code class="filename">xinetd.conf</code> for a list of available options.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap">3.2.1.2.1. Setting a Trap</h5></div></div></div><div class="para">
+ One important feature of <code class="command">xinetd</code> is its ability to add hosts to a global <code class="filename">no_access</code> list. Hosts on this list are denied subsequent connections to services managed by <code class="command">xinetd</code> for a specified period or until <code class="command">xinetd</code> is restarted. You can do this using the <code class="command">SENSOR</code> attribute. This is an easy way to block hosts attempting to scan the ports on the server.
+ </div><div class="para">
+ The first step in setting up a <code class="command">SENSOR</code> is to choose a service you do not plan on using. For this example, Telnet is used.
+ </div><div class="para">
+ Edit the file <code class="filename">/etc/xinetd.d/telnet</code> and change the <code class="option">flags</code> line to read:
+ </div><pre class="screen">flags = SENSOR</pre><div class="para">
+ Add the following line:
+ </div><pre class="screen">deny_time = 30</pre><div class="para">
+ This denies any further connection attempts to that port by that host for 30 minutes. Other acceptable values for the <code class="command">deny_time</code> attribute are FOREVER, which keeps the ban in effect until <code class="command">xinetd</code> is restarted, and NEVER, which allows the connection and logs it.
+ </div><div class="para">
+ Finally, the last line should read:
+ </div><pre class="screen">disable = no</pre><div class="para">
+ This enables the trap itself.
+ </div><div class="para">
+ While using <code class="option">SENSOR</code> is a good way to detect and stop connections from undesirable hosts, it has two drawbacks:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ It does not work against stealth scans.
+ </div></li><li class="listitem"><div class="para">
+ An attacker who knows that a <code class="option">SENSOR</code> is running can mount a Denial of Service attack against particular hosts by forging their IP addresses and connecting to the forbidden port.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources">3.2.1.2.2. Controlling Server Resources</h5></div></div></div><div class="para">
+ Another important feature of <code class="command">xinetd</code> is its ability to set resource limits for services under its control.
+ </div><div class="para">
+ It does this using the following directives:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">cps = <number_of_connections> <wait_period></code> — Limits the rate of incoming connections. This directive takes two arguments:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><number_of_connections></code> — The number of connections per second to handle. If the rate of incoming connections is higher than this, the service is temporarily disabled. The default value is fifty (50).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><wait_period></code> — The number of seconds to wait before re-enabling the service after it has been disabled. The default interval is ten (10) seconds.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">instances = <number_of_connections></code> — Specifies the total number of connections allowed to a service. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">per_source = <number_of_connections></code> — Specifies the number of connections allowed to a service by each host. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_as = <number[K|M]></code> — Specifies the amount of memory address space the service can occupy in kilobytes or megabytes. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_cpu = <number_of_seconds></code> — Specifies the amount of time in seconds that a service may occupy the CPU. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li></ul></div><div class="para">
+ Using these directives can help prevent any single <code class="command">xinetd</code> service from overwhelming the system, resulting in a denial of service.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Portmap"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Securing Portmap</h3></div></div></div><div class="para">
+ The <code class="command">portmap</code> service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Securing <code class="command">portmap</code> only affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement an NFSv2 or NFSv3 server, then <code class="command">portmap</code> is required, and the following section applies.
+ </div></div></div><div class="para">
+ If running RPC services, follow these basic rules.
+ </div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers">3.2.2.1. Protect portmap With TCP Wrappers</h4></div></div></div><div class="para">
+ It is important to use TCP Wrappers to limit which networks or hosts have access to the <code class="command">portmap</code> service since it has no built-in form of authentication.
+ </div><div class="para">
+ Further, use <span class="emphasis"><em>only</em></span> IP addresses when limiting access to the service. Avoid using hostnames, as they can be forged by DNS poisoning and other methods.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">3.2.2.2. Protect portmap With iptables</h4></div></div></div><div class="para">
+ To further restrict access to the <code class="command">portmap</code> service, it is a good idea to add iptables rules to the server and restrict access to specific networks.
+ </div><div class="para">
+ Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the <code class="command">portmap</code> service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost. This is necessary for the <code class="command">sgi_fam</code> service used by <span class="application"><strong>Nautilus</strong></span>. All other packets are dropped.
+ </div><pre class="screen">iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
+iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT</pre><div class="para">
+ To similarly limit UDP traffic, use the following command.
+ </div><pre class="screen">iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Firewalls">Section 3.8, “Firewalls”</a> for more information about implementing firewalls with iptables commands.
+ </div></div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_NIS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Securing NIS</h3></div></div></div><div class="para">
+ The <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) is an RPC service, called <code class="command">ypserv</code>, which is used in conjunction with <code class="command">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+ </div><div class="para">
+ An NIS server is comprised of several applications. They include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.yppasswdd</code> — Also called the <code class="command">yppasswdd</code> service, this daemon allows users to change their NIS passwords.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.ypxfrd</code> — Also called the <code class="command">ypxfrd</code> service, this daemon is responsible for NIS map transfers over the network.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/yppush</code> — This application propagates changed NIS databases to multiple NIS servers.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/ypserv</code> — This is the NIS server daemon.
+ </div></li></ul></div><div class="para">
+ NIS is somewhat insecure by today's standards. It has no host authentication mechanisms and transmits all of its information over the network unencrypted, including password hashes. As a result, extreme care must be taken when setting up a network that uses NIS. This is further complicated by the fact that the default configuration of NIS is inherently insecure.
+ </div><div class="para">
+ It is recommended that anyone planning to implement an NIS server first secure the <code class="command">portmap</code> service as outlined in <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_Portmap">Section 3.2.2, “Securing Portmap”</a>, then address the following issues, such as network planning.
+ </div><div class="section" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network">3.2.3.1. Carefully Plan the Network</h4></div></div></div><div class="para">
+ Because NIS transmits sensitive information unencrypted over the network, it is important the service be run behind a firewall and on a segmented and secure network. Whenever NIS information is transmitted over an insecure network, it risks being intercepted. Careful network design can help prevent severe security breaches.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">3.2.3.2. Use a Password-like NIS Domain Name and Hostname</h4></div></div></div><div class="para">
+ Any machine within an NIS domain can use commands to extract information from the server without authentication, as long as the user knows the NIS server's DNS hostname and NIS domain name.
+ </div><div class="para">
+ For instance, if someone either connects a laptop computer into the network or breaks into the network from outside (and manages to spoof an internal IP address), the following command reveals the <code class="command">/etc/passwd</code> map:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> passwd</pre><div class="para">
+ If this attacker is a root user, they can obtain the <code class="command">/etc/shadow</code> file by typing the following command:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> shadow</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ If Kerberos is used, the <code class="command">/etc/shadow</code> file is not stored within an NIS map.
+ </div></div></div><div class="para">
+ To make access to NIS maps harder for an attacker, create a random string for the DNS hostname, such as <code class="filename">o7hfawtgmhwg.domain.com</code>. Similarly, create a <span class="emphasis"><em>different</em></span> randomized NIS domain name. This makes it much more difficult for an attacker to access the NIS server.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">3.2.3.3. Edit the <code class="filename">/var/yp/securenets</code> File</h4></div></div></div><div class="para">
+ If the <code class="filename">/var/yp/securenets</code> file is blank or does not exist (as is the case after a default installation), NIS listens to all networks. One of the first things to do is to put netmask/network pairs in the file so that <code class="command">ypserv</code> only responds to requests from the appropriate network.
+ </div><div class="para">
+ Below is a sample entry from a <code class="filename">/var/yp/securenets</code> file:
+ </div><pre class="screen">255.255.255.0 192.168.0.0</pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Never start an NIS server for the first time without creating the <code class="filename">/var/yp/securenets</code> file.
+ </div></div></div><div class="para">
+ This technique does not provide protection from an IP spoofing attack, but it does at least place limits on what networks the NIS server services.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">3.2.3.4. Assign Static Ports and Use iptables Rules</h4></div></div></div><div class="para">
+ All of the servers related to NIS can be assigned specific ports except for <code class="command">rpc.yppasswdd</code> — the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons, <code class="command">rpc.ypxfrd</code> and <code class="command">ypserv</code>, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
+ </div><div class="para">
+ To do this, add the following lines to <code class="filename">/etc/sysconfig/network</code>:
+ </div><pre class="screen">YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"</pre><div class="para">
+ The following iptables rules can then be used to enforce which network the server listens to for these ports:
+ </div><pre class="screen">iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROP
+iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP</pre><div class="para">
+ This means that the server only allows connections to ports 834 and 835 if the requests come from the 192.168.0.0/24 network, regardless of the protocol.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Firewalls">Section 3.8, “Firewalls”</a> for more information about implementing firewalls with iptables commands.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">3.2.3.5. Use Kerberos Authentication</h4></div></div></div><div class="para">
+ One of the issues to consider when NIS is used for authentication is that whenever a user logs into a machine, a password hash from the <code class="filename">/etc/shadow</code> map is sent over the network. If an intruder gains access to an NIS domain and sniffs network traffic, they can collect usernames and password hashes. With enough time, a password cracking program can guess weak passwords, and an attacker can gain access to a valid account on the network.
+ </div><div class="para">
+ Since Kerberos uses secret-key cryptography, no password hashes are ever sent over the network, making the system far more secure. Refer to <a class="xref" href="#sect-Security_Guide-Kerberos">Section 3.7, “Kerberos”</a> for more information about Kerberos.
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_NFS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Securing NFS</h3></div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The version of NFS included in Fedora, NFSv4, no longer requires the <code class="command">portmap</code> service as outlined in <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_Portmap">Section 3.2.2, “Securing Portmap”</a>. NFS traffic now utilizes TCP in all versions, rather than UDP, and requires it when using NFSv4. NFSv4 now includes Kerberos user and group authentication, as part of the <code class="filename">RPCSEC_GSS</code> kernel module. Information on <code class="command">portmap</code> is still included, since Fedora supports NFSv2 and NFSv3, both of which utilize <code class="command">portmap</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">3.2.4.1. Carefully Plan the Network</h4></div></div></div><div class="para">
+ Now that NFSv4 has the ability to pass all information encrypted using Kerberos over a network, it is important that the service be configured correctly if it is behind a firewall or on a segmented network. NFSv2 and NFSv3 still pass data insecurely, and this should be taken into consideration. Careful network design in all of these regards can help prevent security breaches.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">3.2.4.2. Beware of Syntax Errors</h4></div></div></div><div class="para">
+ The NFS server determines which file systems to export and which hosts to export these directories to by consulting the <code class="filename">/etc/exports</code> file. Be careful not to add extraneous spaces when editing this file.
+ </div><div class="para">
+ For instance, the following line in the <code class="filename">/etc/exports</code> file shares the directory <code class="command">/tmp/nfs/</code> to the host <code class="command">bob.example.com</code> with read/write permissions.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com(rw)</pre><div class="para">
+ The following line in the <code class="filename">/etc/exports</code> file, on the other hand, shares the same directory to the host <code class="computeroutput">bob.example.com</code> with read-only permissions and shares it to the <span class="emphasis"><em>world</em></span> with read/write permissions due to a single space character after the hostname.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com (rw)</pre><div class="para">
+ It is good practice to check any configured NFS shares by using the <code class="command">showmount</code> command to verify what is being shared:
+ </div><pre class="screen">showmount -e <em class="replaceable"><code><hostname></code></em></pre></div><div class="section" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">3.2.4.3. Do Not Use the <code class="command">no_root_squash</code> Option</h4></div></div></div><div class="para">
+ By default, NFS shares change the root user to the <code class="command">nfsnobody</code> user, an unprivileged user account. This changes the owner of all root-created files to <code class="command">nfsnobody</code>, which prevents uploading of programs with the setuid bit set.
+ </div><div class="para">
+ If <code class="command">no_root_squash</code> is used, remote root users are able to change any file on the shared file system and leave applications infected by trojans for other users to inadvertently execute.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">3.2.4.4. NFS Firewall Configuration</h4></div></div></div><div class="para">
+ The ports used for NFS are assigned dynamically by rpcbind, which can cause problems when creating firewall rules. To simplify this process, use the <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> file to specify which ports are to be used:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">MOUNTD_PORT</code> — TCP and UDP port for mountd (rpc.mountd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">STATD_PORT</code> — TCP and UDP port for status (rpc.statd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_TCPPORT</code> — TCP port for nlockmgr (rpc.lockd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_UDPPORT</code> — UDP port nlockmgr (rpc.lockd)
+ </div></li></ul></div><div class="para">
+ Port numbers specified must not be used by any other service. Configure your firewall to allow the port numbers specified, as well as TCP and UDP port 2049 (NFS).
+ </div><div class="para">
+ Run the <code class="command">rpcinfo -p</code> command on the NFS server to see which ports and RPC programs are being used.
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Securing the Apache HTTP Server</h3></div></div></div><div class="para">
+ The Apache HTTP Server is one of the most stable and secure services that ships with Fedora. A large number of options and techniques are available to secure the Apache HTTP Server — too numerous to delve into deeply here. The following section briefly explains good practices when running the Apache HTTP Server.
+ </div><div class="para">
+ Always verify that any scripts running on the system work as intended <span class="emphasis"><em>before</em></span> putting them into production. Also, ensure that only the root user has write permissions to any directory containing scripts or CGIs. To do this, run the following commands as the root user:
+ </div><div class="orderedlist"><ol><li class="listitem"><pre class="screen">chown root <em class="replaceable"><code><directory_name></code></em></pre></li><li class="listitem"><pre class="screen">chmod 755 <em class="replaceable"><code><directory_name></code></em></pre></li></ol></div><div class="para">
+ System administrators should be careful when using the following configuration options (configured in <code class="filename">/etc/httpd/conf/httpd.conf</code>):
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><code class="option">FollowSymLinks</code></span></dt><dd><div class="para">
+ This directive is enabled by default, so be sure to use caution when creating symbolic links to the document root of the Web server. For instance, it is a bad idea to provide a symbolic link to <code class="filename">/</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">Indexes</code></span></dt><dd><div class="para">
+ This directive is enabled by default, but may not be desirable. To prevent visitors from browsing files on the server, remove this directive.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">UserDir</code></span></dt><dd><div class="para">
+ The <code class="option">UserDir</code> directive is disabled by default because it can confirm the presence of a user account on the system. To enable user directory browsing on the server, use the following directives:
+ </div><pre class="screen">UserDir enabled
+UserDir disabled root</pre><div class="para">
+ These directives activate user directory browsing for all user directories other than <code class="filename">/root/</code>. To add users to the list of disabled accounts, add a space-delimited list of users on the <code class="option">UserDir disabled</code> line.
+ </div></dd></dl></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Do not remove the <code class="option">IncludesNoExec</code> directive. By default, the <em class="firstterm">Server-Side Includes</em> (<abbr class="abbrev">SSI</abbr>) module cannot execute commands. It is recommended that you do not change this setting unless absolutely necessary, as it could, potentially, enable an attacker to execute commands on the system.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_FTP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Securing FTP</h3></div></div></div><div class="para">
+ The <em class="firstterm">File Transfer Protocol</em> (<abbr class="abbrev">FTP</abbr>) is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.
+ </div><div class="para">
+ Fedora provides three FTP servers.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">gssftpd</code> — A Kerberos-aware <code class="command">xinetd</code>-based FTP daemon that does not transmit authentication information over the network.
+ </div></li><li class="listitem"><div class="para">
+ <span class="application"><strong>Red Hat Content Accelerator</strong></span> (<code class="command">tux</code>) — A kernel-space Web server with FTP capabilities.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">vsftpd</code> — A standalone, security oriented implementation of the FTP service.
+ </div></li></ul></div><div class="para">
+ The following security guidelines are for setting up the <code class="command">vsftpd</code> FTP service.
+ </div><div class="section" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner">3.2.6.1. FTP Greeting Banner</h4></div></div></div><div class="para">
+ Before submitting a username and password, all users are presented with a greeting banner. By default, this banner includes version information useful to crackers trying to identify weaknesses in a system.
+ </div><div class="para">
+ To change the greeting banner for <code class="command">vsftpd</code>, add the following directive to the <code class="filename">/etc/vsftpd/vsftpd.conf</code> file:
+ </div><pre class="screen">ftpd_banner=<em class="replaceable"><code><insert_greeting_here></code></em></pre><div class="para">
+ Replace <em class="replaceable"><code><insert_greeting_here></code></em> in the above directive with the text of the greeting message.
+ </div><div class="para">
+ For mutli-line banners, it is best to use a banner file. To simplify management of multiple banners, place all banners in a new directory called <code class="filename">/etc/banners/</code>. The banner file for FTP connections in this example is <code class="filename">/etc/banners/ftp.msg</code>. Below is an example of what such a file may look like:
+ </div><pre class="screen">######### # Hello, all activity on ftp.example.com is logged. #########</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ It is not necessary to begin each line of the file with <code class="command">220</code> as specified in <a class="xref" href="#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Section 3.2.1.1.1, “TCP Wrappers and Connection Banners”</a>.
+ </div></div></div><div class="para">
+ To reference this greeting banner file for <code class="command">vsftpd</code>, add the following directive to the <code class="filename">/etc/vsftpd/vsftpd.conf</code> file:
+ </div><pre class="screen">banner_file=/etc/banners/ftp.msg</pre><div class="para">
+ It also is possible to send additional banners to incoming connections using TCP Wrappers as described in <a class="xref" href="#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Section 3.2.1.1.1, “TCP Wrappers and Connection Banners”</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_FTP-Anonymous_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">3.2.6.2. Anonymous Access</h4></div></div></div><div class="para">
+ The presence of the <code class="filename">/var/ftp/</code> directory activates the anonymous account.
+ </div><div class="para">
+ The easiest way to create this directory is to install the <code class="filename">vsftpd</code> package. This package establishes a directory tree for anonymous users and configures the permissions on directories to read-only for anonymous users.
+ </div><div class="para">
+ By default the anonymous user cannot write to any directories.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If enabling anonymous access to an FTP server, be aware of where sensitive data is stored.
+ </div></div></div><div class="section" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">3.2.6.2.1. Anonymous Upload</h5></div></div></div><div class="para">
+ To allow anonymous users to upload files, it is recommended that a write-only directory be created within <code class="filename">/var/ftp/pub/</code>.
+ </div><div class="para">
+ To do this, type the following command:
+ </div><pre class="screen">mkdir /var/ftp/pub/upload</pre><div class="para">
+ Next, change the permissions so that anonymous users cannot view the contents of the directory:
+ </div><pre class="screen">chmod 730 /var/ftp/pub/upload</pre><div class="para">
+ A long format listing of the directory should look like this:
+ </div><pre class="screen">drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload</pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Administrators who allow anonymous users to read and write in directories often find that their servers become a repository of stolen software.
+ </div></div></div><div class="para">
+ Additionally, under <code class="command">vsftpd</code>, add the following line to the <code class="filename">/etc/vsftpd/vsftpd.conf</code> file:
+ </div><pre class="screen">anon_upload_enable=YES</pre></div></div><div class="section" id="sect-Security_Guide-Securing_FTP-User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">3.2.6.3. User Accounts</h4></div></div></div><div class="para">
+ Because FTP transmits unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
+ </div><div class="para">
+ To disable all user accounts in <code class="command">vsftpd</code>, add the following directive to <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">local_enable=NO</pre><div class="section" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts">3.2.6.3.1. Restricting User Accounts</h5></div></div></div><div class="para">
+ To disable FTP access for specific accounts or specific groups of accounts, such as the root user and those with <code class="command">sudo</code> privileges, the easiest way is to use a PAM list file as described in <a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Section 3.1.4.2.4, “Disabling Root Using PAM”</a>. The PAM configuration file for <code class="command">vsftpd</code> is <code class="filename">/etc/pam.d/vsftpd</code>.
+ </div><div class="para">
+ It is also possible to disable user accounts within each service directly.
+ </div><div class="para">
+ To disable specific user accounts in <code class="command">vsftpd</code>, add the username to <code class="filename">/etc/vsftpd.ftpusers</code>
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">3.2.6.4. Use TCP Wrappers To Control Access</h4></div></div></div><div class="para">
+ Use TCP Wrappers to control access to either FTP daemon as outlined in <a class="xref" href="#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">Section 3.2.1.1, “Enhancing Security With TCP Wrappers”</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Securing Sendmail</h3></div></div></div><div class="para">
+ Sendmail is a Mail Transfer Agent (MTA) that uses the Simple Mail Transfer Protocol (SMTP) to deliver electronic messages between other MTAs and to email clients or delivery agents. Although many MTAs are capable of encrypting traffic between one another, most do not, so sending email over any public networks is considered an inherently insecure form of communication.
+ </div><div class="para">
+ It is recommended that anyone planning to implement a Sendmail server address the following issues.
+ </div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">3.2.7.1. Limiting a Denial of Service Attack</h4></div></div></div><div class="para">
+ Because of the nature of email, a determined attacker can flood the server with mail fairly easily and cause a denial of service. By setting limits to the following directives in <code class="filename">/etc/mail/sendmail.mc</code>, the effectiveness of such attacks is limited.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">confCONNECTION_RATE_THROTTLE</code> — The number of connections the server can receive per second. By default, Sendmail does not limit the number of connections. If a limit is set and reached, further connections are delayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_DAEMON_CHILDREN</code> — The maximum number of child processes that can be spawned by the server. By default, Sendmail does not assign a limit to the number of child processes. If a limit is set and reached, further connections are delayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMIN_FREE_BLOCKS</code> — The minimum number of free blocks which must be available for the server to accept mail. The default is 100 blocks.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_HEADERS_LENGTH</code> — The maximum acceptable size (in bytes) for a message header.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_MESSAGE_SIZE</code> — The maximum acceptable size (in bytes) for a single message.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">3.2.7.2. NFS and Sendmail</h4></div></div></div><div class="para">
+ Never put the mail spool directory, <code class="filename">/var/spool/mail/</code>, on an NFS shared volume.
+ </div><div class="para">
+ Because NFSv2 and NFSv3 do not maintain control over user and group IDs, two or more users can have the same UID, and receive and read each other's mail.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ With NFSv4 using Kerberos, this is not the case, since the <code class="filename">SECRPC_GSS</code> kernel module does not utilize UID-based authentication. However, it is still considered good practice <span class="emphasis"><em>not</em></span> to put the mail spool directory on NFS shared volumes.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">3.2.7.3. Mail-only Users</h4></div></div></div><div class="para">
+ To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the Sendmail server using an email program. Shell accounts on the mail server should not be allowed and all user shells in the <code class="filename">/etc/passwd</code> file should be set to <code class="command">/sbin/nologin</code> (with the possible exception of the root user).
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Verifying Which Ports Are Listening</h3></div></div></div><div class="para">
+ After configuring network services, it is important to pay attention to which ports are actually listening on the system's network interfaces. Any open ports can be evidence of an intrusion.
+ </div><div class="para">
+ There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack using commands such as <code class="command">netstat -an</code> or <code class="command">lsof -i</code>. This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized network ports by replacing <code class="command">netstat</code> and <code class="command">lsof</code> with their own, modified versions.
+ </div><div class="para">
+ A more reliable way to check which ports are listening on the network is to use a port scanner such as <code class="command">nmap</code>.
+ </div><div class="para">
+ The following command issued from the console determines which ports are listening for TCP connections from the network:
+ </div><pre class="screen">nmap -sT -O localhost</pre><div class="para">
+ The output of this command appears as follows:
+ </div><pre class="screen">Starting Nmap 4.68 ( http://nmap.org ) at 2009-03-06 12:08 EST
+Interesting ports on localhost.localdomain (127.0.0.1):
+Not shown: 1711 closed ports
+PORT STATE SERVICE
+22/tcp open ssh
+25/tcp open smtp
+111/tcp open rpcbind
+113/tcp open auth
+631/tcp open ipp
+834/tcp open unknown
+2601/tcp open zebra
+32774/tcp open sometimes-rpc11
+Device type: general purpose
+Running: Linux 2.6.X
+OS details: Linux 2.6.17 - 2.6.24
+Uptime: 4.122 days (since Mon Mar 2 09:12:31 2009)
+Network Distance: 0 hops
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 1.420 seconds</pre><div class="para">
+ This output shows the system is running <code class="command">portmap</code> due to the presence of the <code class="computeroutput">sunrpc</code> service. However, there is also a mystery service on port 834. To check if the port is associated with the official list of known services, type:
+ </div><pre class="screen">cat /etc/services | grep 834</pre><div class="para">
+ This command returns no output. This indicates that while the port is in the reserved range (meaning 0 through 1023) and requires root access to open, it is not associated with a known service.
+ </div><div class="para">
+ Next, check for information about the port using <code class="command">netstat</code> or <code class="command">lsof</code>. To check for port 834 using <code class="command">netstat</code>, use the following command:
+ </div><pre class="screen">netstat -anp | grep 834</pre><div class="para">
+ The command returns the following output:
+ </div><pre class="screen">tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind</pre><div class="para">
+ The presence of the open port in <code class="command">netstat</code> is reassuring because a cracker opening a port surreptitiously on a hacked system is not likely to allow it to be revealed through this command. Also, the <code class="option">[p]</code> option reveals the process ID (PID) of the service that opened the port. In this case, the open port belongs to <code class="command">ypbind</code> (<abbr class="abbrev">NIS</abbr>), which is an <abbr class="abbrev">RPC</abbr> service handled in conjunction with the <code class="command">portmap</code> service.
+ </div><div class="para">
+ The <code class="command">lsof</code> command reveals similar information to <code class="command">netstat</code> since it is also capable of linking open ports to services:
+ </div><pre class="screen">lsof -i | grep 834</pre><div class="para">
+ The relevant portion of the output from this command follows:
+ </div><pre class="screen">ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)</pre><div class="para">
+ These tools reveal a great deal about the status of the services running on a machine. These tools are flexible and can provide a wealth of information about network services and configuration. Refer to the man pages for <code class="command">lsof</code>, <code class="command">netstat</code>, <code class="command">nmap</code>, and <code class="filename">services</code> for more information.
+ </div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Single_Sign_on_SSO" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduction</h3></div></div></div><div class="para">
+ The Fedora SSO functionality reduces the number of times Fedora desktop users have to enter their passwords. Several major applications leverage the same underlying authentication and authorization mechanisms so that users can log in to Fedora from the log-in screen, and then not need to re-enter their passwords. These applications are detailed below.
+ </div><div class="para">
+ In addition, users can log in to their machines even when there is no network (<em class="firstterm">offline mode</em>) or where network connectivity is unreliable, for example, wireless access. In the latter case, services will degrade gracefully.
+ </div><div class="section" id="sect-Security_Guide-Introduction-Supported_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Applications">3.3.1.1. Supported Applications</h4></div></div></div><div class="para">
+ The following applications are currently supported by the unified log-in scheme in Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Login
+ </div></li><li class="listitem"><div class="para">
+ Screensaver
+ </div></li><li class="listitem"><div class="para">
+ Firefox and Thunderbird
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">3.3.1.2. Supported Authentication Mechanisms</h4></div></div></div><div class="para">
+ Fedora currently supports the following authentication mechanisms:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Kerberos name/password login
+ </div></li><li class="listitem"><div class="para">
+ Smart card/PIN login
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Smart_Cards"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Smart_Cards">3.3.1.3. Supported Smart Cards</h4></div></div></div><div class="para">
+ Fedora has been tested with the Cyberflex e-gate card and reader, but any card that complies with both Java card 2.1.1 and Global Platform 2.0.1 specifications should operate correctly, as should any reader that is supported by PCSC-lite.
+ </div><div class="para">
+ Fedora has also been tested with Common Access Cards (CAC). The supported reader for CAC is the SCM SCR 331 USB Reader.
+ </div><div class="para">
+ As of Fedora 5.2, Gemalto smart cards (Cyberflex Access 64k v2, standard with DER SHA1 value configured as in PKCSI v2.1) are now supported. These smart cards now use readers compliant with Chip/Smart Card Interface Devices (CCID).
+ </div></div><div class="section" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">3.3.1.4. Advantages of Fedora Single Sign-on</h4></div></div></div><div class="para">
+ Numerous security mechanisms currently exist that utilize a large number of protocols and credential stores. Examples include SSL, SSH, IPsec, and Kerberos. Fedora SSO aims to unify these schemes to support the requirements listed above. This does not mean replacing Kerberos with X.509v3 certificates, but rather uniting them to reduce the burden on both system users and the administrators who manage them.
+ </div><div class="para">
+ To achieve this goal, Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Provides a single, shared instance of the NSS crypto libraries on each operating system.
+ </div></li><li class="listitem"><div class="para">
+ Ships the Certificate System's Enterprise Security Client (ESC) with the base operating system. The ESC application monitors smart card insertion events. If it detects that the user has inserted a smart card that was designed to be used with the Fedora Certificate System server product, it displays a user interface instructing the user how to enroll that smart card.
+ </div></li><li class="listitem"><div class="para">
+ Unifies Kerberos and NSS so that users who log in to the operating system using a smart card also obtain a Kerberos credential (which allows them to log in to file servers, etc.)
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Getting Started with your new Smart Card</h3></div></div></div><div class="para">
+ Before you can use your smart card to log in to your system and take advantage of the increased security options this technology provides, you need to perform some basic installation and configuration steps. These are described below.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ This section provides a high-level view of getting started with your smart card. More detailed information is available in the Red Hat Certificate System Enterprise Security Client Guide.
+ </div></div></div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Log in with your Kerberos name and password
+ </div></li><li class="step"><div class="para">
+ Make sure you have the <code class="filename">nss-tools</code> package loaded.
+ </div></li><li class="step"><div class="para">
+ Download and install your corporate-specific root certificates. Use the following command to install the root CA certificate:
+ </div><pre class="screen">certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i ./ca_cert_in_base64_format.crt</pre></li><li class="step"><div class="para">
+ Verify that you have the following RPMs installed on your system: esc, pam_pkcs11, coolkey, ifd-egate, ccid, gdm, authconfig, and authconfig-gtk.
+ </div></li><li class="step"><div class="para">
+ Enable Smart Card Login Support
+ </div><ol class="a"><li class="step"><div class="para">
+ On the Gnome Title Bar, select System->Administration->Authentication.
+ </div></li><li class="step"><div class="para">
+ Type your machine's root password if necessary.
+ </div></li><li class="step"><div class="para">
+ In the Authentication Configuration dialog, click the <span class="guilabel"><strong>Authentication</strong></span> tab.
+ </div></li><li class="step"><div class="para">
+ Select the <span class="guilabel"><strong>Enable Smart Card Support</strong></span> check box.
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guibutton"><strong>Configure Smart Card...</strong></span> button to display the Smartcard Settings dialog, and specify the required settings:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Require smart card for login</strong></span> — Clear this check box. After you have successfully logged in with the smart card you can select this option to prevent users from logging in without a smart card.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Card Removal Action</strong></span> — This controls what happens when you remove the smart card after you have logged in. The available options are:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Lock</strong></span> — Removing the smart card locks the X screen.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Ignore</strong></span> — Removing the smart card has no effect.
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </div></li></ol></li><li class="step"><div class="para">
+ If you need to enable the Online Certificate Status Protocol (<abbr class="abbrev">OCSP</abbr>), open the <code class="filename">/etc/pam_pkcs11/pam_pkcs11.conf</code> file, and locate the following line:
+ </div><div class="para">
+ <code class="command">enable_ocsp = false;</code>
+ </div><div class="para">
+ Change this value to true, as follows:
+ </div><div class="para">
+ <code class="command">enable_ocsp = true;</code>
+ </div></li><li class="step"><div class="para">
+ Enroll your smart card
+ </div></li><li class="step"><div class="para">
+ If you are using a CAC card, you also need to perform the following steps:
+ </div><ol class="a"><li class="step"><div class="para">
+ Change to the root account and create a file called <code class="filename">/etc/pam_pkcs11/cn_map</code>.
+ </div></li><li class="step"><div class="para">
+ Add the following entry to the <code class="filename">cn_map</code> file:
+ </div><div class="para">
+ <em class="replaceable"><code>MY.CAC_CN.123454</code></em> -> <em class="replaceable"><code>myloginid</code></em>
+ </div><div class="para">
+ where <em class="replaceable"><code>MY.CAC_CN.123454</code></em> is the Common Name on your CAC and <em class="replaceable"><code>myloginid</code></em> is your UNIX login ID.
+ </div></li></ol></li><li class="step"><div class="para">
+ Logout
+ </div></li></ol></div><div class="section" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting">3.3.2.1. Troubleshooting</h4></div></div></div><div class="para">
+ If you have trouble getting your smart card to work, try using the following command to locate the source of the problem:
+ </div><pre class="screen">pklogin_finder debug</pre><div class="para">
+ If you run the <code class="command">pklogin_finder</code> tool in debug mode while an enrolled smart card is plugged in, it attempts to output information about the validity of certificates, and if it is successful in attempting to map a login ID from the certificates that are on the card.
+ </div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. How Smart Card Enrollment Works</h3></div></div></div><div class="para">
+ Smart cards are said to be <em class="firstterm">enrolled</em> when they have received an appropriate certificate signed by a valid Certificate Authority (<abbr class="abbrev">CA</abbr>). This involves several steps, described below:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ The user inserts their smart card into the smart card reader on their workstation. This event is recognized by the Enterprise Security Client (<abbr class="abbrev">ESC</abbr>).
+ </div></li><li class="listitem"><div class="para">
+ The enrollment page is displayed on the user's desktop. The user completes the required details and the user's system then connects to the Token Processing System (<abbr class="abbrev">TPS</abbr>) and the <abbr class="abbrev">CA</abbr>.
+ </div></li><li class="listitem"><div class="para">
+ The <abbr class="abbrev">TPS</abbr> enrolls the smart card using a certificate signed by the <abbr class="abbrev">CA</abbr>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Enrollment_Works-How_Smart_Card_Enrollment_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLoginEnrollment.png" width="444" alt="How Smart Card Enrollment Works" /><div class="longdesc"><div class="para">
+ How Smart Card Enrollment Works.
+ </div></div></div></div><h6>Figure 3.4. How Smart Card Enrollment Works</h6></div><br class="figure-break" /></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. How Smart Card Login Works</h3></div></div></div><div class="para">
+ This section provides a brief overview of the process of logging in using a smart card.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ When the user inserts their smart card into the smart card reader, this event is recognized by the PAM facility, which prompts for the user's PIN.
+ </div></li><li class="listitem"><div class="para">
+ The system then looks up the user's current certificates and verifies their validity. The certificate is then mapped to the user's UID.
+ </div></li><li class="listitem"><div class="para">
+ This is validated against the KDC and login granted.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Login_Works-How_Smart_Card_Login_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLogin.png" width="444" alt="How Smart Card Login Works" /><div class="longdesc"><div class="para">
+ How Smart Card Login Works.
+ </div></div></div></div><h6>Figure 3.5. How Smart Card Login Works</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You cannot log in with a card that has not been enrolled, even if it has been formatted. You need to log in with a formatted, enrolled card, or not using a smart card, before you can enroll a new card.
+ </div></div></div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Kerberos">Section 3.7, “Kerberos”</a> and <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Section 3.5, “Pluggable Authentication Modules (PAM)”</a> for more information on Kerberos and <acronym class="acronym">PAM</acronym>.
+ </div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configuring Firefox to use Kerberos for SSO</h3></div></div></div><div class="para">
+ You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <abbr class="abbrev">KDC</abbr>.The following section describes the configuration changes and other requirements to achieve this.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In the address bar of Firefox, type <strong class="userinput"><code>about:config</code></strong> to display the list of current configuration options.
+ </div></li><li class="listitem"><div class="para">
+ In the <span class="guilabel"><strong>Filter</strong></span> field, type <strong class="userinput"><code>negotiate</code></strong> to restrict the list of options.
+ </div></li><li class="listitem"><div class="para">
+ Double-click the <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> entry to display the <span class="emphasis"><em>Enter string value</em></span> dialog box.
+ </div></li><li class="listitem"><div class="para">
+ Enter the name of the domain against which you want to authenticate, for example, <em class="replaceable"><code>.example.com</code></em>.
+ </div></li><li class="listitem"><div class="para">
+ Repeat the above procedure for the <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> entry, using the same domain.
+ </div><div class="para">
+ <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You can leave this value blank, as it allows Kerberos ticket passing, which is not required.
+ </div><div class="para">
+ If you do not see these two configuration options listed, your version of Firefox may be too old to support Negotiate authentication, and you should consider upgrading.
+ </div></div></div>
+
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Configuring_Firefox_for_SSO_with_Kerberos"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firefox_kerberos_SSO.png" width="444" alt="Configuring Firefox for SSO with Kerberos" /><div class="longdesc"><div class="para">
+ Configuring Firefox to use Kerberos for SSO.
+ </div></div></div></div><h6>Figure 3.6. Configuring Firefox for SSO with Kerberos</h6></div><br class="figure-break" /><div class="para">
+ You now need to ensure that you have Kerberos tickets. In a command shell, type <code class="command">kinit</code> to retrieve Kerberos tickets. To display the list of available tickets, type <code class="command">klist</code>. The following shows an example output from these commands:
+ </div><pre class="screen">[user at host ~] $ kinit
+Password for user at EXAMPLE.COM:
+
+[user at host ~] $ klist
+Ticket cache: FILE:/tmp/krb5cc_10920
+Default principal: user at EXAMPLE.COM
+
+Valid starting Expires Service principal
+10/26/06 23:47:54 10/27/06 09:47:54 krbtgt/USER.COM at USER.COM
+ renew until 10/26/06 23:47:54
+
+Kerberos 4 ticket cache: /tmp/tkt10920
+klist: You have no tickets cached</pre><div class="section" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting">3.3.5.1. Troubleshooting</h4></div></div></div><div class="para">
+ If you have followed the configuration steps above and Negotiate authentication is not working, you can turn on verbose logging of the authentication process. This could help you find the cause of the problem. To enable verbose logging, use the following procedure:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Close all instances of Firefox.
+ </div></li><li class="listitem"><div class="para">
+ Open a command shell, and enter the following commands:
+ </div><pre class="screen">export NSPR_LOG_MODULES=negotiateauth:5
+export NSPR_LOG_FILE=/tmp/moz.log</pre></li><li class="listitem"><div class="para">
+ Restart Firefox <span class="emphasis"><em>from that shell</em></span>, and visit the website you were unable to authenticate to earlier. Information will be logged to <code class="filename">/tmp/moz.log</code>, and may give a clue to the problem. For example:
+ </div><pre class="screen">-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
+-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
+No credentials cache found</pre><div class="para">
+ This indicates that you do not have Kerberos tickets, and need to run <code class="command">kinit</code>.
+ </div></li></ol></div><div class="para">
+ If you are able to run <code class="command">kinit</code> successfully from your machine but you are unable to authenticate, you might see something like this in the log file:
+ </div><pre class="screen">-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
+-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
+Server not found in Kerberos database</pre><div class="para">
+ This generally indicates a Kerberos configuration problem. Make sure that you have the correct entries in the [domain_realm] section of the <code class="filename">/etc/krb5.conf</code> file. For example:
+ </div><pre class="screen">.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ If nothing appears in the log it is possible that you are behind a proxy, and that proxy is stripping off the HTTP headers required for Negotiate authentication. As a workaround, you can try to connect to the server using HTTPS instead, which allows the request to pass through unmodified. Then proceed to debug using the log file, as described above.
+ </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Yubikey" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Yubikey">3.4. Yubikey</h2></div></div></div><div class="para">
+ Yubikey is a hardware authentication token that utilizes open source software to operate. This token is a simple USB device that appears as a keyboard to your computer. The single touch button on the token provides a one time password (OTP) with each push that can be used to authenticate a user. Currently there are several different implementations of this solution of which we'll cover here.
+ </div><div class="section" id="sect-Security_Guide-Yubikey-Centralized_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Using Yubikey with a centralized server</h3></div></div></div><div class="para">
+ A PAM module already exists in the Fedora repositories that allow authentication of computers that can contact an authentication server. The server can either be setup at the domain level or the Yubico's servers can be utilized. This method of authentication is a great enterprise solution where multiple users may need access to multiple computers on the domain. The steps below describe this setup.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Install <span class="package">pam_yubico</span>
+ </div></li><li class="step"><div class="para">
+ For two factor authentication open <code class="filename">/etc/pam.d/gdm-password</code> and locate the following line:
+ </div><div class="para">
+ <code class="command">auth substack password-auth </code>
+ </div><div class="para">
+ In a new line after this add:
+ </div><div class="para">
+ <code class="command">auth sufficient pam_yubico.so id=16</code>
+ </div></li><li class="step"><div class="para">
+ To simple use the yubikey token without your password remove the first line from the step above and replace it with the second.
+ </div></li><li class="step"><div class="para">
+ Locate the yubikey token for the first yubikey you will be adding. This can be done by looking at the first 12 characters of any OTP or visit <a href="http://radius.yubico.com/demo/Modhex_Calculator.php"><em class="citetitle">http://radius.yubico.com/demo/Modhex_Calculator.php</em></a> and copy the Modhex encoded string after you enter an OTP into the textbox on the page.
+ </div></li><li class="step"><div class="para">
+ Add user's yubikeys to the config file. This can be done either globally in <code class="filename">/etc/yubikey_mapping</code> or by individual user in <code class="filename">~/.yubico/authorized_yubikeys</code>. The following is the syntax:
+ </div><div class="para">
+ <code class="command">username:yubikey_token:another_yubikey_token</code>
+ </div></li><li class="step"><div class="para">
+ Logout, when you attempt to log back in you should either be prompted to enter both your password and your yubikey OTP or both depending on how you configured your system.
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ A connection to the authentication server is required or proper authentication will not occur. This can be detrimental to systems that do not have constant network connectivity.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Yubikey-Web_Sites"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Authenticating to websites with your Yubikey</h3></div></div></div><div class="para">
+ While outside the scope of this guide Yubikey allows you to authenticate to websites supporting this authentication method. These websites typically support Yubico's authentication servers but some can be setup similar to the above centralized authentication. Yubico also provides OpenID services that can be utilized with certain websites.
+ </div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</h2></div></div></div><div class="para">
+ Programs that grant users access to a system use <em class="firstterm">authentication</em> to verify each other's identity (that is, to establish that a user is who they say they are).
+ </div><div class="para">
+ Historically, each program had its own way of authenticating users. In Fedora, many programs are configured to use a centralized authentication mechanism called <em class="firstterm">Pluggable Authentication Modules</em> (<acronym class="acronym">PAM</acronym>).
+ </div><div class="para">
+ PAM uses a pluggable, modular architecture, which affords the system administrator a great deal of flexibility in setting authentication policies for the system.
+ </div><div class="para">
+ In most situations, the default PAM configuration file for a PAM-aware application is sufficient. Sometimes, however, it is necessary to edit a PAM configuration file. Because misconfiguration of PAM can compromise system security, it is important to understand the structure of these files before making any modifications. Refer to <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">Section 3.5.3, “PAM Configuration File Format”</a> for more information.
+ </div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Advantages of PAM</h3></div></div></div><div class="para">
+ PAM offers the following advantages:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ a common authentication scheme that can be used with a wide variety of applications.
+ </div></li><li class="listitem"><div class="para">
+ significant flexibility and control over authentication for both system administrators and application developers.
+ </div></li><li class="listitem"><div class="para">
+ a single, fully-documented library which allows developers to write programs without having to create their own authentication schemes.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM Configuration Files</h3></div></div></div><div class="para">
+ The <code class="filename">/etc/pam.d/</code> directory contains the PAM configuration files for each PAM-aware application. In earlier versions of PAM, the <code class="filename">/etc/pam.conf</code> file was used, but this file is now deprecated and is only used if the <code class="filename">/etc/pam.d/</code> directory does not exist.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">3.5.2.1. PAM Service Files</h4></div></div></div><div class="para">
+ Each PAM-aware application or <em class="firstterm">service</em> has a file in the <code class="filename">/etc/pam.d/</code> directory. Each file in this directory has the same name as the service to which it controls access.
+ </div><div class="para">
+ The PAM-aware program is responsible for defining its service name and installing its own PAM configuration file in the <code class="filename">/etc/pam.d/</code> directory. For example, the <code class="command">login</code> program defines its service name as <code class="command">login</code> and installs the <code class="filename">/etc/pam.d/login</code> PAM configuration file.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM Configuration File Format</h3></div></div></div><div class="para">
+ Each PAM configuration file contains a group of directives formatted as follows:
+ </div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em></pre><div class="para">
+ Each of these elements is explained in the following sections.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface">3.5.3.1. Module Interface</h4></div></div></div><div class="para">
+ Four types of PAM module interface are currently available. Each of these corresponds to a different aspect of the authorization process:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">auth</code> — This module interface authenticates use. For example, it requests and verifies the validity of a password. Modules with this interface can also set credentials, such as group memberships or Kerberos tickets.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account</code> — This module interface verifies that access is allowed. For example, it may check if a user account has expired or if a user is allowed to log in at a particular time of day.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password</code> — This module interface is used for changing user passwords.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">session</code> — This module interface configures and manages user sessions. Modules with this interface can also perform additional tasks that are needed to allow access, like mounting a user's home directory and making the user's mailbox available.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ An individual module can provide any or all module interfaces. For instance, <code class="filename">pam_unix.so</code> provides all four module interfaces.
+ </div></div></div><div class="para">
+ In a PAM configuration file, the module interface is the first field defined. For example, a typical line in a configuration may look like this:
+ </div><pre class="screen">auth required pam_unix.so</pre><div class="para">
+ This instructs PAM to use the <code class="filename">pam_unix.so</code> module's <code class="command">auth</code> interface.
+ </div><div class="section" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces">3.5.3.1.1. Stacking Module Interfaces</h5></div></div></div><div class="para">
+ Module interface directives can be <span class="emphasis"><em>stacked</em></span>, or placed upon one another, so that multiple modules are used together for one purpose. If a module's control flag uses the "sufficient" or "requisite" value (refer to <a class="xref" href="#sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">Section 3.5.3.2, “Control Flag”</a> for more information on these flags), then the order in which the modules are listed is important to the authentication process.
+ </div><div class="para">
+ Stacking makes it easy for an administrator to require specific conditions to exist before allowing the user to authenticate. For example, the <code class="command">reboot</code> command normally uses several stacked modules, as seen in its PAM configuration file:
+ </div><pre class="screen">[root at MyServer ~]# cat /etc/pam.d/reboot
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_console.so
+#auth include system-auth
+account required pam_permit.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The first line is a comment and is not processed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth sufficient pam_rootok.so</code> — This line uses the <code class="filename">pam_rootok.so</code> module to check whether the current user is root, by verifying that their UID is 0. If this test succeeds, no other modules are consulted and the command is executed. If this test fails, the next module is consulted.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_console.so</code> — This line uses the <code class="filename">pam_console.so</code> module to attempt to authenticate the user. If this user is already logged in at the console, <code class="filename">pam_console.so</code> checks whether there is a file in the <code class="filename">/etc/security/console.apps/</code> directory with the same name as the service name (reboot). If such a file exists, authentication succeeds and control is passed to the next module.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">#auth include system-auth</code> — This line is commented and is not processed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_permit.so</code> — This line uses the <code class="filename">pam_permit.so</code> module to allow the root user or anyone logged in at the console to reboot the system.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">3.5.3.2. Control Flag</h4></div></div></div><div class="para">
+ All PAM modules generate a success or failure result when called. Control flags tell PAM what do with the result. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module is to the overall goal of authenticating the user to the service.
+ </div><div class="para">
+ There are four predefined control flags:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">required</code> — The module result must be successful for authentication to continue. If the test fails at this point, the user is not notified until the results of all module tests that reference that interface are complete.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">requisite</code> — The module result must be successful for authentication to continue. However, if a test fails at this point, the user is notified immediately with a message reflecting the first failed <code class="command">required</code> <span class="emphasis"><em>or</em></span> <code class="command">requisite</code> module test.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sufficient</code> — The module result is ignored if it fails. However, if the result of a module flagged <code class="command">sufficient</code> is successful <span class="emphasis"><em>and</em></span> no previous modules flagged <code class="command">required</code> have failed, then no other results are required and the user is authenticated to the service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">optional</code> — The module result is ignored. A module flagged as <code class="command">optional</code> only becomes necessary for successful authentication when no other modules reference the interface.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The order in which <code class="command">required</code> modules are called is not critical. Only the <code class="command">sufficient</code> and <code class="command">requisite</code> control flags cause order to become important.
+ </div></div></div><div class="para">
+ A newer control flag syntax that allows for more precise control is now available for PAM.
+ </div><div class="para">
+ The <code class="command">pam.d</code> man page, and the PAM documentation, located in the <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> directory, where <em class="replaceable"><code><version-number></code></em> is the version number for PAM on your system, describe this newer syntax in detail.
+ </div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">3.5.3.3. Module Name</h4></div></div></div><div class="para">
+ The module name provides PAM with the name of the pluggable module containing the specified module interface. In older versions of Fedora, the full path to the module was provided in the PAM configuration file. However, since the advent of <em class="firstterm">multilib</em> systems, which store 64-bit PAM modules in the <code class="filename">/lib64/security/</code> directory, the directory name is omitted because the application is linked to the appropriate version of <code class="filename">libpam</code>, which can locate the correct version of the module.
+ </div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">3.5.3.4. Module Arguments</h4></div></div></div><div class="para">
+ PAM uses <em class="firstterm">arguments</em> to pass information to a pluggable module during authentication for some modules.
+ </div><div class="para">
+ For example, the <code class="filename">pam_userdb.so</code> module uses information stored in a Berkeley DB file to authenticate the user. Berkeley DB is an open source database system embedded in many applications. The module takes a <code class="filename">db</code> argument so that Berkeley DB knows which database to use for the requested service.
+ </div><div class="para">
+ The following is a typical <code class="filename">pam_userdb.so</code> line in a PAM configuration. The <em class="replaceable"><code><path-to-file></code></em> is the full path to the Berkeley DB database file:
+ </div><pre class="screen">auth required pam_userdb.so db=<em class="replaceable"><code><path-to-file></code></em></pre><div class="para">
+ Invalid arguments are <span class="emphasis"><em>generally</em></span> ignored and do not otherwise affect the success or failure of the PAM module. Some modules, however, may fail on invalid arguments. Most modules report errors to the <code class="filename">/var/log/secure</code> file.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Sample PAM Configuration Files</h3></div></div></div><div class="para">
+ The following is a sample PAM application configuration file:
+ </div><pre class="screen">#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_unix.so nullok
+auth required pam_nologin.so
+account required pam_unix.so
+password required pam_cracklib.so retry=3
+password required pam_unix.so shadow nullok use_authtok
+session required pam_unix.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The first line is a comment, indicated by the hash mark (<code class="command">#</code>) at the beginning of the line.
+ </div></li><li class="listitem"><div class="para">
+ Lines two through four stack three modules for login authentication.
+ </div><div class="para">
+ <code class="command">auth required pam_securetty.so</code> — This module ensures that <span class="emphasis"><em>if</em></span> the user is trying to log in as root, the tty on which the user is logging in is listed in the <code class="filename">/etc/securetty</code> file, <span class="emphasis"><em>if</em></span> that file exists.
+ </div><div class="para">
+ If the tty is not listed in the file, any attempt to log in as root fails with a <code class="computeroutput">Login incorrect</code> message.
+ </div><div class="para">
+ <code class="command">auth required pam_unix.so nullok</code> — This module prompts the user for a password and then checks the password using the information stored in <code class="filename">/etc/passwd</code> and, if it exists, <code class="filename">/etc/shadow</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The argument <code class="command">nullok</code> instructs the <code class="filename">pam_unix.so</code> module to allow a blank password.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_nologin.so</code> — This is the final authentication step. It checks whether the <code class="filename">/etc/nologin</code> file exists. If it exists and the user is not root, authentication fails.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ In this example, all three <code class="command">auth</code> modules are checked, even if the first <code class="command">auth</code> module fails. This prevents the user from knowing at what stage their authentication failed. Such knowledge in the hands of an attacker could allow them to more easily deduce how to crack the system.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_unix.so</code> — This module performs any necessary account verification. For example, if shadow passwords have been enabled, the account interface of the <code class="filename">pam_unix.so</code> module checks to see if the account has expired or if the user has not changed the password within the allowed grace period.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_cracklib.so retry=3</code> — If a password has expired, the password component of the <code class="filename">pam_cracklib.so</code> module prompts for a new password. It then tests the newly created password to see whether it can easily be determined by a dictionary-based password cracking program.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The argument <code class="command">retry=3</code> specifies that if the test fails the first time, the user has two more chances to create a strong password.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_unix.so shadow nullok use_authtok</code> — This line specifies that if the program changes the user's password, it should use the <code class="command">password</code> interface of the <code class="filename">pam_unix.so</code> module to do so.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The argument <code class="command">shadow</code> instructs the module to create shadow passwords when updating a user's password.
+ </div></li><li class="listitem"><div class="para">
+ The argument <code class="command">nullok</code> instructs the module to allow the user to change their password <span class="emphasis"><em>from</em></span> a blank password, otherwise a null password is treated as an account lock.
+ </div></li><li class="listitem"><div class="para">
+ The final argument on this line, <code class="command">use_authtok</code>, provides a good example of the importance of order when stacking PAM modules. This argument instructs the module not to prompt the user for a new password. Instead, it accepts any password that was recorded by a previous password module. In this way, all new passwords must pass the <code class="filename">pam_cracklib.so</code> test for secure passwords before being accepted.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">session required pam_unix.so</code> — The final line instructs the session interface of the <code class="filename">pam_unix.so</code> module to manage the session. This module logs the user name and the service type to <code class="filename">/var/log/secure</code> at the beginning and end of each session. This module can be supplemented by stacking it with other session modules for additional functionality.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creating PAM Modules</h3></div></div></div><div class="para">
+ You can create or add new PAM modules at any time for use by PAM-aware applications.
+ </div><div class="para">
+ For example, a developer might create a one-time-password creation method and write a PAM module to support it. PAM-aware programs can immediately use the new module and password method without being recompiled or otherwise modified.
+ </div><div class="para">
+ This allows developers and system administrators to mix-and-match, as well as test, authentication methods for different programs without recompiling them.
+ </div><div class="para">
+ Documentation on writing modules is included in the <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> directory, where <em class="replaceable"><code><version-number></code></em> is the version number for PAM on your system.
+ </div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM and Administrative Credential Caching</h3></div></div></div><div class="para">
+ A number of graphical administrative tools in Fedora provide users with elevated privileges for up to five minutes using the <code class="filename">pam_timestamp.so</code> module. It is important to understand how this mechanism works, because a user who walks away from a terminal while <code class="filename">pam_timestamp.so</code> is in effect leaves the machine open to manipulation by anyone with physical access to the console.
+ </div><div class="para">
+ In the PAM timestamp scheme, the graphical administrative application prompts the user for the root password when it is launched. When the user has been authenticated, the <code class="filename">pam_timestamp.so</code> module creates a timestamp file. By default, this is created in the <code class="filename">/var/run/sudo/</code> directory. If the timestamp file already exists, graphical administrative programs do not prompt for a password. Instead, the <code class="filename">pam_timestamp.so</code> module freshens the timestamp file, reserving an extra five minutes of unchallenged administrative access for the user.
+ </div><div class="para">
+ You can verify the actual state of the timestamp file by inspecting the <code class="filename">/var/run/sudo/<user></code> file. For the desktop, the relevant file is <code class="filename">unknown:root</code>. If it is present and its timestamp is less than five minutes old, the credentials are valid.
+ </div><div class="para">
+ The existence of the timestamp file is indicated by an authentication icon, which appears in the notification area of the panel.
+ </div><div class="figure" id="figu-Security_Guide-PAM_and_Administrative_Credential_Caching-The_Authentication_Icon"><div class="figure-contents"><div class="mediaobject"><img src="images/authicon.png" alt="The Authentication Icon" /><div class="longdesc"><div class="para">
+ Illustration of the authentication icon.
+ </div></div></div></div><h6>Figure 3.7. The Authentication Icon</h6></div><br class="figure-break" /><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File">3.5.6.1. Removing the Timestamp File</h4></div></div></div><div class="para">
+ Before abandoning a console where a PAM timestamp is active, it is recommended that the timestamp file be destroyed. To do this from a graphical environment, click the authentication icon on the panel. This causes a dialog box to appear. Click the <span class="guibutton"><strong>Forget Authorization</strong></span> button to destroy the active timestamp file.
+ </div><div class="figure" id="figu-Security_Guide-Removing_the_Timestamp_File-Dismiss_Authentication_Dialog"><div class="figure-contents"><div class="mediaobject"><img src="images/auth-panel.png" width="444" alt="Dismiss Authentication Dialog" /><div class="longdesc"><div class="para">
+ Illustration of the authentication dismissal dialog box.
+ </div></div></div></div><h6>Figure 3.8. Dismiss Authentication Dialog</h6></div><br class="figure-break" /><div class="para">
+ You should be aware of the following with respect to the PAM timestamp file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ If logged in to the system remotely using <code class="command">ssh</code>, use the <code class="command">/sbin/pam_timestamp_check -k root</code> command to destroy the timestamp file.
+ </div></li><li class="listitem"><div class="para">
+ You need to run the <code class="command">/sbin/pam_timestamp_check -k root</code> command from the same terminal window from which you launched the privileged application.
+ </div></li><li class="listitem"><div class="para">
+ You must be logged in as the user who originally invoked the <code class="filename">pam_timestamp.so</code> module in order to use the <code class="command">/sbin/pam_timestamp_check -k</code> command. Do not log in as root to use this command.
+ </div></li><li class="listitem"><div class="para">
+ If you want to kill the credentials on the desktop (without using the <span class="guibutton"><strong>Forget Authorization</strong></span> action on the icon), use the following command:
+ </div><pre class="screen">/sbin/pam_timestamp_check -k root </dev/null >/dev/null 2>/dev/null</pre><div class="para">
+ Failure to use this command will only remove the credentials (if any) from the pty where you run the command.
+ </div></li></ul></div><div class="para">
+ Refer to the <code class="filename">pam_timestamp_check</code> man page for more information about destroying the timestamp file using <code class="command">pam_timestamp_check</code>.
+ </div></div><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">3.5.6.2. Common pam_timestamp Directives</h4></div></div></div><div class="para">
+ The <code class="filename">pam_timestamp.so</code> module accepts several directives. The following are the two most commonly used options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">timestamp_timeout</code> — Specifies the period (in seconds) for which the timestamp file is valid. The default value is 300 (five minutes).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">timestampdir</code> — Specifies the directory in which the timestamp file is stored. The default value is <code class="command">/var/run/sudo/</code>.
+ </div></li></ul></div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Section 3.8.9.1, “Installed Firewall Documentation”</a> for more information about controlling the <code class="filename">pam_timestamp.so</code> module.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM and Device Ownership</h3></div></div></div><div class="para">
+ In Fedora, the first user who logs in at the physical console of the machine can manipulate certain devices and perform certain tasks normally reserved for the root user. This is controlled by a PAM module called <code class="filename">pam_console.so</code>.
+ </div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">3.5.7.1. Device Ownership</h4></div></div></div><div class="para">
+ When a user logs in to a Fedora system, the <code class="filename">pam_console.so</code> module is called by <code class="command">login</code> or the graphical login programs, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, and <span class="application"><strong>xdm</strong></span>. If this user is the first user to log in at the physical console — referred to as the <em class="firstterm">console user</em> — the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. After this user has logged out, ownership of the devices reverts back to the root user.
+ </div><div class="para">
+ The devices affected include, but are not limited to, sound cards, diskette drives, and CD-ROM drives.
+ </div><div class="para">
+ This facility allows a local user to manipulate these devices without obtaining root access, thus simplifying common tasks for the console user.
+ </div><div class="para">
+ You can modify the list of devices controlled by <code class="filename">pam_console.so</code> by editing the following files:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms.d/50-default.perms</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ You can change the permissions of different devices than those listed in the above files, or override the specified defaults. Rather than modify the <code class="filename">50-default.perms</code> file, you should create a new file (for example, <code class="filename"><em class="replaceable"><code>xx</code></em>-name.perms</code>) and enter the required modifications. The name of the new default file must begin with a number higher than 50 (for example, <code class="filename">51-default.perms</code>). This will override the defaults in the <code class="filename">50-default.perms</code> file.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If the <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, or <span class="application"><strong>xdm</strong></span> display manager configuration file has been altered to allow remote users to log in <span class="emphasis"><em>and</em></span> the host is configured to run at runlevel 5, it is advisable to change the <code class="command"><console></code> and <code class="command"><xconsole></code> directives in the <code class="filename">/etc/security/console.perms</code> to the following values:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0
+<xconsole>=:0\.[0-9] :0</pre><div class="para">
+ This prevents remote users from gaining access to devices and restricted applications on the machine.
+ </div><div class="para">
+ If the <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, or <span class="application"><strong>xdm</strong></span> display manager configuration file has been altered to allow remote users to log in <span class="emphasis"><em>and</em></span> the host is configured to run at any multiple user runlevel other than 5, it is advisable to remove the <code class="command"><xconsole></code> directive entirely and change the <code class="command"><console></code> directive to the following value:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]*</pre></div></div></div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">3.5.7.2. Application Access</h4></div></div></div><div class="para">
+ The console user also has access to certain programs configured for use in the <code class="filename">/etc/security/console.apps/</code> directory.
+ </div><div class="para">
+ This directory contains configuration files which enable the console user to run certain applications in <code class="filename">/sbin</code> and <code class="filename">/usr/sbin</code>.
+ </div><div class="para">
+ These configuration files have the same name as the applications that they set up.
+ </div><div class="para">
+ One notable group of applications that the console user has access to are three programs that shut down or reboot the system:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/halt</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/reboot</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/poweroff</code>
+ </div></li></ul></div><div class="para">
+ Because these are PAM-aware applications, they call the <code class="filename">pam_console.so</code> module as a requirement for use.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Section 3.8.9.1, “Installed Firewall Documentation”</a> for more information.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Additional Resources</h3></div></div></div><div class="para">
+ The following resources further explain methods to use and configure PAM. In addition to these resources, read the PAM configuration files on the system to better understand how they are structured.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">3.5.8.1. Installed PAM Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ PAM-related man pages — Several man pages exist for the various applications and configuration files involved with PAM. The following is a list of some of the more important man pages.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Configuration Files</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">pam</code> — Good introductory information on PAM, including the structure and purpose of the PAM configuration files.
+ </div><div class="para">
+ Note that this man page discusses both <code class="filename">/etc/pam.conf</code> and individual configuration files in the <code class="filename">/etc/pam.d/</code> directory. By default, Fedora uses the individual configuration files in the <code class="filename">/etc/pam.d/</code> directory, ignoring <code class="filename">/etc/pam.conf</code> even if it exists.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_console</code> — Describes the purpose of the <code class="filename">pam_console.so</code> module. It also describes the appropriate syntax for an entry within a PAM configuration file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.apps</code> — Describes the format and options available in the <code class="filename">/etc/security/console.apps</code> configuration file, which defines which applications are accessible by the console user assigned by PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.perms</code> — Describes the format and options available in the <code class="filename">/etc/security/console.perms</code> configuration file, which specifies the console user permissions assigned by PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_timestamp</code> — Describes the <code class="filename">pam_timestamp.so</code> module.
+ </div></li></ul></div></dd></dl></div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em></code> — Contains a <em class="citetitle">System Administrators' Guide</em>, a <em class="citetitle">Module Writers' Manual</em>, and the <em class="citetitle">Application Developers' Manual</em>, as well as a copy of the PAM standard, DCE-RFC 86.0, where <em class="replaceable"><code><version-number></code></em> is the version number of PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/txts/README.pam_timestamp</code> — Contains information about the <code class="filename">pam_timestamp.so</code> PAM module, where <em class="replaceable"><code><version-number></code></em> is the version number of PAM.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">3.5.8.2. Useful PAM Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — The primary distribution website for the Linux-PAM project, containing information on various PAM modules, a FAQ, and additional PAM documentation.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The documentation in the above website is for the last released upstream version of PAM and might not be 100% accurate for the PAM version included in Fedora.
+ </div></div></div></li></ul></div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers and xinetd</h2></div></div></div><div class="para">
+ Controlling access to network services is one of the most important security tasks facing a server administrator. Fedora provides several tools for this purpose. For example, an <code class="command">iptables</code>-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, <em class="firstterm">TCP Wrappers</em> add an additional layer of protection by defining which hosts are or are not allowed to connect to "<span class="emphasis"><em>wrapped</em></span>" network services. One such wrapped network service is the <code class="systemitem">xinetd</code> <span class="emphasis"><em>super server</em></span>. This service is called a super server because it controls connections to a subset of network services and further refines access control.
+ </div><div class="para">
+ <a class="xref" href="#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services">Figure 3.9, “Access Control to Network Services”</a> is a basic illustration of how these tools work together to protect network services.
+ </div><div class="figure" id="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"><div class="figure-contents"><div class="mediaobject"><img src="images/tcp_wrap_diagram.png" alt="Access Control to Network Services" /><div class="longdesc"><div class="para">
+ Exhibit A: Access Control to Network Services Flowchart
+ </div></div></div></div><h6>Figure 3.9. Access Control to Network Services</h6></div><br class="figure-break" /><div class="para">
+ This chapter focuses on the role of TCP Wrappers and <code class="systemitem">xinetd</code> in controlling access to network services and reviews how these tools can be used to enhance both logging and utilization management. Refer to <a class="xref" href="#sect-Security_Guide-IPTables">Section 3.9, “IPTables”</a> for information about using firewalls with <code class="command">iptables</code>.
+ </div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</h3></div></div></div><div class="para">
+ The TCP Wrappers package (<code class="filename">tcp_wrappers</code>) is installed by default and provides host-based access control to network services. The most important component within the package is the <code class="filename">/usr/lib/libwrap.a</code> library. In general terms, a TCP-wrapped service is one that has been compiled against the <code class="filename">libwrap.a</code> library.
+ </div><div class="para">
+ When a connection attempt is made to a TCP-wrapped service, the service first references the host's access files (<code class="filename">/etc/hosts.allow</code> and <code class="filename">/etc/hosts.deny</code>) to determine whether or not the client is allowed to connect. In most cases, it then uses the syslog daemon (<code class="systemitem">syslogd</code>) to write the name of the requesting client and the requested service to <code class="filename">/var/log/secure</code> or <code class="filename">/var/log/messages</code>.
+ </div><div class="para">
+ If a client is allowed to connect, TCP Wrappers release control of the connection to the requested service and take no further part in the communication between the client and the server.
+ </div><div class="para">
+ In addition to access control and logging, TCP Wrappers can execute commands to interact with the client before denying or releasing control of the connection to the requested network service.
+ </div><div class="para">
+ Because TCP Wrappers are a valuable addition to any server administrator's arsenal of security tools, most network services within Fedora are linked to the <code class="filename">libwrap.a</code> library. Some such applications include <code class="systemitem">/usr/sbin/sshd</code>, <code class="command">/usr/sbin/sendmail</code>, and <code class="systemitem">/usr/sbin/xinetd</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ To determine if a network service binary is linked to <code class="filename">libwrap.a</code>, type the following command as the root user:
+ </div><pre class="screen">ldd <binary-name> | grep libwrap</pre><div class="para">
+ Replace <em class="replaceable"><code><binary-name></code></em> with the name of the network service binary.
+ </div><div class="para">
+ If the command returns straight to the prompt with no output, then the network service is <span class="emphasis"><em>not</em></span> linked to <code class="filename">libwrap.a</code>.
+ </div><div class="para">
+ The following example indicates that <code class="systemitem">/usr/sbin/sshd</code> is linked to <code class="filename">libwrap.a</code>:
+ </div><pre class="screen">[root at myServer ~]# ldd /usr/sbin/sshd | grep libwrap
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
+[root at myServer ~]#</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">3.6.1.1. Advantages of TCP Wrappers</h4></div></div></div><div class="para">
+ TCP Wrappers provide the following advantages over other network service control techniques:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transparency to both the client and the wrapped network service</em></span> — Both the connecting client and the wrapped network service are unaware that TCP Wrappers are in use. Legitimate users are logged and connected to the requested service while connections from banned clients fail.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Centralized management of multiple protocols</em></span> — TCP Wrappers operate separately from the network services they protect, allowing many server applications to share a common set of access control configuration files, making for simpler management.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers Configuration Files</h3></div></div></div><div class="para">
+ To determine if a client is allowed to connect to a service, TCP Wrappers reference the following two files, which are commonly referred to as <em class="firstterm">hosts access</em> files:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.allow</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.deny</code>
+ </div></li></ul></div><div class="para">
+ When a TCP-wrapped service receives a client request, it performs the following steps:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>It references <code class="filename">/etc/hosts.allow</code>.</em></span> — The TCP-wrapped service sequentially parses the <code class="filename">/etc/hosts.allow</code> file and applies the first rule specified for that service. If it finds a matching rule, it allows the connection. If not, it moves on to the next step.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>It references <code class="filename">/etc/hosts.deny</code>.</em></span> — The TCP-wrapped service sequentially parses the <code class="filename">/etc/hosts.deny</code> file. If it finds a matching rule, it denies the connection. If not, it grants access to the service.
+ </div></li></ol></div><div class="para">
+ The following are important points to consider when using TCP Wrappers to protect network services:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Because access rules in <code class="filename">hosts.allow</code> are applied first, they take precedence over rules specified in <code class="filename">hosts.deny</code>. Therefore, if access to a service is allowed in <code class="filename">hosts.allow</code>, a rule denying access to that same service in <code class="filename">hosts.deny</code> is ignored.
+ </div></li><li class="listitem"><div class="para">
+ The rules in each file are read from the top down and the first matching rule for a given service is the only one applied. The order of the rules is extremely important.
+ </div></li><li class="listitem"><div class="para">
+ If no rules for the service are found in either file, or if neither file exists, access to the service is granted.
+ </div></li><li class="listitem"><div class="para">
+ TCP-wrapped services do not cache the rules from the hosts access files, so any changes to <code class="filename">hosts.allow</code> or <code class="filename">hosts.deny</code> take effect immediately, without restarting network services.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If the last line of a hosts access file is not a newline character (created by pressing the <span class="keycap"><strong>Enter</strong></span> key), the last rule in the file fails and an error is logged to either <code class="filename">/var/log/messages</code> or <code class="filename">/var/log/secure</code>. This is also the case for a rule that spans multiple lines without using the backslash character. The following example illustrates the relevant portion of a log message for a rule failure due to either of these circumstances:
+ </div><pre class="screen">warning: /etc/hosts.allow, line 20: missing newline or line too long</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules">3.6.2.1. Formatting Access Rules</h4></div></div></div><div class="para">
+ The format for both <code class="filename">/etc/hosts.allow</code> and <code class="filename">/etc/hosts.deny</code> is identical. Each rule must be on its own line. Blank lines or lines that start with a hash (#) are ignored.
+ </div><div class="para">
+ Each rule uses the following basic format to control access to network services:
+ </div><pre class="screen"><em class="replaceable"><code><daemon list></code></em>: <em class="replaceable"><code><client list></code></em> [: <em class="replaceable"><code><option></code></em>: <em class="replaceable"><code><option></code></em>: ...]</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="replaceable"><code><daemon list></code></em> — A comma-separated list of process names (<span class="emphasis"><em>not</em></span> service names) or the <code class="option">ALL</code> wildcard. The daemon list also accepts operators (refer to <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Operators">Section 3.6.2.1.4, “Operators”</a>) to allow greater flexibility.
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><client list></code></em> — A comma-separated list of hostnames, host IP addresses, special patterns, or wildcards which identify the hosts affected by the rule. The client list also accepts operators listed in <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Operators">Section 3.6.2.1.4, “Operators”</a> to allow greater flexibility.
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><option></code></em> — An optional action or colon-separated list of actions performed when the rule is triggered. Option fields support expansions, launch shell commands, allow or deny access, and alter logging behavior.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ More information on the specialist terms above can be found elsewhere in this Guide:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Wildcards">Section 3.6.2.1.1, “Wildcards”</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Patterns">Section 3.6.2.1.2, “Patterns”</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Option_Fields-Expansions">Section 3.6.2.2.4, “Expansions”</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">Section 3.6.2.2, “Option Fields”</a>
+ </div></li></ul></div></div></div><div class="para">
+ The following is a basic sample hosts access rule:
+ </div><pre class="screen">vsftpd : .example.com</pre><div class="para">
+ This rule instructs TCP Wrappers to watch for connections to the FTP daemon (<code class="systemitem">vsftpd</code>) from any host in the <code class="systemitem">example.com</code> domain. If this rule appears in <code class="filename">hosts.allow</code>, the connection is accepted. If this rule appears in <code class="filename">hosts.deny</code>, the connection is rejected.
+ </div><div class="para">
+ The next sample hosts access rule is more complex and uses two option fields:
+ </div><pre class="screen">sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny</pre><div class="para">
+ Note that each option field is preceded by the backslash (\). Use of the backslash prevents failure of the rule due to length.
+ </div><div class="para">
+ This sample rule states that if a connection to the SSH daemon (<code class="systemitem">sshd</code>) is attempted from a host in the <code class="systemitem">example.com</code> domain, execute the <code class="command">echo</code> command to append the attempt to a special log file, and deny the connection. Because the optional <code class="command">deny</code> directive is used, this line denies access even if it appears in the <code class="filename">hosts.allow</code> file. Refer to <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">Section 3.6.2.2, “Option Fields”</a> for a more detailed look at available options.
+ </div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards">3.6.2.1.1. Wildcards</h5></div></div></div><div class="para">
+ Wildcards allow TCP Wrappers to more easily match groups of daemons or hosts. They are used most frequently in the client list field of access rules.
+ </div><div class="para">
+ The following wildcards are available:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ALL</code> — Matches everything. It can be used for both the daemon list and the client list.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">LOCAL</code> — Matches any host that does not contain a period (.), such as localhost.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">KNOWN</code> — Matches any host where the hostname and host address are known or where the user is known.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">UNKNOWN</code> — Matches any host where the hostname or host address are unknown or where the user is unknown.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PARANOID</code> — Matches any host where the hostname does not match the host address.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The <code class="option">KNOWN</code>, <code class="option">UNKNOWN</code>, and <code class="option">PARANOID</code> wildcards should be used with care, because they rely on functioning DNS server for correct operation. Any disruption to name resolution may prevent legitimate users from gaining access to a service.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Patterns"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Patterns">3.6.2.1.2. Patterns</h5></div></div></div><div class="para">
+ Patterns can be used in the client field of access rules to more precisely specify groups of client hosts.
+ </div><div class="para">
+ The following is a list of common patterns for entries in the client field:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Hostname beginning with a period (.)</em></span> — Placing a period at the beginning of a hostname matches all hosts sharing the listed components of the name. The following example applies to any host within the <code class="systemitem">example.com</code> domain:
+ </div><pre class="screen">ALL : .example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>IP address ending with a period (.)</em></span> — Placing a period at the end of an IP address matches all hosts sharing the initial numeric groups of an IP address. The following example applies to any host within the <code class="systemitem">192.168.x.x</code> network:
+ </div><pre class="screen">ALL : 192.168.</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>IP address/netmask pair</em></span> — Netmask expressions can also be used as a pattern to control access to a particular group of IP addresses. The following example applies to any host with an address range of <code class="systemitem">192.168.0.0</code> through <code class="systemitem">192.168.1.255</code>:
+ </div><pre class="screen">ALL : 192.168.0.0/255.255.254.0</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ When working in the IPv4 address space, the address/prefix length (<em class="firstterm">prefixlen</em>) pair declarations (<abbr class="abbrev">CIDR</abbr> notation) are not supported. Only IPv6 rules can use this format.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>[IPv6 address]/prefixlen pair</em></span> — [net]/prefixlen pairs can also be used as a pattern to control access to a particular group of IPv6 addresses. The following example would apply to any host with an address range of <code class="systemitem">3ffe:505:2:1::</code> through <code class="systemitem">3ffe:505:2:1:ffff:ffff:ffff:ffff</code>:
+ </div><pre class="screen">ALL : [3ffe:505:2:1::]/64</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>The asterisk (*)</em></span> — Asterisks can be used to match entire groups of hostnames or IP addresses, as long as they are not mixed in a client list containing other types of patterns. The following example would apply to any host within the <code class="systemitem">example.com</code> domain:
+ </div><pre class="screen">ALL : *.example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>The slash (/)</em></span> — If a client list begins with a slash, it is treated as a file name. This is useful if rules specifying large numbers of hosts are necessary. The following example refers TCP Wrappers to the <code class="filename">/etc/telnet.hosts</code> file for all Telnet connections:
+ </div><pre class="screen">in.telnetd : /etc/telnet.hosts</pre></li></ul></div><div class="para">
+ Other, lesser used, patterns are also accepted by TCP Wrappers. Refer to the <code class="filename">hosts_access</code> man 5 page for more information.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Be very careful when using hostnames and domain names. Attackers can use a variety of tricks to circumvent accurate name resolution. In addition, disruption to DNS service prevents even authorized users from using network services. It is, therefore, best to use IP addresses whenever possible.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers">3.6.2.1.3. Portmap and TCP Wrappers</h5></div></div></div><div class="para">
+ <code class="command">Portmap</code>'s implementation of TCP Wrappers does not support host look-ups, which means <code class="command">portmap</code> can not use hostnames to identify hosts. Consequently, access control rules for portmap in <code class="filename">hosts.allow</code> or <code class="filename">hosts.deny</code> must use IP addresses, or the keyword <code class="option">ALL</code>, for specifying hosts.
+ </div><div class="para">
+ Changes to <code class="command">portmap</code> access control rules may not take effect immediately. You may need to restart the <code class="command">portmap</code> service.
+ </div><div class="para">
+ Widely used services, such as NIS and NFS, depend on <code class="command">portmap</code> to operate, so be aware of these limitations.
+ </div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Operators"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Operators">3.6.2.1.4. Operators</h5></div></div></div><div class="para">
+ At present, access control rules accept one operator, <code class="option">EXCEPT</code>. It can be used in both the daemon list and the client list of a rule.
+ </div><div class="para">
+ The <code class="option">EXCEPT</code> operator allows specific exceptions to broader matches within the same rule.
+ </div><div class="para">
+ In the following example from a <code class="filename">hosts.allow</code> file, all <code class="systemitem">example.com</code> hosts are allowed to connect to all services except <code class="systemitem">cracker.example.com</code>:
+ </div><pre class="screen">ALL: .example.com EXCEPT cracker.example.com</pre><div class="para">
+ In another example from a <code class="filename">hosts.allow</code> file, clients from the <code class="systemitem">192.168.0.<em class="replaceable"><code>x</code></em></code> network can use all services except for FTP:
+ </div><pre class="screen">ALL EXCEPT vsftpd: 192.168.0.</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Organizationally, it is often easier to avoid using <code class="option">EXCEPT</code> operators. This allows other administrators to quickly scan the appropriate files to see what hosts are allowed or denied access to services, without having to sort through <code class="option">EXCEPT</code> operators.
+ </div></div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">3.6.2.2. Option Fields</h4></div></div></div><div class="para">
+ In addition to basic rules that allow and deny access, the Fedora implementation of TCP Wrappers supports extensions to the access control language through <em class="firstterm">option fields</em>. By using option fields in hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
+ </div><div class="section" id="sect-Security_Guide-Option_Fields-Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">3.6.2.2.1. Logging</h5></div></div></div><div class="para">
+ Option fields let administrators easily change the log facility and priority level for a rule by using the <code class="option">severity</code> directive.
+ </div><div class="para">
+ In the following example, connections to the SSH daemon from any host in the <code class="systemitem">example.com</code> domain are logged to the default <code class="option">authpriv</code> <code class="option">syslog</code> facility (because no facility value is specified) with a priority of <code class="option">emerg</code>:
+ </div><pre class="screen">sshd : .example.com : severity emerg</pre><div class="para">
+ It is also possible to specify a facility using the <code class="option">severity</code> option. The following example logs any SSH connection attempts by hosts from the <code class="systemitem">example.com</code> domain to the <code class="option">local0</code> facility with a priority of <code class="option">alert</code>:
+ </div><pre class="screen">sshd : .example.com : severity local0.alert</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ In practice, this example does not work until the syslog daemon (<code class="systemitem">syslogd</code>) is configured to log to the <code class="command">local0</code> facility. Refer to the <code class="filename">syslog.conf</code> man page for information about configuring custom log facilities.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Option_Fields-Access_Control"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">3.6.2.2.2. Access Control</h5></div></div></div><div class="para">
+ Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the <code class="option">allow</code> or <code class="option">deny</code> directive as the final option.
+ </div><div class="para">
+ For example, the following two rules allow SSH connections from <code class="systemitem">client-1.example.com</code>, but deny connections from <code class="systemitem">client-2.example.com</code>:
+ </div><pre class="screen">sshd : client-1.example.com : allow
+sshd : client-2.example.com : deny</pre><div class="para">
+ By allowing access control on a per-rule basis, the option field allows administrators to consolidate all access rules into a single file: either <code class="filename">hosts.allow</code> or <code class="filename">hosts.deny</code>. Some administrators consider this an easier way of organizing access rules.
+ </div></div><div class="section" id="sect-Security_Guide-Option_Fields-Shell_Commands"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">3.6.2.2.3. Shell Commands</h5></div></div></div><div class="para">
+ Option fields allow access rules to launch shell commands through the following two directives:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">spawn</code> — Launches a shell command as a child process. This directive can perform tasks like using <code class="command">/usr/sbin/safe_finger</code> to get more information about the requesting client or create special log files using the <code class="command">echo</code> command.
+ </div><div class="para">
+ In the following example, clients attempting to access Telnet services from the <code class="systemitem">example.com</code> domain are quietly logged to a special file:
+ </div><pre class="screen">in.telnetd : .example.com \
+ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
+ : allow</pre></li><li class="listitem"><div class="para">
+ <code class="command">twist</code> — Replaces the requested service with the specified command. This directive is often used to set up traps for intruders (also called "honey pots"). It can also be used to send messages to connecting clients. The <code class="command">twist</code> directive must occur at the end of the rule line.
+ </div><div class="para">
+ In the following example, clients attempting to access FTP services from the <code class="systemitem">example.com</code> domain are sent a message using the <code class="command">echo</code> command:
+ </div><pre class="screen">vsftpd : .example.com \
+ : twist /bin/echo "421 This domain has been black-listed. Access denied!"</pre></li></ul></div><div class="para">
+ For more information about shell command options, refer to the <code class="filename">hosts_options</code> man page.
+ </div></div><div class="section" id="sect-Security_Guide-Option_Fields-Expansions"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">3.6.2.2.4. Expansions</h5></div></div></div><div class="para">
+ Expansions, when used in conjunction with the <code class="command">spawn</code> and <code class="command">twist</code> directives, provide information about the client, server, and processes involved.
+ </div><div class="para">
+ The following is a list of supported expansions:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">%a</code> — Returns the client's IP address.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%A</code> — Returns the server's IP address.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%c</code> — Returns a variety of client information, such as the username and hostname, or the username and IP address.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%d</code> — Returns the daemon process name.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%h</code> — Returns the client's hostname (or IP address, if the hostname is unavailable).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%H</code> — Returns the server's hostname (or IP address, if the hostname is unavailable).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%n</code> — Returns the client's hostname. If unavailable, <code class="computeroutput">unknown</code> is printed. If the client's hostname and host address do not match, <code class="computeroutput">paranoid</code> is printed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%N</code> — Returns the server's hostname. If unavailable, <code class="computeroutput">unknown</code> is printed. If the server's hostname and host address do not match, <code class="computeroutput">paranoid</code> is printed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%p</code> — Returns the daemon's process ID.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%s</code> —Returns various types of server information, such as the daemon process and the host or IP address of the server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%u</code> — Returns the client's username. If unavailable, <code class="computeroutput">unknown</code> is printed.
+ </div></li></ul></div><div class="para">
+ The following sample rule uses an expansion in conjunction with the <code class="command">spawn</code> command to identify the client host in a customized log file.
+ </div><div class="para">
+ When connections to the SSH daemon (<code class="systemitem">sshd</code>) are attempted from a host in the <code class="systemitem">example.com</code> domain, execute the <code class="command">echo</code> command to log the attempt, including the client hostname (by using the <code class="option">%h</code> expansion), to a special file:
+ </div><pre class="screen">sshd : .example.com \
+ : spawn /bin/echo `/bin/date` access denied to %h>>/var/log/sshd.log \
+ : deny</pre><div class="para">
+ Similarly, expansions can be used to personalize messages back to the client. In the following example, clients attempting to access FTP services from the <code class="systemitem">example.com</code> domain are informed that they have been banned from the server:
+ </div><pre class="screen">vsftpd : .example.com \
+: twist /bin/echo "421 %h has been banned from this server!"</pre><div class="para">
+ For a full explanation of available expansions, as well as additional access control options, refer to section 5 of the man pages for <code class="filename">hosts_access</code> (<code class="command">man 5 hosts_access</code>) and the man page for <code class="filename">hosts_options</code>.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">Section 3.6.5, “Additional Resources”</a> for more information about TCP Wrappers.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</h3></div></div></div><div class="para">
+ The <code class="systemitem">xinetd</code> daemon is a TCP-wrapped <em class="firstterm">super service</em> which controls access to a subset of popular network services, including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
+ </div><div class="para">
+ When a client attempts to connect to a network service controlled by <code class="systemitem">xinetd</code>, the super service receives the request and checks for any TCP Wrappers access control rules.
+ </div><div class="para">
+ If access is allowed, <code class="systemitem">xinetd</code> verifies that the connection is allowed under its own access rules for that service. It also checks that the service can have more resources allotted to it and that it is not in breach of any defined rules.
+ </div><div class="para">
+ If all these conditions are met (that is, access is allowed to the service; the service has not reached its resource limit; and the service is not in breach of any defined rule), <code class="systemitem">xinetd</code> then starts an instance of the requested service and passes control of the connection to it. After the connection has been established, <code class="systemitem">xinetd</code> takes no further part in the communication between the client and the server.
+ </div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd Configuration Files</h3></div></div></div><div class="para">
+ The configuration files for <code class="systemitem">xinetd</code> are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> — The global <code class="systemitem">xinetd</code> configuration file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> — The directory containing all service-specific files.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File">3.6.4.1. The /etc/xinetd.conf File</h4></div></div></div><div class="para">
+ The <code class="filename">/etc/xinetd.conf</code> file contains general configuration settings which affect every service under <code class="systemitem">xinetd</code>'s control. It is read when the <code class="systemitem">xinetd</code> service is first started, so for configuration changes to take effect, you need to restart the <code class="systemitem">xinetd</code> service. The following is a sample <code class="filename">/etc/xinetd.conf</code> file:
+ </div><pre class="screen">defaults
+{
+ instances = 60
+ log_type = SYSLOG authpriv
+ log_on_success = HOST PID
+ log_on_failure = HOST
+ cps = 25 30
+}
+includedir /etc/xinetd.d</pre><div class="para">
+ These lines control the following aspects of <code class="systemitem">xinetd</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">instances</code> — Specifies the maximum number of simultaneous requests that <code class="systemitem">xinetd</code> can process.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_type</code> — Configures <code class="systemitem">xinetd</code> to use the <code class="command">authpriv</code> log facility, which writes log entries to the <code class="filename">/var/log/secure</code> file. Adding a directive such as <code class="option">FILE /var/log/xinetdlog</code> would create a custom log file called <code class="filename">xinetdlog</code> in the <code class="filename">/var/log/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_success</code> — Configures <code class="systemitem">xinetd</code> to log successful connection attempts. By default, the remote host's IP address and the process ID of the server processing the request are recorded.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Configures <code class="systemitem">xinetd</code> to log failed connection attempts or if the connection was denied.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Configures <code class="systemitem">xinetd</code> to allow no more than 25 connections per second to any given service. If this limit is exceeded, the service is retired for 30 seconds.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">includedir</code> <code class="filename">/etc/xinetd.d/</code> — Includes options declared in the service-specific configuration files located in the <code class="filename">/etc/xinetd.d/</code> directory. Refer to <a class="xref" href="#sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">Section 3.6.4.2, “The /etc/xinetd.d/ Directory”</a> for more information.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Often, both the <code class="option">log_on_success</code> and <code class="option">log_on_failure</code> settings in <code class="filename">/etc/xinetd.conf</code> are further modified in the service-specific configuration files. More information may therefore appear in a given service's log file than the <code class="filename">/etc/xinetd.conf</code> file may indicate. Refer to <a class="xref" href="#sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">Section 3.6.4.3.1, “Logging Options”</a> for further information.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">3.6.4.2. The /etc/xinetd.d/ Directory</h4></div></div></div><div class="para">
+ The <code class="filename">/etc/xinetd.d/</code> directory contains the configuration files for each service managed by <code class="systemitem">xinetd</code> and the names of the files correlate to the service. As with <code class="filename">xinetd.conf</code>, this directory is read only when the <code class="systemitem">xinetd</code> service is started. For any changes to take effect, the administrator must restart the <code class="systemitem">xinetd</code> service.
+ </div><div class="para">
+ The format of files in the <code class="filename">/etc/xinetd.d/</code> directory use the same conventions as <code class="filename">/etc/xinetd.conf</code>. The primary reason the configuration for each service is stored in a separate file is to make customization easier and less likely to affect other services.
+ </div><div class="para">
+ To gain an understanding of how these files are structured, consider the <code class="filename">/etc/xinetd.d/krb5-telnet</code> file:
+ </div><pre class="screen">service telnet
+{
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ disable = yes
+}</pre><div class="para">
+ These lines control various aspects of the <code class="command">telnet</code> service:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">service</code> — Specifies the service name, usually one of those listed in the <code class="filename">/etc/services</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">flags</code> — Sets any of a number of attributes for the connection. <code class="option">REUSE</code> instructs <code class="systemitem">xinetd</code> to reuse the socket for a Telnet connection.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="option">REUSE</code> flag is deprecated. All services now implicitly use the <code class="option">REUSE</code> flag.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">socket_type</code> — Sets the network socket type to <code class="option">stream</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">wait</code> — Specifies whether the service is single-threaded (<code class="option">yes</code>) or multi-threaded (<code class="option">no</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">user</code> — Specifies which user ID the process runs under.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">server</code> — Specifies which binary executable to launch.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Specifies logging parameters for <code class="option">log_on_failure</code> in addition to those already defined in <code class="filename">xinetd.conf</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">disable</code> — Specifies whether the service is disabled (<code class="option">yes</code>) or enabled (<code class="option">no</code>).
+ </div></li></ul></div><div class="para">
+ Refer to the <code class="filename">xinetd.conf</code> man page for more information about these options and their usage.
+ </div></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">3.6.4.3. Altering xinetd Configuration Files</h4></div></div></div><div class="para">
+ A range of directives is available for services protected by <code class="systemitem">xinetd</code>. This section highlights some of the more commonly used options.
+ </div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">3.6.4.3.1. Logging Options</h5></div></div></div><div class="para">
+ The following logging options are available for both <code class="filename">/etc/xinetd.conf</code> and the service-specific configuration files within the <code class="filename">/etc/xinetd.d/</code> directory.
+ </div><div class="para">
+ The following is a list of some of the more commonly used logging options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ATTEMPT</code> — Logs the fact that a failed attempt was made (<code class="option">log_on_failure</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DURATION</code> — Logs the length of time the service is used by a remote system (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">EXIT</code> — Logs the exit status or termination signal of the service (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">HOST</code> — Logs the remote host's IP address (<code class="option">log_on_failure</code> and <code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PID</code> — Logs the process ID of the server receiving the request (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">USERID</code> — Logs the remote user using the method defined in RFC 1413 for all multi-threaded stream services (<code class="option">log_on_failure</code> and<code class="option">log_on_success</code>).
+ </div></li></ul></div><div class="para">
+ For a complete list of logging options, refer to the <code class="filename">xinetd.conf</code> man page.
+ </div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">3.6.4.3.2. Access Control Options</h5></div></div></div><div class="para">
+ Users of <code class="systemitem">xinetd</code> services can choose to use the TCP Wrappers hosts access rules, provide access control via the <code class="systemitem">xinetd</code> configuration files, or a mixture of both. Refer to <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">Section 3.6.2, “TCP Wrappers Configuration Files”</a> for more information about TCP Wrappers hosts access control files.
+ </div><div class="para">
+ This section discusses using <code class="systemitem">xinetd</code> to control access to services.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Unlike TCP Wrappers, changes to access control only take effect if the <code class="systemitem">xinetd</code> administrator restarts the <code class="systemitem">xinetd</code> service.
+ </div><div class="para">
+ Also, unlike TCP Wrappers, access control through <code class="systemitem">xinetd</code> only affects services controlled by <code class="systemitem">xinetd</code>.
+ </div></div></div><div class="para">
+ The <code class="systemitem">xinetd</code> hosts access control differs from the method used by TCP Wrappers. While TCP Wrappers places all of the access configuration within two files, <code class="filename">/etc/hosts.allow</code> and <code class="filename">/etc/hosts.deny</code>, <code class="systemitem">xinetd</code>'s access control is found in each service's configuration file in the <code class="filename">/etc/xinetd.d/</code> directory.
+ </div><div class="para">
+ The following hosts access options are supported by <code class="systemitem">xinetd</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">only_from</code> — Allows only the specified hosts to use the service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">no_access</code> — Blocks listed hosts from using the service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">access_times</code> — Specifies the time range when a particular service may be used. The time range must be stated in 24-hour format notation, HH:MM-HH:MM.
+ </div></li></ul></div><div class="para">
+ The <code class="option">only_from</code> and <code class="option">no_access</code> options can use a list of IP addresses or host names, or can specify an entire network. Like TCP Wrappers, combining <code class="systemitem">xinetd</code> access control with the enhanced logging configuration can increase security by blocking requests from banned hosts while verbosely recording each connection attempt.
+ </div><div class="para">
+ For example, the following <code class="filename">/etc/xinetd.d/telnet</code> file can be used to block Telnet access from a particular network group and restrict the overall time range that even allowed users can log in:
+ </div><pre class="screen">service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ no_access = 172.16.45.0/24
+ log_on_success += PID HOST EXIT
+ access_times = 09:45-16:15
+}</pre><div class="para">
+ In this example, when a client system from the <code class="systemitem">172.16.45.0/24</code> network, such as <code class="systemitem">172.16.45.2</code>, tries to access the Telnet service, it receives the following message:
+ </div><pre class="screen">Connection closed by foreign host.</pre><div class="para">
+ In addition, their login attempts are logged in <code class="filename">/var/log/messages</code> as follows:
+ </div><pre class="screen">Sep 7 14:58:33 localhost xinetd[5285]: FAIL: telnet address from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: START: telnet pid=5285 from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: EXIT: telnet status=0 pid=5285 duration=0(sec)</pre><div class="para">
+ When using TCP Wrappers in conjunction with <code class="systemitem">xinetd</code> access controls, it is important to understand the relationship between the two access control mechanisms.
+ </div><div class="para">
+ The following is the sequence of events followed by <code class="systemitem">xinetd</code> when a client requests a connection:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ The <code class="systemitem">xinetd</code> daemon accesses the TCP Wrappers hosts access rules using a <code class="filename">libwrap.a</code> library call. If a deny rule matches the client, the connection is dropped. If an allow rule matches the client, the connection is passed to <code class="systemitem">xinetd</code>.
+ </div></li><li class="listitem"><div class="para">
+ The <code class="systemitem">xinetd</code> daemon checks its own access control rules both for the <code class="systemitem">xinetd</code> service and the requested service. If a deny rule matches the client, the connection is dropped. Otherwise, <code class="systemitem">xinetd</code> starts an instance of the requested service and passes control of the connection to that service.
+ </div></li></ol></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Care should be taken when using TCP Wrappers access controls in conjunction with <code class="systemitem">xinetd</code> access controls. Misconfiguration can cause undesirable effects.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">3.6.4.3.3. Binding and Redirection Options</h5></div></div></div><div class="para">
+ The service configuration files for <code class="systemitem">xinetd</code> support binding the service to an IP address and redirecting incoming requests for that service to another IP address, hostname, or port.
+ </div><div class="para">
+ Binding is controlled with the <code class="option">bind</code> option in the service-specific configuration files and links the service to one IP address on the system. When this is configured, the <code class="option">bind</code> option only allows requests to the correct IP address to access the service. You can use this method to bind different services to different network interfaces based on requirements.
+ </div><div class="para">
+ This is particularly useful for systems with multiple network adapters or with multiple IP addresses. On such a system, insecure services (for example, Telnet), can be configured to listen only on the interface connected to a private network and not to the interface connected to the Internet.
+ </div><div class="para">
+ The <code class="option">redirect</code> option accepts an IP address or hostname followed by a port number. It configures the service to redirect any requests for this service to the specified host and port number. This feature can be used to point to another port number on the same system, redirect the request to a different IP address on the same machine, shift the request to a totally different system and port number, or any combination of these options. A user connecting to a certain service on a system may therefore be rerouted to another system without disruption.
+ </div><div class="para">
+ The <code class="systemitem">xinetd</code> daemon is able to accomplish this redirection by spawning a process that stays alive for the duration of the connection between the requesting client machine and the host actually providing the service, transferring data between the two systems.
+ </div><div class="para">
+ The advantages of the <code class="option">bind</code> and <code class="option">redirect</code> options are most clearly evident when they are used together. By binding a service to a particular IP address on a system and then redirecting requests for this service to a second machine that only the first machine can see, an internal system can be used to provide services for a totally different network. Alternatively, these options can be used to limit the exposure of a particular service on a multi-homed machine to a known IP address, as well as redirect any requests for that service to another machine especially configured for that purpose.
+ </div><div class="para">
+ For example, consider a system that is used as a firewall with this setting for its Telnet service:
+ </div><pre class="screen">service telnet
+{
+ socket_type = stream
+ wait = no
+ server = /usr/kerberos/sbin/telnetd
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ bind = 123.123.123.123
+ redirect = 10.0.1.13 23
+}</pre><div class="para">
+ The <code class="option">bind</code> and <code class="option">redirect</code> options in this file ensure that the Telnet service on the machine is bound to the external IP address (<code class="systemitem">123.123.123.123</code>), the one facing the Internet. In addition, any requests for Telnet service sent to <code class="systemitem">123.123.123.123</code> are redirected via a second network adapter to an internal IP address (<code class="systemitem">10.0.1.13</code>) that only the firewall and internal systems can access. The firewall then sends the communication between the two systems, and the connecting system thinks it is connected to <code class="systemitem">123.123.123.123</code> when it is actually connected to a different machine.
+ </div><div class="para">
+ This feature is particularly useful for users with broadband connections and only one fixed IP address. When using Network Address Translation (NAT), the systems behind the gateway machine, which are using internal-only IP addresses, are not available from outside the gateway system. However, when certain services controlled by <code class="systemitem">xinetd</code> are configured with the <code class="option">bind</code> and <code class="option">redirect</code> options, the gateway machine can act as a proxy between outside systems and a particular internal machine configured to provide the service. In addition, the various <code class="systemitem">xinetd</code> access control and logging options are also available for additional protection.
+ </div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">3.6.4.3.4. Resource Management Options</h5></div></div></div><div class="para">
+ The <code class="systemitem">xinetd</code> daemon can add a basic level of protection from Denial of Service (DoS) attacks. The following is a list of directives which can aid in limiting the effectiveness of such attacks:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">per_source</code> — Defines the maximum number of instances for a service per source IP address. It accepts only integers as an argument and can be used in both <code class="filename">xinetd.conf</code> and in the service-specific configuration files in the <code class="filename">xinetd.d/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Defines the maximum number of connections per second. This directive takes two integer arguments separated by white space. The first argument is the maximum number of connections allowed to the service per second. The second argument is the number of seconds that <code class="systemitem">xinetd</code> must wait before re-enabling the service. It accepts only integers as arguments and can be used in either the <code class="filename">xinetd.conf</code> file or the service-specific configuration files in the <code class="filename">xinetd.d/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">max_load</code> — Defines the CPU usage or load average threshold for a service. It accepts a floating point number argument.
+ </div><div class="para">
+ The load average is a rough measure of how many processes are active at a given time. See the <code class="command">uptime</code>, <code class="command">who</code>, and <code class="command">procinfo</code> commands for more information about load average.
+ </div></li></ul></div><div class="para">
+ There are more resource management options available for <code class="systemitem">xinetd</code>. Refer to the <code class="filename">xinetd.conf</code> man page for more information.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Additional Resources</h3></div></div></div><div class="para">
+ More information about TCP Wrappers and <code class="systemitem">xinetd</code> is available from system documentation and on the Internet.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">3.6.5.1. Installed TCP Wrappers Documentation</h4></div></div></div><div class="para">
+ The documentation on your system is a good place to start looking for additional configuration options for TCP Wrappers, <code class="systemitem">xinetd</code>, and access control.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/tcp_wrappers-<em class="replaceable"><code><version></code></em>/</code> — This directory contains a <code class="filename">README</code> file that discusses how TCP Wrappers work and the various hostname and host address spoofing risks that exist.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/xinetd-<em class="replaceable"><code><version></code></em>/</code> — This directory contains a <code class="filename">README</code> file that discusses aspects of access control and a <code class="filename">sample.conf</code> file with various ideas for modifying service-specific configuration files in the <code class="filename">/etc/xinetd.d/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ TCP Wrappers and <code class="systemitem">xinetd</code>-related man pages — A number of man pages exist for the various applications and configuration files involved with TCP Wrappers and <code class="systemitem">xinetd</code>. The following are some of the more important man pages:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Server Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man xinetd</code> — The man page for <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Configuration Files</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man 5 hosts_access</code> — The man page for the TCP Wrappers hosts access control files.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man hosts_options</code> — The man page for the TCP Wrappers options fields.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man xinetd.conf</code> — The man page listing <code class="systemitem">xinetd</code> configuration options.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">3.6.5.2. Useful TCP Wrappers Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.xinetd.org">http://www.xinetd.org/</a> — The home of <code class="systemitem">xinetd</code>, containing sample configuration files, a full listing of features, and an informative FAQ.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial">http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial</a> — A thorough tutorial that discusses many different ways to optimize default <code class="systemitem">xinetd</code> configuration files to meet specific security goals.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Books"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">3.6.5.3. Related Books</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Hacking Linux Exposed</em> by Brian Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill — An excellent security resource with information about TCP Wrappers and <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Kerberos" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Kerberos">3.7. Kerberos</h2></div></div></div><div class="para">
+ System security and integrity within a network can be unwieldy. It can occupy the time of several administrators just to keep track of what services are being run on a network and the manner in which these services are used.
+ </div><div class="para">
+ Further, authenticating users to network services can prove dangerous when the method used by the protocol is inherently insecure, as evidenced by the transfer of unencrypted passwords over a network using the traditional FTP and Telnet protocols.
+ </div><div class="para">
+ Kerberos is a way to eliminate the need for protocols that allow unsafe methods of authentication, thereby enhancing overall network security.
+ </div><div class="section" id="sect-Security_Guide-Kerberos-What_is_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. What is Kerberos?</h3></div></div></div><div class="para">
+ Kerberos is a network authentication protocol created by MIT, and uses symmetric-key cryptography<sup>[<a id="idm84172928" href="#ftn.idm84172928" class="footnote">14</a>]</sup> to authenticate users to network services, which means passwords are never actually sent over the network.
+ </div><div class="para">
+ Consequently, when users authenticate to network services using Kerberos, unauthorized users attempting to gather passwords by monitoring network traffic are effectively thwarted.
+ </div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">3.7.1.1. Advantages of Kerberos</h4></div></div></div><div class="para">
+ Most conventional network services use password-based authentication schemes. Such schemes require a user to authenticate to a given network server by supplying their username and password. Unfortunately, the transmission of authentication information for many services is unencrypted. For such a scheme to be secure, the network has to be inaccessible to outsiders, and all computers and users on the network must be trusted and trustworthy.
+ </div><div class="para">
+ Even if this is the case, a network that is connected to the Internet can no longer be assumed to be secure. Any attacker who gains access to the network can use a simple packet analyzer, also known as a packet sniffer, to intercept usernames and passwords, compromising user accounts and the integrity of the entire security infrastructure.
+ </div><div class="para">
+ The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords across the network. If used properly, Kerberos effectively eliminates the threat that packet sniffers would otherwise pose on a network.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos">3.7.1.2. Disadvantages of Kerberos</h4></div></div></div><div class="para">
+ Although Kerberos removes a common and severe security threat, it may be difficult to implement for a variety of reasons:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Migrating user passwords from a standard UNIX password database, such as <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>, to a Kerberos password database can be tedious, as there is no automated mechanism to perform this task. Refer to Question 2.23 in the online Kerberos FAQ:
+ </div><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#pwconvert"> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a>
+ </div></li><li class="listitem"><div class="para">
+ Kerberos has only partial compatibility with the Pluggable Authentication Modules (PAM) system used by most Fedora servers. Refer to <a class="xref" href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">Section 3.7.4, “Kerberos and PAM”</a> for more information about this issue.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos assumes that each user is trusted but is using an untrusted host on an untrusted network. Its primary goal is to prevent unencrypted passwords from being transmitted across that network. However, if anyone other than the proper user has access to the one host that issues tickets used for authentication — called the <em class="firstterm">key distribution center</em> (<em class="firstterm">KDC</em>) — the entire Kerberos authentication system is at risk.
+ </div></li><li class="listitem"><div class="para">
+ For an application to use Kerberos, its source must be modified to make the appropriate calls into the Kerberos libraries. Applications modified in this way are considered to be <em class="firstterm">Kerberos-aware</em>, or <em class="firstterm">kerberized</em>. For some applications, this can be quite problematic due to the size of the application or its design. For other incompatible applications, changes must be made to the way in which the server and client communicate. Again, this may require extensive programming. Closed-source applications that do not have Kerberos support by default are often the most problematic.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos is an all-or-nothing solution. If Kerberos is used on the network, any unencrypted passwords transferred to a non-Kerberos aware service is at risk. Thus, the network gains no benefit from the use of Kerberos. To secure a network with Kerberos, one must either use Kerberos-aware versions of <span class="emphasis"><em>all</em></span> client/server applications that transmit passwords unencrypted, or not use <span class="emphasis"><em>any</em></span> such client/server applications at all.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_Terminology"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos Terminology</h3></div></div></div><div class="para">
+ Kerberos has its own terminology to define various aspects of the service. Before learning how Kerberos works, it is important to learn the following terms.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">authentication server (AS)</span></dt><dd><div class="para">
+ A server that issues tickets for a desired service which are in turn given to users for access to the service. The AS responds to requests from clients who do not have or do not send credentials with a request. It is usually used to gain access to the ticket-granting server (TGS) service by issuing a ticket-granting ticket (TGT). The AS usually runs on the same host as the key distribution center (KDC).
+ </div></dd><dt class="varlistentry"><span class="term">ciphertext</span></dt><dd><div class="para">
+ Encrypted data.
+ </div></dd><dt class="varlistentry"><span class="term">client</span></dt><dd><div class="para">
+ An entity on the network (a user, a host, or an application) that can receive a ticket from Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">credentials</span></dt><dd><div class="para">
+ A temporary set of electronic credentials that verify the identity of a client for a particular service. Also called a ticket.
+ </div></dd><dt class="varlistentry"><span class="term">credential cache or ticket file</span></dt><dd><div class="para">
+ A file which contains the keys for encrypting communications between a user and various network services. Kerberos 5 supports a framework for using other cache types, such as shared memory, but files are more thoroughly supported.
+ </div></dd><dt class="varlistentry"><span class="term">crypt hash</span></dt><dd><div class="para">
+ A one-way hash used to authenticate users. These are more secure than using unencrypted data, but they are still relatively easy to decrypt for an experienced cracker.
+ </div></dd><dt class="varlistentry"><span class="term">GSS-API</span></dt><dd><div class="para">
+ The Generic Security Service Application Program Interface (defined in RFC-2743 published by The Internet Engineering Task Force) is a set of functions which provide security services. This API is used by clients and services to authenticate to each other without either program having specific knowledge of the underlying mechanism. If a network service (such as cyrus-IMAP) uses GSS-API, it can authenticate using Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">hash</span></dt><dd><div class="para">
+ Also known as a <em class="firstterm">hash value</em>. A value generated by passing a string through a <em class="firstterm">hash function</em>. These values are typically used to ensure that transmitted data has not been tampered with.
+ </div></dd><dt class="varlistentry"><span class="term">hash function</span></dt><dd><div class="para">
+ A way of generating a digital "fingerprint" from input data. These functions rearrange, transpose or otherwise alter data to produce a <em class="firstterm">hash value</em>.
+ </div></dd><dt class="varlistentry"><span class="term">key</span></dt><dd><div class="para">
+ Data used when encrypting or decrypting other data. Encrypted data cannot be decrypted without the proper key or extremely good fortune on the part of the cracker.
+ </div></dd><dt class="varlistentry"><span class="term">key distribution center (KDC)</span></dt><dd><div class="para">
+ A service that issues Kerberos tickets, and which usually run on the same host as the ticket-granting server (TGS).
+ </div></dd><dt class="varlistentry"><span class="term">keytab (or key table)</span></dt><dd><div class="para">
+ A file that includes an unencrypted list of principals and their keys. Servers retrieve the keys they need from keytab files instead of using <code class="command">kinit</code>. The default keytab file is <code class="filename">/etc/krb5.keytab</code>. The KDC administration server, <code class="command">/usr/kerberos/sbin/kadmind</code>, is the only service that uses any other file (it uses <code class="filename">/var/kerberos/krb5kdc/kadm5.keytab</code>).
+ </div></dd><dt class="varlistentry"><span class="term">kinit</span></dt><dd><div class="para">
+ The <code class="command">kinit</code> command allows a principal who has already logged in to obtain and cache the initial ticket-granting ticket (TGT). Refer to the <code class="command">kinit</code> man page for more information.
+ </div></dd><dt class="varlistentry"><span class="term">principal (or principal name)</span></dt><dd><div class="para">
+ The principal is the unique name of a user or service allowed to authenticate using Kerberos. A principal follows the form <code class="computeroutput">root[/instance]@REALM</code>. For a typical user, the root is the same as their login ID. The <code class="computeroutput">instance</code> is optional. If the principal has an instance, it is separated from the root with a forward slash ("/"). An empty string ("") is considered a valid instance (which differs from the default <code class="computeroutput">NULL</code> instance), but using it can be confusing. All principals in a realm have their own key, which for users is derived from a password or is randomly set for services.
+ </div></dd><dt class="varlistentry"><span class="term">realm</span></dt><dd><div class="para">
+ A network that uses Kerberos, composed of one or more servers called KDCs and a potentially large number of clients.
+ </div></dd><dt class="varlistentry"><span class="term">service</span></dt><dd><div class="para">
+ A program accessed over the network.
+ </div></dd><dt class="varlistentry"><span class="term">ticket</span></dt><dd><div class="para">
+ A temporary set of electronic credentials that verify the identity of a client for a particular service. Also called credentials.
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting server (TGS)</span></dt><dd><div class="para">
+ A server that issues tickets for a desired service which are in turn given to users for access to the service. The TGS usually runs on the same host as the KDC.
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting ticket (TGT)</span></dt><dd><div class="para">
+ A special ticket that allows the client to obtain additional tickets without applying for them from the KDC.
+ </div></dd><dt class="varlistentry"><span class="term">unencrypted password</span></dt><dd><div class="para">
+ A plain text, human-readable password.
+ </div></dd></dl></div></div><div class="section" id="sect-Security_Guide-Kerberos-How_Kerberos_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. How Kerberos Works</h3></div></div></div><div class="para">
+ Kerberos differs from username/password authentication methods. Instead of authenticating each user to each network service, Kerberos uses symmetric encryption and a trusted third party (a KDC), to authenticate users to a suite of network services. When a user authenticates to the KDC, the KDC sends a ticket specific to that session back to the user's machine, and any Kerberos-aware services look for the ticket on the user's machine rather than requiring the user to authenticate using a password.
+ </div><div class="para">
+ When a user on a Kerberos-aware network logs in to their workstation, their principal is sent to the KDC as part of a request for a TGT from the Authentication Server. This request can be sent by the log-in program so that it is transparent to the user, or can be sent by the <code class="command">kinit</code> program after the user logs in.
+ </div><div class="para">
+ The KDC then checks for the principal in its database. If the principal is found, the KDC creates a TGT, which is encrypted using the user's key and returned to that user.
+ </div><div class="para">
+ The login or <code class="command">kinit</code> program on the client then decrypts the TGT using the user's key, which it computes from the user's password. The user's key is used only on the client machine and is <span class="emphasis"><em>not</em></span> transmitted over the network.
+ </div><div class="para">
+ The TGT is set to expire after a certain period of time (usually ten to twenty-four hours) and is stored in the client machine's credentials cache. An expiration time is set so that a compromised TGT is of use to an attacker for only a short period of time. After the TGT has been issued, the user does not have to re-enter their password until the TGT expires or until they log out and log in again.
+ </div><div class="para">
+ Whenever the user needs access to a network service, the client software uses the TGT to request a new ticket for that specific service from the TGS. The service ticket is then used to authenticate the user to that service transparently.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ The Kerberos system can be compromised if a user on the network authenticates against a non-Kerberos aware service by transmitting a password in plain text. The use of non-Kerberos aware services is highly discouraged. Such services include Telnet and FTP. The use of other encrypted protocols, such as SSH or SSL-secured services, however, is preferred, although not ideal.
+ </div></div></div><div class="para">
+ This is only a broad overview of how Kerberos authentication works. Refer to <a class="xref" href="#sect-Security_Guide-Kerberos-Additional_Resources">Section 3.7.10, “Additional Resources”</a> for links to more in-depth information.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Kerberos depends on the following network services to function correctly.
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Approximate clock synchronization between the machines on the network.
+ </div><div class="para">
+ A clock synchronization program should be set up for the network, such as <code class="command">ntpd</code>. Refer to <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> for details on setting up Network Time Protocol servers (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="filename">ntp</code> package installed on your system).
+ </div></li><li class="listitem"><div class="para">
+ Domain Name Service (DNS).
+ </div><div class="para">
+ You should ensure that the DNS entries and hosts on the network are all properly configured. Refer to the <em class="citetitle">Kerberos V5 System Administrator's Guide</em> in <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em></code> for more information (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="filename">krb5-server</code> package installed on your system).
+ </div></li></ul></div>
+
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos and PAM</h3></div></div></div><div class="para">
+ Kerberos-aware services do not currently make use of Pluggable Authentication Modules (PAM) — these services bypass PAM completely. However, applications that use PAM can make use of Kerberos for authentication if the <code class="filename">pam_krb5</code> module (provided in the <code class="filename">pam_krb5</code> package) is installed. The <code class="filename">pam_krb5</code> package contains sample configuration files that allow services such as <code class="command">login</code> and <code class="command">gdm</code> to authenticate users as well as obtain initial credentials using their passwords. If access to network servers is always performed using Kerberos-aware services or services that use GSS-API, such as IMAP, the network can be considered reasonably safe.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Administrators should be careful not to allow users to authenticate to most network services using Kerberos passwords. Many protocols used by these services do not encrypt the password before sending it over the network, destroying the benefits of the Kerberos system. For example, users should not be allowed to authenticate to Telnet services with the same password they use for Kerberos authentication.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configuring a Kerberos 5 Server</h3></div></div></div><div class="para">
+ When setting up Kerberos, install the KDC first. If it is necessary to set up slave servers, install the master first.
+ </div><div class="para">
+ To configure the first Kerberos KDC, follow these steps:
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Ensure that time synchronization and DNS are functioning correctly on all client and server machines before configuring Kerberos. Pay particular attention to time synchronization between the Kerberos server and its clients. If the time difference between the server and client is greater than five minutes (this is configurable in Kerberos 5), Kerberos clients can not authenticate to the server. This time synchronization is necessary to prevent an attacker from using an old Kerberos ticket to masquerade as a valid user.
+ </div><div class="para">
+ It is advisable to set up a Network Time Protocol (NTP) compatible client/server network even if Kerberos is not being used. Fedora includes the <code class="filename">ntp</code> package for this purpose. Refer to <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="filename">ntp</code> package installed on your system) for details about how to set up Network Time Protocol servers, and <a href="http://www.ntp.org">http://www.ntp.org</a> for more information about NTP.
+ </div></li><li class="step"><div class="para">
+ Install the <code class="filename">krb5-libs</code>, <code class="filename">krb5-server</code>, and <code class="filename">krb5-workstation</code> packages on the dedicated machine which runs the KDC. This machine needs to be very secure — if possible, it should not run any services other than the KDC.
+ </div></li><li class="step"><div class="para">
+ Edit the <code class="filename">/etc/krb5.conf</code> and <code class="filename">/var/kerberos/krb5kdc/kdc.conf</code> configuration files to reflect the realm name and domain-to-realm mappings. A simple realm can be constructed by replacing instances of <em class="replaceable"><code>EXAMPLE.COM</code></em> and <em class="replaceable"><code>example.com</code></em> with the correct domain name — being certain to keep uppercase and lowercase names in the correct format — and by changing the KDC from <em class="replaceable"><code>kerberos.example.com</code></em> to the name of the Kerberos server. By convention, all realm names are uppercase and all DNS hostnames and domain names are lowercase. For full details about the formats of these configuration files, refer to their respective man pages.
+ </div></li><li class="step"><div class="para">
+ Create the database using the <code class="command">kdb5_util</code> utility from a shell prompt:
+ </div><pre class="screen">/usr/kerberos/sbin/kdb5_util create -s</pre><div class="para">
+ The <code class="command">create</code> command creates the database that stores keys for the Kerberos realm. The <code class="command">-s</code> switch forces creation of a <em class="firstterm">stash</em> file in which the master server key is stored. If no stash file is present from which to read the key, the Kerberos server (<code class="command">krb5kdc</code>) prompts the user for the master server password (which can be used to regenerate the key) every time it starts.
+ </div></li><li class="step"><div class="para">
+ Edit the <code class="filename">/var/kerberos/krb5kdc/kadm5.acl</code> file. This file is used by <code class="command">kadmind</code> to determine which principals have administrative access to the Kerberos database and their level of access. Most organizations can get by with a single line:
+ </div><pre class="screen">*/admin at EXAMPLE.COM *</pre><div class="para">
+ Most users are represented in the database by a single principal (with a <span class="emphasis"><em>NULL</em></span>, or empty, instance, such as <span class="emphasis"><em>joe at EXAMPLE.COM</em></span>). In this configuration, users with a second principal with an instance of <span class="emphasis"><em>admin</em></span> (for example, <span class="emphasis"><em>joe/admin at EXAMPLE.COM</em></span>) are able to wield full power over the realm's Kerberos database.
+ </div><div class="para">
+ After <code class="command">kadmind</code> has been started on the server, any user can access its services by running <code class="command">kadmin</code> on any of the clients or servers in the realm. However, only users listed in the <code class="filename">kadm5.acl</code> file can modify the database in any way, except for changing their own passwords.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="command">kadmin</code> utility communicates with the <code class="command">kadmind</code> server over the network, and uses Kerberos to handle authentication. Consequently, the first principal must already exist before connecting to the server over the network to administer it. Create the first principal with the <code class="command">kadmin.local</code> command, which is specifically designed to be used on the same host as the KDC and does not use Kerberos for authentication.
+ </div></div></div><div class="para">
+ Type the following <code class="command">kadmin.local</code> command at the KDC terminal to create the first principal:
+ </div><pre class="screen">/usr/kerberos/sbin/kadmin.local -q "addprinc <em class="replaceable"><code>username</code></em>/admin"</pre></li><li class="step"><div class="para">
+ Start Kerberos using the following commands:
+ </div><pre class="screen">/sbin/service krb5kdc start
+/sbin/service kadmin start
+/sbin/service krb524 start</pre></li><li class="step"><div class="para">
+ Add principals for the users using the <code class="command">addprinc</code> command within <code class="command">kadmin</code>. <code class="command">kadmin</code> and <code class="command">kadmin.local</code> are command line interfaces to the KDC. As such, many commands — such as <code class="command">addprinc</code> — are available after launching the <code class="command">kadmin</code> program. Refer to the <code class="command">kadmin</code> man page for more information.
+ </div></li><li class="step"><div class="para">
+ Verify that the KDC is issuing tickets. First, run <code class="command">kinit</code> to obtain a ticket and store it in a credential cache file. Next, use <code class="command">klist</code> to view the list of credentials in the cache and use <code class="command">kdestroy</code> to destroy the cache and the credentials it contains.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ By default, <code class="command">kinit</code> attempts to authenticate using the same system login username (not the Kerberos server). If that username does not correspond to a principal in the Kerberos database, <code class="command">kinit</code> issues an error message. If that happens, supply <code class="command">kinit</code> with the name of the correct principal as an argument on the command line (<code class="command">kinit <em class="replaceable"><code><principal></code></em></code>).
+ </div></div></div></li></ol></div><div class="para">
+ Once these steps are completed, the Kerberos server should be up and running.
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configuring a Kerberos 5 Client</h3></div></div></div><div class="para">
+ Setting up a Kerberos 5 client is less involved than setting up a server. At a minimum, install the client packages and provide each client with a valid <code class="filename">krb5.conf</code> configuration file. While <code class="command">ssh</code> and <code class="command">slogin</code> are the preferred method of remotely logging in to client systems, Kerberized versions of <code class="command">rsh</code> and <code class="command">rlogin</code> are still available, though deploying them requires that a few more configuration changes be made.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Be sure that time synchronization is in place between the Kerberos client and the KDC. Refer to <a class="xref" href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">Section 3.7.5, “Configuring a Kerberos 5 Server”</a> for more information. In addition, verify that DNS is working properly on the Kerberos client before configuring the Kerberos client programs.
+ </div></li><li class="step"><div class="para">
+ Install the <code class="filename">krb5-libs</code> and <code class="filename">krb5-workstation</code> packages on all of the client machines. Supply a valid <code class="filename">/etc/krb5.conf</code> file for each client (usually this can be the same <code class="filename">krb5.conf</code> file used by the KDC).
+ </div></li><li class="step"><div class="para">
+ Before a workstation in the realm can use Kerberos to authenticate users who connect using <code class="command">ssh</code> or Kerberized <code class="command">rsh</code> or <code class="command">rlogin</code>, it must have its own host principal in the Kerberos database. The <code class="command">sshd</code>, <code class="command">kshd</code>, and <code class="command">klogind</code> server programs all need access to the keys for the <span class="emphasis"><em>host</em></span> service's principal. Additionally, in order to use the kerberized <code class="command">rsh</code> and <code class="command">rlogin</code> services, that workstation must have the <code class="filename">xinetd</code> package installed.
+ </div><div class="para">
+ Using <code class="command">kadmin</code>, add a host principal for the workstation on the KDC. The instance in this case is the hostname of the workstation. Use the <code class="command">-randkey</code> option for the <code class="command">kadmin</code>'s <code class="command">addprinc</code> command to create the principal and assign it a random key:
+ </div><pre class="screen">addprinc -randkey host/<em class="replaceable"><code>blah.example.com</code></em></pre><div class="para">
+ Now that the principal has been created, keys can be extracted for the workstation by running <code class="command">kadmin</code> <span class="emphasis"><em>on the workstation itself</em></span>, and using the <code class="command">ktadd</code> command within <code class="command">kadmin</code>:
+ </div><pre class="screen">ktadd -k /etc/krb5.keytab host/<em class="replaceable"><code>blah.example.com</code></em></pre></li><li class="step"><div class="para">
+ To use other kerberized network services, they must first be started. Below is a list of some common kerberized services and instructions about enabling them:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — OpenSSH uses GSS-API to authenticate users to servers if the client's and server's configuration both have <code class="option">GSSAPIAuthentication</code> enabled. If the client also has <code class="option">GSSAPIDelegateCredentials</code> enabled, the user's credentials are made available on the remote system.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rsh</code> and <code class="command">rlogin</code> — To use the kerberized versions of <code class="command">rsh</code> and <code class="command">rlogin</code>, enable <code class="command">klogin</code>, <code class="command">eklogin</code>, and <code class="command">kshell</code>.
+ </div></li><li class="listitem"><div class="para">
+ Telnet — To use kerberized Telnet, <code class="command">krb5-telnet</code> must be enabled.
+ </div></li><li class="listitem"><div class="para">
+ FTP — To provide FTP access, create and extract a key for the principal with a root of <code class="computeroutput">ftp</code>. Be certain to set the instance to the fully qualified hostname of the FTP server, then enable <code class="command">gssftp</code>.
+ </div></li><li class="listitem"><div class="para">
+ IMAP — To use a kerberized IMAP server, the <code class="filename">cyrus-imap</code> package uses Kerberos 5 if it also has the <code class="filename">cyrus-sasl-gssapi</code> package installed. The <code class="filename">cyrus-sasl-gssapi</code> package contains the Cyrus SASL plugins which support GSS-API authentication. Cyrus IMAP should function properly with Kerberos as long as the <code class="command">cyrus</code> user is able to find the proper key in <code class="filename">/etc/krb5.keytab</code>, and the root for the principal is set to <code class="command">imap</code> (created with <code class="command">kadmin</code>).
+ </div><div class="para">
+ An alternative to <code class="filename">cyrus-imap</code> can be found in the <code class="command">dovecot</code> package, which is also included in Fedora. This package contains an IMAP server but does not, to date, support GSS-API and Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ CVS — To use a kerberized CVS server, <code class="command">gserver</code> uses a principal with a root of <code class="computeroutput">cvs</code> and is otherwise identical to the CVS <code class="command">pserver</code>.
+ </div></li></ul></div></li></ol></div></div><div class="section" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Domain-to-Realm Mapping</h3></div></div></div><div class="para">
+ When a client attempts to access a service running on a particular server, it knows the name of the service (<span class="emphasis"><em>host</em></span>) and the name of the server (<span class="emphasis"><em>foo.example.com</em></span>), but because more than one realm may be deployed on your network, it must guess at the name of the realm in which the service resides.
+ </div><div class="para">
+ By default, the name of the realm is taken to be the DNS domain name of the server, upper-cased.
+ </div><div class="literallayout"><p>foo.example.org → EXAMPLE.ORG<br />
+ foo.example.com → EXAMPLE.COM<br />
+ foo.hq.example.com → HQ.EXAMPLE.COM<br />
+</p></div><div class="para">
+ In some configurations, this will be sufficient, but in others, the realm name which is derived will be the name of a non-existant realm. In these cases, the mapping from the server's DNS domain name to the name of its realm must be specified in the <span class="emphasis"><em>domain_realm</em></span> section of the client system's <code class="filename">krb5.conf</code>. For example:
+ </div><pre class="screen">[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ The above configuration specifies two mappings. The first mapping specifies that any system in the "example.com" DNS domain belongs to the <span class="emphasis"><em>EXAMPLE.COM</em></span> realm. The second specifies that a system with the exact name "example.com" is also in the realm. (The distinction between a domain and a specific host is marked by the presence or lack of an initial ".".) The mapping can also be stored directly in DNS.
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Setting Up Secondary KDCs</h3></div></div></div><div class="para">
+ For a number of reasons, you may choose to run multiple KDCs for a given realm. In this scenario, one KDC (the <span class="emphasis"><em>master KDC</em></span>) keeps a writable copy of the realm database and runs <code class="command">kadmind</code> (it is also your realm's <span class="emphasis"><em>admin server</em></span>), and one or more KDCs (<span class="emphasis"><em>slave KDCs</em></span>) keep read-only copies of the database and run <code class="command">kpropd</code>.
+ </div><div class="para">
+ The master-slave propagation procedure entails the master KDC dumping its database to a temporary dump file and then transmitting that file to each of its slaves, which then overwrite their previously-received read-only copies of the database with the contents of the dump file.
+ </div><div class="para">
+ To set up a slave KDC, first ensure that the master KDC's <code class="filename">krb5.conf</code> and <code class="filename">kdc.conf</code> files are copied to the slave KDC.
+ </div><div class="para">
+ Start <code class="command">kadmin.local</code> from a root shell on the master KDC and use its <code class="command">add_principal</code> command to create a new entry for the master KDC's <span class="emphasis"><em>host</em></span> service, and then use its <code class="command">ktadd</code> command to simultaneously set a random key for the service and store the random key in the master's default keytab file. This key will be used by the <code class="command">kprop</code> command to authenticate to the slave servers. You will only need to do this once, regardless of how many slave servers you install.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin.local -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal root/admin at EXAMPLE.COM with password.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/masterkdc.example.com</code></strong>
+
+Principal "host/host/masterkdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/masterkdc.example.com</code></strong>
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ Start <code class="command">kadmin</code> from a root shell on the slave KDC and use its <code class="command">add_principal</code> command to create a new entry for the slave KDC's <span class="emphasis"><em>host</em></span> service, and then use <code class="command">kadmin</code>'s <code class="command">ktadd</code> command to simultaneously set a random key for the service and store the random key in the slave's default keytab file. This key is used by the <code class="command">kpropd</code> service when authenticating clients.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -p jimbo/admin at EXAMPLE.COM -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal jimbo/admin at EXAMPLE.COM with password.
+
+<code class="prompt">Password for jimbo/admin at EXAMPLE.COM: </code>
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/slavekdc.example.com</code></strong>
+
+Principal "host/slavekdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/slavekdc.example.com at EXAMPLE.COM</code></strong>
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ With its service key, the slave KDC could authenticate any client which would connect to it. Obviously, not all of them should be allowed to provide the slave's <code class="command">kprop</code> service with a new realm database. To restrict access, the <code class="command">kprop</code> service on the slave KDC will only accept updates from clients whose principal names are listed in <code class="filename">/var/kerberos/krb5kdc/kpropd.acl</code>. Add the master KDC's host service's name to that file.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>echo host/masterkdc.example.com at EXAMPLE.COM > /var/kerberos/krb5kdc/kpropd.acl</code></strong></code></p></div><div class="para">
+ Once the slave KDC has obtained a copy of the database, it will also need the master key which was used to encrypt it. If your KDC database's master key is stored in a <span class="emphasis"><em>stash</em></span> file on the master KDC (typically named <code class="filename">/var/kerberos/krb5kdc/.k5.REALM</code>, either copy it to the slave KDC using any available secure method, or create a dummy database and identical stash file on the slave KDC by running <code class="command">kdb5_util create -s</code> (the dummy database will be overwritten by the first successful database propagation) and supplying the same password.
+ </div><div class="para">
+ Ensure that the slave KDC's firewall allows the master KDC to contact it using TCP on port 754 (<span class="emphasis"><em>krb5_prop</em></span>), and start the <code class="command">kprop</code> service. Then, double-check that the <code class="command">kadmin</code> service is <span class="emphasis"><em>disabled</em></span>.
+ </div><div class="para">
+ Now perform a manual database propagation test by dumping the realm database, on the master KDC, to the default data file which the <code class="command">kprop</code> command will read (<code class="filename">/var/kerberos/krb5kdc/slave_datatrans</code>), and then use the <code class="command">kprop</code> command to transmit its contents to the slave KDC.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>/usr/kerberos/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans</code></strong><code class="prompt">#</code> <strong class="userinput"><code>kprop slavekdc.example.com</code></strong></code></p></div><div class="para">
+ Using <code class="command">kinit</code>, verify that a client system whose <code class="filename">krb5.conf</code> lists only the slave KDC in its list of KDCs for your realm is now correctly able to obtain initial credentials from the slave KDC.
+ </div><div class="para">
+ That done, simply create a script which dumps the realm database and runs the <code class="command">kprop</code> command to transmit the database to each slave KDC in turn, and configure the <code class="command">cron</code> service to run the script periodically.
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Setting Up Cross Realm Authentication</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>Cross-realm authentication</em></span> is the term which is used to describe situations in which clients (typically users) of one realm use Kerberos to authenticate to services (typically server processes running on a particular server system) which belong to a realm other than their own.
+ </div><div class="para">
+ For the simplest case, in order for a client of a realm named <code class="literal">A.EXAMPLE.COM</code> to access a service in the <code class="literal">B.EXAMPLE.COM</code> realm, both realms must share a key for a principal named <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code>, and both keys must have the same key version number associated with them.
+ </div><div class="para">
+ To accomplish this, select a very strong password or passphrase, and create an entry for the principal in both realms using kadmin.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong></p></div><div class="para">
+ Use the <code class="command">get_principal</code> command to verify that both entries have matching key version numbers (<code class="literal">kvno</code> values) and encryption types.
+ </div><div class="important"><div class="admonition_header"><h2>Dumping the Database Doesn't Do It</h2></div><div class="admonition"><div class="para">
+ Security-conscious administrators may attempt to use the <code class="command">add_principal</code> command's <code class="literal">-randkey</code> option to assign a random key instead of a password, dump the new entry from the database of the first realm, and import it into the second. This will not work unless the master keys for the realm databases are identical, as the keys contained in a database dump are themselves encrypted using the master key.
+ </div></div></div><div class="para">
+ Clients in the <code class="literal">A.EXAMPLE.COM</code> realm are now able to authenticate to services in the <code class="literal">B.EXAMPLE.COM</code> realm. Put another way, the <code class="literal">B.EXAMPLE.COM</code> realm now <span class="emphasis"><em>trusts</em></span> the <code class="literal">A.EXAMPLE.COM</code> realm, or phrased even more simply, <code class="literal">B.EXAMPLE.COM</code> now <span class="emphasis"><em>trusts</em></span> <code class="literal">A.EXAMPLE.COM</code>.
+ </div><div class="para">
+ This brings us to an important point: cross-realm trust is unidirectional by default. The KDC for the <code class="literal">B.EXAMPLE.COM</code> realm may trust clients from the <code class="literal">A.EXAMPLE.COM</code> to authenticate to services in the <code class="literal">B.EXAMPLE.COM</code> realm, but the fact that it does has no effect on whether or not clients in the <code class="literal">B.EXAMPLE.COM</code> realm are trusted to authenticate to services in the <code class="literal">A.EXAMPLE.COM</code> realm. To establish trust in the other direction, both realms would need to share keys for the <code class="literal">krbtgt/A.EXAMPLE.COM at B.EXAMPLE.COM</code> service (take note of the reversed in order of the two realms compared to the example above).
+ </div><div class="para">
+ If direct trust relationships were the only method for providing trust between realms, networks which contain multiple realms would be very difficult to set up. Luckily, cross-realm trust is transitive. If clients from <code class="literal">A.EXAMPLE.COM</code> can authenticate to services in <code class="literal">B.EXAMPLE.COM</code>, and clients from <code class="literal">B.EXAMPLE.COM</code> can authenticate to services in <code class="literal">C.EXAMPLE.COM</code>, then clients in <code class="literal">A.EXAMPLE.COM</code> can also authenticate to services in <code class="literal">C.EXAMPLE.COM</code>, <span class="emphasis"><em>even if <code class="literal">C.EXAMPLE.COM</code> doesn't directly trust <code class="literal">A.EXAMPLE.COM</code></em></span>. This means that, on a network with multiple realms which all need to trust each other, making good choices about which trust relationships to set up can greatly reduce the amount of effort required.
+ </div><div class="para">
+ Now you face the more conventional problems: the client's system must be configured so that it can properly deduce the realm to which a particular service belongs, and it must be able to determine how to obtain credentials for services in that realm.
+ </div><div class="para">
+ First things first: the principal name for a service provided from a specific server system in a given realm typically looks like this:
+ </div><div class="literallayout"><p>service/server.example.com at EXAMPLE.COM</p></div><div class="para">
+ In this example, <span class="emphasis"><em>service</em></span> is typically either the name of the protocol in use (other common values include <span class="emphasis"><em>ldap</em></span>, <span class="emphasis"><em>imap</em></span>, <span class="emphasis"><em>cvs</em></span>, and <span class="emphasis"><em>HTTP</em></span>) or <span class="emphasis"><em>host</em></span>, <span class="emphasis"><em>server.example.com</em></span> is the fully-qualified domain name of the system which runs the service, and <code class="literal">EXAMPLE.COM</code> is the name of the realm.
+ </div><div class="para">
+ To deduce the realm to which the service belongs, clients will most often consult DNS or the <code class="literal">domain_realm</code> section of <code class="filename">/etc/krb5.conf</code> to map either a hostname (<span class="emphasis"><em>server.example.com</em></span>) or a DNS domain name (<span class="emphasis"><em>.example.com</em></span>) to the name of a realm (<span class="emphasis"><em>EXAMPLE.COM</em></span>).
+ </div><div class="para">
+ Having determined which to which realm a service belongs, a client then has to determine the set of realms which it needs to contact, and in which order it must contact them, to obtain credentials for use in authenticating to the service.
+ </div><div class="para">
+ This can be done in one of two ways.
+ </div><div class="para">
+ The default method, which requires no explicit configuration, is to give the realms names within a shared hierarchy. For an example, assume realms named <code class="literal">A.EXAMPLE.COM</code>, <code class="literal">B.EXAMPLE.COM</code>, and <code class="literal">EXAMPLE.COM</code>. When a client in the <code class="literal">A.EXAMPLE.COM</code> realm attempts to authenticate to a service in <code class="literal">B.EXAMPLE.COM</code>, it will, by default, first attempt to get credentials for the <code class="literal">EXAMPLE.COM</code> realm, and then to use those credentials to obtain credentials for use in the <code class="literal">B.EXAMPLE.COM</code> realm.
+ </div><div class="para">
+ The client in this scenario treats the realm name as one might treat a DNS name. It repeatedly strips off the components of its own realm's name to generate the names of realms which are "above" it in the hierarchy until it reaches a point which is also "above" the service's realm. At that point it begins prepending components of the service's realm name until it reaches the service's realm. Each realm which is involved in the process is another "hop".
+ </div><div class="para">
+ For example, using credentials in <code class="literal">A.EXAMPLE.COM</code>, authenticating to a service in <code class="literal">B.EXAMPLE.COM</code><code class="literal">A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM </code> <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> and <code class="literal">EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EXAMPLE.COM at A.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> and <code class="literal">B.EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/B.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Another example, using credentials in <code class="literal">SITE1.SALES.EXAMPLE.COM</code>, authenticating to a service in <code class="literal">EVERYWHERE.EXAMPLE.COM</code><code class="literal">SITE1.SALES.EXAMPLE.COM → SALES.EXAMPLE.COM → EXAMPLE.COM → EVERYWHERE.EXAMPLE.COM </code> <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">SITE1.SALES.EXAMPLE.COM</code> and <code class="literal">SALES.EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/SALES.EXAMPLE.COM at SITE1.SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">SALES.EXAMPLE.COM</code> and <code class="literal">EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EXAMPLE.COM at SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> and <code class="literal">EVERYWHERE.EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EVERYWHERE.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Another example, this time using realm names whose names share no common suffix (<code class="literal">DEVEL.EXAMPLE.COM</code> and <code class="literal">PROD.EXAMPLE.ORG</code><code class="literal"> DEVEL.EXAMPLE.COM → EXAMPLE.COM → COM → ORG → EXAMPLE.ORG → PROD.EXAMPLE.ORG </code> <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">DEVEL.EXAMPLE.COM</code> and <code class="literal">EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EXAMPLE.COM at DEVEL.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> and <code class="literal">COM</code> share a key for <code class="literal">krbtgt/COM at EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">COM</code> and <code class="literal">ORG</code> share a key for <code class="literal">krbtgt/ORG at COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">ORG</code> and <code class="literal">EXAMPLE.ORG</code> share a key for <code class="literal">krbtgt/EXAMPLE.ORG at ORG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.ORG</code> and <code class="literal">PROD.EXAMPLE.ORG</code> share a key for <code class="literal">krbtgt/PROD.EXAMPLE.ORG at EXAMPLE.ORG</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ The more complicated, but also more flexible, method involves configuring the <code class="literal">capaths</code> section of <code class="filename">/etc/krb5.conf</code>, so that clients which have credentials for one realm will be able to look up which realm is next in the chain which will eventually lead to the being able to authenticate to servers.
+ </div><div class="para">
+ The format of the <code class="literal">capaths</code> section is relatively straightforward: each entry in the section is named after a realm in which a client might exist. Inside of that subsection, the set of intermediate realms from which the client must obtain credentials is listed as values of the key which corresponds to the realm in which a service might reside. If there are no intermediate realms, the value "." is used.
+ </div><div class="para">
+ Here's an example:
+ </div><div class="literallayout"><p> [capaths]<br />
+ A.EXAMPLE.COM = {<br />
+ B.EXAMPLE.COM = .<br />
+ C.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = C.EXAMPLE.COM<br />
+ }<br />
+<br />
+</p></div><div class="para">
+ In this example, clients in the <code class="literal">A.EXAMPLE.COM</code> realm can obtain cross-realm credentials for <code class="literal">B.EXAMPLE.COM</code> directly from the <code class="literal">A.EXAMPLE.COM</code> KDC.
+ </div><div class="para">
+ If those clients wish to contact a service in the<code class="literal">C.EXAMPLE.COM</code> realm, they will first need to obtain necessary credentials from the <code class="literal">B.EXAMPLE.COM</code> realm (this requires that <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code> exist), and then use <code class="literal">those</code> credentials to obtain credentials for use in the <code class="literal">C.EXAMPLE.COM</code> realm (using <code class="literal">krbtgt/C.EXAMPLE.COM at B.EXAMPLE.COM</code>).
+ </div><div class="para">
+ If those clients wish to contact a service in the <code class="literal">D.EXAMPLE.COM</code> realm, they will first need to obtain necessary credentials from the <code class="literal">B.EXAMPLE.COM</code> realm, and then credentials from the <code class="literal">C.EXAMPLE.COM</code> realm, before finally obtaining credentials for use with the <code class="literal">D.EXAMPLE.COM</code> realm.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Without a capath entry indicating otherwise, Kerberos assumes that cross-realm trust relationships form a hierarchy.
+ </div><div class="para">
+ Clients in the <code class="literal">A.EXAMPLE.COM</code> realm can obtain cross-realm credentials from <code class="literal">B.EXAMPLE.COM</code> realm directly. Without the "." indicating this, the client would instead attempt to use a hierarchical path, in this case:
+ </div><div class="literallayout"><p> A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM<br />
+<br />
+</p></div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Additional Resources</h3></div></div></div><div class="para">
+ For more information about Kerberos, refer to the following resources.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">3.7.10.1. Installed Kerberos Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The <em class="citetitle">Kerberos V5 Installation Guide</em> and the <em class="citetitle">Kerberos V5 System Administrator's Guide</em> in PostScript and HTML formats. These can be found in the <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code> directory (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="command">krb5-server</code> package installed on your system).
+ </div></li><li class="listitem"><div class="para">
+ The <em class="citetitle">Kerberos V5 UNIX User's Guide</em> in PostScript and HTML formats. These can be found in the <code class="filename">/usr/share/doc/krb5-workstation-<em class="replaceable"><code><version-number></code></em>/</code> directory (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="command">krb5-workstation</code> package installed on your system).
+ </div></li><li class="listitem"><div class="para">
+ Kerberos man pages — There are a number of man pages for the various applications and configuration files involved with a Kerberos implementation. The following is a list of some of the more important man pages.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Client Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kerberos</code> — An introduction to the Kerberos system which describes how credentials work and provides recommendations for obtaining and destroying Kerberos tickets. The bottom of the man page references a number of related man pages.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kinit</code> — Describes how to use this command to obtain and cache a ticket-granting ticket.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdestroy</code> — Describes how to use this command to destroy Kerberos credentials.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man klist</code> — Describes how to use this command to list cached Kerberos credentials.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Administrative Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kadmin</code> — Describes how to use this command to administer the Kerberos V5 database.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdb5_util</code> — Describes how to use this command to create and perform low-level administrative functions on the Kerberos V5 database.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Server Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5kdc</code> — Describes available command line options for the Kerberos V5 KDC.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kadmind</code> — Describes available command line options for the Kerberos V5 administration server.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Configuration Files</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5.conf</code> — Describes the format and options available within the configuration file for the Kerberos V5 library.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdc.conf</code> — Describes the format and options available within the configuration file for the Kerberos V5 AS and KDC.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">3.7.10.2. Useful Kerberos Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a> — <em class="citetitle">Kerberos: The Network Authentication Protocol</em> webpage from MIT.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a> — The Kerberos Frequently Asked Questions (FAQ).
+ </div></li><li class="listitem"><div class="para">
+ <a href="ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS">ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS</a> — The PostScript version of <em class="citetitle">Kerberos: An Authentication Service for Open Network Systems</em> by Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. This document is the original paper describing Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/dialogue.html">http://web.mit.edu/kerberos/www/dialogue.html</a> — <em class="citetitle">Designing an Authentication System: a Dialogue in Four Scenes</em> originally by Bill Bryant in 1988, modified by Theodore Ts'o in 1997. This document is a conversation between two developers who are thinking through the creation of a Kerberos-style authentication system. The conversational style of the discussion make this a good starting place for people who are completely unfamiliar with Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.ornl.gov/~jar/HowToKerb.html">http://www.ornl.gov/~jar/HowToKerb.html</a> — <em class="citetitle">How to Kerberize your site</em> is a good reference for kerberizing a network.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.networkcomputing.com/netdesign/kerb1.html">http://www.networkcomputing.com/netdesign/kerb1.html</a> — <em class="citetitle">Kerberos Network Design Manual</em> is a thorough overview of the Kerberos system.
+ </div></li></ul></div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Firewalls" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Firewalls">3.8. Firewalls</h2></div></div></div><div class="para">
+ Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Fedora includes several tools to assist administrators and security engineers with network-level access control issues.
+ </div><div class="para">
+ Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint, McAfee, and Symantec have also developed proprietary software firewall solutions for home and business markets.
+ </div><div class="para">
+ Apart from the differences between hardware and software firewalls, there are also differences in the way firewalls function that separate one solution from another. <a class="xref" href="#tabl-Security_Guide-Firewalls-Firewall_Types">Table 3.2, “Firewall Types”</a> details three common types of firewalls and how they function:
+ </div><div class="table" id="tabl-Security_Guide-Firewalls-Firewall_Types"><h6>Table 3.2. Firewall Types</h6><div class="table-contents"><table summary="Firewall Types" border="1"><colgroup><col width="10%" class="method" /><col width="30%" class="description" /><col width="30%" class="advantages" /><col width="30%" class="disadvantages" /></colgroup><thead><tr><th>
+ Method
+ </th><th>
+ Description
+ </th><th>
+ Advantages
+ </th><th>
+ Disadvantages
+ </th></tr></thead><tbody><tr><td>
+ NAT
+ </td><td>
+ <em class="firstterm">Network Address Translation</em> (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several. The Linux kernel has built-in NAT functionality through the Netfilter kernel subsystem.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Can be configured transparently to machines on a LAN </td></tr><tr><td> · Protection of many machines and services behind one or more external IP addresses simplifies administration duties </td></tr><tr><td> · Restriction of user access to and from the LAN can be configured by opening and closing ports on the NAT firewall/gateway </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Cannot prevent malicious activity once users connect to a service outside of the firewall </td></tr></table>
+
+ </td></tr><tr><td>
+ Packet Filter
+ </td><td>
+ A packet filtering firewall reads each data packet that passes through a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Customizable through the <code class="command">iptables</code> front-end utility </td></tr><tr><td> · Does not require any customization on the client side, as all network activity is filtered at the router level rather than the application level </td></tr><tr><td> · Since packets are not transmitted through a proxy, network performance is faster due to direct connection from client to remote host </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Cannot filter packets for content like proxy firewalls </td></tr><tr><td> · Processes packets at the protocol layer, but cannot filter packets at an application layer </td></tr><tr><td> · Complex network architectures can make establishing packet filtering rules difficult, especially if coupled with <em class="firstterm">IP masquerading</em> or local subnets and DMZ networks </td></tr></table>
+
+ </td></tr><tr><td>
+ Proxy
+ </td><td>
+ Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Gives administrators control over what applications and protocols function outside of the LAN </td></tr><tr><td> · Some proxy servers can cache frequently-accessed data locally rather than having to use the Internet connection to request it. This helps to reduce bandwidth consumption </td></tr><tr><td> · Proxy services can be logged and monitored closely, allowing tighter control over resource utilization on the network </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Proxies are often application-specific (HTTP, Telnet, etc.), or protocol-restricted (most proxies work with TCP-connected services only) </td></tr><tr><td> · Application services cannot run behind a proxy, so your application servers must use a separate form of network security </td></tr><tr><td> · Proxies can become a network bottleneck, as all requests and transmissions are passed through one source rather than directly from a client to a remote service </td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter and IPTables</h3></div></div></div><div class="para">
+ The Linux kernel features a powerful networking subsystem called <em class="firstterm">Netfilter</em>. The Netfilter subsystem provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfilter also has the ability to <em class="firstterm">mangle</em> IP header information for advanced routing and connection state management. Netfilter is controlled using the <code class="command">iptables</code> tool.
+ </div><div class="section" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview">3.8.1.1. IPTables Overview</h4></div></div></div><div class="para">
+ The power and flexibility of Netfilter is implemented using the <code class="command">iptables</code> administration tool, a command line tool similar in syntax to its predecessor, <code class="command">ipchains</code>, which Netfilter/iptables replaced in the Linux kernel 2.4 and above.
+ </div><div class="para">
+ <code class="command">iptables</code> uses the Netfilter subsystem to enhance network connection, inspection, and processing. <code class="command">iptables</code> features advanced logging, pre- and post-routing actions, network address translation, and port forwarding, all in one command line interface.
+ </div><div class="para">
+ This section provides an overview of <code class="command">iptables</code>. For more detailed information, refer to <a class="xref" href="#sect-Security_Guide-IPTables">Section 3.9, “IPTables”</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Basic Firewall Configuration</h3></div></div></div><div class="para">
+ Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized users from accessing your computer.
+ </div><div class="para">
+ In a default Fedora installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any Fedora system with an Internet connection.
+ </div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">3.8.2.1. <span class="application"><strong>Firewall Administration Tool</strong></span></h4></div></div></div><div class="para">
+ During the <span class="guilabel"><strong>Firewall Configuration</strong></span> screen of the Fedora installation, you were given the option to enable a basic firewall as well as to allow specific devices, incoming services, and ports.
+ </div><div class="para">
+ After installation, you can change this preference by using the <span class="application"><strong>Firewall Administration Tool</strong></span>.
+ </div><div class="para">
+ To start this application, use the following command:
+ </div><pre class="screen">[root at myServer ~] # system-config-firewall</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewall_config.png" width="444" alt="Firewall Administration Tool" /><div class="longdesc"><div class="para">
+ Security Level Configuration
+ </div></div></div></div><h6>Figure 3.10. <span class="application">Firewall Administration Tool</span></h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <span class="application"><strong>Firewall Administration Tool</strong></span> only configures a basic firewall. If the system needs more complex rules, refer to <a class="xref" href="#sect-Security_Guide-IPTables">Section 3.9, “IPTables”</a> for details on configuring specific <code class="command">iptables</code> rules.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">3.8.2.2. Enabling and Disabling the Firewall</h4></div></div></div><div class="para">
+ Select one of the following options for the firewall:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Disabled</strong></span> — Disabling the firewall provides complete access to your system and does no security checking. This should only be selected if you are running on a trusted network (not the Internet) or need to configure a custom firewall using the iptables command line tool.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Firewall configurations and any customized firewall rules are stored in the <code class="filename">/etc/sysconfig/iptables</code> file. If you choose <span class="guilabel"><strong>Disabled</strong></span> and click <span class="guibutton"><strong>OK</strong></span>, these configurations and firewall rules will be lost.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Enabled</strong></span> — This option configures the system to reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
+ </div><div class="para">
+ If you are connecting your system to the Internet, but do not plan to run a server, this is the safest choice.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">3.8.2.3. Trusted Services</h4></div></div></div><div class="para">
+ Enabling options in the <span class="guilabel"><strong>Trusted services</strong></span> list allows the specified service to pass through the firewall.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
+ The HTTP protocol is used by Apache (and by other Web servers) to serve web pages. If you plan on making your Web server publicly available, select this check box. This option is not required for viewing pages locally or for developing web pages. This service requires that the <code class="filename">httpd</code> package be installed.
+ </div><div class="para">
+ Enabling <span class="guilabel"><strong>WWW (HTTP)</strong></span> will not open a port for HTTPS, the SSL version of HTTP. If this service is required, select the <span class="guilabel"><strong>Secure WWW (HTTPS)</strong></span> check box.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>FTP</strong></span></span></dt><dd><div class="para">
+ The FTP protocol is used to transfer files between machines on a network. If you plan on making your FTP server publicly available, select this check box. This service requires that the <code class="filename">vsftpd</code> package be installed.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>SSH</strong></span></span></dt><dd><div class="para">
+ Secure Shell (SSH) is a suite of tools for logging into and executing commands on a remote machine. To allow remote access to the machine via ssh, select this check box. This service requires that the <code class="filename">openssh-server</code> package be installed.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Telnet</strong></span></span></dt><dd><div class="para">
+ Telnet is a protocol for logging into remote machines. Telnet communications are unencrypted and provide no security from network snooping. Allowing incoming Telnet access is not recommended. To allow remote access to the machine via telnet, select this check box. This service requires that the <code class="filename">telnet-server</code> package be installed.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Mail (SMTP)</strong></span></span></dt><dd><div class="para">
+ SMTP is a protocol that allows remote hosts to connect directly to your machine to deliver mail. You do not need to enable this service if you collect your mail from your ISP's server using POP3 or IMAP, or if you use a tool such as <code class="command">fetchmail</code>. To allow delivery of mail to your machine, select this check box. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>NFS4</strong></span></span></dt><dd><div class="para">
+ The Network File System (NFS) is a file sharing protocol commonly used on *NIX systems. Version 4 of this protocol is more secure than its predecessors. If you want to share files or directories on your system with other network users, select this check box.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Samba</strong></span></span></dt><dd><div class="para">
+ Samba is an implementation of Microsoft's proprietary SMB networking protocol. If you need to share files, directories, or locally-connected printers with Microsoft Windows machines, select this check box.
+ </div></dd></dl></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">3.8.2.4. Other Ports</h4></div></div></div><div class="para">
+ The <span class="application"><strong>Firewall Administration Tool</strong></span> includes an <span class="guilabel"><strong>Other ports</strong></span> section for specifying custom IP ports as being trusted by <code class="command">iptables</code>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <span class="guilabel"><strong>Other ports</strong></span> section:
+ </div><div class="para">
+ <code class="computeroutput">194:tcp,631:tcp</code>
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">3.8.2.5. Saving the Settings</h4></div></div></div><div class="para">
+ Click <span class="guibutton"><strong>OK</strong></span> to save the changes and enable or disable the firewall. If <span class="guilabel"><strong>Enable firewall</strong></span> was selected, the options selected are translated to <code class="command">iptables</code> commands and written to the <code class="filename">/etc/sysconfig/iptables</code> file. The <code class="command">iptables</code> service is also started so that the firewall is activated immediately after saving the selected options. If <span class="guilabel"><strong>Disable firewall</strong></span> was selected, the <code class="filename">/etc/sysconfig/iptables</code> file is removed and the <code class="command">iptables</code> service is stopped immediately.
+ </div><div class="para">
+ The selected options are also written to the <code class="filename">/etc/sysconfig/system-config-securitylevel</code> file so that the settings can be restored the next time the application is started. Do not edit this file by hand.
+ </div><div class="para">
+ Even though the firewall is activated immediately, the <code class="command">iptables</code> service is not configured to start automatically at boot time. Refer to <a class="xref" href="#sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">Section 3.8.2.6, “Activating the IPTables Service”</a> for more information.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">3.8.2.6. Activating the IPTables Service</h4></div></div></div><div class="para">
+ The firewall rules are only active if the <code class="command">iptables</code> service is running. To manually start the service, use the following command:
+ </div><pre class="screen">[root at myServer ~] # service iptables restart</pre><div class="para">
+ To ensure that <code class="command">iptables</code> starts when the system is booted, use the following command:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre></div></div><div class="section" id="sect-Security_Guide-Firewalls-Using_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Using IPTables</h3></div></div></div><div class="para">
+ The first step in using <code class="command">iptables</code> is to start the <code class="command">iptables</code> service. Use the following command to start the <code class="command">iptables</code> service:
+ </div><pre class="screen">[root at myServer ~] # service iptables start</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="command">ip6tables</code> service can be turned off if you intend to use the <code class="command">iptables</code> service only. If you deactivate the <code class="command">ip6tables</code> service, remember to deactivate the IPv6 network also. Never leave a network device active without the matching firewall.
+ </div></div></div><div class="para">
+ To force <code class="command">iptables</code> to start by default when the system is booted, use the following command:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre><div class="para">
+ This forces <code class="command">iptables</code> to start whenever the system is booted into runlevel 3, 4, or 5.
+ </div><div class="section" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax">3.8.3.1. IPTables Command Syntax</h4></div></div></div><div class="para">
+ The following sample <code class="command">iptables</code> command illustrates the basic command syntax:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A <em class="replaceable"><code><chain></code></em> -j <em class="replaceable"><code><target></code></em></pre><div class="para">
+ The <code class="option">-A</code> option specifies that the rule be appended to <em class="firstterm"><chain></em>. Each chain is comprised of one or more <em class="firstterm">rules</em>, and is therefore also known as a <em class="firstterm">ruleset</em>.
+ </div><div class="para">
+ The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.
+ </div><div class="para">
+ The <code class="option">-j <em class="replaceable"><code><target></code></em></code> option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.
+ </div><div class="para">
+ Refer to the <code class="command">iptables</code> man page for more information on the available chains, options, and targets.
+ </div></div><div class="section" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">3.8.3.2. Basic Firewall Policies</h4></div></div></div><div class="para">
+ Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules.
+ </div><div class="para">
+ Each <code class="command">iptables</code> chain is comprised of a default policy, and zero or more rules which work in concert with the default policy to define the overall ruleset for the firewall.
+ </div><div class="para">
+ The default policy for a chain can be either DROP or ACCEPT. Security-minded administrators typically implement a default policy of DROP, and only allow specific packets on a case-by-case basis. For example, the following policies block all incoming and outgoing packets on a network gateway:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P INPUT DROP
+[root at myServer ~ ] # iptables -P OUTPUT DROP</pre><div class="para">
+ It is also recommended that any <em class="firstterm">forwarded packets</em> — network traffic that is to be routed from the firewall to its destination node — be denied as well, to restrict internal clients from inadvertent exposure to the Internet. To do this, use the following rule:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P FORWARD DROP</pre><div class="para">
+ When you have established the default policies for each chain, you can create and save further rules for your particular network and security requirements.
+ </div><div class="para">
+ The following sections describe how to save iptables rules and outline some of the rules you might implement in the course of building your iptables firewall.
+ </div></div><div class="section" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">3.8.3.3. Saving and Restoring IPTables Rules</h4></div></div></div><div class="para">
+ Changes to <code class="command">iptables</code> are transitory; if the system is rebooted or if the <code class="command">iptables</code> service is restarted, the rules are automatically flushed and reset. To save the rules so that they are loaded when the <code class="command">iptables</code> service is started, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # service iptables save</pre><div class="para">
+ The rules are stored in the file <code class="filename">/etc/sysconfig/iptables</code> and are applied whenever the service is started or the machine is rebooted.
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Common IPTables Filtering</h3></div></div></div><div class="para">
+ Preventing remote attackers from accessing a LAN is one of the most important aspects of network security. The integrity of a LAN should be protected from malicious remote users through the use of stringent firewall rules.
+ </div><div class="para">
+ However, with a default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources.
+ </div><div class="para">
+ To allow users to perform network-related functions and to use networking applications, administrators must open certain ports for communication.
+ </div><div class="para">
+ For example, to allow access to port 80 <span class="emphasis"><em>on the firewall</em></span>, append the following rule:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</pre><div class="para">
+ This allows users to browse websites that communicate using the standard port 80. To allow access to secure websites (for example, https://www.example.com/), you also need to provide access to port 443, as follows:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ When creating an <code class="command">iptables</code> ruleset, order is important.
+ </div><div class="para">
+ If a rule specifies that any packets from the 192.168.100.0/24 subnet be dropped, and this is followed by a rule that allows packets from 192.168.100.13 (which is within the dropped subnet), then the second rule is ignored.
+ </div><div class="para">
+ The rule to allow packets from 192.168.100.13 must precede the rule that drops the remainder of the subnet.
+ </div><div class="para">
+ To insert a rule in a specific location in an existing chain, use the <code class="option">-I</code> option. For example:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT</pre><div class="para">
+ This rule is inserted as the first rule in the INPUT chain to allow local loopback device traffic.
+ </div></div></div><div class="para">
+ There may be times when you require remote access to the LAN. Secure services, for example SSH, can be used for encrypted remote connection to LAN services.
+ </div><div class="para">
+ Administrators with PPP-based resources (such as modem banks or bulk ISP accounts), dial-up access can be used to securely circumvent firewall barriers. Because they are direct connections, modem connections are typically behind a firewall/gateway.
+ </div><div class="para">
+ For remote users with broadband connections, however, special cases can be made. You can configure <code class="command">iptables</code> to accept connections from remote SSH clients. For example, the following rules allow remote SSH access:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+[root at myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT</pre><div class="para">
+ These rules allow incoming and outbound access for an individual system, such as a single PC directly connected to the Internet or a firewall/gateway. However, they do not allow nodes behind the firewall/gateway to access these services. To allow LAN access to these services, you can use <em class="firstterm">Network Address Translation</em> (<acronym class="acronym">NAT</acronym>) with <code class="command">iptables</code> filtering rules.
+ </div></div><div class="section" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</h3></div></div></div><div class="para">
+ Most ISPs provide only a limited number of publicly routable IP addresses to the organizations they serve.
+ </div><div class="para">
+ Administrators must, therefore, find alternative ways to share access to Internet services without giving public IP addresses to every node on the LAN. Using private IP addresses is the most common way of allowing all nodes on a LAN to properly access internal and external network services.
+ </div><div class="para">
+ Edge routers (such as firewalls) can receive incoming transmissions from the Internet and route the packets to the intended LAN node. At the same time, firewalls/gateways can also route outgoing requests from a LAN node to the remote Internet service.
+ </div><div class="para">
+ This forwarding of network traffic can become dangerous at times, especially with the availability of modern cracking tools that can spoof <span class="emphasis"><em>internal</em></span> IP addresses and make the remote attacker's machine act as a node on your LAN.
+ </div><div class="para">
+ To prevent this, <code class="command">iptables</code> provides routing and forwarding policies that can be implemented to prevent abnormal usage of network resources.
+ </div><div class="para">
+ The <code class="computeroutput">FORWARD</code> chain allows an administrator to control where packets can be routed within a LAN. For example, to allow forwarding for the entire LAN (assuming the firewall/gateway is assigned an internal IP address on eth1), use the following rules:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
+[root at myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT</pre><div class="para">
+ This rule gives systems behind the firewall/gateway access to the internal network. The gateway routes packets from one LAN node to its intended destination node, passing all packets through its <code class="filename">eth1</code> device.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ By default, the IPv4 policy in Fedora kernels disables support for IP forwarding. This prevents machines that run Fedora from functioning as dedicated edge routers. To enable IP forwarding, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</pre><div class="para">
+ This configuration change is only valid for the current session; it does not persist beyond a reboot or network service restart. To permanently set IP forwarding, edit the <code class="filename">/etc/sysctl.conf</code> file as follows:
+ </div><div class="para">
+ Locate the following line:
+ </div><pre class="screen">net.ipv4.ip_forward = 0</pre><div class="para">
+ Edit it to read as follows:
+ </div><pre class="screen">net.ipv4.ip_forward = 1</pre><div class="para">
+ Use the following command to enable the change to the <code class="filename">sysctl.conf</code> file:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -p /etc/sysctl.conf</pre></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading">3.8.5.1. Postrouting and IP Masquerading</h4></div></div></div><div class="para">
+ Accepting forwarded packets via the firewall's internal IP device allows LAN nodes to communicate with each other; however they still cannot communicate externally to the Internet.
+ </div><div class="para">
+ To allow LAN nodes with private IP addresses to communicate with external public networks, configure the firewall for <em class="firstterm">IP masquerading</em>, which masks requests from LAN nodes with the IP address of the firewall's external device (in this case, eth0):
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre><div class="para">
+ This rule uses the NAT packet matching table (<code class="option">-t nat</code>) and specifies the built-in POSTROUTING chain for NAT (<code class="option">-A POSTROUTING</code>) on the firewall's external networking device (<code class="option">-o eth0</code>).
+ </div><div class="para">
+ POSTROUTING allows packets to be altered as they are leaving the firewall's external device.
+ </div><div class="para">
+ The <code class="option">-j MASQUERADE</code> target is specified to mask the private IP address of a node with the external IP address of the firewall/gateway.
+ </div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">3.8.5.2. Prerouting</h4></div></div></div><div class="para">
+ If you have a server on your internal network that you want make available externally, you can use the <code class="option">-j DNAT</code> target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded.
+ </div><div class="para">
+ For example, if you want to forward incoming HTTP requests to your dedicated Apache HTTP Server at 172.31.0.23, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80</pre><div class="para">
+ This rule specifies that the <acronym class="acronym">nat</acronym> table use the built-in PREROUTING chain to forward incoming HTTP requests exclusively to the listed destination IP address of 172.31.0.23.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ If you have a default policy of DROP in your FORWARD chain, you must append a rule to forward all incoming HTTP requests so that destination NAT routing is possible. To do this, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT</pre><div class="para">
+ This rule forwards all incoming HTTP requests from the firewall to the intended destination; the Apache HTTP Server behind the firewall.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">3.8.5.3. DMZs and IPTables</h4></div></div></div><div class="para">
+ You can create <code class="command">iptables</code> rules to route traffic to certain machines, such as a dedicated HTTP or FTP server, in a <em class="firstterm">demilitarized zone</em> (<acronym class="acronym">DMZ</acronym>). A <acronym class="acronym">DMZ</acronym> is a special local subnetwork dedicated to providing services on a public carrier, such as the Internet.
+ </div><div class="para">
+ For example, to set a rule for routing incoming HTTP requests to a dedicated HTTP server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT uses the <code class="computeroutput">PREROUTING</code> table to forward the packets to the appropriate destination:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.4.2:80</pre><div class="para">
+ With this command, all HTTP connections to port 80 from outside of the LAN are routed to the HTTP server on a network separate from the rest of the internal network. This form of network segmentation can prove safer than allowing HTTP connections to a machine on the network.
+ </div><div class="para">
+ If the HTTP server is configured to accept secure connections, then port 443 must be forwarded as well.
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Malicious Software and Spoofed IP Addresses</h3></div></div></div><div class="para">
+ More elaborate rules can be created that control access to specific subnets, or even specific nodes, within a LAN. You can also restrict certain dubious applications or programs such as trojans, worms, and other client/server viruses from contacting their server.
+ </div><div class="para">
+ For example, some trojans scan networks for services on ports from 31337 to 31340 (called the <span class="emphasis"><em>elite</em></span> ports in cracking terminology).
+ </div><div class="para">
+ Since there are no legitimate services that communicate via these non-standard ports, blocking them can effectively diminish the chances that potentially infected nodes on your network independently communicate with their remote master servers.
+ </div><div class="para">
+ The following rules drop all TCP traffic that attempts to use port 31337:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
+[root at myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP</pre><div class="para">
+ You can also block outside connections that attempt to spoof private IP address ranges to infiltrate your LAN.
+ </div><div class="para">
+ For example, if your LAN uses the 192.168.1.0/24 range, you can design a rule that instructs the Internet-facing network device (for example, eth0) to drop any packets to that device with an address in your LAN IP range.
+ </div><div class="para">
+ Because it is recommended to reject forwarded packets as a default policy, any other spoofed IP address to the external-facing device (eth0) is rejected automatically.
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ There is a distinction between the <code class="computeroutput">DROP</code> and <code class="computeroutput">REJECT</code> targets when dealing with <span class="emphasis"><em>appended</em></span> rules.
+ </div><div class="para">
+ The <code class="computeroutput">REJECT</code> target denies access and returns a <code class="computeroutput">connection refused</code> error to users who attempt to connect to the service. The <code class="computeroutput">DROP</code> target, as the name implies, drops the packet without any warning.
+ </div><div class="para">
+ Administrators can use their own discretion when using these targets. However, to avoid user confusion and attempts to continue connecting, the <code class="computeroutput">REJECT</code> target is recommended.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables and Connection Tracking</h3></div></div></div><div class="para">
+ You can inspect and restrict connections to services based on their <em class="firstterm">connection state.</em> A module within <code class="command">iptables</code> uses a method called <em class="firstterm">connection tracking</em> to store information about incoming connections. You can allow or deny access based on the following connection states:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — A packet requesting a new connection, such as an HTTP request.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — A packet that is part of an existing connection.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — A packet that is requesting a new connection but is part of an existing connection. For example, FTP uses port 21 to establish a connection, but data is transferred on a different port (typically port 20).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — A packet that is not part of any connections in the connection tracking table.
+ </div></li></ul></div><div class="para">
+ You can use the stateful functionality of <code class="command">iptables</code> connection tracking with any network protocol, even if the protocol itself is stateless (such as UDP). The following example shows a rule that uses connection tracking to forward only the packets that are associated with an established connection:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</pre></div><div class="section" id="sect-Security_Guide-Firewalls-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</h3></div></div></div><div class="para">
+ The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier networks that are IPv6 aware are therefore able to address a larger number of routable addresses than IPv4.
+ </div><div class="para">
+ Fedora supports IPv6 firewall rules using the Netfilter 6 subsystem and the <code class="command">ip6tables</code> command. In Fedora 12, both IPv4 and IPv6 services are enabled by default.
+ </div><div class="para">
+ The <code class="command">ip6tables</code> command syntax is identical to <code class="command">iptables</code> in every aspect except that it supports 128-bit addresses. For example, use the following command to enable SSH connections on an IPv6-aware network server:
+ </div><pre class="screen">[root at myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT</pre><div class="para">
+ For more information about IPv6 networking, refer to the IPv6 Information Page at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Firewalls-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Additional Resources</h3></div></div></div><div class="para">
+ There are several aspects to firewalls and the Linux Netfilter subsystem that could not be covered in this chapter. For more information, refer to the following resources.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">3.8.9.1. Installed Firewall Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-IPTables">Section 3.9, “IPTables”</a> for more detailed information on the <code class="command">iptables</code> command, including definitions for many command options.
+ </div></li><li class="listitem"><div class="para">
+ The <code class="command">iptables</code> man page contains a brief summary of the various options.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">3.8.9.2. Useful Firewall Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The official homepage of the Netfilter and <code class="command">iptables</code> project.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.tldp.org/">http://www.tldp.org/</a> — The Linux Documentation Project contains several useful guides relating to firewall creation and administration.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.iana.org/assignments/port-numbers">http://www.iana.org/assignments/port-numbers</a> — The official list of registered and common service ports as assigned by the Internet Assigned Numbers Authority.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">3.8.9.3. Related Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Red Hat Linux Firewalls</em>, by Bill McCarty; Red Hat Press — a comprehensive reference to building network and server firewalls using open source packet filtering technology such as Netfilter and <code class="command">iptables</code>. It includes topics that cover analyzing firewall logs, developing firewall rules, and customizing your firewall using various graphical tools.
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Linux Firewalls</em>, by Robert Ziegler; New Riders Press — contains a wealth of information on building firewalls using both 2.2 kernel <code class="command">ipchains</code> as well as Netfilter and <code class="command">iptables</code>. Additional security topics such as remote access issues and intrusion detection systems are also covered.
+ </div></li></ul></div></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-IPTables" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-IPTables">3.9. IPTables</h2></div></div></div><div class="para">
+ Included with Fedora are advanced tools for network <em class="firstterm">packet filtering</em> — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Kernel versions prior to 2.4 relied on <code class="command">ipchains</code> for packet filtering and used lists of rules applied to packets at each step of the filtering process. The 2.4 kernel introduced <code class="command">iptables</code> (also called <em class="firstterm">netfilter</em>), which is similar to <code class="command">ipchains</code> but greatly expands the scope and control available for filtering network packets.
+ </div><div class="para">
+ This chapter focuses on packet filtering basics, explains various options available with <code class="command">iptables</code> commands, and explains how filtering rules can be preserved between system reboots.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-IPTables-Additional_Resources">Section 3.9.6, “Additional Resources”</a> for instructions on how to construct <code class="command">iptables</code> rules and setting up a firewall based on these rules.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The default firewall mechanism in the 2.4 and later kernels is <code class="command">iptables</code>, but <code class="command">iptables</code> cannot be used if <code class="command">ipchains</code> is already running. If <code class="command">ipchains</code> is present at boot time, the kernel issues an error and fails to start <code class="command">iptables</code>.
+ </div><div class="para">
+ The functionality of <code class="command">ipchains</code> is not affected by these errors.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables-Packet_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Packet Filtering</h3></div></div></div><div class="para">
+ The Linux kernel uses the <span class="application"><strong>Netfilter</strong></span> facility to filter packets, allowing some of them to be received by or pass through the system while stopping others. This facility is built in to the Linux kernel, and has three built-in <em class="firstterm">tables</em> or <em class="firstterm">rules lists</em>, as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">filter</code> — The default table for handling network packets.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">nat</code> — Used to alter packets that create a new connection and used for <em class="firstterm">Network Address Translation</em> (<em class="firstterm">NAT</em>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">mangle</code> — Used for specific types of packet alteration.
+ </div></li></ul></div><div class="para">
+ Each table has a group of built-in <em class="firstterm">chains</em>, which correspond to the actions performed on the packet by <code class="command">netfilter</code>.
+ </div><div class="para">
+ The built-in chains for the <code class="option">filter</code> table are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Applies to network packets that are targeted for the host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Applies to locally-generated network packets.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Applies to network packets routed through the host.
+ </div></li></ul></div><div class="para">
+ The built-in chains for the <code class="option">nat</code> table are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Alters network packets when they arrive.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Alters locally-generated network packets before they are sent out.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Alters network packets before they are sent out.
+ </div></li></ul></div><div class="para">
+ The built-in chains for the <code class="option">mangle</code> table are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Alters network packets targeted for the host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Alters locally-generated network packets before they are sent out.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Alters network packets routed through the host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Alters incoming network packets before they are routed.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Alters network packets before they are sent out.
+ </div></li></ul></div><div class="para">
+ Every network packet received by or sent from a Linux system is subject to at least one table. However, a packet may be subjected to multiple rules within each table before emerging at the end of the chain. The structure and purpose of these rules may vary, but they usually seek to identify a packet coming from or going to a particular IP address, or set of addresses, when using a particular protocol and network service.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ By default, firewall rules are saved in the <code class="filename">/etc/sysconfig/iptables</code> or <code class="filename">/etc/sysconfig/ip6tables</code> files.
+ </div><div class="para">
+ The <code class="command">iptables</code> service starts before any DNS-related services when a Linux system is booted. This means that firewall rules can only reference numeric IP addresses (for example, 192.168.0.1). Domain names (for example, host.example.com) in such rules produce errors.
+ </div></div></div><div class="para">
+ Regardless of their destination, when packets match a particular rule in one of the tables, a <em class="firstterm">target</em> or action is applied to them. If the rule specifies an <code class="command">ACCEPT</code> target for a matching packet, the packet skips the rest of the rule checks and is allowed to continue to its destination. If a rule specifies a <code class="command">DROP</code> target, that packet is refused access to the system and nothing is sent back to the host that sent the packet. If a rule specifies a <code class="command">QUEUE</code> target, the packet is passed to user-space. If a rule specifies the optional <code class="command">REJECT</code> target, the packet is dropped, but an error packet is sent to the packet's originator.
+ </div><div class="para">
+ Every chain has a default policy to <code class="command">ACCEPT</code>, <code class="command">DROP</code>, <code class="command">REJECT</code>, or <code class="command">QUEUE</code>. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy.
+ </div><div class="para">
+ The <code class="command">iptables</code> command configures these tables, as well as sets up new tables if necessary.
+ </div></div><div class="section" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Command Options for IPTables</h3></div></div></div><div class="para">
+ Rules for filtering packets are created using the <code class="command">iptables</code> command. The following aspects of the packet are most often used as criteria:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Type</em></span> — Specifies the type of packets the command filters.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Source/Destination</em></span> — Specifies which packets the command filters based on the source or destination of the packet.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Target</em></span> — Specifies what action is taken on packets matching the above criteria.
+ </div></li></ul></div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">Section 3.9.2.4, “IPTables Match Options”</a> and <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Target_Options">Section 3.9.2.5, “Target Options”</a> for more information about specific options that address these aspects of a packet.
+ </div><div class="para">
+ The options used with specific <code class="command">iptables</code> rules must be grouped logically, based on the purpose and conditions of the overall rule, for the rule to be valid. The remainder of this section explains commonly-used options for the <code class="command">iptables</code> command.
+ </div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options">3.9.2.1. Structure of IPTables Command Options</h4></div></div></div><div class="para">
+ Many <code class="command">iptables</code> commands have the following structure:
+ </div><pre class="screen"><code class="computeroutput"> iptables [-t <em class="replaceable"><code><table-name></code></em>] <em class="replaceable"><code><command></code></em> <em class="replaceable"><code><chain-name></code></em> \ <em class="replaceable"><code><parameter-1></code></em> <em class="replaceable"><code><option-1></code></em> \ <em class="replaceable"><code><parameter-n></code></em> <em class="replaceable"><code><option-n></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><table-name></code></em> — Specifies which table the rule applies to. If omitted, the <code class="option">filter</code> table is used.
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — Specifies the action to perform, such as appending or deleting a rule.
+ </div><div class="para">
+ <em class="replaceable"><code><chain-name></code></em> — Specifies the chain to edit, create, or delete.
+ </div><div class="para">
+ <em class="replaceable"><code><parameter>-<option></code></em> pairs — Parameters and associated options that specify how to process a packet that matches the rule.
+ </div><div class="para">
+ The length and complexity of an <code class="command">iptables</code> command can change significantly, based on its purpose.
+ </div><div class="para">
+ For example, a command to remove a rule from a chain can be very short:
+ </div><div class="para">
+ <code class="command">iptables -D <em class="replaceable"><code><chain-name> <line-number></code></em></code>
+ </div><div class="para">
+ In contrast, a command that adds a rule which filters packets from a particular subnet using a variety of specific parameters and options can be rather long. When constructing <code class="command">iptables</code> commands, it is important to remember that some parameters and options require further parameters and options to construct a valid rule. This can produce a cascading effect, with the further parameters requiring yet more parameters. Until every parameter and option that requires another set of options is satisfied, the rule is not valid.
+ </div><div class="para">
+ Type <code class="command">iptables -h</code> to view a comprehensive list of <code class="command">iptables</code> command structures.
+ </div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">3.9.2.2. Command Options</h4></div></div></div><div class="para">
+ Command options instruct <code class="command">iptables</code> to perform a specific action. Only one command option is allowed per <code class="command">iptables</code> command. With the exception of the help command, all commands are written in upper-case characters.
+ </div><div class="para">
+ The <code class="command">iptables</code> commands are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-A</code> — Appends the rule to the end of the specified chain. Unlike the <code class="option">-I</code> option described below, it does not take an integer argument. It always appends the rule to the end of the specified chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-C</code> — Checks a particular rule before adding it to the user-specified chain. This command can help you construct complex <code class="command">iptables</code> rules by prompting you for additional parameters and options.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-D <integer> | <rule></code> — Deletes a rule in a particular chain by number (such as <code class="option">5</code> for the fifth rule in a chain), or by rule specification. The rule specification must exactly match an existing rule.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-E</code> — Renames a user-defined chain. A user-defined chain is any chain other than the default, pre-existing chains. (Refer to the <code class="option">-N</code> option, below, for information on creating user-defined chains.) This is a cosmetic change and does not affect the structure of the table.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ If you attempt to rename one of the default chains, the system reports a <code class="computeroutput">Match not found</code> error. You cannot rename the default chains.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-F</code> — Flushes the selected chain, which effectively deletes every rule in the chain. If no chain is specified, this command flushes every rule from every chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-h</code> — Provides a list of command structures, as well as a quick summary of command parameters and options.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-I [<integer>]</code> — Inserts the rule in the specified chain at a point specified by a user-defined integer argument. If no argument is specified, the rule is inserted at the top of the chain.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ As noted above, the order of rules in a chain determines which rules apply to which packets. This is important to remember when adding rules using either the <code class="option">-A</code> or <code class="option">-I</code> option.
+ </div><div class="para">
+ This is especially important when adding rules using the <code class="option">-I</code> with an integer argument. If you specify an existing number when adding a rule to a chain, <code class="command">iptables</code> adds the new rule <span class="emphasis"><em>before</em></span> (or above) the existing rule.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-L</code> — Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default <code class="option">filter</code> table, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table:
+ </div><pre class="screen"><code class="computeroutput"> iptables -L <em class="replaceable"><code><chain-name></code></em> -t <em class="replaceable"><code><table-name></code></em></code></pre><div class="para">
+ Additional options for the <code class="option">-L</code> command option, which provide rule numbers and allow more verbose rule descriptions, are described in <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">Section 3.9.2.6, “Listing Options”</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-N</code> — Creates a new chain with a user-specified name. The chain name must be unique, otherwise an error message is displayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-P</code> — Sets the default policy for the specified chain, so that when packets traverse an entire chain without matching a rule, they are sent to the specified target, such as ACCEPT or DROP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-R</code> — Replaces a rule in the specified chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-X</code> — Deletes a user-specified chain. You cannot delete a built-in chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-Z</code> — Sets the byte and packet counters in all chains for a table to zero.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">3.9.2.3. IPTables Parameter Options</h4></div></div></div><div class="para">
+ Certain <code class="command">iptables</code> commands, including those used to add, append, delete, insert, or replace rules within a particular chain, require various parameters to construct a packet filtering rule.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-c</code> — Resets the counters for a particular rule. This parameter accepts the <code class="option">PKTS</code> and <code class="option">BYTES</code> options to specify which counter to reset.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-d</code> — Sets the destination hostname, IP address, or network of a packet that matches the rule. When matching a network, the following IP address/netmask formats are supported:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M.M.M.M</code></em></code> — Where <em class="replaceable"><code>N.N.N.N</code></em> is the IP address range and <em class="replaceable"><code>M.M.M.M</code></em> is the netmask.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M</code></em></code> — Where <em class="replaceable"><code>N.N.N.N</code></em> is the IP address range and <em class="replaceable"><code>M</code></em> is the bitmask.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">-f</code> — Applies this rule only to fragmented packets.
+ </div><div class="para">
+ You can use the exclamation point character (<code class="option">!</code>) option after this parameter to specify that only unfragmented packets are matched.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Distinguishing between fragmented and unfragmented packets is desirable, despite fragmented packets being a standard part of the IP protocol.
+ </div><div class="para">
+ Originally designed to allow IP packets to travel over networks with differing frame sizes, these days fragmentation is more commonly used to generate DoS attacks using mal-formed packets. It's also worth noting that IPv6 disallows fragmentation entirely.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-i</code> — Sets the incoming network interface, such as <code class="option">eth0</code> or <code class="option">ppp0</code>. With <code class="command">iptables</code>, this optional parameter may only be used with the INPUT and FORWARD chains when used with the <code class="option">filter</code> table and the PREROUTING chain with the <code class="option">nat</code> and <code class="option">mangle</code> tables.
+ </div><div class="para">
+ This parameter also supports the following special options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Exclamation point character (<code class="option">!</code>) — Reverses the directive, meaning any specified interfaces are excluded from this rule.
+ </div></li><li class="listitem"><div class="para">
+ Plus character (<code class="option">+</code>) — A wildcard character used to match all interfaces that match the specified string. For example, the parameter <code class="option">-i eth+</code> would apply this rule to any Ethernet interfaces but exclude any other interfaces, such as <code class="option">ppp0</code>.
+ </div></li></ul></div><div class="para">
+ If the <code class="option">-i</code> parameter is used but no interface is specified, then every interface is affected by the rule.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-j</code> — Jumps to the specified target when a packet matches a particular rule.
+ </div><div class="para">
+ The standard targets are <code class="option">ACCEPT</code>, <code class="option">DROP</code>, <code class="option">QUEUE</code>, and <code class="option">RETURN</code>.
+ </div><div class="para">
+ Extended options are also available through modules loaded by default with the Fedora <code class="command">iptables</code> RPM package. Valid targets in these modules include <code class="option">LOG</code>, <code class="option">MARK</code>, and <code class="option">REJECT</code>, among others. Refer to the <code class="command">iptables</code> man page for more information about these and other targets.
+ </div><div class="para">
+ This option can also be used to direct a packet matching a particular rule to a user-defined chain outside of the current chain so that other rules can be applied to the packet.
+ </div><div class="para">
+ If no target is specified, the packet moves past the rule with no action taken. The counter for this rule, however, increases by one.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-o</code> — Sets the outgoing network interface for a rule. This option is only valid for the OUTPUT and FORWARD chains in the <code class="option">filter</code> table, and the POSTROUTING chain in the <code class="option">nat</code> and <code class="option">mangle</code> tables. This parameter accepts the same options as the incoming network interface parameter (<code class="option">-i</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-p <protocol></code> — Sets the IP protocol affected by the rule. This can be either <code class="option">icmp</code>, <code class="option">tcp</code>, <code class="option">udp</code>, or <code class="option">all</code>, or it can be a numeric value, representing one of these or a different protocol. You can also use any protocols listed in the <code class="filename">/etc/protocols</code> file.
+ </div><div class="para">
+ The "<code class="option">all</code>" protocol means the rule applies to every supported protocol. If no protocol is listed with this rule, it defaults to "<code class="option">all</code>".
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-s</code> — Sets the source for a particular packet using the same syntax as the destination (<code class="option">-d</code>) parameter.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">3.9.2.4. IPTables Match Options</h4></div></div></div><div class="para">
+ Different network protocols provide specialized matching options which can be configured to match a particular packet using that protocol. However, the protocol must first be specified in the <code class="command">iptables</code> command. For example, <code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> enables options for the specified protocol. Note that you can also use the protocol ID, instead of the protocol name. Refer to the following examples, each of which have the same effect:
+ </div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code></pre><pre class="screen"><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code></pre><div class="para">
+ Service definitions are provided in the <code class="filename">/etc/services</code> file. For readability, it is recommended that you use the service names rather than the port numbers.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Secure the <code class="filename">/etc/services</code> file to prevent unauthorized editing. If this file is editable, crackers can use it to enable ports on your machine you have otherwise closed. To secure this file, type the following commands as root:
+ </div><pre class="screen">
+[root at myServer ~]# chown root.root /etc/services
+[root at myServer ~]# chmod 0644 /etc/services
+[root at myServer ~]# chattr +i /etc/services</pre><div class="para">
+ This prevents the file from being renamed, deleted or having links made to it.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol">3.9.2.4.1. TCP Protocol</h5></div></div></div><div class="para">
+ These match options are available for the TCP protocol (<code class="option">-p tcp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Sets the destination port for the packet.
+ </div><div class="para">
+ To configure this option, use a network service name (such as www or smtp); a port number; or a range of port numbers.
+ </div><div class="para">
+ To specify a range of port numbers, separate the two numbers with a colon (<code class="option">:</code>). For example: <code class="option">-p tcp --dport 3000:3200</code>. The largest acceptable valid range is <code class="option">0:65535</code>.
+ </div><div class="para">
+ Use an exclamation point character (<code class="option">!</code>) after the <code class="option">--dport</code> option to match all packets that <span class="emphasis"><em>do not</em></span> use that network service or port.
+ </div><div class="para">
+ To browse the names and aliases of network services and the port numbers they use, view the <code class="filename">/etc/services</code> file.
+ </div><div class="para">
+ The <code class="option">--destination-port</code> match option is synonymous with <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Sets the source port of the packet using the same options as <code class="option">--dport</code>. The <code class="option">--source-port</code> match option is synonymous with <code class="option">--sport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--syn</code> — Applies to all TCP packets designed to initiate communication, commonly called <em class="firstterm">SYN packets</em>. Any packets that carry a data payload are not touched.
+ </div><div class="para">
+ Use an exclamation point character (<code class="option">!</code>) after the <code class="option">--syn</code> option to match all non-SYN packets.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-flags <tested flag list> <set flag list></code> — Allows TCP packets that have specific bits (flags) set, to match a rule.
+ </div><div class="para">
+ The <code class="option">--tcp-flags</code> match option accepts two parameters. The first parameter is the mask; a comma-separated list of flags to be examined in the packet. The second parameter is a comma-separated list of flags that must be set for the rule to match.
+ </div><div class="para">
+ The possible flags are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ACK</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">FIN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PSH</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RST</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SYN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">URG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ALL</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NONE</code>
+ </div></li></ul></div><div class="para">
+ For example, an <code class="command">iptables</code> rule that contains the following specification only matches TCP packets that have the SYN flag set and the ACK and FIN flags not set:
+ </div><div class="para">
+ <code class="command">--tcp-flags ACK,FIN,SYN SYN</code>
+ </div><div class="para">
+ Use the exclamation point character (<code class="option">!</code>) after the <code class="option">--tcp-flags</code> to reverse the effect of the match option.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-option</code> — Attempts to match with TCP-specific options that can be set within a particular packet. This match option can also be reversed with the exclamation point character (<code class="option">!</code>).
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">3.9.2.4.2. UDP Protocol</h5></div></div></div><div class="para">
+ These match options are available for the UDP protocol (<code class="option">-p udp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Specifies the destination port of the UDP packet, using the service name, port number, or range of port numbers. The <code class="option">--destination-port</code> match option is synonymous with <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Specifies the source port of the UDP packet, using the service name, port number, or range of port numbers. The <code class="option">--source-port</code> match option is synonymous with <code class="option">--sport</code>.
+ </div></li></ul></div><div class="para">
+ For the <code class="option">--dport</code> and <code class="option">--sport</code> options, to specify a range of port numbers, separate the two numbers with a colon (:). For example: <code class="option">-p tcp --dport 3000:3200</code>. The largest acceptable valid range is 0:65535.
+ </div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">3.9.2.4.3. ICMP Protocol</h5></div></div></div><div class="para">
+ The following match options are available for the Internet Control Message Protocol (ICMP) (<code class="option">-p icmp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--icmp-type</code> — Sets the name or number of the ICMP type to match with the rule. A list of valid ICMP names can be retrieved by typing the <code class="command">iptables -p icmp -h</code> command.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">3.9.2.4.4. Additional Match Option Modules</h5></div></div></div><div class="para">
+ Additional match options are available through modules loaded by the <code class="command">iptables</code> command.
+ </div><div class="para">
+ To use a match option module, load the module by name using the <code class="option">-m <em class="replaceable"><code><module-name></code></em></code>, where <em class="replaceable"><code><module-name></code></em> is the name of the module.
+ </div><div class="para">
+ Many modules are available by default. You can also create modules to provide additional functionality.
+ </div><div class="para">
+ The following is a partial list of the most commonly used modules:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">limit</code> module — Places limits on how many packets are matched to a particular rule.
+ </div><div class="para">
+ When used in conjunction with the <code class="command">LOG</code> target, the <code class="option">limit</code> module can prevent a flood of matching packets from filling up the system log with repetitive messages or using up system resources.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Target_Options">Section 3.9.2.5, “Target Options”</a> for more information about the <code class="command">LOG</code> target.
+ </div><div class="para">
+ The <code class="option">limit</code> module enables the following options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--limit</code> — Sets the maximum number of matches for a particular time period, specified as a <code class="option"><em class="replaceable"><code><value>/<period></code></em></code> pair. For example, using <code class="option">--limit 5/hour</code> allows five rule matches per hour.
+ </div><div class="para">
+ Periods can be specified in seconds, minutes, hours, or days.
+ </div><div class="para">
+ If a number and time modifier are not used, the default value of <code class="option">3/hour</code> is assumed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--limit-burst</code> — Sets a limit on the number of packets able to match a rule at one time.
+ </div><div class="para">
+ This option is specified as an integer and should be used in conjunction with the <code class="option">--limit</code> option.
+ </div><div class="para">
+ If no value is specified, the default value of five (5) is assumed.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">state</code> module — Enables state matching.
+ </div><div class="para">
+ The <code class="option">state</code> module enables the following options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--state</code> — match a packet with the following connection states:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — The matching packet is associated with other packets in an established connection. You need to accept this state if you want to maintain a connection between a client and a server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — The matching packet cannot be tied to a known connection.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — The matching packet is either creating a new connection or is part of a two-way connection not previously seen. You need to accept this state if you want to allow new connections to a service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — The matching packet is starting a new connection related in some way to an existing connection. An example of this is FTP, which uses one connection for control traffic (port 21), and a separate connection for data transfer (port 20).
+ </div></li></ul></div><div class="para">
+ These connection states can be used in combination with one another by separating them with commas, such as <code class="option">-m state --state INVALID,NEW</code>.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">mac</code> module — Enables hardware MAC address matching.
+ </div><div class="para">
+ The <code class="option">mac</code> module enables the following option:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--mac-source</code> — Matches a MAC address of the network interface card that sent the packet. To exclude a MAC address from a rule, place an exclamation point character (<code class="option">!</code>) after the <code class="option">--mac-source</code> match option.
+ </div></li></ul></div></li></ul></div><div class="para">
+ Refer to the <code class="command">iptables</code> man page for more match options available through modules.
+ </div></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">3.9.2.5. Target Options</h4></div></div></div><div class="para">
+ When a packet has matched a particular rule, the rule can direct the packet to a number of different targets which determine the appropriate action. Each chain has a default target, which is used if none of the rules on that chain match a packet or if none of the rules which match the packet specify a target.
+ </div><div class="para">
+ The following are the standard targets:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code><user-defined-chain></code></em></code> — A user-defined chain within the table. User-defined chain names must be unique. This target passes the packet to the specified chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ACCEPT</code> — Allows the packet through to its destination or to another chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DROP</code> — Drops the packet without responding to the requester. The system that sent the packet is not notified of the failure.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">QUEUE</code> — The packet is queued for handling by a user-space application.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RETURN</code> — Stops checking the packet against rules in the current chain. If the packet with a <code class="option">RETURN</code> target matches a rule in a chain called from another chain, the packet is returned to the first chain to resume rule checking where it left off. If the <code class="option">RETURN</code> rule is used on a built-in chain and the packet cannot move up to its previous chain, the default target for the current chain is used.
+ </div></li></ul></div><div class="para">
+ In addition, extensions are available which allow other targets to be specified. These extensions are called target modules or match option modules and most only apply to specific tables and situations. Refer to <a class="xref" href="#sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">Section 3.9.2.4.4, “Additional Match Option Modules”</a> for more information about match option modules.
+ </div><div class="para">
+ Many extended target modules exist, most of which only apply to specific tables or situations. Some of the most popular target modules included by default in Fedora are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">LOG</code> — Logs all packets that match this rule. Because the packets are logged by the kernel, the <code class="filename">/etc/syslog.conf</code> file determines where these log entries are written. By default, they are placed in the <code class="filename">/var/log/messages</code> file.
+ </div><div class="para">
+ Additional options can be used after the <code class="option">LOG</code> target to specify the way in which logging occurs:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--log-level</code> — Sets the priority level of a logging event. Refer to the <code class="filename">syslog.conf</code> man page for a list of priority levels.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-ip-options</code> — Logs any options set in the header of an IP packet.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-prefix</code> — Places a string of up to 29 characters before the log line when it is written. This is useful for writing syslog filters for use in conjunction with packet logging.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Due to an issue with this option, you should add a trailing space to the <em class="replaceable"><code>log-prefix</code></em> value.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-options</code> — Logs any options set in the header of a TCP packet.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-sequence</code> — Writes the TCP sequence number for the packet in the log.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">REJECT</code> — Sends an error packet back to the remote system and drops the packet.
+ </div><div class="para">
+ The <code class="option">REJECT</code> target accepts <code class="option">--reject-with <em class="replaceable"><code><type></code></em></code> (where <em class="replaceable"><code><type></code></em> is the rejection type) allowing more detailed information to be returned with the error packet. The message <code class="computeroutput">port-unreachable</code> is the default error type given if no other option is used. Refer to the <code class="command">iptables</code> man page for a full list of <code class="option"><em class="replaceable"><code><type></code></em></code> options.
+ </div></li></ul></div><div class="para">
+ Other target extensions, including several that are useful for IP masquerading using the <code class="option">nat</code> table, or with packet alteration using the <code class="option">mangle</code> table, can be found in the <code class="command">iptables</code> man page.
+ </div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">3.9.2.6. Listing Options</h4></div></div></div><div class="para">
+ The default list command, <code class="command">iptables -L [<chain-name>]</code>, provides a very basic overview of the default filter table's current chains. Additional options provide more information:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-v</code> — Displays verbose output, such as the number of packets and bytes each chain has processed, the number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-x</code> — Expands numbers into their exact values. On a busy system, the number of packets and bytes processed by a particular chain or rule may be abbreviated to <code class="computeroutput">Kilobytes</code>, <code class="computeroutput">Megabytes</code> (Megabytes) or <code class="computeroutput">Gigabytes</code>. This option forces the full number to be displayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-n</code> — Displays IP addresses and port numbers in numeric format, rather than the default hostname and network service format.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--line-numbers</code> — Lists rules in each chain next to their numeric order in the chain. This option is useful when attempting to delete the specific rule in a chain or to locate where to insert a rule within a chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-t <table-name></code> — Specifies a table name. If omitted, defaults to the filter table.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Saving IPTables Rules</h3></div></div></div><div class="para">
+ Rules created with the <code class="command">iptables</code> command are stored in memory. If the system is restarted before saving the <code class="command">iptables</code> rule set, all rules are lost. For netfilter rules to persist through a system reboot, they need to be saved. To save netfilter rules, type the following command as root:
+ </div><pre class="screen"><code class="command">/usr/libexec/iptables.init save </code></pre><div class="para">
+ This executes the <code class="command">iptables</code> init script, which runs the <code class="command">/sbin/iptables-save</code> program and writes the current <code class="command">iptables</code> configuration to <code class="filename">/etc/sysconfig/iptables</code>. The existing <code class="filename">/etc/sysconfig/iptables</code> file is saved as <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ The next time the system boots, the <code class="command">iptables</code> init script reapplies the rules saved in <code class="filename">/etc/sysconfig/iptables</code> by using the <code class="command">/sbin/iptables-restore</code> command.
+ </div><div class="para">
+ While it is always a good idea to test a new <code class="command">iptables</code> rule before committing it to the <code class="filename">/etc/sysconfig/iptables</code> file, it is possible to copy <code class="command">iptables</code> rules into this file from another system's version of this file. This provides a quick way to distribute sets of <code class="command">iptables</code> rules to multiple machines.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ If distributing the <code class="filename">/etc/sysconfig/iptables</code> file to other machines, type <code class="command">/sbin/service iptables restart</code> for the new rules to take effect.
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Note the difference between the <code class="command">iptables</code> <span class="emphasis"><em>command</em></span> (<code class="command">/sbin/iptables</code>), which is used to manipulate the tables and chains that constitute the <code class="command">iptables</code> functionality, and the <code class="command">iptables</code> <span class="emphasis"><em>service</em></span> (<code class="command">/sbin/iptables service</code>), which is used to enable and disable the <code class="command">iptables</code> service itself.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables Control Scripts</h3></div></div></div><div class="para">
+ There are two basic methods for controlling <code class="command">iptables</code> in Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="application"><strong>Firewall Administration Tool</strong></span> (<code class="command">system-config-firewall</code>) — A graphical interface for creating, activating, and saving basic firewall rules. Refer to <a class="xref" href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">Section 3.8.2, “Basic Firewall Configuration”</a> for more information.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/service iptables <em class="replaceable"><code><option></code></em></code> — Used to manipulate various functions of <code class="command">iptables</code> using its initscript. The following options are available:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">start</code> — If a firewall is configured (that is, <code class="filename">/etc/sysconfig/iptables</code> exists), all running <code class="command">iptables</code> are stopped completely and then started using the <code class="command">/sbin/iptables-restore</code> command. This option only works if the <code class="command">ipchains</code> kernel module is not loaded. To check if this module is loaded, type the following command as root:
+ </div><pre class="screen"><code class="command"> [root at MyServer ~]# lsmod | grep ipchains </code></pre><div class="para">
+ If this command returns no output, it means the module is not loaded. If necessary, use the <code class="command">/sbin/rmmod</code> command to remove the module.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">stop</code> — If a firewall is running, the firewall rules in memory are flushed, and all iptables modules and helpers are unloaded.
+ </div><div class="para">
+ If the <code class="command">IPTABLES_SAVE_ON_STOP</code> directive in the <code class="filename">/etc/sysconfig/iptables-config</code> configuration file is changed from its default value to <code class="command">yes</code>, current rules are saved to <code class="filename">/etc/sysconfig/iptables</code> and any existing rules are moved to the file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Section 3.9.4.1, “IPTables Control Scripts Configuration File”</a> for more information about the <code class="filename">iptables-config</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">restart</code> — If a firewall is running, the firewall rules in memory are flushed, and the firewall is started again if it is configured in <code class="filename">/etc/sysconfig/iptables</code>. This option only works if the <code class="command">ipchains</code> kernel module is not loaded.
+ </div><div class="para">
+ If the <code class="command">IPTABLES_SAVE_ON_RESTART</code> directive in the <code class="filename">/etc/sysconfig/iptables-config</code> configuration file is changed from its default value to <code class="command">yes</code>, current rules are saved to <code class="filename">/etc/sysconfig/iptables</code> and any existing rules are moved to the file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Refer to <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Section 3.9.4.1, “IPTables Control Scripts Configuration File”</a> for more information about the <code class="filename">iptables-config</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">status</code> — Displays the status of the firewall and lists all active rules.
+ </div><div class="para">
+ The default configuration for this option displays IP addresses in each rule. To display domain and hostname information, edit the <code class="filename">/etc/sysconfig/iptables-config</code> file and change the value of <code class="command">IPTABLES_STATUS_NUMERIC</code> to <code class="command">no</code>. Refer to <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Section 3.9.4.1, “IPTables Control Scripts Configuration File”</a> for more information about the <code class="filename">iptables-config</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">panic</code> — Flushes all firewall rules. The policy of all configured tables is set to <code class="command">DROP</code>.
+ </div><div class="para">
+ This option could be useful if a server is known to be compromised. Rather than physically disconnecting from the network or shutting down the system, you can use this option to stop all further network traffic but leave the machine in a state ready for analysis or other forensics.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">save</code> — Saves firewall rules to <code class="filename">/etc/sysconfig/iptables</code> using <code class="command">iptables-save</code>. Refer to <a class="xref" href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">Section 3.9.3, “Saving IPTables Rules”</a> for more information.
+ </div></li></ul></div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ To use the same initscript commands to control netfilter for IPv6, substitute <code class="command">ip6tables</code> for <code class="command">iptables</code> in the <code class="command">/sbin/service</code> commands listed in this section. For more information about IPv6 and netfilter, refer to <a class="xref" href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">Section 3.9.5, “IPTables and IPv6”</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">3.9.4.1. IPTables Control Scripts Configuration File</h4></div></div></div><div class="para">
+ The behavior of the <code class="command">iptables</code> initscripts is controlled by the <code class="filename">/etc/sysconfig/iptables-config</code> configuration file. The following is a list of directives contained in this file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES</code> — Specifies a space-separated list of additional <code class="command">iptables</code> modules to load when a firewall is activated. These can include connection tracking and NAT helpers.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES_UNLOAD</code> — Unloads modules on restart and stop. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — The default value. This option must be set to achieve a correct state for a firewall restart or stop.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — This option should only be set if there are problems unloading the netfilter modules.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_STOP</code> — Saves current firewall rules to <code class="filename">/etc/sysconfig/iptables</code> when the firewall is stopped. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Saves existing rules to <code class="filename">/etc/sysconfig/iptables</code> when the firewall is stopped, moving the previous version to the <code class="filename">/etc/sysconfig/iptables.save</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — The default value. Does not save existing rules when the firewall is stopped.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_RESTART</code> — Saves current firewall rules when the firewall is restarted. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Saves existing rules to <code class="filename">/etc/sysconfig/iptables</code> when the firewall is restarted, moving the previous version to the <code class="filename">/etc/sysconfig/iptables.save</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — The default value. Does not save existing rules when the firewall is restarted.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_COUNTER</code> — Saves and restores all packet and byte counters in all chains and rules. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Saves the counter values.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — The default value. Does not save the counter values.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_STATUS_NUMERIC</code> — Outputs IP addresses in numeric form instead of domain or hostnames. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — The default value. Returns only IP addresses within a status output.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Returns domain or hostnames within a status output.
+ </div></li></ul></div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-IPTables-IPTables_and_IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables and IPv6</h3></div></div></div><div class="para">
+ The <span class="application"><strong>iptables</strong></span> package includes support for the next-generation IPv6 Internet protocol. The command used to manipulate the IPv6 netfilter is <code class="command">ip6tables</code>.
+ </div><div class="para">
+ Most directives for this command are identical to those used for <code class="command">iptables</code>, except the <code class="command">nat</code> table is not yet supported. This means that it is not yet possible to perform IPv6 network address translation tasks, such as masquerading and port forwarding.
+ </div><div class="para">
+ Rules for <code class="command">ip6tables</code> are saved in the <code class="filename">/etc/sysconfig/ip6tables</code> file. Previous rules saved by the <code class="command">ip6tables</code> initscripts are saved in the <code class="filename">/etc/sysconfig/ip6tables.save</code> file.
+ </div><div class="para">
+ Configuration options for the <code class="command">ip6tables</code> init script are stored in <code class="filename">/etc/sysconfig/ip6tables-config</code>, and the names for each directive vary slightly from their <code class="command">iptables</code> counterparts.
+ </div><div class="para">
+ For example, the <code class="filename">iptables-config</code> directive <code class="command">IPTABLES_MODULES</code>:the equivalent in the <code class="filename">ip6tables-config</code> file is <code class="command">IP6TABLES_MODULES</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPTables-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Additional Resources</h3></div></div></div><div class="para">
+ Refer to the following sources for additional information on packet filtering with <code class="command">iptables</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Firewalls">Section 3.8, “Firewalls”</a> — Contains a chapter about the role of firewalls within an overall security strategy as well as strategies for constructing firewall rules.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation">3.9.6.1. Installed IP Tables Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man iptables</code> — Contains a description of <code class="command">iptables</code> as well as a comprehensive list of targets, options, and match extensions.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">3.9.6.2. Useful IP Tables Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The home of the netfilter/iptables project. Contains assorted information about <code class="command">iptables</code>, including a FAQ addressing specific problems and various helpful guides by Rusty Russell, the Linux IP firewall maintainer. The HOWTO documents on the site cover subjects such as basic networking concepts, kernel packet filtering, and NAT configurations.
+ </div></li></ul></div></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm88604832" href="#idm88604832" class="para">11</a>] </sup>
+ Since system BIOSes differ between manufacturers, some may not support password protection of either type, while others may support one type but not the other.
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm82596208" href="#idm82596208" class="para">12</a>] </sup>
+ GRUB also accepts unencrypted passwords, but it is recommended that an MD5 hash be used for added security.
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm64009136" href="#idm64009136" class="para">13</a>] </sup>
+ This access is still subject to the restrictions imposed by SELinux, if it is enabled.
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm84172928" href="#idm84172928" class="para">14</a>] </sup>
+ A system where both the client and the server share a common key that is used to encrypt and decrypt network communication.
+ </div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Encryption" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Data at Rest</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. File Based Encryption</a></span></dt></dl></dd><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">4.2. Data in Motion</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="#Security_Guide-Enc
ryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS Disk Encryption</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip Encrypted Archives</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">4.2.5. Using GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></div><div class="para">
+ There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Data_at_Rest"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">4.1. Data at Rest</h2></div></div></div><div class="para">
+ Data at rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This information's biggest threat comes from being physically stolen. Laptops in airports, CDs going through the mail, and backup tapes that get left in the wrong places are all examples of events where data can be compromised through theft. If the data was encrypted on the media then you wouldn't have to worry as much about the data being compromised.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Full Disk Encryption</h3></div></div></div><div class="para">
+ Full disk or partition encryption is one of the best ways of protecting your data. Not only is each file protected but also the temporary storage that may contain parts of these files is also protected. Full disk encryption will protect all of your files so you don't have to worry about selecting what you want to protect and possibly missing a file.
+ </div><div class="para">
+ Fedora 9, and later, natively supports LUKS Encryption. LUKS will bulk encrypt your hard drive partitions so that while your computer is off your data is protected. This will also protect your computer from attackers attempting to use single-user-mode to login to your computer or otherwise gain access.
+ </div><div class="para">
+ Full disk encryption solutions like LUKS only protect the data when your computer is off. Once the computer is on and LUKS has decrypted the disk, the files on that disk are available to anyone who would normally have access to them. To protect your files when the computer is on, use full disk encryption in combination with another solution such as file based encryption. Also remember to lock your computer whenever you are away from it. A passphrase protected screen saver set to activate after a few minutes of inactivity is a good way to keep intruders out.
+ </div></div><div class="section" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. File Based Encryption</h3></div></div></div><div class="para">
+ GnuPG (GPG) is an open source version of PGP that allows you to sign and/or encrypt a file or an email message. This is useful to maintain integrity of the message or file and also protects the confidentiality of the information contained within the file or email. In the case of email, GPG provides dual protection. Not only can it provide Data at Rest protection but also Data In Motion protection once the message has been sent across the network.
+ </div><div class="para">
+ File based encryption is intended to protect a file after it has left your computer, such as when you send a CD through the mail. Some file based encryption solutions will leave remnants of the encrypted files that an attacker who has physical access to your computer can recover under some circumstances. To protect the contents of those files from attackers who may have access to your computer, use file based encryption combined with another solution such as full disk encryption.
+ </div></div></div><div class="section" id="Security_Guide-Encryption-Data_in_Motion"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">4.2. Data in Motion</h2></div></div></div><div class="para">
+ Data in motion is data that is being transmitted over a network. The biggest threats to data in motion are interception and alteration. Your user name and password should never be transmitted over a network without protection as it could be intercepted and used by someone else to impersonate you or gain access to sensitive information. Other private information such as bank account information should also be protected when transmitted across a network. If the network session was encrypted then you would not have to worry as much about the data being compromised while it is being transmitted.
+ </div><div class="para">
+ Data in motion is particularly vulnerable to attackers because the attacker does not have to be near the computer in which the data is being stored rather they only have to be somewhere along the path. Encryption tunnels can protect data along the path of communications.
+ </div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</h3></div></div></div><div class="para">
+ Organizations with several satellite offices often connect to each other with dedicated lines for efficiency and protection of sensitive data in transit. For example, many businesses use frame relay or <em class="firstterm">Asynchronous Transfer Mode</em> (<acronym class="acronym">ATM</acronym>) lines as an end-to-end networking solution to link one office with others. This can be an expensive proposition, especially for small to medium sized businesses (<acronym class="acronym">SMB</acronym>s) that want to expand without paying the high costs associated with enterprise-level, dedicated digital circuits.
+ </div><div class="para">
+ To address this need, <em class="firstterm">Virtual Private Networks</em> (<abbr class="abbrev">VPN</abbr>s) were developed. Following the same functional principles as dedicated circuits, <abbr class="abbrev">VPN</abbr>s allow for secured digital communication between two parties (or networks), creating a <em class="firstterm">Wide Area Network</em> (<acronym class="acronym">WAN</acronym>) from existing <em class="firstterm">Local Area Networks</em> (<acronym class="acronym">LAN</acronym>s). Where it differs from frame relay or ATM is in its transport medium. <abbr class="abbrev">VPN</abbr>s transmit over IP using datagrams as the transport layer, making it a secure conduit through the Internet to an intended destination. Most free software <abbr class="abbrev">VPN</abbr> implementations incorporate open standard encryption methods to further mask data in transit.
+ </div><div class="para">
+ Some organizations employ hardware <abbr class="abbrev">VPN</abbr> solutions to augment security, while others use software or protocol-based implementations. Several vendors provide hardware <abbr class="abbrev">VPN</abbr> solutions, such as Cisco, Nortel, IBM, and Checkpoint. There is a free software-based <abbr class="abbrev">VPN</abbr> solution for Linux called FreeS/Wan that utilizes a standardized <em class="firstterm">Internet Protocol Security</em> (<abbr class="abbrev">IPsec</abbr>) implementation. These <abbr class="abbrev">VPN</abbr> solutions, irrespective of whether they are hardware or software based, act as specialized routers that exist between the IP connection from one office to another.
+ </div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">4.2.1.1. How Does a VPN Work?</h4></div></div></div><div class="para">
+ When a packet is transmitted from a client, it sends it through the <abbr class="abbrev">VPN</abbr> router or gateway, which adds an <em class="firstterm">Authentication Header</em> (<abbr class="abbrev">AH</abbr>) for routing and authentication. The data is then encrypted and, finally, enclosed with an <em class="firstterm">Encapsulating Security Payload</em> (<abbr class="abbrev">ESP</abbr>). This latter constitutes the decryption and handling instructions.
+ </div><div class="para">
+ The receiving <abbr class="abbrev">VPN</abbr> router strips the header information, decrypts the data, and routes it to its intended destination (either a workstation or other node on a network). Using a network-to-network connection, the receiving node on the local network receives the packets already decrypted and ready for processing. The encryption/decryption process in a network-to-network <abbr class="abbrev">VPN</abbr> connection is transparent to a local node.
+ </div><div class="para">
+ With such a heightened level of security, an attacker must not only intercept a packet, but decrypt the packet as well. Intruders who employ a man-in-the-middle attack between a server and client must also have access to at least one of the private keys for authenticating sessions. Because they employ several layers of authentication and encryption, <abbr class="abbrev">VPN</abbr>s are a secure and effective means of connecting multiple remote nodes to act as a unified intranet.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">4.2.1.2. VPNs and Fedora</h4></div></div></div><div class="para">
+ Fedora provides various options in terms of implementing a software solution to securely connect to a <acronym class="acronym">WAN</acronym>. <em class="firstterm">Internet Protocol Security</em> (<acronym class="acronym">IPsec</acronym>) is the supported <abbr class="abbrev">VPN</abbr> implementation for Fedora, and sufficiently addresses the usability needs of organizations with branch offices or remote users.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">4.2.1.3. IPsec</h4></div></div></div><div class="para">
+ Fedora supports <abbr class="abbrev">IPsec</abbr> for connecting remote hosts and networks to each other using a secure tunnel on a common carrier network such as the Internet. <abbr class="abbrev">IPsec</abbr> can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> to another) configuration.
+ </div><div class="para">
+ The <abbr class="abbrev">IPsec</abbr> implementation in Fedora uses <em class="firstterm">Internet Key Exchange</em> (<em class="firstterm">IKE</em>), a protocol implemented by the Internet Engineering Task Force (<acronym class="acronym">IETF</acronym>), used for mutual authentication and secure associations between connecting systems.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">4.2.1.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</h4></div></div></div><div class="para">
+ An <abbr class="abbrev">IPsec</abbr> connection is split into two logical phases. In phase 1, an <abbr class="abbrev">IPsec</abbr> node initializes the connection with the remote node or network. The remote node or network checks the requesting node's credentials and both parties negotiate the authentication method for the connection.
+ </div><div class="para">
+ On Fedora systems, an <abbr class="abbrev">IPsec</abbr> connection uses the <em class="firstterm">pre-shared key</em> method of <abbr class="abbrev">IPsec</abbr> node authentication. In a pre-shared key <abbr class="abbrev">IPsec</abbr> connection, both hosts must use the same key in order to move to Phase 2 of the <abbr class="abbrev">IPsec</abbr> connection.
+ </div><div class="para">
+ Phase 2 of the <abbr class="abbrev">IPsec</abbr> connection is where the <em class="firstterm">Security Association</em> (<acronym class="acronym">SA</acronym>) is created between <abbr class="abbrev">IPsec</abbr> nodes. This phase establishes an <abbr class="abbrev">SA</abbr> database with configuration information, such as the encryption method, secret session key exchange parameters, and more. This phase manages the actual <abbr class="abbrev">IPsec</abbr> connection between remote nodes and networks.
+ </div><div class="para">
+ The Fedora implementation of <abbr class="abbrev">IPsec</abbr> uses IKE for sharing keys between hosts across the Internet. The <code class="command">racoon</code> keying daemon handles the IKE key distribution and exchange. Refer to the <code class="command">racoon</code> man page for more information about this daemon.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">4.2.1.5. IPsec Installation</h4></div></div></div><div class="para">
+ Implementing <abbr class="abbrev">IPsec</abbr> requires that the <code class="filename">ipsec-tools</code> RPM package be installed on all <abbr class="abbrev">IPsec</abbr> hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the <abbr class="abbrev">IPsec</abbr> connection, including:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/setkey</code> — manipulates the key management and security attributes of <abbr class="abbrev">IPsec</abbr> in the kernel. This executable is controlled by the <code class="command">racoon</code> key management daemon. Refer to the <code class="command">setkey</code>(8) man page for more information.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/racoon</code> — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> — the <code class="command">racoon</code> daemon configuration file used to configure various aspects of the <abbr class="abbrev">IPsec</abbr> connection, including authentication methods and encryption algorithms used in the connection. Refer to the <code class="filename">racoon.conf</code>(5) man page for a complete listing of available directives.
+ </div></li></ul></div><div class="para">
+ To configure <abbr class="abbrev">IPsec</abbr> on Fedora, you can use the <span class="application"><strong>Network Administration Tool</strong></span>, or manually edit the networking and <abbr class="abbrev">IPsec</abbr> configuration files.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ To connect two network-connected hosts via IPsec, refer to <a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">Section 4.2.1.6, “IPsec Host-to-Host Configuration”</a>.
+ </div></li><li class="listitem"><div class="para">
+ To connect one <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> to another via IPsec, refer to <a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Section 4.2.1.7, “IPsec Network-to-Network Configuration”</a>.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">4.2.1.6. IPsec Host-to-Host Configuration</h4></div></div></div><div class="para">
+ IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of <abbr class="abbrev">IPsec</abbr> on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and Fedora to create the <abbr class="abbrev">IPsec</abbr> connection.
+ </div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">4.2.1.6.1. Host-to-Host Connection</h5></div></div></div><div class="para">
+ A host-to-host <abbr class="abbrev">IPsec</abbr> connection is an encrypted connection between two systems, both running <abbr class="abbrev">IPsec</abbr> with the same authentication key. With the <abbr class="abbrev">IPsec</abbr> connection active, any network traffic between the two hosts is encrypted.
+ </div><div class="para">
+ To configure a host-to-host <abbr class="abbrev">IPsec</abbr> connection, use the following steps for each host:
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You should perform the following procedures on the actual machine that you are configuring. Avoid attempting to configure and establish <abbr class="abbrev">IPsec</abbr> connections remotely.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In a command shell, type <code class="command">system-config-network</code> to start the <span class="application"><strong>Network Administration Tool</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>IPsec</strong></span> tab, click <span class="guibutton"><strong>New</strong></span> to start the <abbr class="abbrev">IPsec</abbr> configuration wizard.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to start configuring a host-to-host <abbr class="abbrev">IPsec</abbr> connection.
+ </div></li><li class="listitem"><div class="para">
+ Enter a unique name for the connection, for example, <strong class="userinput"><code>ipsec0</code></strong>. If required, select the check box to automatically activate the connection when the computer starts. Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ Select <span class="guilabel"><strong>Host to Host encryption</strong></span> as the connection type, and then click <span class="guibutton"><strong>Forward</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type"><div class="para">
+ Select the type of encryption to use: manual or automatic.
+ </div><div class="para">
+ If you select manual encryption, an encryption key must be provided later in the process. If you select automatic encryption, the <code class="command">racoon</code> daemon manages the encryption key. The <code class="filename">ipsec-tools</code> package must be installed if you want to use automatic encryption.
+ </div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ Enter the IP address of the remote host.
+ </div><div class="para">
+ To determine the IP address of the remote host, use the following command <span class="emphasis"><em>on the remote host</em></span>:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifconfig <em class="replaceable"><code><device></code></em></pre><div class="para">
+ where <em class="replaceable"><code><device></code></em> is the Ethernet device that you want to use for the <abbr class="abbrev">VPN</abbr> connection.
+ </div><div class="para">
+ If only one Ethernet card exists in the system, the device name is typically eth0. The following example shows the relevant information from this command (note that this is an example output only):
+ </div><pre class="screen">eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
+ inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0</pre><div class="para">
+ The IP address is the number following the <code class="computeroutput">inet addr:</code> label.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ For host-to-host connections, both hosts should have a public, routable address. Alternatively, both hosts can have a private, non-routable address (for example, from the 10.x.x.x or 192.168.x.x ranges) as long as they are on the same LAN.
+ </div><div class="para">
+ If the hosts are on different LANs, or one has a public address while the other has a private address, refer to <a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Section 4.2.1.7, “IPsec Network-to-Network Configuration”</a>.
+ </div></div></div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys"><div class="para">
+ If manual encryption was selected in step <a class="xref" href="#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type">6</a>, specify the encryption key to use, or click <span class="guibutton"><strong>Generate</strong></span> to create one.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Specify an authentication key or click <span class="guibutton"><strong>Generate</strong></span> to generate one. It can be any combination of numbers and letters.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li></ol></div></li><li class="listitem"><div class="para">
+ Verify the information on the <span class="guilabel"><strong>IPsec — Summary</strong></span> page, and then click <span class="guibutton"><strong>Apply</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Save</strong></span> to save the configuration.
+ </div><div class="para">
+ You may need to restart the network for the changes to take effect. To restart the network, use the following command:
+ </div><pre class="screen">[root at myServer ~]# service network restart</pre></li><li class="listitem"><div class="para">
+ Select the <abbr class="abbrev">IPsec</abbr> connection from the list and click the <span class="guibutton"><strong>Activate</strong></span> button.
+ </div></li><li class="listitem"><div class="para">
+ Repeat the entire procedure for the other host. It is essential that the same keys from step <a class="xref" href="#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys">8</a> be used on the other hosts. Otherwise, <abbr class="abbrev">IPsec</abbr> will not work.
+ </div></li></ol></div><div class="para">
+ After configuring the <abbr class="abbrev">IPsec</abbr> connection, it appears in the <abbr class="abbrev">IPsec</abbr> list as shown in <a class="xref" href="#figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection">Figure 4.1, “IPsec Connection”</a>.
+ </div><div class="figure" id="figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_host2host.png" width="444" alt="IPsec Connection" /><div class="longdesc"><div class="para">
+ IPsec Connection
+ </div></div></div></div><h6>Figure 4.1. IPsec Connection</h6></div><br class="figure-break" /><div class="para">
+ The following files are created when the <abbr class="abbrev">IPsec</abbr> connection is configured:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/ifcfg-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/keys-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/<em class="replaceable"><code><remote-ip></code></em>.conf</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/psk.txt</code>
+ </div></li></ul></div><div class="para">
+ If automatic encryption is selected, <code class="filename">/etc/racoon/racoon.conf</code> is also created.
+ </div><div class="para">
+ When the interface is up, <code class="filename">/etc/racoon/racoon.conf</code> is modified to include <code class="filename"><em class="replaceable"><code><remote-ip></code></em>.conf</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">4.2.1.6.2. Manual <abbr class="abbrev">IPsec</abbr> Host-to-Host Configuration</h5></div></div></div><div class="para">
+ The first step in creating a connection is to gather system and network information from each workstation. For a host-to-host connection, you need the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The IP address of each host
+ </div></li><li class="listitem"><div class="para">
+ A unique name, for example, <code class="computeroutput">ipsec1</code>. This is used to identify the <abbr class="abbrev">IPsec</abbr> connection and to distinguish it from other devices or connections.
+ </div></li><li class="listitem"><div class="para">
+ A fixed encryption key or one automatically generated by <code class="command">racoon</code>.
+ </div></li><li class="listitem"><div class="para">
+ A pre-shared authentication key that is used during the initial stage of the connection and to exchange encryption keys during the session.
+ </div></li></ul></div><div class="para">
+ For example, suppose Workstation A and Workstation B want to connect to each other through an <abbr class="abbrev">IPsec</abbr> tunnel. They want to connect using a pre-shared key with the value of <code class="computeroutput">Key_Value01</code>, and the users agree to let <code class="command">racoon</code> automatically generate and share an authentication key between each host. Both host users decide to name their connections <code class="computeroutput">ipsec1</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You should choose a PSK that uses a mixture of upper- and lower-case characters, numbers and punctuation. An easily-guessable PSK constitutes a security risk.
+ </div><div class="para">
+ It is not necessary to use the same connection name for each host. You should choose a name that is convenient and meaningful for your installation.
+ </div></div></div><div class="para">
+ The following is the <abbr class="abbrev">IPsec</abbr> configuration file for Workstation A for a host-to-host <abbr class="abbrev">IPsec</abbr> connection with Workstation B. The unique name to identify the connection in this example is <em class="replaceable"><code>ipsec1</code></em>, so the resulting file is called <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec1</code>.
+ </div><pre class="screen">DST=<em class="replaceable"><code>X.X.X.X</code></em>TYPE=IPSEC
+ONBOOT=no
+IKE_METHOD=PSK</pre><div class="para">
+ For Workstation A, <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of Workstation B. For Workstation B, <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of Workstation A. This connection is not set to initiate on boot-up (<code class="computeroutput">ONBOOT=no</code>) and it uses the pre-shared key method of authentication (<code class="computeroutput">IKE_METHOD=PSK</code>).
+ </div><div class="para">
+ The following is the content of the pre-shared key file (called <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec1</code>) that both workstations need to authenticate each other. The contents of this file should be identical on both workstations, and only the root user should be able to read or write this file.
+ </div><pre class="screen">IKE_PSK=Key_Value01</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ To change the <code class="filename">keys-ipsec1</code> file so that only the root user can read or edit the file, use the following command after creating the file:
+ </div><pre class="screen">[root at myServer ~] # chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ To change the authentication key at any time, edit the <code class="filename">keys-ipsec1</code> file on both workstations. <span class="emphasis"><em>Both authentication keys must be identical for proper connectivity</em></span>.
+ </div><div class="para">
+ The next example shows the specific configuration for the phase 1 connection to the remote host. The file is called <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code>, where <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of the remote <abbr class="abbrev">IPsec</abbr> host. Note that this file is automatically generated when the <abbr class="abbrev">IPsec</abbr> tunnel is activated and should not be edited directly.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ The default phase 1 configuration file that is created when an <abbr class="abbrev">IPsec</abbr> connection is initialized contains the following statements used by the Fedora implementation of IPsec:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">remote <em class="replaceable"><code>X.X.X.X</code></em></span></dt><dd><div class="para">
+ Specifies that the subsequent stanzas of this configuration file apply only to the remote node identified by the <em class="replaceable"><code>X.X.X.X</code></em> IP address.
+ </div></dd><dt class="varlistentry"><span class="term">exchange_mode aggressive</span></dt><dd><div class="para">
+ The default configuration for <abbr class="abbrev">IPsec</abbr> on Fedora uses an aggressive authentication mode, which lowers the connection overhead while allowing configuration of several <abbr class="abbrev">IPsec</abbr> connections with multiple hosts.
+ </div></dd><dt class="varlistentry"><span class="term">my_identifier address</span></dt><dd><div class="para">
+ Specifies the identification method to use when authenticating nodes. Fedora uses IP addresses to identify nodes.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des</span></dt><dd><div class="para">
+ Specifies the encryption cipher used during authentication. By default, <em class="firstterm">Triple Data Encryption Standard</em> (<acronym class="acronym">3DES</acronym>) is used.
+ </div></dd><dt class="varlistentry"><span class="term">hash_algorithm sha1;</span></dt><dd><div class="para">
+ Specifies the hash algorithm used during phase 1 negotiation between nodes. By default, Secure Hash Algorithm version 1 is used.
+ </div></dd><dt class="varlistentry"><span class="term">authentication_method pre_shared_key</span></dt><dd><div class="para">
+ Specifies the authentication method used during node negotiation. By default, Fedora uses pre-shared keys for authentication.
+ </div></dd><dt class="varlistentry"><span class="term">dh_group 2</span></dt><dd><div class="para">
+ Specifies the Diffie-Hellman group number for establishing dynamically-generated session keys. By default, modp1024 (group 2) is used.
+ </div></dd></dl></div><div class="section" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h6 class="title" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File">4.2.1.6.2.1. The Racoon Configuration File</h6></div></div></div><div class="para">
+ The <code class="filename">/etc/racoon/racoon.conf</code> files should be identical on all <abbr class="abbrev">IPsec</abbr> nodes <span class="emphasis"><em>except</em></span> for the <code class="command">include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</code> statement. This statement (and the file it references) is generated when the <abbr class="abbrev">IPsec</abbr> tunnel is activated. For Workstation A, the <em class="replaceable"><code>X.X.X.X</code></em> in the <code class="command">include</code> statement is Workstation B's IP address. The opposite is true of Workstation B. The following shows a typical <code class="filename">racoon.conf</code> file when the <abbr class="abbrev">IPsec</abbr> connection is activated.
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/X.X.X.X.conf";</pre><div class="para">
+ This default <code class="filename">racoon.conf</code> file includes defined paths for <abbr class="abbrev">IPsec</abbr> configuration, pre-shared key files, and certificates. The fields in <code class="computeroutput">sainfo anonymous</code> describe the phase 2 SA between the <abbr class="abbrev">IPsec</abbr> nodes — the nature of the <abbr class="abbrev">IPsec</abbr> connection (including the supported encryption algorithms used) and the method of exchanging keys. The following list defines the fields of phase 2:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">sainfo anonymous</span></dt><dd><div class="para">
+ Denotes that SA can anonymously initialize with any peer provided that the <abbr class="abbrev">IPsec</abbr> credentials match.
+ </div></dd><dt class="varlistentry"><span class="term">pfs_group 2</span></dt><dd><div class="para">
+ Defines the Diffie-Hellman key exchange protocol, which determines the method by which the <abbr class="abbrev">IPsec</abbr> nodes establish a mutual temporary session key for the second phase of <abbr class="abbrev">IPsec</abbr> connectivity. By default, the Fedora implementation of <abbr class="abbrev">IPsec</abbr> uses group 2 (or <code class="computeroutput">modp1024</code>) of the Diffie-Hellman cryptographic key exchange groups. Group 2 uses a 1024-bit modular exponentiation that prevents attackers from decrypting previous <abbr class="abbrev">IPsec</abbr> transmissions even if a private key is compromised.
+ </div></dd><dt class="varlistentry"><span class="term">lifetime time 1 hour</span></dt><dd><div class="para">
+ This parameter specifies the lifetime of an SA and can be quantified either by time or by bytes of data. The default Fedora implementation of <abbr class="abbrev">IPsec</abbr> specifies a one hour lifetime.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des, blowfish 448, rijndael</span></dt><dd><div class="para">
+ Specifies the supported encryption ciphers for phase 2. Fedora supports 3DES, 448-bit Blowfish, and Rijndael (the cipher used in the <em class="firstterm">Advanced Encryption Standard</em>, or <acronym class="acronym">AES</acronym>).
+ </div></dd><dt class="varlistentry"><span class="term">authentication_algorithm hmac_sha1, hmac_md5</span></dt><dd><div class="para">
+ Lists the supported hash algorithms for authentication. Supported modes are sha1 and md5 hashed message authentication codes (HMAC).
+ </div></dd><dt class="varlistentry"><span class="term">compression_algorithm deflate</span></dt><dd><div class="para">
+ Defines the Deflate compression algorithm for IP Payload Compression (IPCOMP) support, which allows for potentially faster transmission of IP datagrams over slow connections.
+ </div></dd></dl></div><div class="para">
+ To start the connection, use the following command on each host:
+ </div><pre class="screen">[root at myServer ~]# /sbin/ifup <nickname></pre><div class="para">
+ where <nickname> is the name you specified for the <abbr class="abbrev">IPsec</abbr> connection.
+ </div><div class="para">
+ To test the <abbr class="abbrev">IPsec</abbr> connection, run the <code class="command">tcpdump</code> utility to view the network packets being transfered between the hosts and verify that they are encrypted via IPsec. The packet should include an AH header and should be shown as ESP packets. ESP means it is encrypted. For example:
+ </div><pre class="screen">[root at myServer ~]# tcpdump -n -i eth0 host <targetSystem>
+
+IP 172.16.45.107 > 172.16.44.192: AH(spi=0x0954ccb6,seq=0xbb): ESP(spi=0x0c9f2164,seq=0xbb)</pre></div></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">4.2.1.7. IPsec Network-to-Network Configuration</h4></div></div></div><div class="para">
+ IPsec can also be configured to connect an entire network (such as a <acronym class="acronym">LAN</acronym> or <acronym class="acronym">WAN</acronym>) to a remote network using a network-to-network connection. A network-to-network connection requires the setup of <abbr class="abbrev">IPsec</abbr> routers on each side of the connecting networks to transparently process and route information from one node on a <acronym class="acronym">LAN</acronym> to a node on a remote <acronym class="acronym">LAN</acronym>. <a class="xref" href="#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection">Figure 4.2, “A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection”</a> shows a network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection.
+ </div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="A network-to-network IPsec tunneled connection" /><div class="longdesc"><div class="para">
+ A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection
+ </div></div></div></div><h6>Figure 4.2. A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection</h6></div><br class="figure-break" /><div class="para">
+ This diagram shows two separate <acronym class="acronym">LAN</acronym>s separated by the Internet. These <acronym class="acronym">LAN</acronym>s use <abbr class="abbrev">IPsec</abbr> routers to authenticate and initiate a connection using a secure tunnel through the Internet. Packets that are intercepted in transit would require brute-force decryption in order to crack the cipher protecting the packets between these <acronym class="acronym">LAN</acronym>s. The process of communicating from one node in the 192.168.1.0/24 IP range to another in the 192.168.2.0/24 range is completely transparent to the nodes as the processing, encryption/decryption, and routing of the <abbr class="abbrev">IPsec</abbr> packets are completely handled by the <abbr class="abbrev">IPsec</abbr> router.
+ </div><div class="para">
+ The information needed for a network-to-network connection include:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The externally-accessible IP addresses of the dedicated <abbr class="abbrev">IPsec</abbr> routers
+ </div></li><li class="listitem"><div class="para">
+ The network address ranges of the <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> served by the <abbr class="abbrev">IPsec</abbr> routers (such as 192.168.1.0/24 or 10.0.1.0/24)
+ </div></li><li class="listitem"><div class="para">
+ The IP addresses of the gateway devices that route the data from the network nodes to the Internet
+ </div></li><li class="listitem"><div class="para">
+ A unique name, for example, <code class="computeroutput">ipsec1</code>. This is used to identify the <abbr class="abbrev">IPsec</abbr> connection and to distinguish it from other devices or connections.
+ </div></li><li class="listitem"><div class="para">
+ A fixed encryption key or one automatically generated by <code class="command">racoon</code>
+ </div></li><li class="listitem"><div class="para">
+ A pre-shared authentication key that is used during the initial stage of the connection and to exchange encryption keys during the session.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection">4.2.1.7.1. Network-to-Network (<abbr class="abbrev">VPN</abbr>) Connection</h5></div></div></div><div class="para">
+ A network-to-network <abbr class="abbrev">IPsec</abbr> connection uses two <abbr class="abbrev">IPsec</abbr> routers, one for each network, through which the network traffic for the private subnets is routed.
+ </div><div class="para">
+ For example, as shown in <a class="xref" href="#figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec">Figure 4.3, “Network-to-Network IPsec”</a>, if the 192.168.1.0/24 private network sends network traffic to the 192.168.2.0/24 private network, the packets go through gateway0, to ipsec0, through the Internet, to ipsec1, to gateway1, and to the 192.168.2.0/24 subnet.
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> routers require publicly addressable IP addresses and a second Ethernet device connected to their respective private networks. Traffic only travels through an <abbr class="abbrev">IPsec</abbr> router if it is intended for another <abbr class="abbrev">IPsec</abbr> router with which it has an encrypted connection.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="Network-to-Network IPsec" /><div class="longdesc"><div class="para">
+ Network-to-Network IPsec
+ </div></div></div></div><h6>Figure 4.3. Network-to-Network IPsec</h6></div><br class="figure-break" /><div class="para">
+ Alternate network configuration options include a firewall between each IP router and the Internet, and an intranet firewall between each <abbr class="abbrev">IPsec</abbr> router and subnet gateway. The <abbr class="abbrev">IPsec</abbr> router and the gateway for the subnet can be one system with two Ethernet devices: one with a public IP address that acts as the <abbr class="abbrev">IPsec</abbr> router; and one with a private IP address that acts as the gateway for the private subnet. Each <abbr class="abbrev">IPsec</abbr> router can use the gateway for its private network or a public gateway to send the packets to the other <abbr class="abbrev">IPsec</abbr> router.
+ </div><div class="para">
+ Use the following procedure to configure a network-to-network <abbr class="abbrev">IPsec</abbr> connection:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In a command shell, type <code class="command">system-config-network</code> to start the <span class="application"><strong>Network Administration Tool</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>IPsec</strong></span> tab, click <span class="guibutton"><strong>New</strong></span> to start the <abbr class="abbrev">IPsec</abbr> configuration wizard.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to start configuring a network-to-network <abbr class="abbrev">IPsec</abbr> connection.
+ </div></li><li class="listitem"><div class="para">
+ Enter a unique nickname for the connection, for example, <strong class="userinput"><code>ipsec0</code></strong>. If required, select the check box to automatically activate the connection when the computer starts. Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ Select <span class="guilabel"><strong>Network to Network encryption (VPN)</strong></span> as the connection type, and then click <span class="guibutton"><strong>Forward</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n"><div class="para">
+ Select the type of encryption to use: manual or automatic.
+ </div><div class="para">
+ If you select manual encryption, an encryption key must be provided later in the process. If you select automatic encryption, the <code class="command">racoon</code> daemon manages the encryption key. The <code class="filename">ipsec-tools</code> package must be installed if you want to use automatic encryption.
+ </div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>Local Network</strong></span> page, enter the following information:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Local Network Address</strong></span> — The IP address of the device on the <abbr class="abbrev">IPsec</abbr> router connected to the private network.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Local Subnet Mask</strong></span> — The subnet mask of the local network IP address.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Local Network Gateway</strong></span> — The gateway for the private subnet.
+ </div></li></ul></div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Local_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_local.png" width="444" alt="Local Network Information" /><div class="longdesc"><div class="para">
+ Local Network Information
+ </div></div></div></div><h6>Figure 4.4. Local Network Information</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>Remote Network</strong></span> page, enter the following information:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote IP Address</strong></span> — The publicly addressable IP address of the <abbr class="abbrev">IPsec</abbr> router for the <span class="emphasis"><em>other</em></span> private network. In our example, for ipsec0, enter the publicly addressable IP address of ipsec1, and vice versa.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote Network Address</strong></span> — The network address of the private subnet behind the <span class="emphasis"><em>other</em></span> <abbr class="abbrev">IPsec</abbr> router. In our example, enter <strong class="userinput"><code>192.168.1.0</code></strong> if configuring ipsec1, and enter <strong class="userinput"><code>192.168.2.0</code></strong> if configuring ipsec0.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote Subnet Mask</strong></span> — The subnet mask of the remote IP address.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote Network Gateway</strong></span> — The IP address of the gateway for the remote network address.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys-n"><div class="para">
+ If manual encryption was selected in step <a class="xref" href="#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n">6</a>, specify the encryption key to use or click <span class="guibutton"><strong>Generate</strong></span> to create one.
+ </div><div class="para">
+ Specify an authentication key or click <span class="guibutton"><strong>Generate</strong></span> to generate one. This key can be any combination of numbers and letters.
+ </div></li></ul></div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Remote_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_remote.png" width="444" alt="Remote Network Information" /><div class="longdesc"><div class="para">
+ Remote Network Information
+ </div></div></div></div><h6>Figure 4.5. Remote Network Information</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ Verify the information on the <span class="guilabel"><strong>IPsec — Summary</strong></span> page, and then click <span class="guibutton"><strong>Apply</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Select <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Save</strong></span> to save the configuration.
+ </div></li><li class="listitem"><div class="para">
+ Select the <abbr class="abbrev">IPsec</abbr> connection from the list, and then click <span class="guibutton"><strong>Activate</strong></span> to activate the connection.
+ </div></li><li class="listitem"><div class="para">
+ Enable IP forwarding:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Edit <code class="filename">/etc/sysctl.conf</code> and set <code class="computeroutput">net.ipv4.ip_forward</code> to <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Use the following command to enable the change:
+ </div><pre class="screen">[root at myServer ~]# /sbin/sysctl -p /etc/sysctl.conf</pre></li></ol></div></li></ol></div><div class="para">
+ The network script to activate the <abbr class="abbrev">IPsec</abbr> connection automatically creates network routes to send packets through the <abbr class="abbrev">IPsec</abbr> router if necessary.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">4.2.1.7.2. Manual <abbr class="abbrev">IPsec</abbr> Network-to-Network Configuration</h5></div></div></div><div class="para">
+ Suppose <acronym class="acronym">LAN</acronym> A (lana.example.com) and <acronym class="acronym">LAN</acronym> B (lanb.example.com) want to connect to each other through an <abbr class="abbrev">IPsec</abbr> tunnel. The network address for <acronym class="acronym">LAN</acronym> A is in the 192.168.1.0/24 range, while <acronym class="acronym">LAN</acronym> B uses the 192.168.2.0/24 range. The gateway IP address is 192.168.1.254 for <acronym class="acronym">LAN</acronym> A and 192.168.2.254 for <acronym class="acronym">LAN</acronym> B. The <abbr class="abbrev">IPsec</abbr> routers are separate from each <acronym class="acronym">LAN</acronym> gateway and use two network devices: eth0 is assigned to an externally-accessible static IP address which accesses the Internet, while eth1 acts as a routing point to process and transmit <acronym class="acronym">LAN</acronym> packets from one network node to the remote network nodes.
+ </div><div class="para">
+ The <abbr class="abbrev">IPsec</abbr> connection between each network uses a pre-shared key with the value of <code class="computeroutput">r3dh4tl1nux</code>, and the administrators of A and B agree to let <code class="command">racoon</code> automatically generate and share an authentication key between each <abbr class="abbrev">IPsec</abbr> router. The administrator of <acronym class="acronym">LAN</acronym> A decides to name the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec0</code>, while the administrator of <acronym class="acronym">LAN</acronym> B names the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec1</code>.
+ </div><div class="para">
+ The following example shows the contents of the <code class="filename">ifcfg</code> file for a network-to-network <abbr class="abbrev">IPsec</abbr> connection for <acronym class="acronym">LAN</acronym> A. The unique name to identify the connection in this example is <em class="replaceable"><code>ipsec0</code></em>, so the resulting file is called <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec0</code>.
+ </div><pre class="screen">TYPE=IPSEC
+ONBOOT=yes
+IKE_METHOD=PSK
+SRCGW=192.168.1.254
+DSTGW=192.168.2.254
+SRCNET=192.168.1.0/24
+DSTNET=192.168.2.0/24
+DST=<em class="replaceable"><code>X.X.X.X</code></em></pre><div class="para">
+ The following list describes the contents of this file:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">TYPE=IPSEC</span></dt><dd><div class="para">
+ Specifies the type of connection.
+ </div></dd><dt class="varlistentry"><span class="term">ONBOOT=yes</span></dt><dd><div class="para">
+ Specifies that the connection should initiate on boot-up.
+ </div></dd><dt class="varlistentry"><span class="term">IKE_METHOD=PSK</span></dt><dd><div class="para">
+ Specifies that the connection uses the pre-shared key method of authentication.
+ </div></dd><dt class="varlistentry"><span class="term">SRCGW=192.168.1.254</span></dt><dd><div class="para">
+ The IP address of the source gateway. For LAN A, this is the LAN A gateway, and for LAN B, the LAN B gateway.
+ </div></dd><dt class="varlistentry"><span class="term">DSTGW=192.168.2.254</span></dt><dd><div class="para">
+ The IP address of the destination gateway. For LAN A, this is the LAN B gateway, and for LAN B, the LAN A gateway.
+ </div></dd><dt class="varlistentry"><span class="term">SRCNET=192.168.1.0/24</span></dt><dd><div class="para">
+ Specifies the source network for the <abbr class="abbrev">IPsec</abbr> connection, which in this example is the network range for LAN A.
+ </div></dd><dt class="varlistentry"><span class="term">DSTNET=192.168.2.0/24</span></dt><dd><div class="para">
+ Specifies the destination network for the <abbr class="abbrev">IPsec</abbr> connection, which in this example is the network range for <acronym class="acronym">LAN</acronym> B.
+ </div></dd><dt class="varlistentry"><span class="term">DST=X.X.X.X</span></dt><dd><div class="para">
+ The externally-accessible IP address of <acronym class="acronym">LAN</acronym> B.
+ </div></dd></dl></div><div class="para">
+ The following example is the content of the pre-shared key file called <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec<em class="replaceable"><code>X</code></em></code> (where <em class="replaceable"><code>X</code></em> is 0 for <acronym class="acronym">LAN</acronym> A and 1 for <acronym class="acronym">LAN</acronym> B) that both networks use to authenticate each other. The contents of this file should be identical and only the root user should be able to read or write this file.
+ </div><pre class="screen">IKE_PSK=r3dh4tl1nux</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ To change the <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> file so that only the root user can read or edit the file, use the following command after creating the file:
+ </div><pre class="screen">chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ To change the authentication key at any time, edit the <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> file on both <abbr class="abbrev">IPsec</abbr> routers. <span class="emphasis"><em>Both keys must be identical for proper connectivity</em></span>.
+ </div><div class="para">
+ The following example is the contents of the <code class="filename">/etc/racoon/racoon.conf</code> configuration file for the <abbr class="abbrev">IPsec</abbr> connection. Note that the <code class="computeroutput">include</code> line at the bottom of the file is automatically generated and only appears if the <abbr class="abbrev">IPsec</abbr> tunnel is running.
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</pre><div class="para">
+ The following is the specific configuration for the connection to the remote network. The file is called <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> (where <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of the remote <abbr class="abbrev">IPsec</abbr> router). Note that this file is automatically generated when the <abbr class="abbrev">IPsec</abbr> tunnel is activated and should not be edited directly.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ Prior to starting the <abbr class="abbrev">IPsec</abbr> connection, IP forwarding should be enabled in the kernel. To enable IP forwarding:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Edit <code class="filename">/etc/sysctl.conf</code> and set <code class="computeroutput">net.ipv4.ip_forward</code> to <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Use the following command to enable the change:
+ </div><pre class="screen">[root at myServer ~] # sysctl -p /etc/sysctl.conf</pre></li></ol></div><div class="para">
+ To start the <abbr class="abbrev">IPsec</abbr> connection, use the following command on each router:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup ipsec0</pre><div class="para">
+ The connections are activated, and both <acronym class="acronym">LAN</acronym> A and <acronym class="acronym">LAN</acronym> B are able to communicate with each other. The routes are created automatically via the initialization script called by running <code class="command">ifup</code> on the <abbr class="abbrev">IPsec</abbr> connection. To show a list of routes for the network, use the following command:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ip route list</pre><div class="para">
+ To test the <abbr class="abbrev">IPsec</abbr> connection, run the <code class="command">tcpdump</code> utility on the externally-routable device (eth0 in this example) to view the network packets being transfered between the hosts (or networks), and verify that they are encrypted via IPsec. For example, to check the <abbr class="abbrev">IPsec</abbr> connectivity of <acronym class="acronym">LAN</acronym> A, use the following command:
+ </div><pre class="screen">[root at myServer ~] # tcpdump -n -i eth0 host <em class="replaceable"><code>lana.example.com</code></em></pre><div class="para">
+ The packet should include an AH header and should be shown as ESP packets. ESP means it is encrypted. For example (back slashes denote a continuation of one line):
+ </div><pre class="screen">12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \
+ lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \
+ (ipip-proto-4)</pre></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">4.2.1.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</h4></div></div></div><div class="para">
+ If the <abbr class="abbrev">IPsec</abbr> connection was not configured to activate on boot, you can control it from the command line.
+ </div><div class="para">
+ To start the connection, use the following command on each host for host-to-host IPsec, or each <abbr class="abbrev">IPsec</abbr> router for network-to-network IPsec:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup <em class="replaceable"><code><nickname></code></em></pre><div class="para">
+ where <em class="replaceable"><code><nickname></code></em> is the nickname configured earlier, such as <code class="computeroutput">ipsec0</code>.
+ </div><div class="para">
+ To stop the connection, use the following command:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifdown <em class="replaceable"><code><nickname></code></em></pre></div></div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</h3></div></div></div><div class="para">
+ Secure Shell (SSH) is a powerful network protocol used to communicate with another system over a secure channel. The transmissions over SSH are encrypted and protected from interception. Cryptographic log-on can also be utilized to provide a better authentication method over traditional usernames and passwords.
+ </div><div class="para">
+ SSH is very easy to activate. By simply starting the sshd service, the system will begin to accept connections and will allow access to the system when a correct username and password is provided during the connection process. The standard TCP port for the SSH service is 22, however this can be changed by modifying the configuration file <span class="emphasis"><em>/etc/ssh/sshd_config</em></span> and restarting the service. This file also contains other configuration options for SSH.
+ </div><div class="para">
+ Secure Shell (SSH) also provides encrypted tunnels between computers but only using a single port. <a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software">Port forwarding can be done over an SSH tunnel</a> and traffic will be encrypted as it passes over that tunnel but using port forwarding is not as fluid as a VPN.
+ </div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon">4.2.2.1. Cryptographic Logon</h4></div></div></div><div class="para">
+ SSH supports the use of cryptographic keys to login to a computer. This is much more secure than using a password and if setup properly could be considered multifactor authentication.
+ </div><div class="para">
+ A configuration change must occur before cryptographic logon can occur. In the file <code class="filename">/etc/ssh/sshd_config</code> uncomment and modify the following lines so that appear as such:
+<pre class="screen">PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys</pre>
+ The first line tells the SSH program to allow public key authentication. The second line points to a file in the home directory where the public key of authorized key pairs exists on the system.
+ </div><div class="para">
+ The next thing to do is to generate the ssh key pairs on the client you will use to connect to the system. The command <code class="command">ssh-keygen</code> will generate an RSA 2048-bit key set for logging into the system. The keys are stored, by default, in the <code class="filename">~/.ssh</code> directory. You can utilize the switch <code class="command">-b</code> to modify the bit-strength of the key. 2048-bits is probably okay but you can go up to, and possibly beyond, 8192-bit keys.
+ </div><div class="para">
+ In your <code class="filename">~/.ssh</code> directory you should see the two keys you just created. If you accepted the defaults when running the <code class="command">ssh-keygen</code> then your keys are named <code class="filename">id_rsa</code> and <code class="filename">id_rsa.pub</code>, the private and public keys. You should always protect the private key from exposure. The public key, however, needs to be transfered over to the system you are going to login to. Once you have it on your system the easiest way to add the key to the approved list is by:
+<pre class="screen">$ cat id_rsa.pub >> ~/.ssh/authorized_keys</pre>
+ This will append the public key to the authorized_key file. The <span class="application"><strong>SSH</strong></span> application will check this file when you attempt to login to the computer.
+ </div><div class="para">
+ Similarly to passwords and any other authentication mechanism, you should change your <span class="application"><strong>SSH</strong></span> keys regularly. When you do make sure you clean out any unused key from the authorized_key file.
+ </div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-LUKS_Disk_Encryption" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS Disk Encryption</h3></div></div></div><div class="para">
+ Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.
+ </div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">4.2.3.1. LUKS Implementation in Fedora</h4></div></div></div><div class="para">
+ Fedora 9, and later, utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt you hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings
+ </div><div class="para">
+ Fedora's default implementation of LUKS is AES 128 with a SHA256 hashing. Ciphers that are available are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ AES - Advanced Encryption Standard - <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">FIPS PUB 197</a>
+ </div></li><li class="listitem"><div class="para">
+ Twofish (A 128-bit Block Cipher)
+ </div></li><li class="listitem"><div class="para">
+ Serpent
+ </div></li><li class="listitem"><div class="para">
+ cast5 - <a href="http://www.ietf.org/rfc/rfc2144.txt">RFC 2144</a>
+ </div></li><li class="listitem"><div class="para">
+ cast6 - <a href="http://www.ietf.org/rfc/rfc2612.txt">RFC 2612</a>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">4.2.3.2. Manually Encrypting Directories</h4></div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Following this procedure will remove all data on the partition that you are encrypting. You WILL lose all your information! Make sure you backup your data to an external source before beginning this procedure!
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ This procedure uses <span class="package">scrub</span> to destroy the existing data on the partition and provide a random base for LUKS to use. This random base is important to prevent certain attacks against the cryptography. <span class="package">Scrub</span> is not installed by default and you will have to install it before use. Alternatively you may use another random number generator to accomplish the same thing.
+ </div></div></div><div class="para">
+ If you are running a version of Fedora prior to Fedora 9 and want to encrypt a partition, or you want to encrypt a partition after the installation of the current version of Fedora, the following directions are for you. The below example demonstrates encrypting your /home partition but any partition can be used.
+ </div><div class="para">
+ The following procedure will wipe all your existing data, so be sure to have a tested backup before you start. This also requires you to have a separate partition for /home (in my case that is /dev/VG00/LV_home). All the following must be done as root. Any of these steps failing means you must not continue until the step succeeded.
+ </div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">4.2.3.3. Step-by-Step Instructions</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ enter runlevel 1: <code class="code">telinit 1</code>
+ </div></li><li class="listitem"><div class="para">
+ Fill your partition with random data: <code class="code">scrub -p random /home</code>
+ </div></li><li class="listitem"><div class="para">
+ unmount your existing /home: <code class="code"> umount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ if it fails use <code class="code">fuser</code> to find and kill processes hogging /home: <code class="code">fuser -mvk /home</code>
+ </div></li><li class="listitem"><div class="para">
+ verify /home is not mounted any longer: <code class="code">cat /proc/mounts | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ initialize your partition: <code class="code">cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home</code>
+ </div></li><li class="listitem"><div class="para">
+ open the newly encrypted device: <code class="code">cryptsetup luksOpen /dev/VG00/LV_home home</code>
+ </div></li><li class="listitem"><div class="para">
+ check it's there: <code class="code">ls -l /dev/mapper | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ create a filesystem: <code class="code">mkfs.ext3 /dev/mapper/home</code>
+ </div></li><li class="listitem"><div class="para">
+ mount it: <code class="code">mount /dev/mapper/home /home</code>
+ </div></li><li class="listitem"><div class="para">
+ check it's visible: <code class="code">df -h | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ add the following to /etc/crypttab: <code class="code">home /dev/VG00/LV_home none</code>
+ </div></li><li class="listitem"><div class="para">
+ edit your /etc/fstab, removing the old entry for /home and adding <code class="code">/dev/mapper/home /home ext3 defaults 1 2</code>
+ </div></li><li class="listitem"><div class="para">
+ verify your fstab entry: <code class="code">mount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ restore default SELinux security contexts: <code class="code">/sbin/restorecon -v -R /home</code>
+ </div></li><li class="listitem"><div class="para">
+ reboot: <code class="code">shutdown -r now</code>
+ </div></li><li class="listitem"><div class="para">
+ The entry in /etc/crypttab makes your computer ask your <code class="code">luks</code> passphrase on boot
+ </div></li><li class="listitem"><div class="para">
+ Login as root and restore your backup
+ </div></li></ol></div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">4.2.3.4. What you have just accomplished.</h4></div></div></div><div class="para">
+ Congratulations, you now have an encrypted partition for all of your data to safely rest while the computer is off.
+ </div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">4.2.3.5. Links of Interest</h4></div></div></div><div class="para">
+ For additional information on LUKS or encrypting hard drives under Fedora please visit one of the following links:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="https://code.google.com/p/cryptsetup/">LUKS - Linux Unified Key Setup</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="https://bugzilla.redhat.com/attachment.cgi?id=161912">HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive, pvmove, and a Fedora LiveCD</a>
+ </div></li></ul></div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip Encrypted Archives</h3></div></div></div><div class="para">
+ <a href="http://www.7-zip.org/">7-Zip</a> is a cross-platform, next generation, file compression tool that can also use strong encryption (AES-256) to protect the contents of the archive. This is extremely useful when you need to move data between multiple computers that use varying operating systems (i.e. Linux at home, Windows at work) and you want a portable encryption solution.
+ </div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">4.2.4.1. 7-Zip Installation in Fedora</h4></div></div></div><div class="para">
+ 7-Zip is not a base package in Fedora, but it is available in the software repository. Once installed, the package will update alongside the rest of the software on the computer with no special attention necessary.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">4.2.4.2. Step-by-Step Installation Instructions</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Open a Terminal: <code class="code">Click Applications -> System Tools -> Terminal</code> or in GNOME 3: <code class="code">Activities -> Applications -> Terminal</code>
+ </div></li><li class="listitem"><div class="para">
+ Install 7-Zip with sudo access: <code class="code">sudo yum install p7zip</code>
+ </div></li><li class="listitem"><div class="para">
+ Close the Terminal: <code class="code">exit</code>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">4.2.4.3. Step-by-Step Usage Instructions</h4></div></div></div><div class="para">
+ By following these instructions you are going to compress and encrypt your "Documents" directory. Your original "Documents" directory will remain unaltered. This technique can be applied to any directory or file you have access to on the filesystem.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Open a Terminal:<code class="code">Click Applications -> System Tools -> Terminal</code>
+ </div></li><li class="listitem"><div class="para">
+ Compress and Encrypt: (enter a password when prompted) <code class="code">7za a -mhe=on -ms=on -p Documents.7z Documents/</code>
+ </div></li></ul></div><div class="para">
+ The "Documents" directory is now compressed and encrypted. The following instructions will move the encrypted archive somewhere new and then extract it.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Create a new directory: <code class="code">mkdir newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Move the encrypted file: <code class="code">mv Documents.7z newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Go to the new directory: <code class="code">cd newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Extract the file: (enter the password when prompted) <code class="code">7za x Documents.7z</code>
+ </div></li></ul></div><div class="para">
+ The archive is now extracted into the new location. The following instructions will clean up all the prior steps and restore your computer to its previous state.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Go up a directory: <code class="code">cd ..</code>
+ </div></li><li class="listitem"><div class="para">
+ Delete the test archive and test extraction: <code class="code">rm -r newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Close the Terminal: <code class="code">exit</code>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI">4.2.4.4. Creating a Secure 7-Zip Archive via the GUI</h4></div></div></div><div class="para">
+ 7-Zip archives can be extracted just like any other archive via the GUI, but creating a secure 7-Zip archive requires a few additional steps.
+ </div><div class="para">
+ By following these instructions you are going to compress and encrypt your "Documents" directory. Your original "Documents" directory will remain unaltered. This technique can be applied to any directory or file you have access to on the filesystem.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Open the file browser: Click Activities -> Files
+ </div></li><li class="listitem"><div class="para">
+ Right-Click on the "Documents" folder
+ </div></li><li class="listitem"><div class="para">
+ Select the "Compress" option
+ </div></li><li class="listitem"><div class="para">
+ Select ".7z" as the file extension
+ </div></li><li class="listitem"><div class="para">
+ Expand "Other Options"
+ </div></li><li class="listitem"><div class="para">
+ Check "Encrypt the file list too"
+ </div></li><li class="listitem"><div class="para">
+ Enter a password into the password field
+ </div></li><li class="listitem"><div class="para">
+ Click the "Create" button
+ </div></li></ul></div><div class="para">
+ You will now see a "Documents.7z" file appear in your home directory. If you try to open the file, you will be asked for the archive password before being shown the contents of the archive. The file will open once the correct password is supplied, and the archive can then be manipulated as usual. Deleting the "Documents.7z" file will conclude this exercise and return your computer to its previous state.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">4.2.4.5. Things of note</h4></div></div></div><div class="para">
+ 7-Zip is not shipped by default with Microsoft Windows or Mac OS X. If you need to use your 7-Zip files on those platforms you will need to install the appropriate version of 7-Zip on those computers. See the 7-Zip <a href="http://www.7-zip.org/download.html">download page</a>.
+ </div></div></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Encryption-Using_GPG" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG">4.2.5. Using GNU Privacy Guard (GnuPG)</h3></div></div></div><div class="para">
+ <span class="application"><strong>GnuPG</strong></span> (GPG) is used to identify yourself and authenticate your communications, including those with people you don't know. GPG allows anyone reading a GPG-signed email to verify its authenticity. In other words, GPG allows someone to be reasonably certain that communications signed by you actually are from you. GPG is useful because it helps prevent third parties from altering code or intercepting conversations and altering the message.
+ </div><div class="para">
+ GPG can also be used to sign and/or encrypt files kept on your computer or on a network drive. This can add additional protection in preventing a file from being altered or read by unauthorized people.
+ </div><div class="para">
+ To utilize GPG for authentication or encryption of email you must first generate your public and private keys. After generating the keys you will have to setup your email client to utilize them.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">4.2.5.1. Generating GPG Keys in GNOME</h4></div></div></div><div class="para">
+ The Seahorse utility makes GPG key management easier. You can install <span class="package">Seahorse</span> at the command line with the command <code class="code">su -c "yum install seahorse"</code> or in the GUI using <span class="application"><strong>Add/Remove Software</strong></span>.
+ </div><div class="para">
+ To create a key select <span class="application"><strong>Passwords and Keys</strong></span>, which starts the application <span class="application"><strong>Seahorse</strong></span>. From the <code class="code">File</code> menu select <code class="code">New</code> then <code class="code">PGP Key</code> then select <code class="code">Continue</code>. Type your full name, email address, and an optional comment describing who are you (e.g.: John C. Smith, jsmith at example.com, The Man). Select <code class="code">Create</code>. A dialog is displayed asking for a passphrase for the key. Choose a strong passphrase but also easy to remember. Click <code class="code">OK</code> and the key is created.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
+ </div></div></div><div class="para">
+ To find your GPG key ID, look in the Key ID column next to the newly created key. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x6789ABCD". You should make a backup of your private key and store it somewhere secure.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">4.2.5.2. Generating GPG Keys in KDE</h4></div></div></div><div class="para">
+ Start the KGpg program from the main menu by selecting Applications > Utilities > Encryption Tool. If you have never used KGpg before, the program walks you through the process of creating your own GPG keypair. A dialog box appears prompting you to create a new key pair. Enter your name, email address, and an optional comment. You can also choose an expiration time for your key, as well as the key strength (number of bits) and algorithms. The next dialog box prompts you for your passphrase. At this point, your key appears in the main <code class="code">KGpg</code> window.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
+ </div></div></div><div class="para">
+ To find your GPG key ID, look in the Key ID column next to the newly created key. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x6789ABCD". You should make a backup of your private key and store it somewhere secure.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">4.2.5.3. Generating GPG Keys Using the Command Line</h4></div></div></div><div class="para">
+ Use the following shell command: <code class="code">gpg --gen-key</code>
+ </div><div class="para">
+ This command generates a key pair that consists of a public and a private key. Other people use your public key to authenticate and/or decrypt your communications. Distribute your public key as widely as possible, especially to people who you know will want to receive authentic communications from you, such as a mailing list. The Fedora Documentation Project, for example, asks participants to include a GPG public key in their self-introduction.
+ </div><div class="para">
+ A series of prompts directs you through the process. Press the <code class="code">Enter</code> key to assign a default value if desired. The first prompt asks you to select what kind of key you prefer:
+ </div><div class="para">
+
+<pre class="screen">Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+ Your selection?</pre>
+ In almost all cases, the default is the correct choice. A RSA key allows you not only to sign communications, but also to encrypt files.
+ </div><div class="para">
+ Next, choose the key size:
+<pre class="screen">RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048)</pre>
+ Again, the default is sufficient for almost all users, and represents a strong level of security.
+ </div><div class="para">
+ Next, choose when the key will expire. It is a good idea to choose an expiration date instead of using the default, which is none. If, for example, the email address on the key becomes invalid, an expiration date will remind others to stop using that public key.
+ </div><div class="para">
+
+<pre class="screen">Please specify how long the key should be valid.
+ 0 = key does not expire
+ d = key expires in n days
+ w = key expires in n weeks
+ m = key expires in n months
+ y = key expires in n years
+ Key is valid for? (0)</pre>
+
+ </div><div class="para">
+ Entering a value of <code class="code">1y</code>, for example, makes the key valid for one year. (You may change this expiration date after the key is generated, if you change your mind.)
+ </div><div class="para">
+ Before the <code class="code">gpg</code>code> program asks for signature information, the following prompt appears: <code class="code">Is this correct (y/n)?</code> Enter <code class="code">y</code>code> to finish the process.
+ </div><div class="para">
+ Next, enter your name and email address. Remember this process is about authenticating you as a real individual. For this reason, include your real name. Do not use aliases or handles, since these disguise or obfuscate your identity.
+ </div><div class="para">
+ Enter your real email address for your GPG key. If you choose a bogus email address, it will be more difficult for others to find your public key. This makes authenticating your communications difficult. If you are using this GPG key for [[DocsProject/SelfIntroduction| self-introduction]] on a mailing list, for example, enter the email address you use on that list.
+ </div><div class="para">
+ Use the comment field to include aliases or other information. (Some people use different keys for different purposes and identify each key with a comment, such as "Office" or "Open Source Projects.")
+ </div><div class="para">
+ At the confirmation prompt, enter the letter O to continue if all entries are correct, or use the other options to fix any problems. Finally, enter a passphrase for your secret key. The <code class="code">gpg</code> program asks you to enter your passphrase twice to ensure you made no typing errors.
+ </div><div class="para">
+ Finally, <code class="code">gpg</code> generates random data to make your key as unique as possible. Move your mouse, type random keys, or perform other tasks on the system during this step to speed up the process. Once this step is finished, your keys are complete and ready to use:
+ </div><pre class="screen">
+pub 1024D/1B2AFA1C 2005-03-31 John Q. Doe (Fedora Docs Project) <jqdoe at example.com>
+Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
+sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+</pre><div class="para">
+ The key fingerprint is a shorthand "signature" for your key. It allows you to confirm to others that they have received your actual public key without any tampering. You do not need to write this fingerprint down. To display the fingerprint at any time, use this command, substituting your email address: <code class="code"> gpg --fingerprint jqdoe at example.com </code>
+ </div><div class="para">
+ Your "GPG key ID" consists of 8 hex digits identifying the public key. In the example above, the GPG key ID is 1B2AFA1C. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x1B2AFA1C".
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">4.2.5.4. Using GPG with Alpine</h4></div></div></div><div class="para">
+ If you are using the email client <span class="package">Alpine</span> or <span class="package">Pine</span> then you will also need to download and install <span class="package">ez-pine-gpg</span>. This software is currently available from <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a>. Once you have installed ez-pine-gpg you will need to modify your <code class="code">~/.pinerc</code> file. You need to:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ /home/username/bin should be replaced with the installation path that you specified.
+ </div></li><li class="listitem"><div class="para">
+ In two places, the gpg-identifier after _RECIPIENTS_ should be replaced with your GPG public key's identifier. The reason you include your own GPG identifier here is so that if you send an encrypted message to "Alice", that message is also encrypted with your public key -- if you don't do this, then you will not be able to open that message in your sent-mail folder and remind yourself of what you wrote.
+ </div></li></ol></div><div class="para">
+ It should look something like this:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">4.2.5.5. Using GPG with Evolution</h4></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">4.2.5.5.1. Configuring GPG for use with Evolution</h5></div></div></div><div class="para">
+ To configure GPG for use in <span class="application"><strong>Evolution</strong></span> select from the <span class="application"><strong>Evolution</strong></span> Main Menu, select Tools, Settings... In the left pane, select Mail Accounts. In the right pane, select the email account you use for Fedora Project correspondence. Then select the Edit button. The <span class="application"><strong>Evolution</strong></span> Account Editor dialog appears. Select the Security tab.
+ </div><div class="para">
+ In the PGP/GPG Key ID field, enter the GPG key ID matching this account's email address. If you are not sure what your key ID is, use this command: <code class="code">gpg --fingerprint EMAIL_ADDRESS</code>. The key ID is the same as the last eight characters (4 bytes) of the key fingerprint. It is a good idea to click the option Always encrypt to myself when sending encrypted mail. You may also want to select Always sign outgoing messages when using this account.
+ </div><div class="note"><div class="admonition_header"><h2>Notice</h2></div><div class="admonition"><div class="para">
+ If you do not mark public keys as trusted in your keyring, you will not be able to encrypt email to their owners unless you select the option Always trust keys in my keyring when encrypting. You will instead receive a dialog indicating that a trust check has failed.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">4.2.5.5.2. Verifying email with Evolution</h5></div></div></div><div class="para">
+ Evolution will automatically check any incoming GPG-signed messages for validity. If Evolution cannot GPG verify a message due to a missing public key (or tampering), it will end with a red banner. If the message is verified but you have not signed the key either locally or globally, the banner will be yellow. If the message is verified and you have signed the key, the banner will be green. When you click the seal icon, Evolution displays a dialog with more security information about the signature. To add a public key to your keyring, use the search function along with the key owner's email address: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>. To import the correct key, you may need to match the key ID with the information provided by Evolution.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">4.2.5.5.3. Signing and Encrypting email with Evolution</h5></div></div></div><div class="para">
+ Signing email allows the recipients to verify that the email actually came from you. The FDP (and the whole of the Fedora Project) encourage you to sign email to other participants, including on Fedora mailing lists. Encrypting email allows only your recipients to read your email. Please do not send encrypted email over the Fedora mailing lists, since almost no one will be able to read it.
+ </div><div class="para">
+ While composing your email, choose the Security menu, and then select PGP Sign to sign your message. To encrypt your message, select PGP Encrypt. You may sign an encrypted message as well, which is good practice. When you send the message, Evolution will ask you to enter your GPG key passphrase. (After three unsuccessful attempts Evolution generates an error.) If you select the option Remember this password for the remainder of this session, you will not need to use your passphrase again to sign or decrypt, unless you quit and restart Evolution.
+ </div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">4.2.5.6. Using GPG with Thunderbird</h4></div></div></div><div class="para">
+ Fedora Core includes Mozilla Thunderbird in the thunderbird package, and the mozilla-mail package for the Mozilla Suite email application. Thunderbird is the recommended Mozilla email application. This appears on your desktop as Applications > Internet > Thunderbird Email.
+ </div><div class="para">
+ Mozilla products support extensions, plugins that add new features to the main application. The Enigmail extensions provide GPG support to email products from Mozilla. Versions of Enigmail exist for both Mozilla Thunderbird, and the Mozilla Suite (Seamonkey). Netscape software from AOL is based on the Mozilla products, and may also use this extension.
+ </div><div class="para">
+ To install Enigmail on Fedora systems, follow the instructions given below.
+ </div><div class="para">
+ Enigmail uses the term OpenPGP in menu items and options. GPG is an implementation of OpenPGP, and you may treat the terms as equivalent.
+ </div><div class="para">
+ The homepage for Enigmail is: <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a>.
+ </div><div class="para">
+ This page provides screenshots of Enigmail and GPG in action: <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">4.2.5.6.1. Installing Enigmail</h5></div></div></div><div class="para">
+ Enigmail is now available in fedora repository. It can be installed by typing: <code class="code">yum install thunderbird-enigmail</code> at a command line. Alternatively, you can install <span class="package">thunderbird-enigmail</span> using by going to <code class="code">System -> Administration -> Add/Remove Software</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">4.2.5.7. About Public Key Encryption</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
+ </div></li></ol></div></div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-General_Principles_of_Information_Security" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. General Principles of Information Security</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Tips, Guides, and Tools</a></span></dt></dl></div><div class="para">
+ The following general principals provide an overview of good security practices:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ encrypt all data transmitted over networks to help prevent man-in-the-middle attacks and eavesdropping. It is important to encrypt authentication information, such as passwords.
+ </div></li><li class="listitem"><div class="para">
+ minimize the amount of software installed and running services.
+ </div></li><li class="listitem"><div class="para">
+ use security-enhancing software and tools, for example, Security-Enhanced Linux (SELinux) for Mandatory Access Control (MAC), Netfilter iptables for packet filtering (firewall), and the GNU Privacy Guard (GnuPG) for encrypting files.
+ </div></li><li class="listitem"><div class="para">
+ if possible, run each network service on a separate system to minimize the risk of one compromised service being used to compromise other services.
+ </div></li><li class="listitem"><div class="para">
+ maintain user accounts: create and enforce a strong password policy; delete unused user accounts.
+ </div></li><li class="listitem"><div class="para">
+ routinely review system and application logs. By default, security-relevant system logs are written to <code class="filename">/var/log/secure</code> and <code class="filename">/var/log/audit/audit.log</code>. Note: sending logs to a dedicated log server helps prevent attackers from easily modifying local logs to avoid detection.
+ </div></li><li class="listitem"><div class="para">
+ never log in as the root user unless absolutely necessary. It is recommended that administrators use <code class="command">sudo</code> to execute commands as root when required. Users capable of running <code class="command">sudo</code> are specified in <code class="filename">/etc/sudoers</code>. Use the <code class="command">visudo</code> utility to edit <code class="filename">/etc/sudoers</code>.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Tips, Guides, and Tools</h2></div></div></div><div class="para">
+ The United States' <a href="http://www.nsa.gov/">National Security Agency (NSA)</a> provides hardening guides and tips for many different operating systems, to help government agencies, businesses, and individuals secure their systems against attack. The following guides (in PDF format) provide guidance for Red Hat Enterprise Linux 5:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf">Hardening Tips for the Red Hat Enterprise Linux 5</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf">Guide to the Secure Configuration of Red Hat Enterprise Linux 5</a>
+ </div></li></ul></div><div class="para">
+ The <a href="http://www.disa.mil/">Defense Information Systems Agency (DISA)</a> provides documentation, checklists, and tests to help secure your system (<a href="http://iase.disa.mil/index2.html">Information Assurance Support Environment</a>). The <a href="http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf">UNIX Security Technical Implementation Guide</a> (PDF) is a very specific guide to UNIX security - an advanced knowledge of UNIX and Linux is recommended before reading this guide.
+ </div><div class="para">
+ The DISA <a href="http://iase.disa.mil/stigs/downloads/zip/unclassified_unix_checklist_v5r1-26_20100827.zip">UNIX Security Checklist Version 5, Release 1.26</a> provides a collection of documents and checklists, ranging from the correct ownerships and modes for system files, to patch control.
+ </div><div class="para">
+ Also, DISA has made available <a href="http://iase.disa.mil/stigs/SRR/unix.html">UNIX SRR scripts</a> that allow administrators to check specific settings on systems. These scripts provide XML-formatted reports listing any known vulnerable settings.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Secure_Installation" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Secure Installation</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilize LUKS Partition Encryption</a></span></dt></dl></div><div class="para">
+ Security begins with the first time you put that CD or DVD into your disk drive to install Fedora. Configuring your system securely from the beginning makes it easier to implement additional security settings later.
+ </div><div class="section" id="sect-Security_Guide-Secure_Installation-Disk_Partitions"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Disk Partitions</h2></div></div></div><div class="para">
+ The NSA recommends creating separate partitions for /boot, /, /home, /tmp, and /var/tmp. The reasons for each are different and we will address each partition.
+ </div><div class="para">
+ /boot - This partition is the first partition that is read by the system during boot up. The boot loader and kernel images that are used to boot your system into Fedora are stored in this partition. This partition should not be encrypted. If this partition is included in / and that partition is encrypted or otherwise becomes unavailable then your system will not be able to boot.
+ </div><div class="para">
+ /home - When user data (/home) is stored in / instead of in a separate partition, the partition can fill up causing the operating system to become unstable. Also, when upgrading your system to the next version of Fedora it is a lot easier when you can keep your data in the /home partition as it will not be overwritten during installation. If the root partition (/) becomes corrupt your data could be lost forever. By using a separate partition there is slightly more protection against data loss. You can also target this partition for frequent backups.
+ </div><div class="para">
+ /tmp and /var/tmp - Both the /tmp and the /var/tmp directories are used to store data that doesn't need to be stored for a long period of time. However if a lot of data floods one of these directories it can consume all of your storage space. If this happens and these directories are stored within / then your system could become unstable and crash. For this reason, moving these directories into their own partitions is a good idea.
+ </div></div><div class="section" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilize LUKS Partition Encryption</h2></div></div></div><div class="para">
+ Since Fedora 9, implementation of <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">Linux Unified Key Setup-on-disk-format</a>(LUKS) encryption has become a lot easier. During the installation process an option to encrypt your partitions will be presented to the user. The user must supply a passphrase that will be the key to unlock the bulk encryption key that will be used to secure the partition's data.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Software_Maintenance" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Software Maintenance</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></div><div class="para">
+ Software maintenance is extremely important to maintaining a secure system. It is vital to patch software as soon as it becomes available in order to prevent attackers from using known holes to infiltrate your system.
+ </div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Install Minimal Software</h2></div></div></div><div class="para">
+ It is best practice to install only the packages you will use because each piece of software on your computer could possibly contain a vulnerability. If you are installing from the DVD media take the opportunity to select exactly what packages you want to install during the installation. When you find you need another package, you can always add it to the system later.
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Plan and Configure Security Updates</h2></div></div></div><div class="para">
+ All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Unpatched systems are a common cause of computer intrusions. You should have a plan to install security patches in a timely manner to close those vulnerabilities so they can not be exploited.
+ </div><div class="para">
+ For home users, security updates should be installed as soon as possible. Configuring automatic installation of security updates is one way to avoid having to remember, but does carry a slight risk that something can cause a conflict with your configuration or with other software on the system.
+ </div><div class="para">
+ For business or advanced home users, security updates should be tested and schedule for installation. Additional controls will need to be used to protect the system during the time between the patch release and its installation on the system. These controls would depend on the exact vulnerability, but could include additional firewall rules, the use of external firewalls, or changes in software settings.
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Adjusting Automatic Updates</h2></div></div></div><div class="para">
+ Fedora is configured to apply all updates on a daily schedule. If you want to change the how your system installs updates you must do so via <span class="application"><strong>Software Update Preferences</strong></span>. You can change the schedule, the type of updates to apply or to notify you of available updates.
+ </div><div class="para">
+ In Gnome, you can find controls for your updates at: <code class="code">System -> Preferences -> Software Updates</code>. In KDE it is located at: <code class="code">Applications -> Settings -> Software Updates</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Install Signed Packages from Well Known Repositories</h2></div></div></div><div class="para">
+ Software packages are published through repositories. All well known repositories support package signing. Package signing uses public key technology to prove that the package that was published by the repository has not been changed since the signature was applied. This provides some protection against installing software that may have been maliciously altered after the package was created but before you downloaded it.
+ </div><div class="para">
+ Using too many repositories, untrustworthy repositories, or repositories with unsigned packages has a higher risk of introducing malicious or vulnerable code into your system. Use caution when adding repositories to yum/software update.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-CVE" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Common Vulnerabilities and Exposures</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin">8.1. YUM Plugin</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Using yum-plugin-security</a></span></dt></dl></div><div class="para">
+ The Common Vulnerabilities and Exposures or CVE system provides a reference method for publicly-known information security vulnerabilities and exposures. ITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
+ </div><div class="para">
+ MITRE Corporation assigns a CVE identifier to every vulnerability or exposure. The CVE is used to track the vulnerability through different pieces of software, as a single CVE can affect multiple software packages and multiple vendors.
+ </div><div class="section" id="sect-Security_Guide-CVE-yum_plugin"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin">8.1. YUM Plugin</h2></div></div></div><div class="para">
+ The <span class="package">yum-plugin-security</span> package is a feature of Fedora. If installed, the yum module provided by this package can be used to limit yum to retrieve only security-related updates. It can also be used to provide information about which Red Hat advisory, which bug in Red Hat’s Bugzilla database, or which CVE number from MITRE’s Common Vulnerabilities and Exposures directory is addressed by a package update.
+ </div><div class="para">
+ Enabling these features is as simple as running the <code class="command">yum install yum-plugin-security</code> command.
+ </div></div><div class="section" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Using yum-plugin-security</h2></div></div></div><div class="para">
+ The first new subcommand this adds is <code class="command">yum list-sec</code>. This is similar to <code class="command">yum check-update</code>, except that it also lists Red Hat’s advisory ID number and the classification of each update as “enhancement”, “bugfix”, or “security”:
+ </div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ If <code class="command">yum list-sec cves</code> is used, the Red Hat advisory ID is replaced with the CVE IDs addressed by the update; if <code class="command">yum list-sec bzs</code> is used, the advisory ID is replaced by the Red Hat Bugzilla IDs which are addressed by the update. If a package addresses multiple bugs in Bugzilla or CVE IDs, the package may be listed multiple times:
+ </div><div class="para">
+ Example output of <code class="command">yum list-sec bzs</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>387431 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>345101 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Example output of <code class="command">yum list-sec cves</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ The second new subcommand added by the <span class="package">yum-plugin-security</span> package is <code class="command">info-sec</code>. This subcommand takes an advisory number, CVE, or Bugzilla ID as an argument, and returns detailed information on the advisory, including a brief text discussion of the nature of the issue or issues being addressed by the advisory.
+ </div><div class="para">
+ In addition to these two new yum subcommands, new options are provided to the <code class="command">yum update</code> command to help apply only security-related updates, or only updates associated with a particular advisory or bug.
+ </div><div class="para">
+ To apply all security-related updates only:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --security</code></td></tr></table>
+
+ </div><div class="para">
+ To apply all updates related to bugzilla bug 410101:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --bz 410101</code></td></tr></table>
+
+ </div><div class="para">
+ To apply all updates related to the CVE ID CVE-2007-5707 and updates related to the Red Hat advisory ID RHSA-2007:1082-5:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5</code></td></tr></table>
+
+ </div><div class="para">
+ More information about these new capabilities is documented in the <span class="package">yum-plugin-security</span>(8) man page.
+ </div><div class="para">
+ For more information on Fedora security updates, please visit the Fedora Security page at <a href="https://fedoraproject.org/wiki/Security">https://fedoraproject.org/wiki/Security</a>.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-References" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. References</h2></div></div></div><div class="para">
+ The following references are pointers to additional information that is relevant to SELinux and Fedora but beyond the scope of this guide. Note that due to the rapid development of SELinux, some of this material may only apply to specific releases of Fedora.
+ </div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>Books</h6><dl><dt class="varlistentry"><span class="term">SELinux by Example</span></dt><dd><div class="para">
+ Mayer, MacMillan, and Caplan
+ </div><div class="para">
+ Prentice Hall, 2007
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Tutorials_and_Help"><h6>Tutorials and Help</h6><dl><dt class="varlistentry"><span class="term">Understanding and Customizing the Apache HTTP SELinux Policy</span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-apache-fc3/">http://fedora.redhat.com/docs/selinux-apache-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Tutorials and talks from Russell Coker</span></dt><dd><div class="para">
+ <a href="http://www.coker.com.au/selinux/talks/ibmtu-2004/">http://www.coker.com.au/selinux/talks/ibmtu-2004/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Generic Writing SELinux policy HOWTO</span></dt><dd><div class="para">
+ <a href="http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html">http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Red Hat Knowledgebase</span></dt><dd><div class="para">
+ <a href="http://kbase.redhat.com/">http://kbase.redhat.com/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-General_Information"><h6>General Information</h6><dl><dt class="varlistentry"><span class="term">NSA SELinux main website</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/selinux/</a>
+ </div></dd><dt class="varlistentry"><span class="term">NSA SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/faqs.shtml">http://www.nsa.gov/selinux/info/faq.cfm</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux FAQ </span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-faq-fc3/">http://fedora.redhat.com/docs/selinux-faq-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux NSA's Open Source Security Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.oreilly.com/catalog/selinux/">http://www.oreilly.com/catalog/selinux/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Technology"><h6>Technology</h6><dl><dt class="varlistentry"><span class="term">An Overview of Object Classes and Permissions</span></dt><dd><div class="para">
+ <a href="http://www.tresys.com/selinux/obj_perms_help.html">http://www.tresys.com/selinux/obj_perms_help.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf">http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">Implementing SELinux as a Linux Security Module</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">A Security Policy Configuration for the Security-Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml">http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Community"><h6>Community</h6><dl><dt class="varlistentry"><span class="term">Fedora SELinux User Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-user-guide/">http://docs.fedoraproject.org/selinux-user-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux Managing Confined Services Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide/">http://docs.fedoraproject.org/selinux-managing-confined-services-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux community page</span></dt><dd><div class="para">
+ <a href="http://selinux.sourceforge.net">http://selinux.sourceforge.net</a>
+ </div></dd><dt class="varlistentry"><span class="term">IRC</span></dt><dd><div class="para">
+ irc.freenode.net, #selinux, #fedora-selinux, #security
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-History"><h6>History</h6><dl><dt class="varlistentry"><span class="term">Quick history of Flask</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Full background on Fluke</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
+ </div></dd></dl></div></div><div xml:lang="en-US" class="appendix" id="chap-Security_Guide-Encryption_Standards" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Encryption Standards</h1></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm85077008">A.1. Synchronous Encryption</h2></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm60011744">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).<sup>[<a id="idm117328864" href="#ftn.idm117328864" class="footnote">15</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm119512640">A.1.1.1. AES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm53410528">A.1.1.2. AES History</h4></div></div></div><div class="para">
+ AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below).<sup>[<a id="idm77823728" href="#ftn.idm77823728" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rɛindaːl]) is a portmanteau of the names of the two inventors.<sup>[<a id="idm91732432" href="#ftn.idm91732432" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm49745120">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.<sup>[<a id="idm92069456" href="#ftn.idm92069456" class="footnote">18</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm42569216">A.1.2.1. DES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm99817152">A.1.2.2. DES History</h4></div></div></div><div class="para">
+ DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).<sup>[<a id="idp1948496" href="#ftn.idp1948496" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ˌdiːˌiːˈɛs/), or pronounced as a one-syllable acronym (/ˈdɛz/).<sup>[<a id="idm72013648" href="#ftn.idm72013648" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm84238304">A.2. Public-key Encryption</h2></div></div></div><div class="para">
+ Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.<sup>[<a id="idm84236608" href="#ftn.idm84236608" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.<sup>[<a id="idm91072080" href="#ftn.idm91072080" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.<sup>[<a id="idm74625376" href="#ftn.idm74625376" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.<sup>[<a id="idm69107248" href="#ftn.idm69107248" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence.<sup>[<a id="idm92461936" href="#ftn.idm92461936" class="footnote">25</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm94639488">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.<sup>[<a id="idm87710528" href="#ftn.idm87710528" class="footnote">26</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm83264480">A.2.1.1. Diffie-Hellman History</h4></div></div></div><div class="para">
+ The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).<sup>[<a id="idm83262912" href="#ftn.idm83262912" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).<sup>[<a id="idm77891952" href="#ftn.idm77891952" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.<sup>[<a id="idp417888" href="#ftn.idp417888" class="footnote">29</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm78768064">A.2.2. RSA</h3></div></div></div><div class="para">
+ In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it; see below) is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.<sup>[<a id="idm85480320" href="#ftn.idm85480320" class="footnote">30</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm78623040">A.2.3. DSA</h3></div></div></div><div class="para">
+ The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. A minor revision was issued in 1996 as FIPS 186-1. The standard was expanded further in 2000 as FIPS 186-2 and again in 2009 as FIPS 186-3.<sup>[<a id="idm78621488" href="#ftn.idm78621488" class="footnote">31</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm77901920">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. Several versions of the protocols are in widespread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). TLS is an IETF standards track protocol, last updated in RFC 5246, that was based on the earlier SSL specifications developed by Netscape Corporation.
+ </div><div class="para">
+ The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS provides RSA security with 1024 and 2048 bit strengths.
+ </div><div class="para">
+ In typical end-user/browser usage, TLS authentication is unilateral: only the server is authenticated (the client knows the server's identity), but not vice versa (the client remains unauthenticated or anonymous).
+ </div><div class="para">
+ TLS also supports the more secure bilateral connection mode (typically used in enterprise applications), in which both ends of the "conversation" can be assured with whom they are communicating (provided they diligently scrutinize the identity information in the other party's certificate). This is known as mutual authentication, or 2SSL. Mutual authentication requires that the TLS client-side also hold a certificate (which is not usually the case in the end-user/browser scenario). Unless, that is, TLS-PSK, the Secure Remote Password (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates.
+ </div><div class="para">
+ Typically, the key information and certificates necessary for TLS are handled in the form of X.509 certificates, which define required fields and data formats.
+ </div><div class="para">
+ SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers.<sup>[<a id="idm70202128" href="#ftn.idm70202128" class="footnote">32</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm71985120">A.2.5. Cramer-Shoup Cryptosystem</h3></div></div></div><div class="para">
+ The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a collision-resistant hash function and additional computations, resulting in a ciphertext which is twice as large as in Elgamal.<sup>[<a id="idm63476704" href="#ftn.idm63476704" class="footnote">33</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm71983744">A.2.6. ElGamal Encryption</h3></div></div></div><div class="para">
+ In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie-Hellman key agreement. It was described by Taher Elgamal in 1985.[1] ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption.<sup>[<a id="idm62155392" href="#ftn.idm62155392" class="footnote">34</a>]</sup>
+ </div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm117328864" href="#idm117328864" class="para">15</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm77823728" href="#idm77823728" class="para">16</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm91732432" href="#idm91732432" class="para">17</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm92069456" href="#idm92069456" class="para">18</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp1948496" href="#idp1948496" class="para">19</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm72013648" href="#idm72013648" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm84236608" href="#idm84236608" class="para">21</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm91072080" href="#idm91072080" class="para">22</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm74625376" href="#idm74625376" class="para">23</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm69107248" href="#idm69107248" class="para">24</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm92461936" href="#idm92461936" class="para">25</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm87710528" href="#idm87710528" class="para">26</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm83262912" href="#idm83262912" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm77891952" href="#idm77891952" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp417888" href="#idp417888" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm85480320" href="#idm85480320" class="para">30</a>] </sup>
+ "RSA" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/RSA">http://en.wikipedia.org/wiki/RSA</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm78621488" href="#idm78621488" class="para">31</a>] </sup>
+ "Digital Signature Algorithm" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">http://en.wikipedia.org/wiki/Digital_Signature_Algorithm</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm70202128" href="#idm70202128" class="para">32</a>] </sup>
+ "Transport Layer Security" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">http://en.wikipedia.org/wiki/Transport_Layer_Security</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm63476704" href="#idm63476704" class="para">33</a>] </sup>
+ "Cramer–Shoup cryptosystem" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem">http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm62155392" href="#idm62155392" class="para">34</a>] </sup>
+ "ElGamal encryption" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/ElGamal_encryption">http://en.wikipedia.org/wiki/ElGamal_encryption</a>
+ </div></div></div></div><div xml:lang="en-US" class="appendix" id="appe-Publican-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 18.0-1</td><td align="left">Sat October 6 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed Basic Hardening chapter (BZ 841825 and 693620).</td></tr><tr><td>Fixed broken LUKS link (BZ 846299).</td></tr><tr><td>Added GUI section to 7 Zip chapter (BZ 854781).</td></tr><tr><td>Fixed yum-plugin-security chapter (BZ 723282).</td></tr><tr><td>Fixed GPG CLI command screen (BZ 590493).</td></tr><tr><td>Improved Yubikey section (BZ 644238).</td></tr><tr><td>Fixed typos (BZ 863636).</td></tr><tr><td>Removed wiki markup found in some chapters.</td></tr><tr><td>Updated the Seahorse instructions.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 17.0-1</td><td align="left">Tue January 24 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched for Fedora 17.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 16.0-1</td><td align="left">Fri September 09 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched for Fedora 16.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.3-1</td><td align="left">Sat Apr 02 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Moved VPN text to the Encryption chapter and reformated.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.2-1</td><td align="left">Wed Oct 20 2010</td><td align="left"><span class="author"><span class="firstname">Zach</span> <span class="surname">Oglesby</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added text for using Yubikey on Fedora with local authentication. (BZ 644999)</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.2-0</td><td align="left">Fri Oct 6 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed all variables in the document source.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.1-2</td><td align="left">Fri Oct 1 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corrected the link to the DISA Unix Checklist and updated link.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.1-1</td><td align="left">Wed Jul 8 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added CVE chapter.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.0-1</td><td align="left">Fri May 28 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched for Fedora 14</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-7</td><td align="left">Fri May 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed "bug" text from 7-Zip chapter per bug 591980.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-6</td><td align="left">Wed Apr 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Completed the encryption standards appendix.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added "Using GPG with Alpine".</td></tr><tr><td>Added "Using GPG with Evolution".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired issues regarding untranslatable text in para.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed the PackageKit vulnerability text seen in Fedora 12.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added the Revision History to the end of the document.</td></tr><tr><td>Added the Encryption Standards appendix.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 branch.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated the section "Local users may install trusted packages" to the latest fix, again.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated the section "Local users may install trusted packages" to the latest fix.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added section "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added information from Wikipedia to the Encryption Standards appendix.</td></tr><tr><td>Added Adam Ligas to the author page for his role in developing the 7-Zip portions.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated license to CC-BY-SA.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed issues related to Bug 515043.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired vendor information in SPEC.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="firstname">Fedora</span> <span class="surname">Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added "desktop-file-utils" to BUILDREQUIRES on the spec</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Remove more rhel specifics, major review and remove draft, ready for push</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Lots of minor fixes</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>new screenshots from F11 replacing existing/older ones</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>LUKS specifics to Fedora 9 modified to include later releases as well.</td></tr><tr><td>Fix 404s in reference section, mainly bad NSA links.</td></tr><tr><td>minor formatting changes.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed missing firewall setup screenshot.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired items found to be incorrect during validation. Many Red Hat references have been changed to Fedora references.</td></tr></table>
+
+ </td></tr></table></div>
+ </div></div></div></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/common.css b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..d7dc3f2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/common.css
@@ -0,0 +1,1528 @@
+* {
+ widows: 2 !important;
+ orphans: 2 !important;
+}
+
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+ line-height: 1.29em;
+}
+
+body {
+ background-color: white;
+ margin:0 auto;
+ font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+ font-size:12px;
+ max-width:55em;
+ color:black;
+}
+
+body.toc_embeded {
+ /*for web hosting system only*/
+ margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+ /*for web hosting system only*/
+ border-style:none;
+ position:fixed;
+ width:290px;
+ height:99.99%;
+ top:0;
+ left:0;
+ z-index: 100;
+ border-style:none;
+ border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+ margin-left: 3em;
+}
+
+iframe.notoc {
+ border-style:none;
+ border: none;
+ padding: 0em;
+ position:fixed;
+ width: 21px;
+ height: 29px;
+ top: 0px;
+ left:0;
+ overflow: hidden;
+ margin: 0em;
+ margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+ margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+ display:block;
+ width:24em;
+ height:99%;
+ position:fixed;
+ overflow:auto;
+ top:0px;
+ left:0px;
+ padding-left:1em;
+ background-color:#EEEEEE;
+}
+
+.toc {
+ line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+ margin-top:1em;
+}
+
+.toc .part {
+ margin-top:1em;
+ display:block;
+}
+
+span.glossary,
+span.appendix {
+ display:block;
+ margin-top:0.5em;
+}
+
+div {
+ padding-top:0px;
+}
+
+div.section {
+ padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+ padding-top:0px;
+ margin-top:0.3em;
+ padding-bottom:0px;
+ margin-bottom:1em;
+}
+
+/*Links*/
+a {
+ outline: none;
+}
+
+a:link {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#3366cc;
+}
+
+a:visited {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#003366;
+}
+
+div.longdesc-link {
+ float:right;
+ color:#999;
+}
+
+.toc a, .qandaset a {
+ font-weight:normal;
+ border:none;
+}
+
+.toc a:hover, .qandaset a:hover
+{
+ border-bottom: 1px dotted;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+ color: #336699;
+ margin-top: 0em;
+ margin-bottom: 0em;
+ background-color: transparent;
+ page-break-inside: avoid;
+ page-break-after: avoid;
+}
+
+h1 {
+ font-size:2.0em;
+}
+
+.titlepage h1.title {
+ font-size: 3.0em;
+ padding-top: 1em;
+ text-align:left;
+}
+
+.book > .titlepage h1.title {
+ text-align:center;
+}
+
+.article > .titlepage h1.title {
+ text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+ text-align:center;
+}
+
+.producttitle {
+ margin-top: 0em;
+ margin-bottom: 0em;
+ font-size: 3.0em;
+ font-weight: bold;
+ background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+ color: white;
+ text-align: center;
+ padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+ margin-top: 1em;
+ text-align: center;
+}
+
+.section h1.title {
+ font-size: 1.6em;
+ padding: 0em;
+ color: #336699;
+ text-align: left;
+ background: white;
+}
+
+h2 {
+ font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+.appendix h2 {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+
+
+h3 {
+ font-size:1.3em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+h4 {
+ font-size:1.1em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+
+h5 {
+ font-size:1em;
+}
+
+h6 {
+ font-size:1em;
+}
+
+h5.formalpara {
+ font-size:1em;
+ margin-top:2em;
+ margin-bottom:.8em;
+}
+
+.abstract h6 {
+ margin-top:1em;
+ margin-bottom:.5em;
+ font-size:2em;
+}
+
+/*element rules*/
+hr {
+ border-collapse: collapse;
+ border-style:none;
+ border-top: 1px dotted #ccc;
+ width:100%;
+ margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+ display:inline;
+ padding:0em;
+}
+
+.languages li a {
+ padding:0em .5em;
+ text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+ display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+ color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+ color:black;
+}
+
+ul.languages {
+ display:block;
+ background-color:#eee;
+ padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+ position:relative;
+}
+
+.versions li {
+ width:100%;
+ clear:both;
+ display:block;
+}
+
+a.version {
+ font-size:2em;
+ text-decoration:none;
+ width:100%;
+ display:block;
+ padding:1em 0em .2em 0em;
+ clear:both;
+}
+
+a.version:before {
+ content:"Version";
+ font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+ color:#666;
+}
+
+a.version:focus, a.version:hover {
+ color:black;
+}
+
+.books {
+ display:block;
+ position:relative;
+ clear:both;
+ width:100%;
+}
+
+.books li {
+ display:block;
+ width:200px;
+ float:left;
+ position:relative;
+ clear: none ;
+}
+
+.books .html {
+ width:170px;
+ display:block;
+}
+
+.books .pdf {
+ position:absolute;
+ left:170px;
+ top:0px;
+ font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+ color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+ color:#000;
+}
+
+.books li a {
+ text-decoration:none;
+}
+
+.books li a:hover {
+ color:black;
+}
+
+/*products*/
+.products li {
+ display: block;
+ width:300px;
+ float:left;
+}
+
+.products li a {
+ width:300px;
+ padding:.5em 0em;
+}
+
+.products ul {
+ clear:both;
+}
+
+/*revision history*/
+.revhistory {
+ display:block;
+}
+
+.revhistory table {
+ background-color:transparent;
+ border-color:#fff;
+ padding:0em;
+ margin: 0;
+ border-collapse:collapse;
+ border-style:none;
+}
+
+.revhistory td {
+ text-align :left;
+ padding:0em;
+ border: none;
+ border-top: 1px solid #fff;
+ font-weight: bold;
+}
+
+.revhistory .simplelist td {
+ font-weight: normal;
+}
+
+.revhistory .simplelist {
+ margin-bottom: 1.5em;
+ margin-left: 1em;
+}
+
+.revhistory table th {
+ display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+ clear:both;
+ text-align: center;
+}
+
+h3.author {
+ margin: 0em;
+ padding: 0em;
+ padding-top: 1em;
+}
+
+.authorgroup h4 {
+ padding: 0em;
+ margin: 0em;
+ padding-top: 1em;
+ margin-top: 1em;
+}
+
+.author,
+.editor,
+.translator,
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
+}
+
+.othercredit h3 {
+ padding-top: 1em;
+}
+
+
+.othercredit {
+ margin:0em;
+ padding:0em;
+}
+
+.releaseinfo {
+ clear: both;
+}
+
+.copyright {
+ margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+ margin-bottom:1em;
+ border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+ border-bottom:1px dotted #ccc;
+}
+
+.question {
+ font-weight:bold;
+}
+
+.answer .data, .question .data {
+ padding-left: 2.6em;
+}
+
+.answer label, .question label {
+ float:left;
+ font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+ color: #0000ff;
+}
+
+.perl_BaseN {
+ color: #007f00;
+}
+
+.perl_BString {
+ color: #5C3566;
+}
+
+.perl_Char {
+ color: #ff00ff;
+}
+
+.perl_Comment {
+ color: #FF00FF;
+}
+
+
+.perl_DataType {
+ color: #0000ff;
+}
+
+
+.perl_DecVal {
+ color: #00007f;
+}
+
+
+.perl_Error {
+ color: #ff0000;
+}
+
+
+.perl_Float {
+ color: #00007f;
+}
+
+
+.perl_Function {
+ color: #007f00;
+}
+
+
+.perl_IString {
+ color: #5C3566;
+}
+
+
+.perl_Keyword {
+ color: #002F5D;
+}
+
+
+.perl_Operator {
+ color: #ffa500;
+}
+
+
+.perl_Others {
+ color: #b03060;
+}
+
+
+.perl_RegionMarker {
+ color: #96b9ff;
+}
+
+
+.perl_Reserved {
+ color: #9b30ff;
+}
+
+
+.perl_String {
+ color: #5C3566;
+}
+
+
+.perl_Variable {
+ color: #0000ff;
+}
+
+
+.perl_Warning {
+ color: #0000ff;
+}
+
+/*Lists*/
+ul {
+ padding-left:1.6em;
+ list-style-image:url(../images/dot.png);
+ list-style-type: circle;
+}
+
+ul ul {
+ list-style-image:url(../images/dot2.png);
+ list-style-type: circle;
+}
+
+ol {
+ list-style-image:none;
+ list-style-type: decimal;
+}
+
+ol ol {
+ list-style-type: lower-alpha;
+}
+
+ol.arabic {
+ list-style-type: decimal;
+}
+
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
+dt {
+ font-weight:bold;
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+dd {
+ margin:0em;
+ margin-left:2em;
+ padding-top:0em;
+ padding-bottom: 1em;
+}
+
+li {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.4em;
+}
+
+li p, li div.para {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+ display:block;
+ margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+ display:inline;
+ margin:0em;
+}
+
+.figure img {
+ display:block;
+ margin:0;
+ page-break-inside: avoid;
+}
+
+.figure .title {
+ margin:0em;
+ margin-bottom:2em;
+ padding:0px;
+}
+
+/*document modes*/
+.confidential {
+ background-color:#900;
+ color:White;
+ padding:.5em .5em;
+ text-transform:uppercase;
+ text-align:center;
+}
+
+.longdesc-link {
+ display:none;
+}
+
+.longdesc {
+ display:none;
+}
+
+.prompt {
+ padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+ font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight: bold;
+ white-space: nowrap;
+}
+
+.example {
+ background-color: #ffffff;
+ border-left: 3px solid #aaaaaa;
+ padding-top: 1em;
+ padding-bottom: 0.1em;
+}
+
+.example h6 {
+ padding-left: 10px;
+}
+
+.example-contents {
+ padding-left: 10px;
+ background-color: #ffffff;
+}
+
+.example-contents .para {
+/* padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput,
+.option {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+.replaceable {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+ font-weight: inherit;
+}
+
+pre {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ display:block;
+ background-color: #f5f5f5;
+ color: #000000;
+ border: 1px solid #aaaaaa;
+ margin-bottom: 0.3em;
+ padding:.5em 1em;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+ font-size: 0.9em;
+}
+
+pre .replaceable,
+pre .keycap {
+}
+
+code {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+/* white-space: nowrap;*/
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-weight:bold;
+}
+
+.parameter code {
+ display: inline;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+ content:url(../images/warning.png);
+ padding-left: 5px;
+}
+
+div.note:before {
+ content:url(../images/note.png);
+ padding-left: 5px;
+}
+
+div.important:before {
+ content:url(../images/important.png);
+ padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+ color: black;
+ margin: 0em;
+ padding: 0em;
+ background: none;
+ background-color: white;
+ margin-bottom: 1em;
+ border-bottom: 1px solid #aaaaaa;
+ page-break-inside: avoid;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+ margin: 0em;
+ padding: 0em;
+ color: #eeeeec;
+ padding-top: 0px;
+ padding-bottom: 0px;
+ height: 1.4em;
+ line-height: 1.4em;
+ font-size: 1.4em;
+ display:inline;
+}
+
+div.admonition_header {
+ clear: both;
+ margin: 0em;
+ padding: 0em;
+ margin-top: -3.3em;
+ padding-left: 58px;
+ line-height: 1.0em;
+ font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+ background: url(../images/red.png) top left repeat-x;
+ background-color: #590000;
+}
+
+div.note div.admonition_header {
+ background: url(../images/green.png) top right repeat-x;
+ background-color: #597800;
+}
+
+div.important div.admonition_header {
+ background: url(../images/yellow.png) top right repeat-x;
+ background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+ padding: 0em;
+ margin: 0em;
+}
+
+div.admonition {
+ border: none;
+ border-left: 1px solid #aaaaaa;
+ border-right: 1px solid #aaaaaa;
+ padding:0em;
+ margin:0em;
+ padding-top: 1.5em;
+ padding-bottom: 1em;
+ padding-left: 2em;
+ padding-right: 1em;
+ background-color: #eeeeec;
+ -moz-border-radius: 0px;
+ -webkit-border-radius: 0px;
+ border-radius: 0px;
+}
+
+/*Page Title*/
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
+}
+
+#title a.left{
+ display:inline;
+ border:none;
+}
+
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
+ padding-bottom:1em;
+}
+
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+ margin-top:.7em;
+}
+
+/*Table*/
+div.table {
+ page-break-inside: avoid;
+}
+
+table {
+ border:1px solid #6c614b;
+ width:100%;
+ border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+ border-style: none;
+}
+
+table th {
+ text-align:left;
+ background-color:#6699cc;
+ padding:.3em .5em;
+ color:white;
+}
+
+table td {
+ padding:.15em .5em;
+}
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
+ margin-top:0em;
+ padding-top:0em;
+ display:inline;
+}
+
+th, td {
+ border-style:none;
+ vertical-align: top;
+ border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+ border: none;
+}
+
+table table td {
+ border-bottom:1px dotted #aaa;
+ background-color:white;
+ padding:.6em 0em;
+}
+
+table table {
+ border:1px solid white;
+}
+
+td.remarkval {
+ color:#444;
+}
+
+td.fieldval {
+ font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+ color:white;
+ font-weight:bold;
+ background-color:#999;
+ width:120px;
+}
+
+td.remarkval {
+ width:230px;
+}
+
+td.tname {
+ font-weight:bold;
+}
+
+th.dbfield {
+ width:120px;
+}
+
+th.dbtype {
+ width:70px;
+}
+
+th.dbdefault {
+ width:70px;
+}
+
+th.dbnul {
+ width:70px;
+}
+
+th.dbkey {
+ width:70px;
+}
+
+span.book {
+ margin-top:4em;
+ display:block;
+ font-size:11pt;
+}
+
+span.book a{
+ font-weight:bold;
+}
+span.chapter {
+ display:block;
+ margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+ border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+ content:" ";
+}
+
+#breadcrumbs {
+ color:#900;
+ padding:3px;
+ margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+ margin-left:0;
+ padding-left:0;
+ display:inline;
+ border:none;
+}
+
+#breadcrumbs ul li {
+ margin-left:0;
+ padding-left:2px;
+ border:none;
+ list-style:none;
+ display:inline;
+}
+
+#breadcrumbs ul li:before {
+ content:"\0020 \0020 \0020 \00BB \0020";
+ color:#333;
+}
+
+/*index*/
+.glossary h3,
+.index h3 {
+ font-size: 2em;
+ color:#aaa;
+ margin:0em;
+}
+
+.indexdiv {
+ margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+ color:#444;
+ padding-top:.5em;
+}
+
+.glossary dl dl dt,
+.index dl dl dt {
+ color:#777;
+ font-weight:normal;
+ padding-top:0em;
+}
+
+.index dl dl dt:before {
+ content:"- ";
+ color:#ccc;
+}
+
+/*changes*/
+.footnote {
+ font-size: .7em;
+ margin:0em;
+ color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+ color:#999;
+ margin:0em;
+ padding:0em;
+ line-height: .4em;
+ font-size: 1em;
+ padding-left:0em;
+}
+
+.footnote {
+ position:relative;
+}
+
+.footnote sup {
+ color:#e3dcc0;
+ position:absolute;
+ left: .4em;
+}
+
+.footnote sup a:link,
+.footnote sup a:visited {
+ color:#92917d;
+ text-decoration:none;
+}
+
+.footnote:hover sup a {
+ text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+ padding-left:2em;
+}
+
+.footnote a:link,
+.footnote a:visited {
+ color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+ margin-top:3em;
+ page-break-inside: avoid;
+}
+
+div.preface {
+ page-break-inside: avoid;
+}
+
+div.section {
+ margin-top:1em;
+ page-break-inside: auto;
+}
+
+div.note .replaceable,
+div.important .replaceable,
+div.warning .replaceable,
+div.note .keycap,
+div.important .keycap,
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+ border:none;
+ text-decoration:none;
+ font-weight:normal;
+}
+
+.docnav {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ position:relative;
+ width:100%;
+ padding-bottom:2em;
+ padding-top:1em;
+ border-top:1px dotted #ccc;
+}
+
+.docnav li {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ display:inline;
+ font-size:.8em;
+}
+
+.docnav li:before {
+ content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+ position:absolute;
+ top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+ margin:0em 1.5em;
+}
+
+.docnav li.previous {
+ left:0px;
+ text-align:left;
+}
+
+.docnav li.next {
+ right:0px;
+ text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+ height:22px;
+ display:block;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+.docnav li.next a strong {
+ background: url(../images/stock-go-forward.png) top right no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-right:28px;
+ font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+ background: url(../images/stock-go-back.png) top left no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-left:28px;
+ padding-right:0.5em;
+ font-size:1.2em;
+}
+
+.docnav li.home a strong {
+ background: url(../images/stock-home.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav li.up a strong {
+ background: url(../images/stock-go-up.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+ color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+ color:black;
+}
+
+.docnav a {
+ max-width: 10em;
+ overflow:hidden;
+}
+
+.docnav a:link strong {
+ text-decoration:none;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+ul.docnav {
+ margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.reports li{
+ margin:0em;
+ padding:0em;
+}
+
+.reports li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.reports dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+ max-width:57em ;
+ padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+ display:block;
+ float:left;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ height:1em;
+}
+
+div.progress span {
+ height:1em;
+ float:left;
+}
+
+div.progress span.translated {
+ background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+ background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.results li{
+ margin:0em;
+ padding:0em;
+}
+
+.results li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.results h2, .results h3 {
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+ -moz-border-radius:11px;
+ -webkit-border-radius:11px;
+ border-radius: 11px;
+ page-break-inside: avoid;
+}
+
+.example {
+ -moz-border-radius:0px;
+ -webkit-border-radius:0px;
+ border-radius: 0px;
+ page-break-inside: avoid;
+}
+
+.package, .citetitle {
+ font-style: italic;
+}
+
+.titlepage .edition {
+ color: #336699;
+ background-color: transparent;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ font-weight: bold;
+ text-align: center;
+}
+
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
+}
+
+
+.strikethrough {
+ text-decoration: line-through;
+}
+
+.underline {
+ text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+ padding: 0em;
+ margin: 0em;
+ width: 12pt;
+ display: inline;
+ vertical-align: middle;
+}
+
+.stepalternatives {
+ list-style-image: none;
+ list-style-type: none;
+}
+
+
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/default.css b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/default.css
new file mode 100644
index 0000000..bf38ebb
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/default.css
@@ -0,0 +1,3 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/lang.css b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..057be29
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,51 @@
+a:link {
+ color:#0066cc;
+}
+
+a:hover, a:active {
+ color:#003366;
+}
+
+a:visited {
+ color:#6699cc;
+}
+
+
+h1 {
+ color:#3c6eb4
+}
+
+.producttitle {
+ background: #3c6eb4 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+ color:#3c6eb4;
+}
+
+
+h2,h3,h4,h5,h6 {
+ color:#3c6eb4;
+}
+
+table {
+ border:1px solid #3c6eb4;
+}
+
+table th {
+ background-color:#3c6eb4;
+}
+
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+.revhistory table th {
+ color:#3c6eb4;
+}
+
+.titlepage .edition {
+ color: #3c6eb4;
+}
+
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/print.css b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/print.css
new file mode 100644
index 0000000..773d8ae
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/css/print.css
@@ -0,0 +1,16 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
+
+#tocframe {
+ display: none;
+}
+
+body.toc_embeded {
+ margin-left: 30px;
+}
+
+.producttitle {
+ color: #336699;
+}
+
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/1.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..c21d7a3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/1.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/1.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..a2b3903
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/10.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..15b81da
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/10.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/10.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..af015ab
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/11.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..2fcc2dd
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/11.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/11.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..cb82b70
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/12.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..edebe20
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/12.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/12.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..3b6d822
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/13.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..ec48cef
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/13.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/13.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..226e461
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/14.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..33d5637
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/14.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/14.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..5aaa3a3
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/15.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..f1a4eb2
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/15.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/15.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..f51dd96
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2839"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2841"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/16.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..d38a155
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/16.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/16.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..cb7e2f5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/17.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d83e898
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/17.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/17.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..5d6f0ad
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/18.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..9e39de4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/18.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/18.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..9ea672c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/19.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..9eeedfb
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/19.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/19.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..80d1d09
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/2.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..ff9cc57
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/2.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/2.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..8e94260
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/20.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b28b4aa
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/20.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/20.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..409ac6e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/21.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..eda952c
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/21.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/21.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..7bc03af
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/22.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..90b14b0
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/22.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/22.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..fe086f6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/23.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..8b35a74
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/23.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/23.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..f17ec29
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/24.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..6041b02
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/24.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/24.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..42a5333
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/25.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..ecb15e6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/25.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/25.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..a8d4672
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/26.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..4b2f560
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/26.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/26.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..3cf00ec
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/27.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..ecf058e
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/27.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/27.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..c8d6440
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/28.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..e64efb2
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/28.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/28.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..5acce93
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/29.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..dbbca1b
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/29.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/29.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..507dd44
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/3.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..4febe43
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/3.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/3.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..5e87e1f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/30.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..f4ffb14
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/30.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/30.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..434e663
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/31.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..0b29e87
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/31.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/31.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..08c3f2d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/32.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..a4740a3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/32.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/32.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..aa099c3
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/33.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..f23ccea
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/33.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/33.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..fce979c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/34.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..7e2ab31
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/34.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/34.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..c67f8ec
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/35.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..02118e3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/35.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/35.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..da7780a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/36.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..30f4fdf
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/36.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/36.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..348549a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/37.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..6174706
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/37.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/37.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..7bc04d9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/38.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..161661d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/38.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/38.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..ec2ad98
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/39.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..2d46b24
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/39.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/39.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..664ffdd
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/4.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..9b9dd88
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/4.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/4.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..bc06c73
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/40.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..fe2a68f
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/40.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/40.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..5a94d1b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/5.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..f239fb6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/5.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/5.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..82fb03d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/6.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..18866e6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/6.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/6.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..e2f62af
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+ id="path2846"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/7.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..52c3a18
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/7.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/7.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..a43460f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+ id="path2832"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/8.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..8a8cb21
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/8.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/8.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..2c82d3f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/9.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..0ae412f
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/9.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/9.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..b0f04c4
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png
new file mode 100644
index 0000000..2333a6d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png
new file mode 100644
index 0000000..c235534
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..79d0a80
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/dot.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/dot.png
new file mode 100644
index 0000000..36a6859
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/dot.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png
new file mode 100644
index 0000000..40aff92
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/green.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/green.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..a2aad24
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..e8fe7a4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..5b67443
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/important.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..f7594a3
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/important.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/important.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..2d33045
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/important.svg
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="important.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/important.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2611">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="681"
+ inkscape:window-width="738"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2613" />
+ </defs>
+ <g
+ transform="matrix(0.4626799,0,0,0.4626799,-5.2934127,-3.3160376)"
+ id="g5485">
+ <path
+ d="M 29.97756,91.885882 L 55.586992,80.409826 L 81.231619,91.807015 L 78.230933,63.90468 L 96.995009,43.037218 L 69.531053,37.26873 L 55.483259,12.974592 L 41.510292,37.311767 L 14.064204,43.164717 L 32.892392,63.97442 L 29.97756,91.885882 z"
+ id="path6799"
+ style="fill:#f3de82;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.536215,56.538729 L 55.48324,12.974601 L 41.51028,37.311813 L 55.536215,56.538729 z"
+ id="path6824"
+ style="opacity:0.91005291;fill:#f9f2cb;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 78.241135,63.937979 L 96.976198,43.044318 L 55.57947,56.614318 z"
+ id="use6833"
+ style="opacity:1;fill:#d0bc64;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 55.667994,80.684281 L 81.379011,91.931065 L 55.523838,56.869126 z"
+ id="use6835"
+ style="opacity:1;fill:#e0c656;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 13.877363,43.200977 L 32.640089,64.069652 L 55.283346,56.742618 z"
+ id="use6831"
+ style="opacity:1;fill:#d1ba59;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 55.32792,80.684281 L 29.616903,91.931065 L 55.472076,56.869126 z"
+ id="use6837"
+ style="opacity:1;fill:#d2b951;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 96.976198,43.044318 L 69.504294,37.314027 L 55.57947,56.614318 z"
+ id="path7073"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 81.379011,91.931065 L 78.214821,64.046881 L 55.523838,56.869126 z"
+ id="path7075"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 41.341708,37.434209 L 13.877363,43.200977 L 55.283346,56.742618 z"
+ id="path7077"
+ style="opacity:1;fill:#f6e59d;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 29.616903,91.931065 L 32.781093,64.046881 L 55.472076,56.869126 z"
+ id="path7079"
+ style="opacity:1;fill:#f3df8b;fill-opacity:1;enable-background:new" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/logo.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/logo.png
new file mode 100644
index 0000000..66a3104
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/logo.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/note.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..d6c4518
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/note.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/note.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..70e43b6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/note.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="note.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/note.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata16">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="1024"
+ inkscape:window-width="1205"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="22.217181"
+ inkscape:cy="20"
+ inkscape:window-x="334"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective18" />
+ </defs>
+ <g
+ transform="matrix(0.468275,0,0,0.468275,-5.7626904,-7.4142703)"
+ id="layer1">
+ <g
+ transform="matrix(0.115136,0,0,0.115136,9.7283,21.77356)"
+ id="g8014"
+ style="enable-background:new">
+ <g
+ id="g8518"
+ style="opacity:1">
+ <path
+ d="M -2512.4524,56.33197 L 3090.4719,56.33197 L 3090.4719,4607.3813 L -2512.4524,4607.3813 L -2512.4524,56.33197 z"
+ transform="matrix(0.1104659,-2.3734892e-2,2.2163258e-2,0.1031513,308.46782,74.820675)"
+ id="rect8018"
+ style="fill:#ffe680;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ <g
+ transform="matrix(0.5141653,-7.1944682e-2,7.1944682e-2,0.5141653,146.04015,-82.639785)"
+ id="g8020">
+ <path
+ d="M 511.14114,441.25315 C 527.3248,533.52772 464.31248,622.82928 370.39916,640.71378 C 276.48584,658.59828 187.23462,598.29322 171.05095,506.01865 C 154.86728,413.74408 217.8796,324.44253 311.79292,306.55803 C 405.70624,288.67353 494.95747,348.97858 511.14114,441.25315 z"
+ id="path8022"
+ style="opacity:1;fill:#e0c96f;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(1.2585415,-0.2300055,0.2168789,1.1867072,-248.76141,68.254424)"
+ id="path8024"
+ style="opacity:1;fill:#c00000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 358.5625,281.15625 C 348.09597,281.05155 337.43773,281.94729 326.71875,283.90625 C 240.96686,299.57789 183.37901,377.92385 198.15625,458.78125 C 209.70749,521.98673 262.12957,567.92122 325.40625,577.5625 L 357.25,433.6875 L 509.34375,405.875 C 509.14405,404.58166 509.0804,403.29487 508.84375,402 C 495.91366,331.24978 431.82821,281.88918 358.5625,281.15625 z"
+ id="path8026"
+ style="opacity:1;fill:#b60000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 294.2107,361.9442 L 282.79367,370.38482 L 261.73414,386.13346 C 253.13706,404.40842 254.3359,423.7989 259.7176,444.39774 C 273.6797,497.83861 313.42636,523.96124 369.50989,517.58957 C 398.21848,514.32797 424.51832,504.67345 440.64696,484.15958 L 469.89512,447.48298 L 294.2107,361.9442 z"
+ id="path8028"
+ style="fill:#750000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.09999999;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-78.013985,79.234385)"
+ id="path8030"
+ style="opacity:1;fill:#d40000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-69.306684,71.273294)"
+ id="path8032"
+ style="opacity:1;fill:#e11212;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/red.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/red.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/shade.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/shade.png
new file mode 100644
index 0000000..a73afdf
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/shade.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/shine.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/shine.png
new file mode 100644
index 0000000..a18f7c4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/shine.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..d320f26
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..1ee5a29
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..1cd7332
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..122536d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..d5182b4
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..e8fd52b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="220"
+ height="70"
+ id="svg6180">
+ <defs
+ id="defs6182" />
+ <g
+ transform="translate(-266.55899,-345.34488)"
+ id="layer1">
+ <path
+ d="m 316.7736,397.581 c 0,0 0,0 -20.53889,0 0.3327,4.45245 3.92157,7.77609 8.70715,7.77609 3.38983,0 6.31456,-1.39616 8.64094,-3.65507 0.46553,-0.46679 0.99726,-0.59962 1.59519,-0.59962 0.79781,0 1.59561,0.39932 2.12692,1.06388 0.3327,0.46553 0.53216,0.99726 0.53216,1.52857 0,0.73118 -0.3327,1.52857 -0.93106,2.12734 -2.7919,2.99052 -7.51086,4.98503 -12.16403,4.98503 -8.44149,0 -15.22074,-6.77967 -15.22074,-15.22158 0,-8.44149 6.58022,-15.22074 15.02171,-15.22074 8.37529,0 14.62323,6.51317 14.62323,15.08749 0,1.26418 -1.12924,2.12861 -2.39258,2.12861 z m -12.23065,-11.76512 c -4.45329,0 -7.51085,2.92473 -8.17499,7.17731 10.03626,0 16.35083,0 16.35083,0 -0.59836,-4.05355 -3.78874,-7.17731 -8.17584,-7.17731 z"
+ id="path11"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 375.46344,410.80807 c -8.44106,0 -15.22074,-6.77968 -15.22074,-15.22159 0,-8.44149 6.77968,-15.22074 15.22074,-15.22074 8.44234,0 15.22159,6.77925 15.22159,15.22074 -4.2e-4,8.44149 -6.77968,15.22159 -15.22159,15.22159 z m 0,-24.65992 c -5.31688,0 -8.77377,4.25427 -8.77377,9.43833 0,5.18364 3.45689,9.43833 8.77377,9.43833 5.31731,0 8.77504,-4.25469 8.77504,-9.43833 -4.2e-4,-5.18406 -3.45773,-9.43833 -8.77504,-9.43833 z"
+ id="path13"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 412.66183,380.36574 c -4.45963,0 -7.40966,1.319 -10.01391,4.62956 l -0.24036,-1.53995 0,0 c -0.20198,-1.60743 -1.57326,-2.84926 -3.23382,-2.84926 -1.80139,0 -3.26206,1.459 -3.26206,3.26081 0,0.003 0,0.005 0,0.008 l 0,0 0,0.003 0,0 0,23.40712 c 0,1.79464 1.46194,3.25743 3.257,3.25743 1.79465,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-12.56209 c 0,-5.71621 4.98502,-8.57432 10.23613,-8.57432 1.59519,0 2.85726,-1.32953 2.85726,-2.92515 0,-1.59561 -1.26207,-2.85726 -2.85768,-2.85726 z"
+ id="path15"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 447.02614,395.58648 c 0.0666,-8.17541 -5.78326,-15.22074 -15.222,-15.22074 -8.44192,0 -15.28779,6.77925 -15.28779,15.22074 0,8.44191 6.64684,15.22159 14.68985,15.22159 4.01434,0 7.62682,-2.06621 9.23846,-4.22518 l 0.79359,2.01434 0,0 c 0.42589,1.13177 1.5176,1.93717 2.7978,1.93717 1.65001,0 2.98756,-1.33671 2.99009,-2.98545 l 0,0 0,-7.80687 0,0 0,-4.1556 z m -15.222,9.43833 c -5.31773,0 -8.77419,-4.25469 -8.77419,-9.43833 0,-5.18406 3.45604,-9.43833 8.77419,-9.43833 5.3173,0 8.77419,4.25427 8.77419,9.43833 0,5.18364 -3.45689,9.43833 -8.77419,9.43833 z"
+ id="path17"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 355.01479,368.3337 c 0,-1.7938 -1.46194,-3.18997 -3.25659,-3.18997 -1.79422,0 -3.25743,1.39659 -3.25743,3.18997 l 0,17.1499 c -1.66097,-3.05756 -5.25026,-5.11786 -9.50495,-5.11786 -8.64052,0 -14.42336,6.51318 -14.42336,15.22074 0,8.70757 5.98229,15.22159 14.42336,15.22159 3.76555,0 7.03057,-1.55429 8.98587,-4.25554 l 0.72317,1.83428 c 0.44782,1.25912 1.64917,2.16024 3.06051,2.16024 1.78621,0 3.24984,-1.45435 3.24984,-3.24815 0,-0.005 0,-0.009 0,-0.0139 l 0,0 0,-38.95128 -4.2e-4,0 z m -15.22116,36.69111 c -5.31731,0 -8.70715,-4.25469 -8.70715,-9.43833 0,-5.18406 3.38984,-9.43833 8.70715,-9.43833 5.31773,0 8.70714,4.0544 8.70714,9.43833 0,5.38309 -3.38941,9.43833 -8.70714,9.43833 z"
+ id="path19"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 287.21553,365.34023 c -0.59414,-0.0877 -1.19966,-0.13198 -1.80097,-0.13198 -6.73118,0 -12.20746,5.4767 -12.20746,12.20788 l 0,3.8132 -3.98903,0 c -1.46237,0 -2.65908,1.19671 -2.65908,2.65781 0,1.46321 1.19671,2.93738 2.65908,2.93738 l 3.98819,0 0,20.46004 c 0,1.79464 1.46236,3.25743 3.25658,3.25743 1.79507,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-20.46004 4.40986,0 c 1.46194,0 2.65823,-1.47417 2.65823,-2.93738 0,-1.46152 -1.19629,-2.65823 -2.65823,-2.65823 l -4.40733,0 0,-3.8132 c 0,-3.13852 2.55323,-6.11469 5.69175,-6.11469 0.28294,0 0.56757,0.0211 0.84672,0.062 1.78031,0.26355 3.4358,-0.54269 3.70019,-2.32342 0.2627,-1.77904 -0.96606,-3.43538 -2.74594,-3.69935 z"
+ id="path21"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 482.01243,363.57426 c 0,-10.06788 -8.16108,-18.22938 -18.22897,-18.22938 -10.06282,0 -18.22179,8.15475 -18.22854,18.21631 l -4.2e-4,-4.2e-4 0,14.1071 4.2e-4,4.2e-4 c 0.005,2.28463 1.85832,4.13409 4.14463,4.13409 0.007,0 0.0127,-8.4e-4 0.0194,-8.4e-4 l 0.001,8.4e-4 14.07083,0 0,0 c 10.06409,-0.004 18.22138,-8.16276 18.22138,-18.22812 z"
+ id="path25"
+ style="fill:#294172" />
+ <path
+ d="m 469.13577,349.66577 c -4.72528,0 -8.55576,3.83049 -8.55576,8.55577 0,0.002 0,0.004 0,0.006 l 0,4.52836 -4.51444,0 c -8.5e-4,0 -8.5e-4,0 -0.001,0 -4.72528,0 -8.55576,3.81193 -8.55576,8.53678 0,4.72528 3.83048,8.55577 8.55576,8.55577 4.72486,0 8.55534,-3.83049 8.55534,-8.55577 0,-0.002 0,-0.004 0,-0.006 l 0,-4.54733 4.51444,0 c 8.5e-4,0 0.001,0 0.002,0 4.72486,0 8.55534,-3.79296 8.55534,-8.51781 0,-4.72528 -3.83048,-8.55577 -8.55534,-8.55577 z m -8.55576,21.63483 c -0.004,2.48998 -2.02446,4.50811 -4.51571,4.50811 -2.49378,0 -4.53426,-2.02193 -4.53426,-4.5157 0,-2.49421 2.04048,-4.55366 4.53426,-4.55366 0.002,0 0.004,4.2e-4 0.006,4.2e-4 l 3.86971,0 c 0.001,0 0.002,-4.2e-4 0.003,-4.2e-4 0.35209,0 0.63799,0.28505 0.63799,0.63715 0,4.2e-4 -4.2e-4,8.4e-4 -4.2e-4,0.001 l 0,3.92284 -4.2e-4,0 z m 8.55534,-8.5448 c -0.001,0 -0.003,0 -0.004,0 l -3.87223,0 c -8.4e-4,0 -0.002,0 -0.002,0 -0.35252,0 -0.63757,-0.28506 -0.63757,-0.63758 l 0,-4.2e-4 0,-3.90343 c 0.004,-2.49083 2.02
446,-4.50854 4.51571,-4.50854 2.49378,0 4.53468,2.02193 4.53468,4.51613 4.2e-4,2.49336 -2.04048,4.53384 -4.53426,4.53384 z"
+ id="path29"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 460.58001,362.7558 0,-4.52836 c 0,-0.002 0,-0.004 0,-0.006 0,-4.72528 3.83048,-8.55577 8.55576,-8.55577 0.71685,0 1.22623,0.0805 1.88952,0.25469 0.96774,0.25385 1.75796,1.04618 1.75838,1.96922 4.2e-4,1.11575 -0.80919,1.92621 -2.0194,1.92621 -0.57642,0 -0.78473,-0.11048 -1.62892,-0.11048 -2.49125,0 -4.51149,2.01771 -4.51571,4.50854 l 0,3.90385 0,4.2e-4 c 0,0.35252 0.28505,0.63758 0.63757,0.63758 4.3e-4,0 0.001,0 0.002,0 l 2.96521,0 c 1.10521,0 1.99747,0.88467 1.99832,1.99283 0,1.10816 -0.89353,1.99114 -1.99832,1.99114 l -3.60489,0 0,4.54733 c 0,0.002 0,0.004 0,0.006 0,4.72485 -3.83048,8.55534 -8.55534,8.55534 -0.71684,0 -1.22623,-0.0805 -1.88952,-0.25469 -0.96774,-0.25343 -1.75838,-1.04618 -1.7588,-1.9688 0,-1.11575 0.80919,-1.92663 2.01982,-1.92663 0.576,0 0.78473,0.11048 1.6285,0.11048 2.49125,0 4.51191,-2.01771 4.51613,-4.50811 0,0 0,-3.92368 0,-3.9241 0,-0.35168 -0.2859,-0.63673 -0.63799,-0.63673 -4.3e-4,0 -8.5e-4,0 -0.002,0 l -2.96521,-4.2e-4 c -1.10521,0 -1.
99831,-0.88214 -1.99831,-1.9903 -4.3e-4,-1.11533 0.90238,-1.99367 2.01939,-1.99367 l 3.58339,0 0,0 z"
+ id="path31"
+ style="fill:#ffffff" />
+ <path
+ d="m 477.41661,378.55292 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="text6223"
+ style="fill:#294172;enable-background:new" />
+ </g>
+ <path
+ d="m 181.98344,61.675273 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="path2391"
+ style="fill:#294172;enable-background:new" />
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/warning.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..ce09951
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..5f2612c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="warning.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/warning.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2482">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="910"
+ inkscape:window-width="1284"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2484" />
+ </defs>
+ <g
+ transform="matrix(0.4536635,0,0,0.4536635,-5.1836431,-4.6889387)"
+ id="layer1">
+ <g
+ transform="translate(2745.6887,-1555.5977)"
+ id="g8304"
+ style="enable-background:new">
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.8233528,8.9983906e-3,-8.9983906e-3,0.8233528,-1398.5561,740.7914)"
+ id="path8034"
+ style="opacity:1;fill:#efd259;fill-opacity:1;stroke:#efd259;stroke-opacity:1" />
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.6467652,7.0684723e-3,-7.0684723e-3,0.6467652,-1675.7492,927.16391)"
+ id="path8036"
+ style="opacity:1;fill:#a42324;fill-opacity:1;stroke:#a42324;stroke-opacity:1" />
+ <path
+ d="M -2686.7886,1597.753 C -2686.627,1596.5292 -2686.5462,1595.6987 -2686.5462,1595.218 C -2686.5462,1593.1637 -2688.0814,1592.0711 -2690.9899,1592.0711 C -2693.8985,1592.0711 -2695.4336,1593.12 -2695.4336,1595.218 C -2695.4336,1595.961 -2695.3528,1596.7914 -2695.1912,1597.753 L -2692.929,1614.4491 L -2689.0508,1614.4491 L -2686.7886,1597.753"
+ id="path8038"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ <path
+ d="M -2690.9899,1617.8197 C -2693.6124,1617.8197 -2695.8118,1619.9346 -2695.8118,1622.6416 C -2695.8118,1625.3486 -2693.6124,1627.4635 -2690.9899,1627.4635 C -2688.2829,1627.4635 -2686.168,1625.264 -2686.168,1622.6416 C -2686.168,1619.9346 -2688.2829,1617.8197 -2690.9899,1617.8197"
+ id="path8040"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ </g>
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..0ead5af
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html b/public_html/en-US/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
new file mode 100644
index 0000000..d3a7faa
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.2. Secure Shell</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Data in Motion" /><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Data in Motion" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS Disk Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</h3></div></div></div><div class="para">
+ Secure Shell (SSH) is a powerful network protocol used to communicate with another system over a secure channel. The transmissions over SSH are encrypted and protected from interception. Cryptographic log-on can also be utilized to provide a better authentication method over traditional usernames and passwords.
+ </div><div class="para">
+ SSH is very easy to activate. By simply starting the sshd service, the system will begin to accept connections and will allow access to the system when a correct username and password is provided during the connection process. The standard TCP port for the SSH service is 22, however this can be changed by modifying the configuration file <span class="emphasis"><em>/etc/ssh/sshd_config</em></span> and restarting the service. This file also contains other configuration options for SSH.
+ </div><div class="para">
+ Secure Shell (SSH) also provides encrypted tunnels between computers but only using a single port. <a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software">Port forwarding can be done over an SSH tunnel</a> and traffic will be encrypted as it passes over that tunnel but using port forwarding is not as fluid as a VPN.
+ </div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon">4.2.2.1. Cryptographic Logon</h4></div></div></div><div class="para">
+ SSH supports the use of cryptographic keys to login to a computer. This is much more secure than using a password and if setup properly could be considered multifactor authentication.
+ </div><div class="para">
+ A configuration change must occur before cryptographic logon can occur. In the file <code class="filename">/etc/ssh/sshd_config</code> uncomment and modify the following lines so that appear as such:
+<pre class="screen">PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys</pre>
+ The first line tells the SSH program to allow public key authentication. The second line points to a file in the home directory where the public key of authorized key pairs exists on the system.
+ </div><div class="para">
+ The next thing to do is to generate the ssh key pairs on the client you will use to connect to the system. The command <code class="command">ssh-keygen</code> will generate an RSA 2048-bit key set for logging into the system. The keys are stored, by default, in the <code class="filename">~/.ssh</code> directory. You can utilize the switch <code class="command">-b</code> to modify the bit-strength of the key. 2048-bits is probably okay but you can go up to, and possibly beyond, 8192-bit keys.
+ </div><div class="para">
+ In your <code class="filename">~/.ssh</code> directory you should see the two keys you just created. If you accepted the defaults when running the <code class="command">ssh-keygen</code> then your keys are named <code class="filename">id_rsa</code> and <code class="filename">id_rsa.pub</code>, the private and public keys. You should always protect the private key from exposure. The public key, however, needs to be transfered over to the system you are going to login to. Once you have it on your system the easiest way to add the key to the approved list is by:
+<pre class="screen">$ cat id_rsa.pub >> ~/.ssh/authorized_keys</pre>
+ This will append the public key to the authorized_key file. The <span class="application"><strong>SSH</strong></span> application will check this file when you attempt to login to the computer.
+ </div><div class="para">
+ Similarly to passwords and any other authentication mechanism, you should change your <span class="application"><strong>SSH</strong></span> keys regularly. When you do make sure you clean out any unused key from the authorized_key file.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong>4.2. Data in Motion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong>4.2.3. LUKS Disk Encryption</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html b/public_html/en-US/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html
new file mode 100644
index 0000000..71ef196
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html
@@ -0,0 +1,403 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Data in Motion</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 4. Encryption" /><link rel="prev" href="chap-Security_Guide-Encryption.html" title="Chapter 4. Encryption" /><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="4.2.2. Secure Shell" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Prev</
strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div class="section" id="Security_Guide-Encryption-Data_in_Motion"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">4.2. Data in Motion</h2></div></div></div><div class="para">
+ Data in motion is data that is being transmitted over a network. The biggest threats to data in motion are interception and alteration. Your user name and password should never be transmitted over a network without protection as it could be intercepted and used by someone else to impersonate you or gain access to sensitive information. Other private information such as bank account information should also be protected when transmitted across a network. If the network session was encrypted then you would not have to worry as much about the data being compromised while it is being transmitted.
+ </div><div class="para">
+ Data in motion is particularly vulnerable to attackers because the attacker does not have to be near the computer in which the data is being stored rather they only have to be somewhere along the path. Encryption tunnels can protect data along the path of communications.
+ </div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</h3></div></div></div><div class="para">
+ Organizations with several satellite offices often connect to each other with dedicated lines for efficiency and protection of sensitive data in transit. For example, many businesses use frame relay or <em class="firstterm">Asynchronous Transfer Mode</em> (<acronym class="acronym">ATM</acronym>) lines as an end-to-end networking solution to link one office with others. This can be an expensive proposition, especially for small to medium sized businesses (<acronym class="acronym">SMB</acronym>s) that want to expand without paying the high costs associated with enterprise-level, dedicated digital circuits.
+ </div><div class="para">
+ To address this need, <em class="firstterm">Virtual Private Networks</em> (<abbr class="abbrev">VPN</abbr>s) were developed. Following the same functional principles as dedicated circuits, <abbr class="abbrev">VPN</abbr>s allow for secured digital communication between two parties (or networks), creating a <em class="firstterm">Wide Area Network</em> (<acronym class="acronym">WAN</acronym>) from existing <em class="firstterm">Local Area Networks</em> (<acronym class="acronym">LAN</acronym>s). Where it differs from frame relay or ATM is in its transport medium. <abbr class="abbrev">VPN</abbr>s transmit over IP using datagrams as the transport layer, making it a secure conduit through the Internet to an intended destination. Most free software <abbr class="abbrev">VPN</abbr> implementations incorporate open standard encryption methods to further mask data in transit.
+ </div><div class="para">
+ Some organizations employ hardware <abbr class="abbrev">VPN</abbr> solutions to augment security, while others use software or protocol-based implementations. Several vendors provide hardware <abbr class="abbrev">VPN</abbr> solutions, such as Cisco, Nortel, IBM, and Checkpoint. There is a free software-based <abbr class="abbrev">VPN</abbr> solution for Linux called FreeS/Wan that utilizes a standardized <em class="firstterm">Internet Protocol Security</em> (<abbr class="abbrev">IPsec</abbr>) implementation. These <abbr class="abbrev">VPN</abbr> solutions, irrespective of whether they are hardware or software based, act as specialized routers that exist between the IP connection from one office to another.
+ </div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">4.2.1.1. How Does a VPN Work?</h4></div></div></div><div class="para">
+ When a packet is transmitted from a client, it sends it through the <abbr class="abbrev">VPN</abbr> router or gateway, which adds an <em class="firstterm">Authentication Header</em> (<abbr class="abbrev">AH</abbr>) for routing and authentication. The data is then encrypted and, finally, enclosed with an <em class="firstterm">Encapsulating Security Payload</em> (<abbr class="abbrev">ESP</abbr>). This latter constitutes the decryption and handling instructions.
+ </div><div class="para">
+ The receiving <abbr class="abbrev">VPN</abbr> router strips the header information, decrypts the data, and routes it to its intended destination (either a workstation or other node on a network). Using a network-to-network connection, the receiving node on the local network receives the packets already decrypted and ready for processing. The encryption/decryption process in a network-to-network <abbr class="abbrev">VPN</abbr> connection is transparent to a local node.
+ </div><div class="para">
+ With such a heightened level of security, an attacker must not only intercept a packet, but decrypt the packet as well. Intruders who employ a man-in-the-middle attack between a server and client must also have access to at least one of the private keys for authenticating sessions. Because they employ several layers of authentication and encryption, <abbr class="abbrev">VPN</abbr>s are a secure and effective means of connecting multiple remote nodes to act as a unified intranet.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">4.2.1.2. VPNs and Fedora</h4></div></div></div><div class="para">
+ Fedora provides various options in terms of implementing a software solution to securely connect to a <acronym class="acronym">WAN</acronym>. <em class="firstterm">Internet Protocol Security</em> (<acronym class="acronym">IPsec</acronym>) is the supported <abbr class="abbrev">VPN</abbr> implementation for Fedora, and sufficiently addresses the usability needs of organizations with branch offices or remote users.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">4.2.1.3. IPsec</h4></div></div></div><div class="para">
+ Fedora supports <abbr class="abbrev">IPsec</abbr> for connecting remote hosts and networks to each other using a secure tunnel on a common carrier network such as the Internet. <abbr class="abbrev">IPsec</abbr> can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> to another) configuration.
+ </div><div class="para">
+ The <abbr class="abbrev">IPsec</abbr> implementation in Fedora uses <em class="firstterm">Internet Key Exchange</em> (<em class="firstterm">IKE</em>), a protocol implemented by the Internet Engineering Task Force (<acronym class="acronym">IETF</acronym>), used for mutual authentication and secure associations between connecting systems.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">4.2.1.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</h4></div></div></div><div class="para">
+ An <abbr class="abbrev">IPsec</abbr> connection is split into two logical phases. In phase 1, an <abbr class="abbrev">IPsec</abbr> node initializes the connection with the remote node or network. The remote node or network checks the requesting node's credentials and both parties negotiate the authentication method for the connection.
+ </div><div class="para">
+ On Fedora systems, an <abbr class="abbrev">IPsec</abbr> connection uses the <em class="firstterm">pre-shared key</em> method of <abbr class="abbrev">IPsec</abbr> node authentication. In a pre-shared key <abbr class="abbrev">IPsec</abbr> connection, both hosts must use the same key in order to move to Phase 2 of the <abbr class="abbrev">IPsec</abbr> connection.
+ </div><div class="para">
+ Phase 2 of the <abbr class="abbrev">IPsec</abbr> connection is where the <em class="firstterm">Security Association</em> (<acronym class="acronym">SA</acronym>) is created between <abbr class="abbrev">IPsec</abbr> nodes. This phase establishes an <abbr class="abbrev">SA</abbr> database with configuration information, such as the encryption method, secret session key exchange parameters, and more. This phase manages the actual <abbr class="abbrev">IPsec</abbr> connection between remote nodes and networks.
+ </div><div class="para">
+ The Fedora implementation of <abbr class="abbrev">IPsec</abbr> uses IKE for sharing keys between hosts across the Internet. The <code class="command">racoon</code> keying daemon handles the IKE key distribution and exchange. Refer to the <code class="command">racoon</code> man page for more information about this daemon.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">4.2.1.5. IPsec Installation</h4></div></div></div><div class="para">
+ Implementing <abbr class="abbrev">IPsec</abbr> requires that the <code class="filename">ipsec-tools</code> RPM package be installed on all <abbr class="abbrev">IPsec</abbr> hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the <abbr class="abbrev">IPsec</abbr> connection, including:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/setkey</code> — manipulates the key management and security attributes of <abbr class="abbrev">IPsec</abbr> in the kernel. This executable is controlled by the <code class="command">racoon</code> key management daemon. Refer to the <code class="command">setkey</code>(8) man page for more information.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/racoon</code> — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> — the <code class="command">racoon</code> daemon configuration file used to configure various aspects of the <abbr class="abbrev">IPsec</abbr> connection, including authentication methods and encryption algorithms used in the connection. Refer to the <code class="filename">racoon.conf</code>(5) man page for a complete listing of available directives.
+ </div></li></ul></div><div class="para">
+ To configure <abbr class="abbrev">IPsec</abbr> on Fedora, you can use the <span class="application"><strong>Network Administration Tool</strong></span>, or manually edit the networking and <abbr class="abbrev">IPsec</abbr> configuration files.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ To connect two network-connected hosts via IPsec, refer to <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">Section 4.2.1.6, “IPsec Host-to-Host Configuration”</a>.
+ </div></li><li class="listitem"><div class="para">
+ To connect one <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> to another via IPsec, refer to <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Section 4.2.1.7, “IPsec Network-to-Network Configuration”</a>.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">4.2.1.6. IPsec Host-to-Host Configuration</h4></div></div></div><div class="para">
+ IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of <abbr class="abbrev">IPsec</abbr> on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and Fedora to create the <abbr class="abbrev">IPsec</abbr> connection.
+ </div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">4.2.1.6.1. Host-to-Host Connection</h5></div></div></div><div class="para">
+ A host-to-host <abbr class="abbrev">IPsec</abbr> connection is an encrypted connection between two systems, both running <abbr class="abbrev">IPsec</abbr> with the same authentication key. With the <abbr class="abbrev">IPsec</abbr> connection active, any network traffic between the two hosts is encrypted.
+ </div><div class="para">
+ To configure a host-to-host <abbr class="abbrev">IPsec</abbr> connection, use the following steps for each host:
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You should perform the following procedures on the actual machine that you are configuring. Avoid attempting to configure and establish <abbr class="abbrev">IPsec</abbr> connections remotely.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In a command shell, type <code class="command">system-config-network</code> to start the <span class="application"><strong>Network Administration Tool</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>IPsec</strong></span> tab, click <span class="guibutton"><strong>New</strong></span> to start the <abbr class="abbrev">IPsec</abbr> configuration wizard.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to start configuring a host-to-host <abbr class="abbrev">IPsec</abbr> connection.
+ </div></li><li class="listitem"><div class="para">
+ Enter a unique name for the connection, for example, <strong class="userinput"><code>ipsec0</code></strong>. If required, select the check box to automatically activate the connection when the computer starts. Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ Select <span class="guilabel"><strong>Host to Host encryption</strong></span> as the connection type, and then click <span class="guibutton"><strong>Forward</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type"><div class="para">
+ Select the type of encryption to use: manual or automatic.
+ </div><div class="para">
+ If you select manual encryption, an encryption key must be provided later in the process. If you select automatic encryption, the <code class="command">racoon</code> daemon manages the encryption key. The <code class="filename">ipsec-tools</code> package must be installed if you want to use automatic encryption.
+ </div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ Enter the IP address of the remote host.
+ </div><div class="para">
+ To determine the IP address of the remote host, use the following command <span class="emphasis"><em>on the remote host</em></span>:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifconfig <em class="replaceable"><code><device></code></em></pre><div class="para">
+ where <em class="replaceable"><code><device></code></em> is the Ethernet device that you want to use for the <abbr class="abbrev">VPN</abbr> connection.
+ </div><div class="para">
+ If only one Ethernet card exists in the system, the device name is typically eth0. The following example shows the relevant information from this command (note that this is an example output only):
+ </div><pre class="screen">eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
+ inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0</pre><div class="para">
+ The IP address is the number following the <code class="computeroutput">inet addr:</code> label.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ For host-to-host connections, both hosts should have a public, routable address. Alternatively, both hosts can have a private, non-routable address (for example, from the 10.x.x.x or 192.168.x.x ranges) as long as they are on the same LAN.
+ </div><div class="para">
+ If the hosts are on different LANs, or one has a public address while the other has a private address, refer to <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Section 4.2.1.7, “IPsec Network-to-Network Configuration”</a>.
+ </div></div></div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys"><div class="para">
+ If manual encryption was selected in step <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type">6</a>, specify the encryption key to use, or click <span class="guibutton"><strong>Generate</strong></span> to create one.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Specify an authentication key or click <span class="guibutton"><strong>Generate</strong></span> to generate one. It can be any combination of numbers and letters.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li></ol></div></li><li class="listitem"><div class="para">
+ Verify the information on the <span class="guilabel"><strong>IPsec — Summary</strong></span> page, and then click <span class="guibutton"><strong>Apply</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Save</strong></span> to save the configuration.
+ </div><div class="para">
+ You may need to restart the network for the changes to take effect. To restart the network, use the following command:
+ </div><pre class="screen">[root at myServer ~]# service network restart</pre></li><li class="listitem"><div class="para">
+ Select the <abbr class="abbrev">IPsec</abbr> connection from the list and click the <span class="guibutton"><strong>Activate</strong></span> button.
+ </div></li><li class="listitem"><div class="para">
+ Repeat the entire procedure for the other host. It is essential that the same keys from step <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys">8</a> be used on the other hosts. Otherwise, <abbr class="abbrev">IPsec</abbr> will not work.
+ </div></li></ol></div><div class="para">
+ After configuring the <abbr class="abbrev">IPsec</abbr> connection, it appears in the <abbr class="abbrev">IPsec</abbr> list as shown in <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection">Figure 4.1, “IPsec Connection”</a>.
+ </div><div class="figure" id="figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_host2host.png" width="444" alt="IPsec Connection" /><div class="longdesc"><div class="para">
+ IPsec Connection
+ </div></div></div></div><h6>Figure 4.1. IPsec Connection</h6></div><br class="figure-break" /><div class="para">
+ The following files are created when the <abbr class="abbrev">IPsec</abbr> connection is configured:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/ifcfg-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/keys-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/<em class="replaceable"><code><remote-ip></code></em>.conf</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/psk.txt</code>
+ </div></li></ul></div><div class="para">
+ If automatic encryption is selected, <code class="filename">/etc/racoon/racoon.conf</code> is also created.
+ </div><div class="para">
+ When the interface is up, <code class="filename">/etc/racoon/racoon.conf</code> is modified to include <code class="filename"><em class="replaceable"><code><remote-ip></code></em>.conf</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">4.2.1.6.2. Manual <abbr class="abbrev">IPsec</abbr> Host-to-Host Configuration</h5></div></div></div><div class="para">
+ The first step in creating a connection is to gather system and network information from each workstation. For a host-to-host connection, you need the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The IP address of each host
+ </div></li><li class="listitem"><div class="para">
+ A unique name, for example, <code class="computeroutput">ipsec1</code>. This is used to identify the <abbr class="abbrev">IPsec</abbr> connection and to distinguish it from other devices or connections.
+ </div></li><li class="listitem"><div class="para">
+ A fixed encryption key or one automatically generated by <code class="command">racoon</code>.
+ </div></li><li class="listitem"><div class="para">
+ A pre-shared authentication key that is used during the initial stage of the connection and to exchange encryption keys during the session.
+ </div></li></ul></div><div class="para">
+ For example, suppose Workstation A and Workstation B want to connect to each other through an <abbr class="abbrev">IPsec</abbr> tunnel. They want to connect using a pre-shared key with the value of <code class="computeroutput">Key_Value01</code>, and the users agree to let <code class="command">racoon</code> automatically generate and share an authentication key between each host. Both host users decide to name their connections <code class="computeroutput">ipsec1</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You should choose a PSK that uses a mixture of upper- and lower-case characters, numbers and punctuation. An easily-guessable PSK constitutes a security risk.
+ </div><div class="para">
+ It is not necessary to use the same connection name for each host. You should choose a name that is convenient and meaningful for your installation.
+ </div></div></div><div class="para">
+ The following is the <abbr class="abbrev">IPsec</abbr> configuration file for Workstation A for a host-to-host <abbr class="abbrev">IPsec</abbr> connection with Workstation B. The unique name to identify the connection in this example is <em class="replaceable"><code>ipsec1</code></em>, so the resulting file is called <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec1</code>.
+ </div><pre class="screen">DST=<em class="replaceable"><code>X.X.X.X</code></em>TYPE=IPSEC
+ONBOOT=no
+IKE_METHOD=PSK</pre><div class="para">
+ For Workstation A, <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of Workstation B. For Workstation B, <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of Workstation A. This connection is not set to initiate on boot-up (<code class="computeroutput">ONBOOT=no</code>) and it uses the pre-shared key method of authentication (<code class="computeroutput">IKE_METHOD=PSK</code>).
+ </div><div class="para">
+ The following is the content of the pre-shared key file (called <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec1</code>) that both workstations need to authenticate each other. The contents of this file should be identical on both workstations, and only the root user should be able to read or write this file.
+ </div><pre class="screen">IKE_PSK=Key_Value01</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ To change the <code class="filename">keys-ipsec1</code> file so that only the root user can read or edit the file, use the following command after creating the file:
+ </div><pre class="screen">[root at myServer ~] # chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ To change the authentication key at any time, edit the <code class="filename">keys-ipsec1</code> file on both workstations. <span class="emphasis"><em>Both authentication keys must be identical for proper connectivity</em></span>.
+ </div><div class="para">
+ The next example shows the specific configuration for the phase 1 connection to the remote host. The file is called <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code>, where <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of the remote <abbr class="abbrev">IPsec</abbr> host. Note that this file is automatically generated when the <abbr class="abbrev">IPsec</abbr> tunnel is activated and should not be edited directly.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ The default phase 1 configuration file that is created when an <abbr class="abbrev">IPsec</abbr> connection is initialized contains the following statements used by the Fedora implementation of IPsec:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">remote <em class="replaceable"><code>X.X.X.X</code></em></span></dt><dd><div class="para">
+ Specifies that the subsequent stanzas of this configuration file apply only to the remote node identified by the <em class="replaceable"><code>X.X.X.X</code></em> IP address.
+ </div></dd><dt class="varlistentry"><span class="term">exchange_mode aggressive</span></dt><dd><div class="para">
+ The default configuration for <abbr class="abbrev">IPsec</abbr> on Fedora uses an aggressive authentication mode, which lowers the connection overhead while allowing configuration of several <abbr class="abbrev">IPsec</abbr> connections with multiple hosts.
+ </div></dd><dt class="varlistentry"><span class="term">my_identifier address</span></dt><dd><div class="para">
+ Specifies the identification method to use when authenticating nodes. Fedora uses IP addresses to identify nodes.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des</span></dt><dd><div class="para">
+ Specifies the encryption cipher used during authentication. By default, <em class="firstterm">Triple Data Encryption Standard</em> (<acronym class="acronym">3DES</acronym>) is used.
+ </div></dd><dt class="varlistentry"><span class="term">hash_algorithm sha1;</span></dt><dd><div class="para">
+ Specifies the hash algorithm used during phase 1 negotiation between nodes. By default, Secure Hash Algorithm version 1 is used.
+ </div></dd><dt class="varlistentry"><span class="term">authentication_method pre_shared_key</span></dt><dd><div class="para">
+ Specifies the authentication method used during node negotiation. By default, Fedora uses pre-shared keys for authentication.
+ </div></dd><dt class="varlistentry"><span class="term">dh_group 2</span></dt><dd><div class="para">
+ Specifies the Diffie-Hellman group number for establishing dynamically-generated session keys. By default, modp1024 (group 2) is used.
+ </div></dd></dl></div><div class="section" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h6 class="title" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File">4.2.1.6.2.1. The Racoon Configuration File</h6></div></div></div><div class="para">
+ The <code class="filename">/etc/racoon/racoon.conf</code> files should be identical on all <abbr class="abbrev">IPsec</abbr> nodes <span class="emphasis"><em>except</em></span> for the <code class="command">include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</code> statement. This statement (and the file it references) is generated when the <abbr class="abbrev">IPsec</abbr> tunnel is activated. For Workstation A, the <em class="replaceable"><code>X.X.X.X</code></em> in the <code class="command">include</code> statement is Workstation B's IP address. The opposite is true of Workstation B. The following shows a typical <code class="filename">racoon.conf</code> file when the <abbr class="abbrev">IPsec</abbr> connection is activated.
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/X.X.X.X.conf";</pre><div class="para">
+ This default <code class="filename">racoon.conf</code> file includes defined paths for <abbr class="abbrev">IPsec</abbr> configuration, pre-shared key files, and certificates. The fields in <code class="computeroutput">sainfo anonymous</code> describe the phase 2 SA between the <abbr class="abbrev">IPsec</abbr> nodes — the nature of the <abbr class="abbrev">IPsec</abbr> connection (including the supported encryption algorithms used) and the method of exchanging keys. The following list defines the fields of phase 2:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">sainfo anonymous</span></dt><dd><div class="para">
+ Denotes that SA can anonymously initialize with any peer provided that the <abbr class="abbrev">IPsec</abbr> credentials match.
+ </div></dd><dt class="varlistentry"><span class="term">pfs_group 2</span></dt><dd><div class="para">
+ Defines the Diffie-Hellman key exchange protocol, which determines the method by which the <abbr class="abbrev">IPsec</abbr> nodes establish a mutual temporary session key for the second phase of <abbr class="abbrev">IPsec</abbr> connectivity. By default, the Fedora implementation of <abbr class="abbrev">IPsec</abbr> uses group 2 (or <code class="computeroutput">modp1024</code>) of the Diffie-Hellman cryptographic key exchange groups. Group 2 uses a 1024-bit modular exponentiation that prevents attackers from decrypting previous <abbr class="abbrev">IPsec</abbr> transmissions even if a private key is compromised.
+ </div></dd><dt class="varlistentry"><span class="term">lifetime time 1 hour</span></dt><dd><div class="para">
+ This parameter specifies the lifetime of an SA and can be quantified either by time or by bytes of data. The default Fedora implementation of <abbr class="abbrev">IPsec</abbr> specifies a one hour lifetime.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des, blowfish 448, rijndael</span></dt><dd><div class="para">
+ Specifies the supported encryption ciphers for phase 2. Fedora supports 3DES, 448-bit Blowfish, and Rijndael (the cipher used in the <em class="firstterm">Advanced Encryption Standard</em>, or <acronym class="acronym">AES</acronym>).
+ </div></dd><dt class="varlistentry"><span class="term">authentication_algorithm hmac_sha1, hmac_md5</span></dt><dd><div class="para">
+ Lists the supported hash algorithms for authentication. Supported modes are sha1 and md5 hashed message authentication codes (HMAC).
+ </div></dd><dt class="varlistentry"><span class="term">compression_algorithm deflate</span></dt><dd><div class="para">
+ Defines the Deflate compression algorithm for IP Payload Compression (IPCOMP) support, which allows for potentially faster transmission of IP datagrams over slow connections.
+ </div></dd></dl></div><div class="para">
+ To start the connection, use the following command on each host:
+ </div><pre class="screen">[root at myServer ~]# /sbin/ifup <nickname></pre><div class="para">
+ where <nickname> is the name you specified for the <abbr class="abbrev">IPsec</abbr> connection.
+ </div><div class="para">
+ To test the <abbr class="abbrev">IPsec</abbr> connection, run the <code class="command">tcpdump</code> utility to view the network packets being transfered between the hosts and verify that they are encrypted via IPsec. The packet should include an AH header and should be shown as ESP packets. ESP means it is encrypted. For example:
+ </div><pre class="screen">[root at myServer ~]# tcpdump -n -i eth0 host <targetSystem>
+
+IP 172.16.45.107 > 172.16.44.192: AH(spi=0x0954ccb6,seq=0xbb): ESP(spi=0x0c9f2164,seq=0xbb)</pre></div></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">4.2.1.7. IPsec Network-to-Network Configuration</h4></div></div></div><div class="para">
+ IPsec can also be configured to connect an entire network (such as a <acronym class="acronym">LAN</acronym> or <acronym class="acronym">WAN</acronym>) to a remote network using a network-to-network connection. A network-to-network connection requires the setup of <abbr class="abbrev">IPsec</abbr> routers on each side of the connecting networks to transparently process and route information from one node on a <acronym class="acronym">LAN</acronym> to a node on a remote <acronym class="acronym">LAN</acronym>. <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection">Figure 4.2, “A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection”</a> shows a network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection.
+ </div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="A network-to-network IPsec tunneled connection" /><div class="longdesc"><div class="para">
+ A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection
+ </div></div></div></div><h6>Figure 4.2. A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection</h6></div><br class="figure-break" /><div class="para">
+ This diagram shows two separate <acronym class="acronym">LAN</acronym>s separated by the Internet. These <acronym class="acronym">LAN</acronym>s use <abbr class="abbrev">IPsec</abbr> routers to authenticate and initiate a connection using a secure tunnel through the Internet. Packets that are intercepted in transit would require brute-force decryption in order to crack the cipher protecting the packets between these <acronym class="acronym">LAN</acronym>s. The process of communicating from one node in the 192.168.1.0/24 IP range to another in the 192.168.2.0/24 range is completely transparent to the nodes as the processing, encryption/decryption, and routing of the <abbr class="abbrev">IPsec</abbr> packets are completely handled by the <abbr class="abbrev">IPsec</abbr> router.
+ </div><div class="para">
+ The information needed for a network-to-network connection include:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The externally-accessible IP addresses of the dedicated <abbr class="abbrev">IPsec</abbr> routers
+ </div></li><li class="listitem"><div class="para">
+ The network address ranges of the <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> served by the <abbr class="abbrev">IPsec</abbr> routers (such as 192.168.1.0/24 or 10.0.1.0/24)
+ </div></li><li class="listitem"><div class="para">
+ The IP addresses of the gateway devices that route the data from the network nodes to the Internet
+ </div></li><li class="listitem"><div class="para">
+ A unique name, for example, <code class="computeroutput">ipsec1</code>. This is used to identify the <abbr class="abbrev">IPsec</abbr> connection and to distinguish it from other devices or connections.
+ </div></li><li class="listitem"><div class="para">
+ A fixed encryption key or one automatically generated by <code class="command">racoon</code>
+ </div></li><li class="listitem"><div class="para">
+ A pre-shared authentication key that is used during the initial stage of the connection and to exchange encryption keys during the session.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection">4.2.1.7.1. Network-to-Network (<abbr class="abbrev">VPN</abbr>) Connection</h5></div></div></div><div class="para">
+ A network-to-network <abbr class="abbrev">IPsec</abbr> connection uses two <abbr class="abbrev">IPsec</abbr> routers, one for each network, through which the network traffic for the private subnets is routed.
+ </div><div class="para">
+ For example, as shown in <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec">Figure 4.3, “Network-to-Network IPsec”</a>, if the 192.168.1.0/24 private network sends network traffic to the 192.168.2.0/24 private network, the packets go through gateway0, to ipsec0, through the Internet, to ipsec1, to gateway1, and to the 192.168.2.0/24 subnet.
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> routers require publicly addressable IP addresses and a second Ethernet device connected to their respective private networks. Traffic only travels through an <abbr class="abbrev">IPsec</abbr> router if it is intended for another <abbr class="abbrev">IPsec</abbr> router with which it has an encrypted connection.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="Network-to-Network IPsec" /><div class="longdesc"><div class="para">
+ Network-to-Network IPsec
+ </div></div></div></div><h6>Figure 4.3. Network-to-Network IPsec</h6></div><br class="figure-break" /><div class="para">
+ Alternate network configuration options include a firewall between each IP router and the Internet, and an intranet firewall between each <abbr class="abbrev">IPsec</abbr> router and subnet gateway. The <abbr class="abbrev">IPsec</abbr> router and the gateway for the subnet can be one system with two Ethernet devices: one with a public IP address that acts as the <abbr class="abbrev">IPsec</abbr> router; and one with a private IP address that acts as the gateway for the private subnet. Each <abbr class="abbrev">IPsec</abbr> router can use the gateway for its private network or a public gateway to send the packets to the other <abbr class="abbrev">IPsec</abbr> router.
+ </div><div class="para">
+ Use the following procedure to configure a network-to-network <abbr class="abbrev">IPsec</abbr> connection:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In a command shell, type <code class="command">system-config-network</code> to start the <span class="application"><strong>Network Administration Tool</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>IPsec</strong></span> tab, click <span class="guibutton"><strong>New</strong></span> to start the <abbr class="abbrev">IPsec</abbr> configuration wizard.
+ </div></li><li class="listitem"><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to start configuring a network-to-network <abbr class="abbrev">IPsec</abbr> connection.
+ </div></li><li class="listitem"><div class="para">
+ Enter a unique nickname for the connection, for example, <strong class="userinput"><code>ipsec0</code></strong>. If required, select the check box to automatically activate the connection when the computer starts. Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ Select <span class="guilabel"><strong>Network to Network encryption (VPN)</strong></span> as the connection type, and then click <span class="guibutton"><strong>Forward</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n"><div class="para">
+ Select the type of encryption to use: manual or automatic.
+ </div><div class="para">
+ If you select manual encryption, an encryption key must be provided later in the process. If you select automatic encryption, the <code class="command">racoon</code> daemon manages the encryption key. The <code class="filename">ipsec-tools</code> package must be installed if you want to use automatic encryption.
+ </div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>Local Network</strong></span> page, enter the following information:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Local Network Address</strong></span> — The IP address of the device on the <abbr class="abbrev">IPsec</abbr> router connected to the private network.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Local Subnet Mask</strong></span> — The subnet mask of the local network IP address.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Local Network Gateway</strong></span> — The gateway for the private subnet.
+ </div></li></ul></div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Local_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_local.png" width="444" alt="Local Network Information" /><div class="longdesc"><div class="para">
+ Local Network Information
+ </div></div></div></div><h6>Figure 4.4. Local Network Information</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ On the <span class="guilabel"><strong>Remote Network</strong></span> page, enter the following information:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote IP Address</strong></span> — The publicly addressable IP address of the <abbr class="abbrev">IPsec</abbr> router for the <span class="emphasis"><em>other</em></span> private network. In our example, for ipsec0, enter the publicly addressable IP address of ipsec1, and vice versa.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote Network Address</strong></span> — The network address of the private subnet behind the <span class="emphasis"><em>other</em></span> <abbr class="abbrev">IPsec</abbr> router. In our example, enter <strong class="userinput"><code>192.168.1.0</code></strong> if configuring ipsec1, and enter <strong class="userinput"><code>192.168.2.0</code></strong> if configuring ipsec0.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote Subnet Mask</strong></span> — The subnet mask of the remote IP address.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Remote Network Gateway</strong></span> — The IP address of the gateway for the remote network address.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys-n"><div class="para">
+ If manual encryption was selected in step <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n">6</a>, specify the encryption key to use or click <span class="guibutton"><strong>Generate</strong></span> to create one.
+ </div><div class="para">
+ Specify an authentication key or click <span class="guibutton"><strong>Generate</strong></span> to generate one. This key can be any combination of numbers and letters.
+ </div></li></ul></div><div class="para">
+ Click <span class="guibutton"><strong>Forward</strong></span> to continue.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Remote_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_remote.png" width="444" alt="Remote Network Information" /><div class="longdesc"><div class="para">
+ Remote Network Information
+ </div></div></div></div><h6>Figure 4.5. Remote Network Information</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ Verify the information on the <span class="guilabel"><strong>IPsec — Summary</strong></span> page, and then click <span class="guibutton"><strong>Apply</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Select <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Save</strong></span> to save the configuration.
+ </div></li><li class="listitem"><div class="para">
+ Select the <abbr class="abbrev">IPsec</abbr> connection from the list, and then click <span class="guibutton"><strong>Activate</strong></span> to activate the connection.
+ </div></li><li class="listitem"><div class="para">
+ Enable IP forwarding:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Edit <code class="filename">/etc/sysctl.conf</code> and set <code class="computeroutput">net.ipv4.ip_forward</code> to <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Use the following command to enable the change:
+ </div><pre class="screen">[root at myServer ~]# /sbin/sysctl -p /etc/sysctl.conf</pre></li></ol></div></li></ol></div><div class="para">
+ The network script to activate the <abbr class="abbrev">IPsec</abbr> connection automatically creates network routes to send packets through the <abbr class="abbrev">IPsec</abbr> router if necessary.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">4.2.1.7.2. Manual <abbr class="abbrev">IPsec</abbr> Network-to-Network Configuration</h5></div></div></div><div class="para">
+ Suppose <acronym class="acronym">LAN</acronym> A (lana.example.com) and <acronym class="acronym">LAN</acronym> B (lanb.example.com) want to connect to each other through an <abbr class="abbrev">IPsec</abbr> tunnel. The network address for <acronym class="acronym">LAN</acronym> A is in the 192.168.1.0/24 range, while <acronym class="acronym">LAN</acronym> B uses the 192.168.2.0/24 range. The gateway IP address is 192.168.1.254 for <acronym class="acronym">LAN</acronym> A and 192.168.2.254 for <acronym class="acronym">LAN</acronym> B. The <abbr class="abbrev">IPsec</abbr> routers are separate from each <acronym class="acronym">LAN</acronym> gateway and use two network devices: eth0 is assigned to an externally-accessible static IP address which accesses the Internet, while eth1 acts as a routing point to process and transmit <acronym class="acronym">LAN</acronym> packets from one network node to the remote network nodes.
+ </div><div class="para">
+ The <abbr class="abbrev">IPsec</abbr> connection between each network uses a pre-shared key with the value of <code class="computeroutput">r3dh4tl1nux</code>, and the administrators of A and B agree to let <code class="command">racoon</code> automatically generate and share an authentication key between each <abbr class="abbrev">IPsec</abbr> router. The administrator of <acronym class="acronym">LAN</acronym> A decides to name the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec0</code>, while the administrator of <acronym class="acronym">LAN</acronym> B names the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec1</code>.
+ </div><div class="para">
+ The following example shows the contents of the <code class="filename">ifcfg</code> file for a network-to-network <abbr class="abbrev">IPsec</abbr> connection for <acronym class="acronym">LAN</acronym> A. The unique name to identify the connection in this example is <em class="replaceable"><code>ipsec0</code></em>, so the resulting file is called <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec0</code>.
+ </div><pre class="screen">TYPE=IPSEC
+ONBOOT=yes
+IKE_METHOD=PSK
+SRCGW=192.168.1.254
+DSTGW=192.168.2.254
+SRCNET=192.168.1.0/24
+DSTNET=192.168.2.0/24
+DST=<em class="replaceable"><code>X.X.X.X</code></em></pre><div class="para">
+ The following list describes the contents of this file:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">TYPE=IPSEC</span></dt><dd><div class="para">
+ Specifies the type of connection.
+ </div></dd><dt class="varlistentry"><span class="term">ONBOOT=yes</span></dt><dd><div class="para">
+ Specifies that the connection should initiate on boot-up.
+ </div></dd><dt class="varlistentry"><span class="term">IKE_METHOD=PSK</span></dt><dd><div class="para">
+ Specifies that the connection uses the pre-shared key method of authentication.
+ </div></dd><dt class="varlistentry"><span class="term">SRCGW=192.168.1.254</span></dt><dd><div class="para">
+ The IP address of the source gateway. For LAN A, this is the LAN A gateway, and for LAN B, the LAN B gateway.
+ </div></dd><dt class="varlistentry"><span class="term">DSTGW=192.168.2.254</span></dt><dd><div class="para">
+ The IP address of the destination gateway. For LAN A, this is the LAN B gateway, and for LAN B, the LAN A gateway.
+ </div></dd><dt class="varlistentry"><span class="term">SRCNET=192.168.1.0/24</span></dt><dd><div class="para">
+ Specifies the source network for the <abbr class="abbrev">IPsec</abbr> connection, which in this example is the network range for LAN A.
+ </div></dd><dt class="varlistentry"><span class="term">DSTNET=192.168.2.0/24</span></dt><dd><div class="para">
+ Specifies the destination network for the <abbr class="abbrev">IPsec</abbr> connection, which in this example is the network range for <acronym class="acronym">LAN</acronym> B.
+ </div></dd><dt class="varlistentry"><span class="term">DST=X.X.X.X</span></dt><dd><div class="para">
+ The externally-accessible IP address of <acronym class="acronym">LAN</acronym> B.
+ </div></dd></dl></div><div class="para">
+ The following example is the content of the pre-shared key file called <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec<em class="replaceable"><code>X</code></em></code> (where <em class="replaceable"><code>X</code></em> is 0 for <acronym class="acronym">LAN</acronym> A and 1 for <acronym class="acronym">LAN</acronym> B) that both networks use to authenticate each other. The contents of this file should be identical and only the root user should be able to read or write this file.
+ </div><pre class="screen">IKE_PSK=r3dh4tl1nux</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ To change the <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> file so that only the root user can read or edit the file, use the following command after creating the file:
+ </div><pre class="screen">chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ To change the authentication key at any time, edit the <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> file on both <abbr class="abbrev">IPsec</abbr> routers. <span class="emphasis"><em>Both keys must be identical for proper connectivity</em></span>.
+ </div><div class="para">
+ The following example is the contents of the <code class="filename">/etc/racoon/racoon.conf</code> configuration file for the <abbr class="abbrev">IPsec</abbr> connection. Note that the <code class="computeroutput">include</code> line at the bottom of the file is automatically generated and only appears if the <abbr class="abbrev">IPsec</abbr> tunnel is running.
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</pre><div class="para">
+ The following is the specific configuration for the connection to the remote network. The file is called <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> (where <em class="replaceable"><code>X.X.X.X</code></em> is the IP address of the remote <abbr class="abbrev">IPsec</abbr> router). Note that this file is automatically generated when the <abbr class="abbrev">IPsec</abbr> tunnel is activated and should not be edited directly.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ Prior to starting the <abbr class="abbrev">IPsec</abbr> connection, IP forwarding should be enabled in the kernel. To enable IP forwarding:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Edit <code class="filename">/etc/sysctl.conf</code> and set <code class="computeroutput">net.ipv4.ip_forward</code> to <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Use the following command to enable the change:
+ </div><pre class="screen">[root at myServer ~] # sysctl -p /etc/sysctl.conf</pre></li></ol></div><div class="para">
+ To start the <abbr class="abbrev">IPsec</abbr> connection, use the following command on each router:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup ipsec0</pre><div class="para">
+ The connections are activated, and both <acronym class="acronym">LAN</acronym> A and <acronym class="acronym">LAN</acronym> B are able to communicate with each other. The routes are created automatically via the initialization script called by running <code class="command">ifup</code> on the <abbr class="abbrev">IPsec</abbr> connection. To show a list of routes for the network, use the following command:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ip route list</pre><div class="para">
+ To test the <abbr class="abbrev">IPsec</abbr> connection, run the <code class="command">tcpdump</code> utility on the externally-routable device (eth0 in this example) to view the network packets being transfered between the hosts (or networks), and verify that they are encrypted via IPsec. For example, to check the <abbr class="abbrev">IPsec</abbr> connectivity of <acronym class="acronym">LAN</acronym> A, use the following command:
+ </div><pre class="screen">[root at myServer ~] # tcpdump -n -i eth0 host <em class="replaceable"><code>lana.example.com</code></em></pre><div class="para">
+ The packet should include an AH header and should be shown as ESP packets. ESP means it is encrypted. For example (back slashes denote a continuation of one line):
+ </div><pre class="screen">12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \
+ lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \
+ (ipip-proto-4)</pre></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">4.2.1.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</h4></div></div></div><div class="para">
+ If the <abbr class="abbrev">IPsec</abbr> connection was not configured to activate on boot, you can control it from the command line.
+ </div><div class="para">
+ To start the connection, use the following command on each host for host-to-host IPsec, or each <abbr class="abbrev">IPsec</abbr> router for network-to-network IPsec:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup <em class="replaceable"><code><nickname></code></em></pre><div class="para">
+ where <em class="replaceable"><code><nickname></code></em> is the nickname configured earlier, such as <code class="computeroutput">ipsec0</code>.
+ </div><div class="para">
+ To stop the connection, use the following command:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifdown <em class="replaceable"><code><nickname></code></em></pre></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Prev</strong>Chapter 4. Encryption</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong>4.2.2. Secure Shell</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/apas02.html b/public_html/en-US/Fedora/18/html/Security_Guide/apas02.html
new file mode 100644
index 0000000..2f42f18
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/apas02.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2. Public-key Encryption</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Encryption_Standards.html" title="Appendix A. Encryption Standards" /><link rel="prev" href="chap-Security_Guide-Encryption_Standards.html" title="Appendix A. Encryption Standards" /><link rel="next" href="apas02s02.html" title="A.2.2. RSA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption_Standards.html"><strong>Prev</s
trong></a></li><li class="next"><a accesskey="n" href="apas02s02.html"><strong>Next</strong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm24478320">A.2. Public-key Encryption</h2></div></div></div><div class="para">
+ Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.<sup>[<a id="idm23260176" href="#ftn.idm23260176" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.<sup>[<a id="idm23257472" href="#ftn.idm23257472" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.<sup>[<a id="idm68258976" href="#ftn.idm68258976" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.<sup>[<a id="idm12286960" href="#ftn.idm12286960" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence.<sup>[<a id="idm18582112" href="#ftn.idm18582112" class="footnote">25</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm18579936">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.<sup>[<a id="idm18578512" href="#ftn.idm18578512" class="footnote">26</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm35540096">A.2.1.1. Diffie-Hellman History</h4></div></div></div><div class="para">
+ The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).<sup>[<a id="idm35538528" href="#ftn.idm35538528" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).<sup>[<a id="idm5849872" href="#ftn.idm5849872" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors.<sup>[<a id="idm5847280" href="#ftn.idm5847280" class="footnote">29</a>]</sup>
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm23260176" href="#idm23260176" class="para">21</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm23257472" href="#idm23257472" class="para">22</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm68258976" href="#idm68258976" class="para">23</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm12286960" href="#idm12286960" class="para">24</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm18582112" href="#idm18582112" class="para">25</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm18578512" href="#idm18578512" class="para">26</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm35538528" href="#idm35538528" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm5849872" href="#idm5849872" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm5847280" href="#idm5847280" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption_Standards.html"><strong>Prev</strong>Appendix A. Encryption Standards</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="apas02s02.html"><strong>Next</strong>A.2.2. RSA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/apas02s02.html b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s02.html
new file mode 100644
index 0000000..f0019a6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s02.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.2. RSA</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="apas02.html" title="A.2. Public-key Encryption" /><link rel="prev" href="apas02.html" title="A.2. Public-key Encryption" /><link rel="next" href="apas02s03.html" title="A.2.3. DSA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="apas02s03.html"><strong>Next</strong></a></li></ul><div class
="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm14596160">A.2.2. RSA</h3></div></div></div><div class="para">
+ In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it; see below) is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.<sup>[<a id="idm14594592" href="#ftn.idm14594592" class="footnote">30</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm14594592" href="#idm14594592" class="para">30</a>] </sup>
+ "RSA" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/RSA">http://en.wikipedia.org/wiki/RSA</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02.html"><strong>Prev</strong>A.2. Public-key Encryption</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="apas02s03.html"><strong>Next</strong>A.2.3. DSA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/apas02s03.html b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s03.html
new file mode 100644
index 0000000..c07f2ff
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s03.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.3. DSA</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="apas02.html" title="A.2. Public-key Encryption" /><link rel="prev" href="apas02s02.html" title="A.2.2. RSA" /><link rel="next" href="apas02s04.html" title="A.2.4. SSL/TLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="apas02s04.html"><strong>Next</strong></a></li></ul><div class="sect
ion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm35476816">A.2.3. DSA</h3></div></div></div><div class="para">
+ The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. A minor revision was issued in 1996 as FIPS 186-1. The standard was expanded further in 2000 as FIPS 186-2 and again in 2009 as FIPS 186-3.<sup>[<a id="idm35475264" href="#ftn.idm35475264" class="footnote">31</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm35475264" href="#idm35475264" class="para">31</a>] </sup>
+ "Digital Signature Algorithm" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">http://en.wikipedia.org/wiki/Digital_Signature_Algorithm</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s02.html"><strong>Prev</strong>A.2.2. RSA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="apas02s04.html"><strong>Next</strong>A.2.4. SSL/TLS</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/apas02s04.html b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s04.html
new file mode 100644
index 0000000..24099c9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s04.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.4. SSL/TLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="apas02.html" title="A.2. Public-key Encryption" /><link rel="prev" href="apas02s03.html" title="A.2.3. DSA" /><link rel="next" href="apas02s05.html" title="A.2.5. Cramer-Shoup Cryptosystem" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="apas02s05.html"><strong>Next</strong></a></li></u
l><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm18826512">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. Several versions of the protocols are in widespread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). TLS is an IETF standards track protocol, last updated in RFC 5246, that was based on the earlier SSL specifications developed by Netscape Corporation.
+ </div><div class="para">
+ The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS provides RSA security with 1024 and 2048 bit strengths.
+ </div><div class="para">
+ In typical end-user/browser usage, TLS authentication is unilateral: only the server is authenticated (the client knows the server's identity), but not vice versa (the client remains unauthenticated or anonymous).
+ </div><div class="para">
+ TLS also supports the more secure bilateral connection mode (typically used in enterprise applications), in which both ends of the "conversation" can be assured with whom they are communicating (provided they diligently scrutinize the identity information in the other party's certificate). This is known as mutual authentication, or 2SSL. Mutual authentication requires that the TLS client-side also hold a certificate (which is not usually the case in the end-user/browser scenario). Unless, that is, TLS-PSK, the Secure Remote Password (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates.
+ </div><div class="para">
+ Typically, the key information and certificates necessary for TLS are handled in the form of X.509 certificates, which define required fields and data formats.
+ </div><div class="para">
+ SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers.<sup>[<a id="idm38031920" href="#ftn.idm38031920" class="footnote">32</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm38031920" href="#idm38031920" class="para">32</a>] </sup>
+ "Transport Layer Security" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">http://en.wikipedia.org/wiki/Transport_Layer_Security</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s03.html"><strong>Prev</strong>A.2.3. DSA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="apas02s05.html"><strong>Next</strong>A.2.5. Cramer-Shoup Cryptosystem</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/apas02s05.html b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s05.html
new file mode 100644
index 0000000..6b8c8b2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s05.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.5. Cramer-Shoup Cryptosystem</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="apas02.html" title="A.2. Public-key Encryption" /><link rel="prev" href="apas02s04.html" title="A.2.4. SSL/TLS" /><link rel="next" href="apas02s06.html" title="A.2.6. ElGamal Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s04.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="apas02s06.html"><strong>Next</strong></a></li></ul><
div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm42384160">A.2.5. Cramer-Shoup Cryptosystem</h3></div></div></div><div class="para">
+ The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a collision-resistant hash function and additional computations, resulting in a ciphertext which is twice as large as in Elgamal.<sup>[<a id="idm42382288" href="#ftn.idm42382288" class="footnote">33</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm42382288" href="#idm42382288" class="para">33</a>] </sup>
+ "Cramer–Shoup cryptosystem" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem">http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s04.html"><strong>Prev</strong>A.2.4. SSL/TLS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="apas02s06.html"><strong>Next</strong>A.2.6. ElGamal Encryption</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/apas02s06.html b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s06.html
new file mode 100644
index 0000000..890698e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/apas02s06.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.6. ElGamal Encryption</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="apas02.html" title="A.2. Public-key Encryption" /><link rel="prev" href="apas02s05.html" title="A.2.5. Cramer-Shoup Cryptosystem" /><link rel="next" href="appe-Publican-Revision_History.html" title="Appendix B. Revision History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s05.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="appe-Publ
ican-Revision_History.html"><strong>Next</strong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm18477776">A.2.6. ElGamal Encryption</h3></div></div></div><div class="para">
+ In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie-Hellman key agreement. It was described by Taher Elgamal in 1985.[1] ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption.<sup>[<a id="idm18476208" href="#ftn.idm18476208" class="footnote">34</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm18476208" href="#idm18476208" class="para">34</a>] </sup>
+ "ElGamal encryption" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/ElGamal_encryption">http://en.wikipedia.org/wiki/ElGamal_encryption</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s05.html"><strong>Prev</strong>A.2.5. Cramer-Shoup Cryptosystem</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-Publican-Revision_History.html"><strong>Next</strong>Appendix B. Revision History</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html b/public_html/en-US/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html
new file mode 100644
index 0000000..90252fb
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix B. Revision History</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="apas02s06.html" title="A.2.6. ElGamal Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s06.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div xml:lang="en-US" class="appendix" id="appe-Publican-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revis
ion History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 18.0-1</td><td align="left">Sat October 6 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed Basic Hardening chapter (BZ 841825 and 693620).</td></tr><tr><td>Fixed broken LUKS link (BZ 846299).</td></tr><tr><td>Added GUI section to 7 Zip chapter (BZ 854781).</td></tr><tr><td>Fixed yum-plugin-security chapter (BZ 723282).</td></tr><tr><td>Fixed GPG CLI command screen (BZ 590493).</td></tr><tr><td>Improved Yubikey section (BZ 644238).</td></tr><tr><td>Fixed typos (BZ 863636).</td></tr><tr><td>Removed wiki markup found in some chapters.</td></tr><tr><td>Updated the Seahorse instructions.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 17.0-1</td><td align="left">Tue January 24 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched for Fedora 17.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 16.0-1</td><td align="left">Fri September 09 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched for Fedora 16.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.3-1</td><td align="left">Sat Apr 02 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Moved VPN text to the Encryption chapter and reformated.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.2-1</td><td align="left">Wed Oct 20 2010</td><td align="left"><span class="author"><span class="firstname">Zach</span> <span class="surname">Oglesby</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added text for using Yubikey on Fedora with local authentication. (BZ 644999)</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.2-0</td><td align="left">Fri Oct 6 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed all variables in the document source.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.1-2</td><td align="left">Fri Oct 1 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corrected the link to the DISA Unix Checklist and updated link.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.1-1</td><td align="left">Wed Jul 8 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added CVE chapter.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 14.0-1</td><td align="left">Fri May 28 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched for Fedora 14</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-7</td><td align="left">Fri May 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed "bug" text from 7-Zip chapter per bug 591980.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-6</td><td align="left">Wed Apr 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Completed the encryption standards appendix.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added "Using GPG with Alpine".</td></tr><tr><td>Added "Using GPG with Evolution".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired issues regarding untranslatable text in para.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Removed the PackageKit vulnerability text seen in Fedora 12.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added the Revision History to the end of the document.</td></tr><tr><td>Added the Encryption Standards appendix.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 branch.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated the section "Local users may install trusted packages" to the latest fix, again.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated the section "Local users may install trusted packages" to the latest fix.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added section "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added information from Wikipedia to the Encryption Standards appendix.</td></tr><tr><td>Added Adam Ligas to the author page for his role in developing the 7-Zip portions.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Updated license to CC-BY-SA.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed issues related to Bug 515043.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired vendor information in SPEC.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="firstname">Fedora</span> <span class="surname">Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Added "desktop-file-utils" to BUILDREQUIRES on the spec</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Remove more rhel specifics, major review and remove draft, ready for push</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Lots of minor fixes</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>new screenshots from F11 replacing existing/older ones</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>LUKS specifics to Fedora 9 modified to include later releases as well.</td></tr><tr><td>Fix 404s in reference section, mainly bad NSA links.</td></tr><tr><td>minor formatting changes.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fixed missing firewall setup screenshot.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Repaired items found to be incorrect during validation. Many Red Hat references have been changed to Fedora references.</td></tr></table>
+
+ </td></tr></table></div>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s06.html"><strong>Prev</strong>A.2.6. ElGamal Encryption</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
new file mode 100644
index 0000000..fe2ae2f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. Basic Hardening Guide</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html" title="1.5.4. Applying the Changes" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html" title="2.2. Why is this important?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-U
pdating_Packages-Applying_the_Changes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Basic_Hardening" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Basic Hardening Guide</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Basic_Hardening.html#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. General Principles</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html">2.2. Why is this important?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security.html">2.3. Physical Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-
Physical_Security-Why_is_this_important.html">2.4. Why this is important</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html">2.5. What else can I do?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Up_to_date.html">2.7. Keeping software up to date</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Services.html">2.8. Services</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Har
dening-NTP.html">2.9. NTP</a></span></dt></dl></div><div class="para">
+ The <a href="http://www.nsa.gov">US National Security Agency</a> (NSA) has developed two guides for hardening a default installation of Red Hat Enterprise Linux 5. Many of the tips provided in these guides are also valid for installations of Fedora. This Basic Hardening Guide will cover portions of the NSA's Hardening Tips and will explain why implementing these tips are important. This document does not represent the full NSA Hardening Guide.
+ </div><div class="para">
+ As with any change to a system these changes could cause unintended results. Changes should be evaluated for appropriateness on your system before implementing.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles">2.1. General Principles</h2></div></div></div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Encrypt all data transmitted over the network. Encrypting authentication information (such as passwords) is particularly important.</td></tr><tr><td>Minimize the amount of software installed and running in order to minimize vulnerability.</td></tr><tr><td>Use security-enhancing software and tools whenever available (e.g. SELinux and IPTables).</td></tr><tr><td>Run each network service on a separate server whenever possible. This minimizes the risk that a compromise of one service could lead to a compromise of others.</td></tr><tr><td>Maintain user accounts. Create a good password policy and enforce its use. Delete unused user accounts.</td></tr><tr><td>Review system and application logs on a routine basis. Send logs to a dedicated log server. This prevents intruders from easily avoiding detection by modifying the local logs.</td></tr><tr><td>Never log in directly as root, unless absolutely necessary. Admin
istrators should use <code class="command">sudo</code> to execute commands as root when required. The accounts capable of using sudo are specified in <code class="filename">/etc/sudoers</code>, which is edited with the visudo utility. By default, relevant logs are written to <code class="filename">/var/log/secure</code>.</td></tr></table>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Prev</strong>1.5.4. Applying the Changes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Next</strong>2.2. Why is this important?</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html
new file mode 100644
index 0000000..cafdf5b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Common Vulnerabilities and Exposures</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="7.4. Install Signed Packages from Well Known Repositories" /><link rel="next" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html" title="8.2. Using yum-plugin-security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-CVE" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Common Vulnerabilities and Exposures</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">8.1. YUM Plugin</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html">8.2. Using yum-plugin-security</a></span></dt></dl></div><div class="para">
+ The Common Vulnerabilities and Exposures or CVE system provides a reference method for publicly-known information security vulnerabilities and exposures. ITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
+ </div><div class="para">
+ MITRE Corporation assigns a CVE identifier to every vulnerability or exposure. The CVE is used to track the vulnerability through different pieces of software, as a single CVE can affect multiple software packages and multiple vendors.
+ </div><div class="section" id="sect-Security_Guide-CVE-yum_plugin"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin">8.1. YUM Plugin</h2></div></div></div><div class="para">
+ The <span class="package">yum-plugin-security</span> package is a feature of Fedora. If installed, the yum module provided by this package can be used to limit yum to retrieve only security-related updates. It can also be used to provide information about which Red Hat advisory, which bug in Red Hat’s Bugzilla database, or which CVE number from MITRE’s Common Vulnerabilities and Exposures directory is addressed by a package update.
+ </div><div class="para">
+ Enabling these features is as simple as running the <code class="command">yum install yum-plugin-security</code> command.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong>7.4. Install Signed Packages from Well Known Repo...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>Next</strong>8.2. Using yum-plugin-security</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html
new file mode 100644
index 0000000..14c6c56
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. Encryption</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="3.9.6.2. Useful IP Tables Websites" /><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Data in Motion" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP
_Tables_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Encryption" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Data at Rest</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. File Based Encryption</a></span></dt></dl></dd><dt><span class="section"><a href="Security_Guide-Encryption-Da
ta_in_Motion.html">4.2. Data in Motion</a></span></dt><dd><dl><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">4.2.3. LUKS Disk Encryption</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">4.2.4. 7-Zip Encrypted Archives</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">4.2.5. Using GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></div><div class="para">
+ There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Data_at_Rest"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">4.1. Data at Rest</h2></div></div></div><div class="para">
+ Data at rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This information's biggest threat comes from being physically stolen. Laptops in airports, CDs going through the mail, and backup tapes that get left in the wrong places are all examples of events where data can be compromised through theft. If the data was encrypted on the media then you wouldn't have to worry as much about the data being compromised.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Full Disk Encryption</h3></div></div></div><div class="para">
+ Full disk or partition encryption is one of the best ways of protecting your data. Not only is each file protected but also the temporary storage that may contain parts of these files is also protected. Full disk encryption will protect all of your files so you don't have to worry about selecting what you want to protect and possibly missing a file.
+ </div><div class="para">
+ Fedora 9, and later, natively supports LUKS Encryption. LUKS will bulk encrypt your hard drive partitions so that while your computer is off your data is protected. This will also protect your computer from attackers attempting to use single-user-mode to login to your computer or otherwise gain access.
+ </div><div class="para">
+ Full disk encryption solutions like LUKS only protect the data when your computer is off. Once the computer is on and LUKS has decrypted the disk, the files on that disk are available to anyone who would normally have access to them. To protect your files when the computer is on, use full disk encryption in combination with another solution such as file based encryption. Also remember to lock your computer whenever you are away from it. A passphrase protected screen saver set to activate after a few minutes of inactivity is a good way to keep intruders out.
+ </div></div><div class="section" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. File Based Encryption</h3></div></div></div><div class="para">
+ GnuPG (GPG) is an open source version of PGP that allows you to sign and/or encrypt a file or an email message. This is useful to maintain integrity of the message or file and also protects the confidentiality of the information contained within the file or email. In the case of email, GPG provides dual protection. Not only can it provide Data at Rest protection but also Data In Motion protection once the message has been sent across the network.
+ </div><div class="para">
+ File based encryption is intended to protect a file after it has left your computer, such as when you send a CD through the mail. Some file based encryption solutions will leave remnants of the encrypted files that an attacker who has physical access to your computer can recover under some circumstances. To protect the contents of those files from attackers who may have access to your computer, use file based encryption combined with another solution such as full disk encryption.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong>3.9.6.2. Useful IP Tables Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong>4.2. Data in Motion</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html
new file mode 100644
index 0000000..2f91e26
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix A. Encryption Standards</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="chap-Security_Guide-References.html" title="Chapter 9. References" /><link rel="next" href="apas02.html" title="A.2. Public-key Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-References.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="apas02.html"><stro
ng>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="chap-Security_Guide-Encryption_Standards" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Encryption Standards</h1></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm33822784">A.1. Synchronous Encryption</h2></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm32999424">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).<sup>[<a id="idm29935440" href="#ftn.idm29935440" class="footnote">15</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm68222768">A.1.1.1. AES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm66620032">A.1.1.2. AES History</h4></div></div></div><div class="para">
+ AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below).<sup>[<a id="idm20990912" href="#ftn.idm20990912" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rɛindaːl]) is a portmanteau of the names of the two inventors.<sup>[<a id="idm24734464" href="#ftn.idm24734464" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm30483360">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.<sup>[<a id="idm61761872" href="#ftn.idm61761872" class="footnote">18</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm25571584">A.1.2.1. DES Uses</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm39189744">A.1.2.2. DES History</h4></div></div></div><div class="para">
+ DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES).<sup>[<a id="idm39188000" href="#ftn.idm39188000" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ˌdiːˌiːˈɛs/), or pronounced as a one-syllable acronym (/ˈdɛz/).<sup>[<a id="idm24480976" href="#ftn.idm24480976" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm29935440" href="#idm29935440" class="para">15</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm20990912" href="#idm20990912" class="para">16</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm24734464" href="#idm24734464" class="para">17</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm61761872" href="#idm61761872" class="para">18</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm39188000" href="#idm39188000" class="para">19</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm24480976" href="#idm24480976" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-References.html"><strong>Prev</strong>Chapter 9. References</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="apas02.html"><strong>Next</strong>A.2. Public-key Encryption</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html
new file mode 100644
index 0000000..656ab26
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. General Principles of Information Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="4.2.5.7. About Public Key Encryption" /><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 6. Secure Installation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Usin
g_GPG-About_Public_Key_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-General_Principles_of_Information_Security" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. General Principles of Information Security</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Tips, Guides, and Tools</a></span></dt></dl></div><div class="para">
+ The following general principals provide an overview of good security practices:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ encrypt all data transmitted over networks to help prevent man-in-the-middle attacks and eavesdropping. It is important to encrypt authentication information, such as passwords.
+ </div></li><li class="listitem"><div class="para">
+ minimize the amount of software installed and running services.
+ </div></li><li class="listitem"><div class="para">
+ use security-enhancing software and tools, for example, Security-Enhanced Linux (SELinux) for Mandatory Access Control (MAC), Netfilter iptables for packet filtering (firewall), and the GNU Privacy Guard (GnuPG) for encrypting files.
+ </div></li><li class="listitem"><div class="para">
+ if possible, run each network service on a separate system to minimize the risk of one compromised service being used to compromise other services.
+ </div></li><li class="listitem"><div class="para">
+ maintain user accounts: create and enforce a strong password policy; delete unused user accounts.
+ </div></li><li class="listitem"><div class="para">
+ routinely review system and application logs. By default, security-relevant system logs are written to <code class="filename">/var/log/secure</code> and <code class="filename">/var/log/audit/audit.log</code>. Note: sending logs to a dedicated log server helps prevent attackers from easily modifying local logs to avoid detection.
+ </div></li><li class="listitem"><div class="para">
+ never log in as the root user unless absolutely necessary. It is recommended that administrators use <code class="command">sudo</code> to execute commands as root when required. Users capable of running <code class="command">sudo</code> are specified in <code class="filename">/etc/sudoers</code>. Use the <code class="command">visudo</code> utility to edit <code class="filename">/etc/sudoers</code>.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Tips, Guides, and Tools</h2></div></div></div><div class="para">
+ The United States' <a href="http://www.nsa.gov/">National Security Agency (NSA)</a> provides hardening guides and tips for many different operating systems, to help government agencies, businesses, and individuals secure their systems against attack. The following guides (in PDF format) provide guidance for Red Hat Enterprise Linux 5:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf">Hardening Tips for the Red Hat Enterprise Linux 5</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf">Guide to the Secure Configuration of Red Hat Enterprise Linux 5</a>
+ </div></li></ul></div><div class="para">
+ The <a href="http://www.disa.mil/">Defense Information Systems Agency (DISA)</a> provides documentation, checklists, and tests to help secure your system (<a href="http://iase.disa.mil/index2.html">Information Assurance Support Environment</a>). The <a href="http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf">UNIX Security Technical Implementation Guide</a> (PDF) is a very specific guide to UNIX security - an advanced knowledge of UNIX and Linux is recommended before reading this guide.
+ </div><div class="para">
+ The DISA <a href="http://iase.disa.mil/stigs/downloads/zip/unclassified_unix_checklist_v5r1-26_20100827.zip">UNIX Security Checklist Version 5, Release 1.26</a> provides a collection of documents and checklists, ranging from the correct ownerships and modes for system files, to patch control.
+ </div><div class="para">
+ Also, DISA has made available <a href="http://iase.disa.mil/stigs/SRR/unix.html">UNIX SRR scripts</a> that allow administrators to check specific settings on systems. These scripts provide XML-formatted reports listing any known vulnerable settings.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Prev</strong>4.2.5.7. About Public Key Encryption</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong>Chapter 6. Secure Installation</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html
new file mode 100644
index 0000000..a16c0cd
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. References</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html" title="8.2. Using yum-plugin-security" /><link rel="next" href="chap-Security_Guide-Encryption_Standards.html" title="Appendix A. Encryption Standards" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-CVE-yum_plugin-using_yum_p
lugin_security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption_Standards.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-References" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. References</h2></div></div></div><div class="para">
+ The following references are pointers to additional information that is relevant to SELinux and Fedora but beyond the scope of this guide. Note that due to the rapid development of SELinux, some of this material may only apply to specific releases of Fedora.
+ </div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>Books</h6><dl><dt class="varlistentry"><span class="term">SELinux by Example</span></dt><dd><div class="para">
+ Mayer, MacMillan, and Caplan
+ </div><div class="para">
+ Prentice Hall, 2007
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Tutorials_and_Help"><h6>Tutorials and Help</h6><dl><dt class="varlistentry"><span class="term">Understanding and Customizing the Apache HTTP SELinux Policy</span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-apache-fc3/">http://fedora.redhat.com/docs/selinux-apache-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Tutorials and talks from Russell Coker</span></dt><dd><div class="para">
+ <a href="http://www.coker.com.au/selinux/talks/ibmtu-2004/">http://www.coker.com.au/selinux/talks/ibmtu-2004/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Generic Writing SELinux policy HOWTO</span></dt><dd><div class="para">
+ <a href="http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html">http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Red Hat Knowledgebase</span></dt><dd><div class="para">
+ <a href="http://kbase.redhat.com/">http://kbase.redhat.com/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-General_Information"><h6>General Information</h6><dl><dt class="varlistentry"><span class="term">NSA SELinux main website</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/selinux/</a>
+ </div></dd><dt class="varlistentry"><span class="term">NSA SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/faqs.shtml">http://www.nsa.gov/selinux/info/faq.cfm</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux FAQ </span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-faq-fc3/">http://fedora.redhat.com/docs/selinux-faq-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux NSA's Open Source Security Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.oreilly.com/catalog/selinux/">http://www.oreilly.com/catalog/selinux/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Technology"><h6>Technology</h6><dl><dt class="varlistentry"><span class="term">An Overview of Object Classes and Permissions</span></dt><dd><div class="para">
+ <a href="http://www.tresys.com/selinux/obj_perms_help.html">http://www.tresys.com/selinux/obj_perms_help.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf">http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">Implementing SELinux as a Linux Security Module</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">A Security Policy Configuration for the Security-Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml">http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Community"><h6>Community</h6><dl><dt class="varlistentry"><span class="term">Fedora SELinux User Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-user-guide/">http://docs.fedoraproject.org/selinux-user-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux Managing Confined Services Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide/">http://docs.fedoraproject.org/selinux-managing-confined-services-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux community page</span></dt><dd><div class="para">
+ <a href="http://selinux.sourceforge.net">http://selinux.sourceforge.net</a>
+ </div></dd><dt class="varlistentry"><span class="term">IRC</span></dt><dd><div class="para">
+ irc.freenode.net, #selinux, #fedora-selinux, #security
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-History"><h6>History</h6><dl><dt class="varlistentry"><span class="term">Quick history of Flask</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Full background on Fluke</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>Prev</strong>8.2. Using yum-plugin-security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption_Standards.html"><strong>Next</strong>Appendix A. Encryption Standards</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html
new file mode 100644
index 0000000..c9193f8
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. Secure Installation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 5. General Principles of Information Security" /><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="6.2. Utilize LUKS Partition Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a ac
cesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Secure_Installation" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Secure Installation</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">6.2. Utilize LUKS Partition Encryption</a></span></dt></dl></div><div class="para">
+ Security begins with the first time you put that CD or DVD into your disk drive to install Fedora. Configuring your system securely from the beginning makes it easier to implement additional security settings later.
+ </div><div class="section" id="sect-Security_Guide-Secure_Installation-Disk_Partitions"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Disk Partitions</h2></div></div></div><div class="para">
+ The NSA recommends creating separate partitions for /boot, /, /home, /tmp, and /var/tmp. The reasons for each are different and we will address each partition.
+ </div><div class="para">
+ /boot - This partition is the first partition that is read by the system during boot up. The boot loader and kernel images that are used to boot your system into Fedora are stored in this partition. This partition should not be encrypted. If this partition is included in / and that partition is encrypted or otherwise becomes unavailable then your system will not be able to boot.
+ </div><div class="para">
+ /home - When user data (/home) is stored in / instead of in a separate partition, the partition can fill up causing the operating system to become unstable. Also, when upgrading your system to the next version of Fedora it is a lot easier when you can keep your data in the /home partition as it will not be overwritten during installation. If the root partition (/) becomes corrupt your data could be lost forever. By using a separate partition there is slightly more protection against data loss. You can also target this partition for frequent backups.
+ </div><div class="para">
+ /tmp and /var/tmp - Both the /tmp and the /var/tmp directories are used to store data that doesn't need to be stored for a long period of time. However if a lot of data floods one of these directories it can consume all of your storage space. If this happens and these directories are stored within / then your system could become unstable and crash. For this reason, moving these directories into their own partitions is a good idea.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong>Chapter 5. General Principles of Information Secu...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong>6.2. Utilize LUKS Partition Encryption</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html
new file mode 100644
index 0000000..12e77de
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html
@@ -0,0 +1,528 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. Securing Your Network</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-NTP.html" title="2.9. NTP" /><link rel="next" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="
n" href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Securing_Your_Network" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-
Security_Guide-Workstation_Security-Password_Security">3.1.3. Password Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html">3.2. Se
rver Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">3.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">3.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">3.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">3.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">3.2.6. Securing FTP</a></span></dt><dt><span class="section"><a href="sect-Security_Gui
de-Server_Security-Securing_Sendmail.html">3.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">3.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduction</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">3.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">3.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_S
mart_Card_Login_Works.html">3.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">3.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Using Yubikey with a centralized server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Yubikey-Web_Sites.html">3.4.2. Authenticating to websites with your Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Securi
ty_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">3.5.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">3.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">3.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">3.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">3.5.6. PAM and Administrative Credential Caching</a>
</span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">3.5.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">3.5.8. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">3.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">3.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">3.6.3. xinetd</a></span></dt><dt><span class="section"><
a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">3.6.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">3.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">3.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">3.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">3.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="sect-Sec
urity_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">3.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">3.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">3.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">3.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">3.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">3.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">3.8. Firewalls</a></span></dt><dd><dl><dt><span clas
s="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">3.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">3.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">3.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">3.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">3.8.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section">
<a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">3.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">3.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html">3.9.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">3.9.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTab
les-IPTables_Control_Scripts.html">3.9.4. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">3.9.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">3.9.6. Additional Resources</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Workstation_Security" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Workstation_Security">3.1. Workstation Security</h2></div></div></div><div class="para">
+ Securing a Linux environment begins with the workstation. Whether locking down a personal machine or securing an enterprise system, sound security policy begins with the individual computer. A computer network is only as secure as its weakest node.
+ </div><div class="section" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Evaluating Workstation Security</h3></div></div></div><div class="para">
+ When evaluating the security of a Fedora workstation, consider the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>BIOS and Boot Loader Security</em></span> — Can an unauthorized user physically access the machine and boot into single user or rescue mode without a password?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Password Security</em></span> — How secure are the user account passwords on the machine?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Administrative Controls</em></span> — Who has an account on the system and how much administrative control do they have?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Available Network Services</em></span> — What services are listening for requests from the network and should they be running at all?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Personal Firewalls</em></span> — What type of firewall, if any, is necessary?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Security Enhanced Communication Tools</em></span> — Which tools should be used to communicate between workstations and which should be avoided?
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS and Boot Loader Security</h3></div></div></div><div class="para">
+ Password protection for the BIOS (or BIOS equivalent) and the boot loader can prevent unauthorized users who have physical access to systems from booting using removable media or obtaining root privileges through single user mode. The security measures you should take to protect against such attacks depends both on the sensitivity of the information on the workstation and the location of the machine.
+ </div><div class="para">
+ For example, if a machine is used in a secure location where only trusted people have access and the computer contains no sensitive information, then it may not be critical to prevent such attacks. However, if an employee's laptop with private, unencrypted SSH keys for the corporate network is left unattended at a trade show, it could lead to a major security breach with ramifications for the entire company.
+ </div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">3.1.2.1. BIOS Passwords</h4></div></div></div><div class="para">
+ The two primary reasons for password protecting the BIOS of a computer are<sup>[<a id="idm36569248" href="#ftn.idm36569248" class="footnote">11</a>]</sup>:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Changes to BIOS Settings</em></span> — If an intruder has access to the BIOS, they can set it to boot from a diskette or CD-ROM. This makes it possible for them to enter rescue mode or single user mode, which in turn allows them to start arbitrary processes on the system or copy sensitive data.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing System Booting</em></span> — Some BIOSes allow password protection of the boot process. When activated, an attacker is forced to enter a password before the BIOS launches the boot loader.
+ </div></li></ol></div><div class="para">
+ Because the methods for setting a BIOS password vary between computer manufacturers, consult the computer's manual for specific instructions.
+ </div><div class="para">
+ If you forget the BIOS password, it can either be reset with jumpers on the motherboard or by disconnecting the CMOS battery. For this reason, it is good practice to lock the computer case if possible. However, consult the manual for the computer or motherboard before attempting to disconnect the CMOS battery.
+ </div><div class="section" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms">3.1.2.1.1. Securing Non-x86 Platforms</h5></div></div></div><div class="para">
+ Other architectures use different programs to perform low-level tasks roughly equivalent to those of the BIOS on x86 systems. For instance, <span class="trademark">Intel</span>® <span class="trademark">Itanium</span>™ computers use the <em class="firstterm">Extensible Firmware Interface</em> (<em class="firstterm">EFI</em>) shell.
+ </div><div class="para">
+ For instructions on password protecting BIOS-like programs on other architectures, refer to the manufacturer's instructions.
+ </div></div></div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">3.1.2.2. Boot Loader Passwords</h4></div></div></div><div class="para">
+ The primary reasons for password protecting a Linux boot loader are as follows:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Access to Single User Mode</em></span> — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Access to the GRUB Console</em></span> — If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the <code class="command">cat</code> command.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Preventing Access to Insecure Operating Systems</em></span> — If it is a dual-boot system, an attacker can select an operating system at boot time (for example, DOS), which ignores access controls and file permissions.
+ </div></li></ol></div><div class="para">
+ Fedora ships with the GRUB boot loader on the x86 platform. For a detailed look at GRUB, refer to the Red Hat Installation Guide.
+ </div><div class="section" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB">3.1.2.2.1. Password Protecting GRUB</h5></div></div></div><div class="para">
+ You can configure GRUB to address the first two issues listed in <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Section 3.1.2.2, “Boot Loader Passwords”</a> by adding a password directive to its configuration file. To do this, first choose a strong password, open a shell, log in as root, and then type the following command:
+ </div><pre class="screen"><code class="command">/sbin/grub-md5-crypt</code></pre><div class="para">
+ When prompted, type the GRUB password and press <span class="keycap"><strong>Enter</strong></span>. This returns an MD5 hash of the password.
+ </div><div class="para">
+ Next, edit the GRUB configuration file <code class="filename">/boot/grub/grub.conf</code>. Open the file and below the <code class="command">timeout</code> line in the main section of the document, add the following line:
+ </div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre><div class="para">
+ Replace <em class="replaceable"><code><password-hash></code></em> with the value returned by <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="idm68130304" href="#ftn.idm68130304" class="footnote">12</a>]</sup>.
+ </div><div class="para">
+ The next time the system boots, the GRUB menu prevents access to the editor or command interface without first pressing <span class="keycap"><strong>p</strong></span> followed by the GRUB password.
+ </div><div class="para">
+ Unfortunately, this solution does not prevent an attacker from booting into an insecure operating system in a dual-boot environment. For this, a different part of the <code class="filename">/boot/grub/grub.conf</code> file must be edited.
+ </div><div class="para">
+ Look for the <code class="computeroutput">title</code> line of the operating system that you want to secure, and add a line with the <code class="command">lock</code> directive immediately beneath it.
+ </div><div class="para">
+ For a DOS system, the stanza should begin similar to the following:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock</code></pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ A <code class="computeroutput">password</code> line must be present in the main section of the <code class="filename">/boot/grub/grub.conf</code> file for this method to work properly. Otherwise, an attacker can access the GRUB editor interface and remove the lock line.
+ </div></div></div><div class="para">
+ To create a different password for a particular kernel or operating system, add a <code class="command">lock</code> line to the stanza, followed by a password line.
+ </div><div class="para">
+ Each stanza protected with a unique password should begin with lines similar to the following example:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Password_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Password Security</h3></div></div></div><div class="para">
+ Passwords are the primary method that Fedora uses to verify a user's identity. This is why password security is so important for protection of the user, the workstation, and the network.
+ </div><div class="para">
+ For security purposes, the installation program configures the system to use <em class="firstterm">Message-Digest Algorithm</em> (<span class="emphasis"><em>MD5</em></span>) and shadow passwords. It is highly recommended that you do not alter these settings.
+ </div><div class="para">
+ If MD5 passwords are deselected during installation, the older <em class="firstterm">Data Encryption Standard</em> (<em class="firstterm"><acronym class="acronym">DES</acronym></em>) format is used. This format limits passwords to eight alphanumeric characters (disallowing punctuation and other special characters), and provides a modest 56-bit level of encryption.
+ </div><div class="para">
+ If shadow passwords are deselected during installation, all passwords are stored as a one-way hash in the world-readable <code class="filename">/etc/passwd</code> file, which makes the system vulnerable to offline password cracking attacks. If an intruder can gain access to the machine as a regular user, he can copy the <code class="filename">/etc/passwd</code> file to his own machine and run any number of password cracking programs against it. If there is an insecure password in the file, it is only a matter of time before the password cracker discovers it.
+ </div><div class="para">
+ Shadow passwords eliminate this type of attack by storing the password hashes in the file <code class="filename">/etc/shadow</code>, which is readable only by the root user.
+ </div><div class="para">
+ This forces a potential attacker to attempt password cracking remotely by logging into a network service on the machine, such as SSH or FTP. This sort of brute-force attack is much slower and leaves an obvious trail as hundreds of failed login attempts are written to system files. Of course, if the cracker starts an attack in the middle of the night on a system with weak passwords, the cracker may have gained access before dawn and edited the log files to cover his tracks.
+ </div><div class="para">
+ In addition to format and storage considerations is the issue of content. The single most important thing a user can do to protect his account against a password cracking attack is create a strong password.
+ </div><div class="section" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords">3.1.3.1. Creating Strong Passwords</h4></div></div></div><div class="para">
+ When creating a secure password, it is a good idea to follow these guidelines:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Only Words or Numbers</em></span> — Never use only numbers or words in a password.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 8675309
+ </div></li><li class="listitem"><div class="para">
+ juan
+ </div></li><li class="listitem"><div class="para">
+ hackme
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Recognizable Words</em></span> — Words such as proper names, dictionary words, or even terms from television shows or novels should be avoided, even if they are bookended with numbers.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ john1
+ </div></li><li class="listitem"><div class="para">
+ DS-9
+ </div></li><li class="listitem"><div class="para">
+ mentat123
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Words in Foreign Languages</em></span> — Password cracking programs often check against word lists that encompass dictionaries of many languages. Relying on foreign languages for secure passwords is not secure.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cheguevara
+ </div></li><li class="listitem"><div class="para">
+ bienvenido1
+ </div></li><li class="listitem"><div class="para">
+ 1dumbKopf
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Hacker Terminology</em></span> — If you think you are elite because you use hacker terminology — also called l337 (LEET) speak — in your password, think again. Many word lists include LEET speak.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ H4X0R
+ </div></li><li class="listitem"><div class="para">
+ 1337
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use Personal Information</em></span> — Avoid using any personal information in your passwords. If the attacker knows your identity, the task of deducing your password becomes easier. The following is a list of the types of information to avoid when creating a password:
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Your name
+ </div></li><li class="listitem"><div class="para">
+ The names of pets
+ </div></li><li class="listitem"><div class="para">
+ The names of family members
+ </div></li><li class="listitem"><div class="para">
+ Any birth dates
+ </div></li><li class="listitem"><div class="para">
+ Your phone number or zip code
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Invert Recognizable Words</em></span> — Good password checkers always reverse common words, so inverting a bad password does not make it any more secure.
+ </div><div class="para">
+ Some insecure examples include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ R0X4H
+ </div></li><li class="listitem"><div class="para">
+ nauj
+ </div></li><li class="listitem"><div class="para">
+ 9-DS
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Write Down Your Password</em></span> — Never store a password on paper. It is much safer to memorize it.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Do Not Use the Same Password For All Machines</em></span> — It is important to make separate passwords for each machine. This way if one system is compromised, all of your machines are not immediately at risk.
+ </div></li></ul></div><div class="para">
+ The following guidelines will help you to create a strong password:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Make the Password at Least Eight Characters Long</em></span> — The longer the password, the better. If using MD5 passwords, it should be 15 characters or longer. With DES passwords, use the maximum length (eight characters).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Mix Upper and Lower Case Letters</em></span> — Fedora is case sensitive, so mix cases to enhance the strength of the password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Mix Letters and Numbers</em></span> — Adding numbers to passwords, especially when added to the middle (not just at the beginning or the end), can enhance password strength.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Include Non-Alphanumeric Characters</em></span> — Special characters such as &, $, and > can greatly improve the strength of a password (this is not possible if using DES passwords).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Pick a Password You Can Remember</em></span> — The best password in the world does little good if you cannot remember it; use acronyms or other mnemonic devices to aid in memorizing passwords.
+ </div></li></ul></div><div class="para">
+ With all these rules, it may seem difficult to create a password that meets all of the criteria for good passwords while avoiding the traits of a bad one. Fortunately, there are some steps you can take to generate an easily-remembered, secure password.
+ </div><div class="section" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology">3.1.3.1.1. Secure Password Creation Methodology</h5></div></div></div><div class="para">
+ There are many methods that people use to create secure passwords. One of the more popular methods involves acronyms. For example:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Think of an easily-remembered phrase, such as:
+ </div><div class="para">
+ "over the river and through the woods, to grandmother's house we go."
+ </div></li><li class="listitem"><div class="para">
+ Next, turn it into an acronym (including the punctuation).
+ </div><div class="para">
+ <strong class="userinput"><code>otrattw,tghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Add complexity by substituting numbers and symbols for letters in the acronym. For example, substitute <strong class="userinput"><code>7</code></strong> for <strong class="userinput"><code>t</code></strong> and the at symbol (<strong class="userinput"><code>@</code></strong>) for <strong class="userinput"><code>a</code></strong>:
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7ghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Add more complexity by capitalizing at least one letter, such as <strong class="userinput"><code>H</code></strong>.
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7gHwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Finally, do not use the example password above for any systems, ever</em></span>.
+ </div></li></ul></div><div class="para">
+ While creating secure passwords is imperative, managing them properly is also important, especially for system administrators within larger organizations. The following section details good practices for creating and managing user passwords within an organization.
+ </div></div></div><div class="section" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization">3.1.3.2. Creating User Passwords Within an Organization</h4></div></div></div><div class="para">
+ If an organization has a large number of users, the system administrators have two basic options available to force the use of good passwords. They can create passwords for the user, or they can let users create their own passwords, while verifying the passwords are of acceptable quality.
+ </div><div class="para">
+ Creating the passwords for the users ensures that the passwords are good, but it becomes a daunting task as the organization grows. It also increases the risk of users writing their passwords down.
+ </div><div class="para">
+ For these reasons, most system administrators prefer to have the users create their own passwords, but actively verify that the passwords are good and, in some cases, force users to change their passwords periodically through password aging.
+ </div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords">3.1.3.2.1. Forcing Strong Passwords</h5></div></div></div><div class="para">
+ To protect the network from intrusion it is a good idea for system administrators to verify that the passwords used within an organization are strong ones. When users are asked to create or change passwords, they can use the command line application <code class="command">passwd</code>, which is <em class="firstterm">Pluggable Authentication Manager</em> (<em class="firstterm">PAM</em>) aware and therefore checks to see if the password is too short or otherwise easy to crack. This check is performed using the <code class="filename">pam_cracklib.so</code> PAM module. Since PAM is customizable, it is possible to add more password integrity checkers, such as <code class="filename">pam_passwdqc</code> (available from <a href="http://www.openwall.com/passwdqc/">http://www.openwall.com/passwdqc/</a>) or to write a new module. For a list of available PAM modules, refer to <a href="http://www.kernel.org/pub/linux/libs/pam/modules.html">http://www.kernel.org/pub/linux/libs/pam/mo
dules.html</a>. For more information about PAM, refer to <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Section 3.5, “Pluggable Authentication Modules (PAM)”</a>.
+ </div><div class="para">
+ The password check that is performed at the time of their creation does not discover bad passwords as effectively as running a password cracking program against the passwords.
+ </div><div class="para">
+ Many password cracking programs are available that run under Fedora, although none ship with the operating system. Below is a brief list of some of the more popular password cracking programs:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>John The Ripper</strong></span></em></span> — A fast and flexible password cracking program. It allows the use of multiple word lists and is capable of brute-force password cracking. It is available online at <a href="http://www.openwall.com/john/">http://www.openwall.com/john/</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Crack</strong></span></em></span> — Perhaps the most well known password cracking software, <span class="application"><strong>Crack</strong></span> is also very fast, though not as easy to use as <span class="application"><strong>John The Ripper</strong></span>. It can be found online at <a href="http://www.crypticide.com/alecm/security/crack/c50-faq.html">http://www.crypticide.com/alecm/security/crack/c50-faq.html</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Slurpie</strong></span></em></span> — <span class="application"><strong>Slurpie</strong></span> is similar to <span class="application"><strong>John The Ripper</strong></span> and <span class="application"><strong>Crack</strong></span>, but it is designed to run on multiple computers simultaneously, creating a distributed password cracking attack. It can be found along with a number of other distributed attack security evaluation tools online at <a href="http://www.ussrback.com/distributed.htm">http://www.ussrback.com/distributed.htm</a>.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Always get authorization in writing before attempting to crack passwords within an organization.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Passphrases"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Passphrases">3.1.3.2.2. Passphrases</h5></div></div></div><div class="para">
+ Passphrases and passwords are the cornerstone to security in most of today's systems. Unfortunately, techniques such as biometrics and two-factor authentication have not yet become mainstream in many systems. If passwords are going to be used to secure a system, then the use of passphrases should be considered. Passphrases are longer than passwords and provide better protection than a password even when implemented with non-standard characters such as numbers and symbols.
+ </div></div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging">3.1.3.2.3. Password Aging</h5></div></div></div><div class="para">
+ Password aging is another technique used by system administrators to defend against bad passwords within an organization. Password aging means that after a specified period (usually 90 days), the user is prompted to create a new password. The theory behind this is that if a user is forced to change his password periodically, a cracked password is only useful to an intruder for a limited amount of time. The downside to password aging, however, is that users are more likely to write their passwords down.
+ </div><div class="para">
+ There are two primary programs used to specify password aging under Fedora: the <code class="command">chage</code> command or the graphical <span class="application"><strong>User Manager</strong></span> (<code class="command">system-config-users</code>) application.
+ </div><div class="para">
+ The <code class="option">-M</code> option of the <code class="command">chage</code> command specifies the maximum number of days the password is valid. For example, to set a user's password to expire in 90 days, use the following command:
+ </div><pre class="screen"><code class="command">chage -M 90 <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ In the above command, replace <em class="replaceable"><code><username></code></em> with the name of the user. To disable password expiration, it is traditional to use a value of <code class="command">99999</code> after the <code class="option">-M</code> option (this equates to a little over 273 years).
+ </div><div class="para">
+ You can also use the <code class="command">chage</code> command in interactive mode to modify multiple password aging and account details. Use the following command to enter interactive mode:
+ </div><pre class="screen"><code class="command">chage <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ The following is a sample interactive session using this command:
+ </div><pre class="screen">[root at myServer ~]# chage davido
+Changing the aging information for davido
+Enter the new value, or press ENTER for the default
+Minimum Password Age [0]: 10
+Maximum Password Age [99999]: 90
+Last Password Change (YYYY-MM-DD) [2006-08-18]:
+Password Expiration Warning [7]:
+Password Inactive [-1]:
+Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
+[root at myServer ~]#</pre><div class="para">
+ Refer to the man page for chage for more information on the available options.
+ </div><div class="para">
+ You can also use the graphical <span class="application"><strong>User Manager</strong></span> application to create password aging policies, as follows. Note: you need Administrator privileges to perform this procedure.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Click the <span class="guimenu"><strong>System</strong></span> menu on the Panel, point to <span class="guisubmenu"><strong>Administration</strong></span> and then click <span class="guimenuitem"><strong>Users and Groups</strong></span> to display the User Manager. Alternatively, type the command <code class="command">system-config-users</code> at a shell prompt.
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Users</strong></span> tab, and select the required user in the list of users.
+ </div></li><li class="step"><div class="para">
+ Click <span class="guibutton"><strong>Properties</strong></span> on the toolbar to display the User Properties dialog box (or choose <span class="guimenuitem"><strong>Properties</strong></span> on the <span class="guimenu"><strong>File</strong></span> menu).
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Password Info</strong></span> tab, and select the check box for <span class="guilabel"><strong>Enable password expiration</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Enter the required value in the <span class="guilabel"><strong>Days before change required</strong></span> field, and click <span class="guibutton"><strong>OK</strong></span>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Password_Aging-Specifying_password_aging_options"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_info.png" width="444" alt="Specifying password aging options" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>Password Info</strong></span> pane illustration.
+ </div></div></div></div><h6>Figure 3.1. Specifying password aging options</h6></div><br class="figure-break" /></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Administrative Controls</h3></div></div></div><div class="para">
+ When administering a home machine, the user must perform some tasks as the root user or by acquiring effective root privileges via a <em class="firstterm">setuid</em> program, such as <code class="command">sudo</code> or <code class="command">su</code>. A setuid program is one that operates with the user ID (<span class="emphasis"><em>UID</em></span>) of the program's owner rather than the user operating the program. Such programs are denoted by an <code class="computeroutput">s</code> in the owner section of a long format listing, as in the following example:
+ </div><pre class="screen"><code class="computeroutput">-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su</code></pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="computeroutput">s</code> may be upper case or lower case. If it appears as upper case, it means that the underlying permission bit has not been set.
+ </div></div></div><div class="para">
+ For the system administrators of an organization, however, choices must be made as to how much administrative access users within the organization should have to their machine. Through a PAM module called <code class="filename">pam_console.so</code>, some activities normally reserved only for the root user, such as rebooting and mounting removable media are allowed for the first user that logs in at the physical console (refer to <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Section 3.5, “Pluggable Authentication Modules (PAM)”</a> for more information about the <code class="filename">pam_console.so</code> module.) However, other important system administration tasks, such as altering network settings, configuring a new mouse, or mounting network devices, are not possible without administrative privileges. As a result, system administrators must decide how much access the users on their network should receive.
+ </div><div class="section" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access">3.1.4.1. Allowing Root Access</h4></div></div></div><div class="para">
+ If the users within an organization are trusted and computer-literate, then allowing them root access may not be an issue. Allowing root access by users means that minor activities, like adding devices or configuring network interfaces, can be handled by the individual users, leaving system administrators free to deal with network security and other important issues.
+ </div><div class="para">
+ On the other hand, giving root access to individual users can lead to the following issues:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Machine Misconfiguration</em></span> — Users with root access can misconfigure their machines and require assistance to resolve issues. Even worse, they might open up security holes without knowing it.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Running Insecure Services</em></span> — Users with root access might run insecure servers on their machine, such as FTP or Telnet, potentially putting usernames and passwords at risk. These services transmit this information over the network in plain text.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Running Email Attachments As Root</em></span> — Although rare, email viruses that affect Linux do exist. The only time they are a threat, however, is when they are run by the root user.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access">3.1.4.2. Disallowing Root Access</h4></div></div></div><div class="para">
+ If an administrator is uncomfortable allowing users to log in as root for these or other reasons, the root password should be kept secret, and access to runlevel one or single user mode should be disallowed through boot loader password protection (refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Section 3.1.2.2, “Boot Loader Passwords”</a> for more information on this topic.)
+ </div><div class="para">
+ <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account">Table 3.1, “Methods of Disabling the Root Account”</a> describes ways that an administrator can further ensure that root logins are disallowed:
+ </div><div class="table" id="tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account"><h6>Table 3.1. Methods of Disabling the Root Account</h6><div class="table-contents"><table summary="Methods of Disabling the Root Account" border="1"><colgroup><col width="12%" class="method" /><col width="29%" class="description" /><col width="29%" class="effect" /><col width="29%" class="noaffect" /></colgroup><thead><tr><th>
+ Method
+ </th><th>
+ Description
+ </th><th>
+ Effects
+ </th><th>
+ Does Not Affect
+ </th></tr></thead><tbody><tr><td>
+ Changing the root shell.
+ </td><td>
+ Edit the <code class="filename">/etc/passwd</code> file and change the shell from <code class="command">/bin/bash</code> to <code class="command">/sbin/nologin</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents access to the root shell and logs any such attempts. </td></tr><tr><td> The following programs are prevented from accessing the root account: </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · <code class="command">su</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Programs that do not require a shell, such as FTP clients, mail clients, and many setuid programs. </td></tr><tr><td> The following programs are <span class="emphasis"><em>not</em></span> prevented from accessing the root account: </td></tr><tr><td> · <code class="command">sudo</code></td></tr><tr><td> · FTP clients </td></tr><tr><td> · Email clients </td></tr></table>
+
+ </td></tr><tr><td>
+ Disabling root access via any console device (tty).
+ </td><td>
+ An empty <code class="filename">/etc/securetty</code> file prevents root login on any devices attached to the computer.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents access to the root account via the console or the network. The following programs are prevented from accessing the root account: </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · Other network services that open a tty </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Programs that do not log in as root, but perform administrative tasks through setuid or other mechanisms. </td></tr><tr><td> The following programs are <span class="emphasis"><em>not</em></span> prevented from accessing the root account: </td></tr><tr><td> · <code class="command">su</code></td></tr><tr><td> · <code class="command">sudo</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr></table>
+
+ </td></tr><tr><td>
+ Disabling root SSH logins.
+ </td><td>
+ Edit the <code class="filename">/etc/ssh/sshd_config</code> file and set the <code class="command">PermitRootLogin</code> parameter to <code class="command">no</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents root access via the OpenSSH suite of tools. The following programs are prevented from accessing the root account: </td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> This only prevents root access to the OpenSSH suite of tools. </td></tr></table>
+
+ </td></tr><tr><td>
+ Use PAM to limit root access to services.
+ </td><td>
+ Edit the file for the target service in the <code class="filename">/etc/pam.d/</code> directory. Make sure the <code class="filename">pam_listfile.so</code> is required for authentication.<sup>[<a id="idm33249840" href="#ftn.idm33249840" class="footnote">a</a>]</sup>
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Prevents root access to network services that are PAM aware. </td></tr><tr><td> The following services are prevented from accessing the root account: </td></tr><tr><td> · FTP clients </td></tr><tr><td> · Email clients </td></tr><tr><td> · <code class="command">login</code></td></tr><tr><td> · <code class="command">gdm</code></td></tr><tr><td> · <code class="command">kdm</code></td></tr><tr><td> · <code class="command">xdm</code></td></tr><tr><td> · <code class="command">ssh</code></td></tr><tr><td> · <code class="command">scp</code></td></tr><tr><td> · <code class="command">sftp</code></td></tr><tr><td> · Any PAM aware services </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Programs and services that are not PAM aware. </td></tr></table>
+
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><div class="para"><sup>[<a id="ftn.idm33249840" href="#idm33249840" class="para">a</a>] </sup>
+ Refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Section 3.1.4.2.4, “Disabling Root Using PAM”</a> for details.
+ </div></div></td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">3.1.4.2.1. Disabling the Root Shell</h5></div></div></div><div class="para">
+ To prevent users from logging in directly as root, the system administrator can set the root account's shell to <code class="command">/sbin/nologin</code> in the <code class="filename">/etc/passwd</code> file. This prevents access to the root account through commands that require a shell, such as the <code class="command">su</code> and the <code class="command">ssh</code> commands.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Programs that do not require access to the shell, such as email clients or the <code class="command">sudo</code> command, can still access the root account.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins">3.1.4.2.2. Disabling Root Logins</h5></div></div></div><div class="para">
+ To further limit access to the root account, administrators can disable root logins at the console by editing the <code class="filename">/etc/securetty</code> file. This file lists all devices the root user is allowed to log into. If the file does not exist at all, the root user can log in through any communication device on the system, whether via the console or a raw network interface. This is dangerous, because a user can log in to his machine as root via Telnet, which transmits the password in plain text over the network. By default, Fedora's <code class="filename">/etc/securetty</code> file only allows the root user to log in at the console physically attached to the machine. To prevent root from logging in, remove the contents of this file by typing the following command:
+ </div><pre class="screen"><code class="command">echo > /etc/securetty</code></pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ A blank <code class="filename">/etc/securetty</code> file does <span class="emphasis"><em>not</em></span> prevent the root user from logging in remotely using the OpenSSH suite of tools because the console is not opened until after authentication.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins">3.1.4.2.3. Disabling Root SSH Logins</h5></div></div></div><div class="para">
+ Root logins via the SSH protocol are disabled by default in Fedora; however, if this option has been enabled, it can be disabled again by editing the SSH daemon's configuration file (<code class="filename">/etc/ssh/sshd_config</code>). Change the line that reads:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin yes</code></pre><div class="para">
+ to read as follows:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin no</code></pre><div class="para">
+ For these changes to take effect, the SSH daemon must be restarted. This can be done via the following command:
+ </div><pre class="screen"><code class="computeroutput">kill -HUP `cat /var/run/sshd.pid`</code></pre></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">3.1.4.2.4. Disabling Root Using PAM</h5></div></div></div><div class="para">
+ PAM, through the <code class="filename">/lib/security/pam_listfile.so</code> module, allows great flexibility in denying specific accounts. The administrator can use this module to reference a list of users who are not allowed to log in. Below is an example of how the module is used for the <code class="command">vsftpd</code> FTP server in the <code class="filename">/etc/pam.d/vsftpd</code> PAM configuration file (the <code class="computeroutput">\</code> character at the end of the first line in the following example is <span class="emphasis"><em>not</em></span> necessary if the directive is on one line):
+ </div><pre class="screen">auth required /lib/security/pam_listfile.so item=user \
+sense=deny file=/etc/vsftpd.ftpusers onerr=succeed</pre><div class="para">
+ This instructs PAM to consult the <code class="filename">/etc/vsftpd.ftpusers</code> file and deny access to the service for any listed user. The administrator can change the name of this file, and can keep separate lists for each service or use one central list to deny access to multiple services.
+ </div><div class="para">
+ If the administrator wants to deny access to multiple services, a similar line can be added to the PAM configuration files, such as <code class="filename">/etc/pam.d/pop</code> and <code class="filename">/etc/pam.d/imap</code> for mail clients, or <code class="filename">/etc/pam.d/ssh</code> for SSH clients.
+ </div><div class="para">
+ For more information about PAM, refer to <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Section 3.5, “Pluggable Authentication Modules (PAM)”</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access">3.1.4.3. Limiting Root Access</h4></div></div></div><div class="para">
+ Rather than completely denying access to the root user, the administrator may want to allow access only via setuid programs, such as <code class="command">su</code> or <code class="command">sudo</code>.
+ </div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">3.1.4.3.1. The <code class="command">su</code> Command</h5></div></div></div><div class="para">
+ When a user executes the <code class="command">su</code> command, they are prompted for the root password and, after authentication, is given a root shell prompt.
+ </div><div class="para">
+ Once logged in via the <code class="command">su</code> command, the user <span class="emphasis"><em>is</em></span> the root user and has absolute administrative access to the system<sup>[<a id="idm1626784" href="#ftn.idm1626784" class="footnote">13</a>]</sup>. In addition, once a user has become root, it is possible for them to use the <code class="command">su</code> command to change to any other user on the system without being prompted for a password.
+ </div><div class="para">
+ Because this program is so powerful, administrators within an organization may wish to limit who has access to the command.
+ </div><div class="para">
+ One of the simplest ways to do this is to add users to the special administrative group called <em class="firstterm">wheel</em>. To do this, type the following command as root:
+ </div><pre class="screen"><code class="command">usermod -G wheel <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ In the previous command, replace <em class="replaceable"><code><username></code></em> with the username you want to add to the <code class="command">wheel</code> group.
+ </div><div class="para">
+ You can also use the <span class="application"><strong>User Manager</strong></span> to modify group memberships, as follows. Note: you need Administrator privileges to perform this procedure.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Click the <span class="guimenu"><strong>System</strong></span> menu on the Panel, point to <span class="guisubmenu"><strong>Administration</strong></span> and then click <span class="guimenuitem"><strong>Users and Groups</strong></span> to display the User Manager. Alternatively, type the command <code class="command">system-config-users</code> at a shell prompt.
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Users</strong></span> tab, and select the required user in the list of users.
+ </div></li><li class="step"><div class="para">
+ Click <span class="guibutton"><strong>Properties</strong></span> on the toolbar to display the User Properties dialog box (or choose <span class="guimenuitem"><strong>Properties</strong></span> on the <span class="guimenu"><strong>File</strong></span> menu).
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guilabel"><strong>Groups</strong></span> tab, select the check box for the wheel group, and then click <span class="guibutton"><strong>OK</strong></span>. Refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group.">Figure 3.2, “Adding users to the "wheel" group.”</a>.
+ </div></li><li class="step"><div class="para">
+ Open the PAM configuration file for <code class="command">su</code> (<code class="filename">/etc/pam.d/su</code>) in a text editor and remove the comment <span class="keycap"><strong>#</strong></span> from the following line:
+ </div><pre class="screen">auth required /lib/security/$ISA/pam_wheel.so use_uid</pre><div class="para">
+ This change means that only members of the administrative group <code class="computeroutput">wheel</code> can use this program.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group."><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_groups.png" width="444" alt="Adding users to the "wheel" group." /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>Groups</strong></span> pane illustration
+ </div></div></div></div><h6>Figure 3.2. Adding users to the "wheel" group.</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The root user is part of the <code class="computeroutput">wheel</code> group by default.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command">3.1.4.3.2. The <code class="command">sudo</code> Command</h5></div></div></div><div class="para">
+ The <code class="command">sudo</code> command offers another approach to giving users administrative access. When trusted users precede an administrative command with <code class="command">sudo</code>, they are prompted for <span class="emphasis"><em>their own</em></span> password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user.
+ </div><div class="para">
+ The basic format of the <code class="command">sudo</code> command is as follows:
+ </div><pre class="screen"><code class="command">sudo <em class="replaceable"><code><command></code></em></code></pre><div class="para">
+ In the above example, <em class="replaceable"><code><command></code></em> would be replaced by a command normally reserved for the root user, such as <code class="command">mount</code>.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Users of the <code class="command">sudo</code> command should take extra care to log out before walking away from their machines since sudoers can use the command again without being asked for a password within a five minute period. This setting can be altered via the configuration file, <code class="filename">/etc/sudoers</code>.
+ </div></div></div><div class="para">
+ The <code class="command">sudo</code> command allows for a high degree of flexibility. For instance, only users listed in the <code class="filename">/etc/sudoers</code> configuration file are allowed to use the <code class="command">sudo</code> command and the command is executed in <span class="emphasis"><em>the user's</em></span> shell, not a root shell. This means the root shell can be completely disabled, as shown in <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">Section 3.1.4.2.1, “Disabling the Root Shell”</a>.
+ </div><div class="para">
+ The <code class="command">sudo</code> command also provides a comprehensive audit trail. Each successful authentication is logged to the file <code class="filename">/var/log/messages</code> and the command issued along with the issuer's user name is logged to the file <code class="filename">/var/log/secure</code>.
+ </div><div class="para">
+ Another advantage of the <code class="command">sudo</code> command is that an administrator can allow different users access to specific commands based on their needs.
+ </div><div class="para">
+ Administrators wanting to edit the <code class="command">sudo</code> configuration file, <code class="filename">/etc/sudoers</code>, should use the <code class="command">visudo</code> command.
+ </div><div class="para">
+ To give someone full administrative privileges, type <code class="command">visudo</code> and add a line similar to the following in the user privilege specification section:
+ </div><pre class="screen"><code class="command">juan ALL=(ALL) ALL</code></pre><div class="para">
+ This example states that the user, <code class="computeroutput">juan</code>, can use <code class="command">sudo</code> from any host and execute any command.
+ </div><div class="para">
+ The example below illustrates the granularity possible when configuring <code class="command">sudo</code>:
+ </div><pre class="screen"><code class="command">%users localhost=/sbin/shutdown -h now</code></pre><div class="para">
+ This example states that any user can issue the command <code class="command">/sbin/shutdown -h now</code> as long as it is issued from the console.
+ </div><div class="para">
+ The man page for <code class="filename">sudoers</code> has a detailed listing of options for this file.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Available_Network_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Available Network Services</h3></div></div></div><div class="para">
+ While user access to administrative controls is an important issue for system administrators within an organization, monitoring which network services are active is of paramount importance to anyone who administers and operates a Linux system.
+ </div><div class="para">
+ Many services under Fedora behave as network servers. If a network service is running on a machine, then a server application (called a <em class="firstterm">daemon</em>), is listening for connections on one or more network ports. Each of these servers should be treated as a potential avenue of attack.
+ </div><div class="section" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services">3.1.5.1. Risks To Services</h4></div></div></div><div class="para">
+ Network services can pose many risks for Linux systems. Below is a list of some of the primary issues:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Denial of Service Attacks (DoS)</em></span> — By flooding a service with requests, a denial of service attack can render a system unusable as it tries to log and answer each request.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Distributed Denial of Service Attack (DDoS)</em></span> — A type of DoS attack which uses multiple compromised machines (often numbering in the thousands or more) to direct a co-ordinated attack on a service, flooding it with requests and making it unusable.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Script Vulnerability Attacks</em></span> — If a server is using scripts to execute server-side actions, as Web servers commonly do, a cracker can attack improperly written scripts. These script vulnerability attacks can lead to a buffer overflow condition or allow the attacker to alter files on the system.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Buffer Overflow Attacks</em></span> — Services that connect to ports numbered 0 through 1023 must run as an administrative user. If the application has an exploitable buffer overflow, an attacker could gain access to the system as the user running the daemon. Because exploitable buffer overflows exist, crackers use automated tools to identify systems with vulnerabilities, and once they have gained access, they use automated rootkits to maintain their access to the system.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The threat of buffer overflow vulnerabilities is mitigated in Fedora by <em class="firstterm">ExecShield</em>, an executable memory segmentation and protection technology supported by x86-compatible uni- and multi-processor kernels. ExecShield reduces the risk of buffer overflow by separating virtual memory into executable and non-executable segments. Any program code that tries to execute outside of the executable segment (such as malicious code injected from a buffer overflow exploit) triggers a segmentation fault and terminates.
+ </div><div class="para">
+ Execshield also includes support for <em class="firstterm">No eXecute</em> (<acronym class="acronym">NX</acronym>) technology on AMD64 platforms and <em class="firstterm">eXecute Disable</em> (<acronym class="acronym">XD</acronym>) technology on Itanium and <span class="trademark">Intel</span>® 64 systems. These technologies work in conjunction with ExecShield to prevent malicious code from running in the executable portion of virtual memory with a granularity of 4KB of executable code, lowering the risk of attack from stealthy buffer overflow exploits.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ To limit exposure to attacks over the network, all services that are unused should be turned off.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">3.1.5.2. Identifying and Configuring Services</h4></div></div></div><div class="para">
+ To enhance security, most network services installed with Fedora are turned off by default. There are, however, some notable exceptions:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">cupsd</code> — The default print server for Fedora.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">lpd</code> — An alternative print server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">xinetd</code> — A super server that controls connections to a range of subordinate servers, such as <code class="command">gssftp</code> and <code class="command">telnet</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code> — The Sendmail <em class="firstterm">Mail Transport Agent</em> (<abbr class="abbrev">MTA</abbr>) is enabled by default, but only listens for connections from the <span class="interface">localhost</span>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sshd</code> — The OpenSSH server, which is a secure replacement for Telnet.
+ </div></li></ul></div><div class="para">
+ When determining whether to leave these services running, it is best to use common sense and err on the side of caution. For example, if a printer is not available, do not leave <code class="command">cupsd</code> running. The same is true for <code class="command">portmap</code>. If you do not mount NFSv3 volumes or use NIS (the <code class="command">ypbind</code> service), then <code class="command">portmap</code> should be disabled.
+ </div><div class="figure" id="figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-service_config.png" width="444" alt="Services Configuration Tool" /><div class="longdesc"><div class="para">
+ <span class="application"><strong>Services Configuration Tool</strong></span> illustration
+ </div></div></div></div><h6>Figure 3.3. <span class="application">Services Configuration Tool</span></h6></div><br class="figure-break" /><div class="para">
+ If unsure of the purpose for a particular service, the <span class="application"><strong>Services Configuration Tool</strong></span> has a description field, illustrated in <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool">Figure 3.3, “<span class="application">Services Configuration Tool</span>”</a>, that provides additional information.
+ </div><div class="para">
+ Checking which network services are available to start at boot time is only part of the story. You should also check which ports are open and listening. Refer to <a class="xref" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">Section 3.2.8, “Verifying Which Ports Are Listening”</a> for more information.
+ </div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Insecure_Services">3.1.5.3. Insecure Services</h4></div></div></div><div class="para">
+ Potentially, any network service is insecure. This is why turning off unused services is so important. Exploits for services are routinely revealed and patched, making it very important to regularly update packages associated with any network service. Refer to <a class="xref" href="sect-Security_Guide-Security_Updates.html">Section 1.5, “Security Updates”</a> for more information.
+ </div><div class="para">
+ Some network protocols are inherently more insecure than others. These include any services that:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transmit Usernames and Passwords Over a Network Unencrypted</em></span> — Many older protocols, such as Telnet and FTP, do not encrypt the authentication session and should be avoided whenever possible.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transmit Sensitive Data Over a Network Unencrypted</em></span> — Many protocols transmit data over the network unencrypted. These protocols include Telnet, FTP, HTTP, and SMTP. Many network file systems, such as NFS and SMB, also transmit information over the network unencrypted. It is the user's responsibility when using these protocols to limit what type of data is transmitted.
+ </div><div class="para">
+ Remote memory dump services, like <code class="command">netdump</code>, transmit the contents of memory over the network unencrypted. Memory dumps can contain passwords or, even worse, database entries and other sensitive information.
+ </div><div class="para">
+ Other services like <code class="command">finger</code> and <code class="command">rwhod</code> reveal information about users of the system.
+ </div></li></ul></div><div class="para">
+ Examples of inherently insecure services include <code class="command">rlogin</code>, <code class="command">rsh</code>, <code class="command">telnet</code>, and <code class="command">vsftpd</code>.
+ </div><div class="para">
+ All remote login and shell programs (<code class="command">rlogin</code>, <code class="command">rsh</code>, and <code class="command">telnet</code>) should be avoided in favor of SSH. Refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">Section 3.1.7, “Security Enhanced Communication Tools”</a> for more information about <code class="command">sshd</code>.
+ </div><div class="para">
+ FTP is not as inherently dangerous to the security of the system as remote shells, but FTP servers must be carefully configured and monitored to avoid problems. Refer to <a class="xref" href="sect-Security_Guide-Server_Security-Securing_FTP.html">Section 3.2.6, “Securing FTP”</a> for more information about securing FTP servers.
+ </div><div class="para">
+ Services that should be carefully implemented and behind a firewall include:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">finger</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">authd</code> (this was called <code class="command">identd</code> in previous Fedora releases.)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump-server</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">nfs</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rwhod</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">smb</code> (Samba)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">yppasswdd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypserv</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypxfrd</code>
+ </div></li></ul></div><div class="para">
+ More information on securing network services is available in <a class="xref" href="sect-Security_Guide-Server_Security.html">Section 3.2, “Server Security”</a>.
+ </div><div class="para">
+ The next section discusses tools available to set up a simple firewall.
+ </div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Personal Firewalls</h3></div></div></div><div class="para">
+ After the <span class="emphasis"><em>necessary</em></span> network services are configured, it is important to implement a firewall.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ You should configure the necessary services and implement a firewall <span class="emphasis"><em>before</em></span> connecting to the Internet or any other network that you do not trust.
+ </div></div></div><div class="para">
+ Firewalls prevent network packets from accessing the system's network interface. If a request is made to a port that is blocked by a firewall, the request is ignored. If a service is listening on one of these blocked ports, it does not receive the packets and is effectively disabled. For this reason, care should be taken when configuring a firewall to block access to ports not in use, while not blocking access to ports used by configured services.
+ </div><div class="para">
+ For most users, the best tool for configuring a simple firewall is the graphical firewall configuration tool which ships with Fedora: the <span class="application"><strong>Firewall Administration Tool</strong></span> (<code class="command">system-config-firewall</code>). This tool creates broad <code class="command">iptables</code> rules for a general-purpose firewall using a control panel interface.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">Section 3.8.2, “Basic Firewall Configuration”</a> for more information about using this application and its available options.
+ </div><div class="para">
+ For advanced users and server administrators, manually configuring a firewall with <code class="command">iptables</code> is probably a better option. Refer to <a class="xref" href="sect-Security_Guide-Firewalls.html">Section 3.8, “Firewalls”</a> for more information. Refer to <a class="xref" href="sect-Security_Guide-IPTables.html">Section 3.9, “IPTables”</a> for a comprehensive guide to the <code class="command">iptables</code> command.
+ </div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Security Enhanced Communication Tools</h3></div></div></div><div class="para">
+ As the size and popularity of the Internet has grown, so has the threat of communication interception. Over the years, tools have been developed to encrypt communications as they are transferred over the network.
+ </div><div class="para">
+ Fedora ships with two basic tools that use high-level, public-key-cryptography-based encryption algorithms to protect information as it travels over the network.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>OpenSSH</em></span> — A free implementation of the SSH protocol for encrypting network communication.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gnu Privacy Guard (GPG)</em></span> — A free implementation of the PGP (Pretty Good Privacy) encryption application for encrypting data.
+ </div></li></ul></div><div class="para">
+ OpenSSH is a safer way to access a remote machine and replaces older, unencrypted services like <code class="command">telnet</code> and <code class="command">rsh</code>. OpenSSH includes a network service called <code class="command">sshd</code> and three command line client applications:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — A secure remote console access client.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">scp</code> — A secure remote copy command.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sftp</code> — A secure pseudo-ftp client that allows interactive file transfer sessions.
+ </div></li></ul></div><div class="para">
+ Refer to <a class="xref" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">Section 4.2.2, “Secure Shell”</a> for more information regarding OpenSSH.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Although the <code class="command">sshd</code> service is inherently secure, the service <span class="emphasis"><em>must</em></span> be kept up-to-date to prevent security threats. Refer to <a class="xref" href="sect-Security_Guide-Security_Updates.html">Section 1.5, “Security Updates”</a> for more information.
+ </div></div></div><div class="para">
+ GPG is one way to ensure private email communication. It can be used both to email sensitive data over public networks and to protect sensitive data on hard drives.
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm36569248" href="#idm36569248" class="para">11</a>] </sup>
+ Since system BIOSes differ between manufacturers, some may not support password protection of either type, while others may support one type but not the other.
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm68130304" href="#idm68130304" class="para">12</a>] </sup>
+ GRUB also accepts unencrypted passwords, but it is recommended that an MD5 hash be used for added security.
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm1626784" href="#idm1626784" class="para">13</a>] </sup>
+ This access is still subject to the restrictions imposed by SELinux, if it is enabled.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Prev</strong>2.9. NTP</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Next</strong>3.2. Server Security</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html
new file mode 100644
index 0000000..4fdc642
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. Security Overview</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="pr01s02.html" title="2. We Need Feedback!" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attackers and Vulnerabilities" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_G
uide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Security_Overview" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Security Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Securit
y Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.2. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.2.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.2.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilitie
s-Threats_to_Workstation_and_Home_PC_Security.html">1.2.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.3. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.3.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.3.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="sect-Security_Gui
de-Security_Updates.html">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html">1.5.2. Verifying Signed Packages</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></div><div class="para">
+ Because of the increased reliance on powerful, networked computers to help run businesses and keep track of our personal information, entire industries have been formed around the practice of network and computer security. Enterprises have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of the organization. Because most organizations are increasingly dynamic in nature, with workers accessing company IT resources locally and remotely, the need for secure computing environments has become more pronounced.
+ </div><div class="para">
+ Unfortunately, most organizations (as well as individual users) regard security as an afterthought, a process that is overlooked in favor of increased power, productivity, and budgetary concerns. Proper security implementation is often enacted postmortem — <span class="emphasis"><em>after</em></span> an unauthorized intrusion has already occurred. Security experts agree that taking the correct measures prior to connecting a site to an untrusted network, such as the Internet, is an effective means of thwarting most attempts at intrusion.
+ </div><div xml:lang="en-US" class="section" id="sect-Security_Guide-Introduction_to_Security" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</h2></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</h3></div></div></div><div class="para">
+ Computer security is a general term that covers a wide area of computing and information processing. Industries that depend on computer systems and networks to conduct daily business transactions and access crucial information regard their data as an important part of their overall assets. Several terms and metrics have entered our daily business vocabulary, such as total cost of ownership (TCO) and quality of service (QoS). Using these metrics, industries can calculate aspects such as data integrity and high-availability as part of their planning and process management costs. In some industries, such as electronic commerce, the availability and trustworthiness of data can be the difference between success and failure.
+ </div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. How did Computer Security Come about?</h4></div></div></div><div class="para">
+ Information security has evolved over the years due to the increasing reliance on public networks not to disclose personal, financial, and other restricted information. There are numerous instances such as the Mitnick <sup>[<a id="idm9469792" href="#ftn.idm9469792" class="footnote">1</a>]</sup>and the Vladimir Levin <sup>[<a id="idm9470688" href="#ftn.idm9470688" class="footnote">2</a>]</sup>cases that prompted organizations across all industries to re-think the way they handle information, as well as its transmission and disclosure. The popularity of the Internet was one of the most important developments that prompted an intensified effort in data security.
+ </div><div class="para">
+ An ever-growing number of people are using their personal computers to gain access to the resources that the Internet has to offer. From research and information retrieval to electronic mail and commerce transaction, the Internet has been regarded as one of the most important developments of the 20th century.
+ </div><div class="para">
+ The Internet and its earlier protocols, however, were developed as a <em class="firstterm">trust-based</em> system. That is, the Internet Protocol was not designed to be secure in itself. There are no approved security standards built into the TCP/IP communications stack, leaving it open to potentially malicious users and processes across the network. Modern developments have made Internet communication more secure, but there are still several incidents that gain national attention and alert us to the fact that nothing is completely safe.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Security_Today"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. Security Today</h4></div></div></div><div class="para">
+ In February of 2000, a Distributed Denial of Service (DDoS) attack was unleashed on several of the most heavily-trafficked sites on the Internet. The attack rendered yahoo.com, cnn.com, amazon.com, fbi.gov, and several other sites completely unreachable to normal users, as it tied up routers for several hours with large-byte ICMP packet transfers, also called a <em class="firstterm">ping flood</em>. The attack was brought on by unknown assailants using specially created, widely available programs that scanned vulnerable network servers, installed client applications called <em class="firstterm">trojans</em> on the servers, and timed an attack with every infected server flooding the victim sites and rendering them unavailable. Many blame the attack on fundamental flaws in the way routers and the protocols used are structured to accept all incoming data, no matter where or for what purpose the packets are sent.
+ </div><div class="para">
+ In 2007, a data breach exploiting the widely-known weaknesses of the Wired Equivalent Privacy (WEP) wireless encryption protocol resulted in the theft from a global financial institution of over 45 million credit card numbers.<sup>[<a id="idm27562560" href="#ftn.idm27562560" class="footnote">3</a>]</sup>
+ </div><div class="para">
+ In a separate incident, the billing records of over 2.2 million patients stored on a backup tape were stolen from the front seat of a courier's car.<sup>[<a id="idm27564016" href="#ftn.idm27564016" class="footnote">4</a>]</sup>
+ </div><div class="para">
+ Currently, an estimated 1.8 billion people use or have used the Internet worldwide.<sup>[<a id="idm27565616" href="#ftn.idm27565616" class="footnote">5</a>]</sup> At the same time:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ On any given day, there are approximately 225 major incidences of security breach reported to the CERT Coordination Center at Carnegie Mellon University.<sup>[<a id="idm27567712" href="#ftn.idm27567712" class="footnote">6</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ In 2003, the number of CERT reported incidences jumped to 137,529 from 82,094 in 2002 and from 52,658 in 2001.<sup>[<a id="idm27569616" href="#ftn.idm27569616" class="footnote">7</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ The worldwide economic impact of the three most dangerous Internet Viruses of the last three years was estimated at US$13.2 Billion.<sup>[<a id="idm26250784" href="#ftn.idm26250784" class="footnote">8</a>]</sup>
+ </div></li></ul></div><div class="para">
+ From a 2008 global survey of business and technology executives "The Global State of Information Security"<sup>[<a id="idm26253040" href="#ftn.idm26253040" class="footnote">9</a>]</sup>, undertaken by <span class="emphasis"><em>CIO Magazine</em></span>, some points are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Just 43% of respondents audit or monitor user compliance with security policies
+ </div></li><li class="listitem"><div class="para">
+ Only 22% keep an inventory of the outside companies that use their data
+ </div></li><li class="listitem"><div class="para">
+ The source of nearly half of security incidents was marked as "Unknown"
+ </div></li><li class="listitem"><div class="para">
+ 44% of respondents plan to increase security spending in the next year
+ </div></li><li class="listitem"><div class="para">
+ 59% have an information security strategy
+ </div></li></ul></div><div class="para">
+ These results enforce the reality that computer security has become a quantifiable and justifiable expense for IT budgets. Organizations that require data integrity and high availability elicit the skills of system administrators, developers, and engineers to ensure 24x7 reliability of their systems, services, and information. Falling victim to malicious users, processes, or coordinated attacks is a direct threat to the success of the organization.
+ </div><div class="para">
+ Unfortunately, system and network security can be a difficult proposition, requiring an intricate knowledge of how an organization regards, uses, manipulates, and transmits its information. Understanding the way an organization (and the people that make up the organization) conducts business is paramount to implementing a proper security plan.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">1.1.1.3. Standardizing Security</h4></div></div></div><div class="para">
+ Enterprises in every industry rely on regulations and rules that are set by standards-making bodies such as the American Medical Association (AMA) or the Institute of Electrical and Electronics Engineers (IEEE). The same ideals hold true for information security. Many security consultants and vendors agree upon the standard security model known as CIA, or <em class="firstterm">Confidentiality, Integrity, and Availability</em>. This three-tiered model is a generally accepted component to assessing risks of sensitive information and establishing security policy. The following describes the CIA model in further detail:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Confidentiality — Sensitive information must be available only to a set of pre-defined individuals. Unauthorized transmission and usage of information should be restricted. For example, confidentiality of information ensures that a customer's personal or financial information is not obtained by an unauthorized individual for malicious purposes such as identity theft or credit fraud.
+ </div></li><li class="listitem"><div class="para">
+ Integrity — Information should not be altered in ways that render it incomplete or incorrect. Unauthorized users should be restricted from the ability to modify or destroy sensitive information.
+ </div></li><li class="listitem"><div class="para">
+ Availability — Information should be accessible to authorized users any time that it is needed. Availability is a warranty that information can be obtained with an agreed-upon frequency and timeliness. This is often measured in terms of percentages and agreed to formally in Service Level Agreements (SLAs) used by network service providers and their enterprise clients.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-SELinux"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</h3></div></div></div><div class="para">
+ Fedora includes an enhancement to the Linux kernel called SELinux, which implements a Mandatory Access Control (MAC) architecture that provides a fine-grained level of control over files, processes, users and applications in the system. Detailed discussion of SELinux is beyond the scope of this document; however, for more information on SELinux and its use in Fedora, refer to the Fedora SELinux User Guide available at <a href="http://docs.fedoraproject.org/">http://docs.fedoraproject.org/</a>. For more information on configuring and running services in Fedora that are protected by SELinux, refer to the SELinux Managing Confined Services Guide available at <a href="http://docs.fedoraproject.org">http://docs.fedoraproject.org/</a>. Other available resources for SELinux are listed in <a class="xref" href="chap-Security_Guide-References.html">Chapter 9, <em>References</em></a>.
+ </div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Security_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</h3></div></div></div><div class="para">
+ Computer security is often divided into three distinct master categories, commonly referred to as <em class="wordasword">controls</em>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Physical
+ </div></li><li class="listitem"><div class="para">
+ Technical
+ </div></li><li class="listitem"><div class="para">
+ Administrative
+ </div></li></ul></div><div class="para">
+ These three broad categories define the main objectives of proper security implementation. Within these controls are sub-categories that further detail the controls and how to implement them.
+ </div><div class="section" id="sect-Security_Guide-Security_Controls-Physical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Physical_Controls">1.1.3.1. Physical Controls</h4></div></div></div><div class="para">
+ Physical control is the implementation of security measures in a defined structure used to deter or prevent unauthorized access to sensitive material. Examples of physical controls are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Closed-circuit surveillance cameras
+ </div></li><li class="listitem"><div class="para">
+ Motion or thermal alarm systems
+ </div></li><li class="listitem"><div class="para">
+ Security guards
+ </div></li><li class="listitem"><div class="para">
+ Picture IDs
+ </div></li><li class="listitem"><div class="para">
+ Locked and dead-bolted steel doors
+ </div></li><li class="listitem"><div class="para">
+ Biometrics (includes fingerprint, voice, face, iris, handwriting, and other automated methods used to recognize individuals)
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Technical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Technical_Controls">1.1.3.2. Technical Controls</h4></div></div></div><div class="para">
+ Technical controls use technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. Technical controls are far-reaching in scope and encompass such technologies as:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Encryption
+ </div></li><li class="listitem"><div class="para">
+ Smart cards
+ </div></li><li class="listitem"><div class="para">
+ Network authentication
+ </div></li><li class="listitem"><div class="para">
+ Access control lists (ACLs)
+ </div></li><li class="listitem"><div class="para">
+ File integrity auditing software
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Administrative_Controls">1.1.3.3. Administrative Controls</h4></div></div></div><div class="para">
+ Administrative controls define the human factors of security. They involve all levels of personnel within an organization and determine which users have access to what resources and information by such means as:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Training and awareness
+ </div></li><li class="listitem"><div class="para">
+ Disaster preparedness and recovery plans
+ </div></li><li class="listitem"><div class="para">
+ Personnel recruitment and separation strategies
+ </div></li><li class="listitem"><div class="para">
+ Personnel registration and accounting
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Conclusion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</h3></div></div></div><div class="para">
+ Now that you have learned about the origins, reasons, and aspects of security, you will find it easier to determine the appropriate course of action with regard to Fedora. It is important to know what factors and conditions make up security in order to plan and implement a proper strategy. With this information in mind, the process can be formalized and the path becomes clearer as you delve deeper into the specifics of the security process.
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm9469792" href="#idm9469792" class="para">1</a>] </sup>
+ http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm9470688" href="#idm9470688" class="para">2</a>] </sup>
+ http://www.livinginternet.com/i/ia_hackers_levin.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm27562560" href="#idm27562560" class="para">3</a>] </sup>
+ http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm27564016" href="#idm27564016" class="para">4</a>] </sup>
+ http://www.healthcareitnews.com/story.cms?id=9408
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm27565616" href="#idm27565616" class="para">5</a>] </sup>
+ http://www.internetworldstats.com/stats.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm27567712" href="#idm27567712" class="para">6</a>] </sup>
+ http://www.cert.org
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm27569616" href="#idm27569616" class="para">7</a>] </sup>
+ http://www.cert.org/stats/fullstats.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm26250784" href="#idm26250784" class="para">8</a>] </sup>
+ http://www.newsfactor.com/perl/story/16407.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm26253040" href="#idm26253040" class="para">9</a>] </sup>
+ http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Prev</strong>2. We Need Feedback!</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong>1.2. Attackers and Vulnerabilities</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html
new file mode 100644
index 0000000..01b1e00
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Software Maintenance</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="6.2. Utilize LUKS Partition Encryption" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="7.2. Plan and Configure Security Updates" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a ac
cesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Security_Guide-Software_Maintenance" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Software Maintenance</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">7.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates
-Adjusting_Automatic_Updates.html">7.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">7.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></div><div class="para">
+ Software maintenance is extremely important to maintaining a secure system. It is vital to patch software as soon as it becomes available in order to prevent attackers from using known holes to infiltrate your system.
+ </div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Install Minimal Software</h2></div></div></div><div class="para">
+ It is best practice to install only the packages you will use because each piece of software on your computer could possibly contain a vulnerability. If you are installing from the DVD media take the opportunity to select exactly what packages you want to install during the installation. When you find you need another package, you can always add it to the system later.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong>6.2. Utilize LUKS Partition Encryption</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong>7.2. Plan and Configure Security Updates</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/SCLogin.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/SCLogin.png
new file mode 100644
index 0000000..5bdef58
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/SCLogin.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png
new file mode 100644
index 0000000..2809b32
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/auth-panel.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/auth-panel.png
new file mode 100644
index 0000000..6335d2f
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/auth-panel.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/authicon.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/authicon.png
new file mode 100644
index 0000000..e397b63
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/authicon.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png
new file mode 100644
index 0000000..1dbf27d
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-firewall_config.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-firewall_config.png
new file mode 100644
index 0000000..6abd4b0
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-firewall_config.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png
new file mode 100644
index 0000000..4a236a7
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png
new file mode 100644
index 0000000..e49a5c1
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png
new file mode 100644
index 0000000..5457d97
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-service_config.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-service_config.png
new file mode 100644
index 0000000..71b4c21
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-service_config.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png
new file mode 100644
index 0000000..9527476
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png
new file mode 100644
index 0000000..54ccc33
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/icon.svg b/public_html/en-US/Fedora/18/html/Security_Guide/images/icon.svg
new file mode 100644
index 0000000..c471a60
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/images/icon.svg
@@ -0,0 +1,3936 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
+ xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg3017"
+ sodipodi:version="0.32"
+ inkscape:version="0.44+devel"
+ sodipodi:docname="book.svg"
+ sodipodi:docbase="/home/andy/Desktop">
+ <metadata
+ id="metadata489">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="480"
+ inkscape:window-width="858"
+ inkscape:pageshadow="0"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ inkscape:zoom="1"
+ inkscape:cx="16"
+ inkscape:cy="15.944056"
+ inkscape:window-x="0"
+ inkscape:window-y="33"
+ inkscape:current-layer="svg3017" />
+ <defs
+ id="defs3019">
+ <linearGradient
+ id="linearGradient2381">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop2383" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop2385" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="XMLID_1758_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop3903" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3905" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3890" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3892" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1755_">
+ <use
+ id="use3874"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3877" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3879" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3881" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3883" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="XMLID_1754_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop3863" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop3865" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop3867" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop3869" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop3851" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3853" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1751_">
+ <use
+ id="use3837"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3840" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3842" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3844" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3846" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="XMLID_1750_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3830" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3832" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3818" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3820" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="XMLID_1748_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3803" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3805" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3807" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3809" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="XMLID_2275_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9947" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9949" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9951" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9953" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_2273_">
+ <use
+ id="use9933"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="XMLID_2274_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9936" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9938" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9940" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9942" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="XMLID_2272_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9917" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9919" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9921" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9923" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleInM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(-0.4,-0.4)"
+ style="fill:#5c5c4f"
+ id="path3197" />
+ </marker>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="XMLID_3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#bfbfbf;stop-opacity:1"
+ offset="0"
+ id="stop20103" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop20105" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="linearGradient36592"
+ xlink:href="#XMLID_3298_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="XMLID_3297_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop20096" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20098" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="linearGradient36595"
+ xlink:href="#XMLID_3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="XMLID_3296_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#0f6124;stop-opacity:1"
+ offset="0"
+ id="stop20087" />
+ <stop
+ style="stop-color:#219630;stop-opacity:1"
+ offset="1"
+ id="stop20089" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#219630" />
+ </linearGradient>
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="linearGradient36677"
+ xlink:href="#XMLID_3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="XMLID_3295_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20076" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.5"
+ id="stop20078" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20080" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="linearGradient36604"
+ xlink:href="#XMLID_3295_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="XMLID_3294_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop20069" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20071" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="linearGradient36607"
+ xlink:href="#XMLID_3294_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="XMLID_3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20056" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20058" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20060" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20062" />
+ <stop
+ style="stop-color:#c2c2c2;stop-opacity:1"
+ offset="0.5"
+ id="stop20064" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C2C2C2" />
+ </linearGradient>
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="linearGradient36610"
+ xlink:href="#XMLID_3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="XMLID_3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20043" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20045" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20047" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20049" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20051" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="linearGradient36613"
+ xlink:href="#XMLID_3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleOutM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(0.4,0.4)"
+ style="fill:#5c5c4f;fill-rule:evenodd;stroke-width:1pt;marker-start:none"
+ id="path3238" />
+ </marker>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="XMLID_3457_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="stop8309" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8311" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="stop8313" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#B2B2B2" />
+ </linearGradient>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="lg1997"
+ xlink:href="#XMLID_3457_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="XMLID_3456_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="stop8300" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8302" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8304" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="lg2000"
+ xlink:href="#XMLID_3456_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="XMLID_3455_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8291" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.69999999"
+ id="stop8293" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8295" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.7"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="lg2003"
+ xlink:href="#XMLID_3455_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ id="lg63694">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop63696" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop63698" />
+ </linearGradient>
+ <linearGradient
+ x1="458"
+ y1="483"
+ x2="465.20001"
+ y2="271.39999"
+ id="lg2006"
+ xlink:href="#lg63694"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(6.3e-2,0,0,6.3e-2,-1.3,-9.8)" />
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="XMLID_3453_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8271" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0.2"
+ id="stop8273" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8275" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="lg2009"
+ xlink:href="#XMLID_3453_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="XMLID_3449_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8232" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8234" />
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="1"
+ id="stop8236" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#ECD600" />
+ </linearGradient>
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="lg2016"
+ xlink:href="#XMLID_3449_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8219" />
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8221" />
+ <stop
+ style="stop-color:#c96b00;stop-opacity:1"
+ offset="0.89999998"
+ id="stop8223" />
+ <stop
+ style="stop-color:#9a5500;stop-opacity:1"
+ offset="1"
+ id="stop8225" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.9"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#9A5500" />
+ </radialGradient>
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="rg2020"
+ xlink:href="#XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.513992,0,0,2.347576,-689.1621,-378.5717)" />
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="XMLID_3447_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="0"
+ id="stop8204" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8206" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8208" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="lg2026"
+ xlink:href="#XMLID_3447_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop8197" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="1"
+ id="stop8199" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFF95E" />
+ </radialGradient>
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="rg2029"
+ xlink:href="#XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.7,0,0,1.7,-457.5,-266.8)" />
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="XMLID_3445_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8184" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8186" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8188" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8190" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8192" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="lg2032"
+ xlink:href="#XMLID_3445_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="XMLID_3444_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8171" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8173" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8175" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8177" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8179" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="lg2035"
+ xlink:href="#XMLID_3444_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="379.70001"
+ y1="167.89999"
+ x2="383.89999"
+ y2="172.89999"
+ id="lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16159" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16161" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s16163" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="379.60001"
+ y1="167.8"
+ x2="383.79999"
+ y2="172"
+ id="lg6416"
+ xlink:href="#lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.622156,0.623859,-0.623859,2.62182,-882.9706,-673.7921)" />
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="s16152" />
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="1"
+ id="s16154" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg6453"
+ xlink:href="#lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="0"
+ id="s16145" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="s16147" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#E5E5E5"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg6456"
+ xlink:href="#lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <radialGradient
+ cx="347.29999"
+ cy="244.5"
+ r="5.1999998"
+ fx="347.29999"
+ fy="244.5"
+ id="lg4282_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#333;stop-opacity:1"
+ offset="0"
+ id="s16135" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s16137" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0"
+ id="s16111" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.60000002"
+ id="s16113" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="1"
+ id="s16115" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.6" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg6467"
+ xlink:href="#lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16100" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.40000001"
+ id="s16102" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0.89999998"
+ id="s16104" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16106" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.9" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg6465"
+ xlink:href="#lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="307.79999"
+ y1="395.20001"
+ x2="313.79999"
+ y2="413.60001"
+ id="lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16091" />
+ <stop
+ style="stop-color:#fcd72f;stop-opacity:1"
+ offset="0.40000001"
+ id="s16093" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16095" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="306.5"
+ y1="393"
+ x2="309"
+ y2="404"
+ id="lg6400"
+ xlink:href="#lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="352.10001"
+ y1="253.60001"
+ x2="348.5"
+ y2="237.8"
+ id="lg4276_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16077" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16079" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s16057" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.80000001"
+ id="s16059" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="s16061" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.8" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg6463"
+ xlink:href="#lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16048" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16050" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16052" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg6461"
+ xlink:href="#lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16041" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16043" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="5.6e-003" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg6381"
+ xlink:href="#lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="348.39999"
+ y1="247.39999"
+ x2="354.10001"
+ y2="242"
+ id="lg4271_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s16025" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.40000001"
+ id="s16027" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="s16029" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#000000"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg4270_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16007" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16009" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg6459"
+ xlink:href="#lg4270_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)" />
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="XMLID_2708_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop75318" />
+ <stop
+ style="stop-color:#fffcea;stop-opacity:1"
+ offset="1"
+ id="stop75320" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#FFFCEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="lg1907"
+ xlink:href="#XMLID_2708_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="XMLID_2707_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffdea0;stop-opacity:1"
+ offset="0"
+ id="stop75305" />
+ <stop
+ style="stop-color:#ffd89e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75307" />
+ <stop
+ style="stop-color:#ffd79e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75309" />
+ <stop
+ style="stop-color:#dbaf6d;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75311" />
+ <stop
+ style="stop-color:#6f4c24;stop-opacity:1"
+ offset="1"
+ id="stop75313" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.3" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6F4C24"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="lg1910"
+ xlink:href="#XMLID_2707_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="58"
+ y1="73.199997"
+ x2="44.5"
+ y2="19"
+ id="XMLID_2704_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)">
+ <stop
+ style="stop-color:#d4a96c;stop-opacity:1"
+ offset="0.5"
+ id="stop75284" />
+ <stop
+ style="stop-color:#dcb273;stop-opacity:1"
+ offset="0.60000002"
+ id="stop75286" />
+ <stop
+ style="stop-color:#f0ca87;stop-opacity:1"
+ offset="0.80000001"
+ id="stop75288" />
+ <stop
+ style="stop-color:#ffdc96;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75290" />
+ <stop
+ style="stop-color:#c18a42;stop-opacity:1"
+ offset="1"
+ id="stop75292" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C18A42"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="XMLID_2703_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0"
+ id="stop75268" />
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0.40000001"
+ id="stop75270" />
+ <stop
+ style="stop-color:#c0aa94;stop-opacity:1"
+ offset="1"
+ id="stop75272" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.4" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C0AA94"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="lg1916"
+ xlink:href="#XMLID_2703_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="224.31"
+ y1="19.450001"
+ x2="214.33"
+ y2="11.46"
+ id="XMLID_419_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#404040;stop-opacity:1"
+ offset="0"
+ id="s1903" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1905" />
+ <stop
+ style="stop-color:#e9e9e9;stop-opacity:1"
+ offset="1"
+ id="s1907" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E9E9E9" />
+ </linearGradient>
+ <linearGradient
+ x1="221.84"
+ y1="32.779999"
+ x2="212.2"
+ y2="20.27"
+ id="lg1988"
+ xlink:href="#XMLID_419_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1900"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s1902" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s1906" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.33" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D3D3D3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="234.81"
+ y1="33.279999"
+ x2="228.27"
+ y2="33.279999"
+ id="lg1908"
+ xlink:href="#lg1900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="XMLID_416_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#575757;stop-opacity:1"
+ offset="0"
+ id="s1874" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1876" />
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1"
+ offset="1"
+ id="s1878" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#D3D3D3" />
+ </linearGradient>
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1991"
+ xlink:href="#XMLID_416_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.1,0,0,1.1,-54.33,-75.4)">
+ <stop
+ style="stop-color:#c9ffc9;stop-opacity:1"
+ offset="0"
+ id="stop29201" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="stop29203" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#23A11F" />
+ </radialGradient>
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="radialGradient5711"
+ xlink:href="#x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.23,0,0,1.23,-709.93,-245.02)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5722"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="x5002_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29134" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.2"
+ id="stop29136" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="stop29138" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.20"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#999999" />
+ </linearGradient>
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="lg5725"
+ xlink:href="#x5002_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29157" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29159" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="lg5728"
+ xlink:href="#x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="x5003_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="stop29143" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="stop29145" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E5E5E5" />
+ </linearGradient>
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5732"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29124" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29126" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="lg5735"
+ xlink:href="#x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="XMLID_2433_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d6d6d6;stop-opacity:1"
+ offset="0"
+ id="71615" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71617" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="lg1952"
+ xlink:href="#XMLID_2433_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.98,0,0,0.98,2.88,2.75)">
+ <stop
+ style="stop-color:#d2d2d2;stop-opacity:1"
+ offset="0.19"
+ id="71592" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.44999999"
+ id="71594" />
+ <stop
+ style="stop-color:#c7c7c7;stop-opacity:1"
+ offset="0.60000002"
+ id="71596" />
+ <stop
+ style="stop-color:#b9b9b9;stop-opacity:1"
+ offset="0.74000001"
+ id="71598" />
+ <stop
+ style="stop-color:#a4a4a4;stop-opacity:1"
+ offset="0.86000001"
+ id="71600" />
+ <stop
+ style="stop-color:#8a8a8a;stop-opacity:1"
+ offset="0.95999998"
+ id="71602" />
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="1"
+ id="71604" />
+ <a:midPointStop
+ offset="0.19"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="0.8"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#808080" />
+ </radialGradient>
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="radialGradient2331"
+ xlink:href="#XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-276.62,-121.54)" />
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="XMLID_2430_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b5d8ff;stop-opacity:1"
+ offset="0"
+ id="71582" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="71584" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#000000" />
+ </linearGradient>
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="lg2820"
+ xlink:href="#XMLID_2430_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="XMLID_2429_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0"
+ id="71564" />
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0.25"
+ id="71566" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="0.44"
+ id="71568" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71570" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.25"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.44"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="lg2818"
+ xlink:href="#XMLID_2429_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.851,0,0,0.849,69.297,51.658)">
+ <stop
+ style="stop-color:#23468e;stop-opacity:1"
+ offset="0"
+ id="stop10972" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10974" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </radialGradient>
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="rg5791"
+ xlink:href="#lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.858,0,0,0.857,-511.7,9.02)" />
+ <linearGradient
+ x1="616.112"
+ y1="76.247002"
+ x2="588.14099"
+ y2="60.742001"
+ id="lg3497_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#01326e;stop-opacity:1"
+ offset="0"
+ id="stop10962" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10964" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg3496_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop10950" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10952" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg5794"
+ xlink:href="#lg3496_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg3495_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10941" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10943" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10945" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg5771"
+ xlink:href="#lg3495_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.615,-43.098)" />
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg3494_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10932" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10934" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10936" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg5774"
+ xlink:href="#lg3494_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.616,-43.098)" />
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="g3302_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#005e00;stop-opacity:1"
+ offset="0"
+ id="s6504" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="s6506" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#23A11F"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="lg5851"
+ xlink:href="#g3302_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s6483" />
+ <stop
+ style="stop-color:#eee;stop-opacity:1"
+ offset="0.17"
+ id="s6485" />
+ <stop
+ style="stop-color:#e3e3e3;stop-opacity:1"
+ offset="0.34"
+ id="s6487" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.50999999"
+ id="s6489" />
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1"
+ offset="0.67000002"
+ id="s6491" />
+ <stop
+ style="stop-color:#919191;stop-opacity:1"
+ offset="0.83999997"
+ id="s6493" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6495" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.71" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="lg5855"
+ xlink:href="#g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,103.123)" />
+ <clipPath
+ id="g3299_">
+ <use
+ id="use6469"
+ x="0"
+ y="0"
+ width="1005.92"
+ height="376.97"
+ xlink:href="#g101_" />
+ </clipPath>
+ <radialGradient
+ cx="1189.9301"
+ cy="100.05"
+ r="40.400002"
+ fx="1189.9301"
+ fy="100.05"
+ id="g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,-8.46e-2,0,0.34,394.16,137.13)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6472" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s6474" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#000000"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1199.74"
+ cy="97.150002"
+ r="40.400002"
+ fx="1199.74"
+ fy="97.150002"
+ id="rg5860"
+ xlink:href="#g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.409,-0.107,0,0.429,-451.489,113.149)" />
+ <linearGradient
+ x1="796.38"
+ y1="67.580002"
+ x2="781.28003"
+ y2="58.549999"
+ id="g3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#4c8bca;stop-opacity:1"
+ offset="0"
+ id="s6462" />
+ <stop
+ style="stop-color:#b7e9ff;stop-opacity:1"
+ offset="1"
+ id="s6464" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B7E9FF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6448" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6450" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="lg5890"
+ xlink:href="#g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)" />
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(0,70.17)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6439" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.51999998"
+ id="s6441" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6443" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.52" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="lg5866"
+ xlink:href="#g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,28.6)" />
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="g3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6412" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6414" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="lg5871"
+ xlink:href="#g3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="g3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="s6403" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.28"
+ id="s6405" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6407" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.28" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="lg5874"
+ xlink:href="#g3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,137.29)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6380" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="s6382" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="lg5878"
+ xlink:href="#g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,113.351)" />
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6371" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6373" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="rg5881"
+ xlink:href="#g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,0,0,0.36,238.56,86.87)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6362" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.63999999"
+ id="s6364" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6366" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.64" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="rg5884"
+ xlink:href="#g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.408,0,0,0.448,-638.943,49.495)" />
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6347" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.38999999"
+ id="s6349" />
+ <stop
+ style="stop-color:#b1b1b1;stop-opacity:1"
+ offset="0.75"
+ id="s6351" />
+ <stop
+ style="stop-color:#aaa;stop-opacity:1"
+ offset="0.88"
+ id="s6353" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.97000003"
+ id="s6355" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6357" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.39" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.87" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="rg5887"
+ xlink:href="#g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <pattern
+ patternTransform="matrix(0.592927,0,0,0.592927,78,462)"
+ id="cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-365.3146,-513.505)"
+ id="g3047">
+ id="path2858" />
+ <path
+ inkscape:label="#path2854"
+ sodipodi:nodetypes="czzzz"
+ style="fill:#e3dcc0"
+ id="path3060"
+ d="M 390.31462,529.50504 C 390.31462,534.47304 386.28262,538.50504 381.31462,538.50504 C 376.34662,538.50504 372.31462,534.47304 372.31462,529.50504 C 372.31462,524.53704 376.34662,520.50504 381.31462,520.50504 C 386.28262,520.50504 390.31462,524.53704 390.31462,529.50504 z " />
+</g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.733751,0,0,0.733751,67,367)"
+ id="dark-cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-408.0946,-513.505)"
+ id="dark-cream-spot"
+ inkscape:label="#g3043">
+ <path
+ sodipodi:nodetypes="czzzz"
+ style="fill:#c8c5ac"
+ d="M 433.09458,529.50504 C 433.09458,534.47304 429.06258,538.50504 424.09458,538.50504 C 419.12658,538.50504 415.09458,534.47304 415.09458,529.50504 C 415.09458,524.53704 419.12658,520.50504 424.09458,520.50504 C 429.06258,520.50504 433.09458,524.53704 433.09458,529.50504 z "
+ id="path2953" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.375,0,0,0.375,379,400)"
+ id="white-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-484.3997,-513.505)"
+ id="white-spot"
+ inkscape:label="#g3035">
+ <path
+ style="opacity:0.25;fill:white"
+ id="path3033"
+ d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+ sodipodi:nodetypes="czzzz" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.455007,0,0,0.455007,-5e-5,1.9e-5)"
+ id="black-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-448.3997,-513.505)"
+ id="black-spot"
+ inkscape:label="#g3039">
+ <path
+ sodipodi:nodetypes="czzzz"
+ d="M 473.39967,529.50504 C 473.39967,534.47304 469.36767,538.50504 464.39967,538.50504 C 459.43167,538.50504 455.39967,534.47304 455.39967,529.50504 C 455.39967,524.53704 459.43167,520.50504 464.39967,520.50504 C 469.36767,520.50504 473.39967,524.53704 473.39967,529.50504 z "
+ id="path2961"
+ style="opacity:0.25;fill:black" />
+ </g>
+ </pattern>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="linearGradient17334"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17336" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17338" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17340" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17342" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5112"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.6461"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#16336E" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="linearGradient17426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop17428" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17430" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="linearGradient17434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17436" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17438" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17440" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17442" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="0.4213"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A6100C" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17709"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17711"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17713"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17715"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17717"
+ xlink:href="#XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17721"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17723"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17418" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17420" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <defs
+ id="defs9929">
+ <path
+ d="M 489.21,209.35 L 485.35,203.63 C 483.63,204.25 473.47,208.93 471.5,210.18 C 470.57,210.77 470.17,211.16 469.72,212.48 C 470.93,212.31 471.72,212.49 473.42,213.04 C 473.26,214.77 473.24,215.74 473.57,218.2 C 474.01,216.88 474.41,216.49 475.34,215.9 C 477.33,214.65 487.49,209.97 489.21,209.35 z "
+ id="XMLID_960_" />
+ </defs>
+ <clipPath
+ id="clipPath17448">
+ <use
+ id="use17450"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17452"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17454" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17456" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17458" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17460" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17463"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17465" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17467" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17469" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17471" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17807"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17810"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17812"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17814"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17816"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17818"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17349" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17351" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#96BAD6" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop17381" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17383" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17862"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,-166.1427,-0.18283)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17864"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3859">
+ <polygon
+ points="465.54,213.52 481.94,217.46 482.74,216.71 487.46,198.05 471.08,194.07 470.26,194.83 465.54,213.52 "
+ id="XMLID_343_" />
+ </defs>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="linearGradient17389"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop17391" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop17393" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop17395" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop17397" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17400">
+ <use
+ id="use17402"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17406" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17408" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17410" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17412" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17882"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3826">
+ <polygon
+ points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
+ id="XMLID_338_" />
+ </defs>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="linearGradient17357"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17359" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17361" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17364">
+ <use
+ id="use17366"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17370" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17372" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17374" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17376" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient2387"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5105"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5145"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient2381"
+ id="linearGradient2371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398" />
+ </defs>
+ <g
+ transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
+ id="g5089">
+ <path
+ d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
+ transform="translate(282.8327,227.1903)"
+ style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
+ id="path5091" />
+ <rect
+ width="27.85074"
+ height="29.369793"
+ rx="1.1414107"
+ ry="1.1414107"
+ x="286.96509"
+ y="227.63805"
+ style="fill:#032c87"
+ id="rect5093" />
+ <path
+ d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
+ style="fill:white"
+ id="rect5095" />
+ <path
+ d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
+ style="fill:#a70000;fill-opacity:1;stroke-width:2"
+ id="path5097" />
+ <rect
+ width="25.241802"
+ height="29.736675"
+ rx="0.89682275"
+ ry="0.89682275"
+ x="290.73544"
+ y="220.92249"
+ style="fill:#809cc9"
+ id="rect5099" />
+ <path
+ d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
+ transform="matrix(0.499065,-0.866565,0,1,0,0)"
+ style="fill:#4573b3;fill-opacity:1"
+ id="rect5101" />
+ <path
+ d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
+ style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
+ id="path5103" />
+ </g>
+</svg>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png
new file mode 100644
index 0000000..281afd6
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png b/public_html/en-US/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png
new file mode 100644
index 0000000..38ee5ea
Binary files /dev/null and b/public_html/en-US/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png differ
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/index.html b/public_html/en-US/Fedora/18/html/Security_Guide/index.html
new file mode 100644
index 0000000..bbd333a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/index.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Security Guide</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><meta name="description" content="The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and to
ols, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="next" href="pref-Security_Guide-Preface.html" title="Preface" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="idm31493600" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" fo
nt-size="12pt" text-align="center"><span class="productname">Fedora</span> <span class="productnumber">18</span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm31493600" class="title">Security Guide</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 18.0.1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ <span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
+
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat
.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:gent86 at fedoraproject.org">gent86 at fedoraproject.org</a></code></
div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm9560784" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2007-2012 Fedora Project Contributors.
+ </div><div class="para">
+ The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+ </div><div class="para">
+ Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+ </div><div class="para">
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+ </div><div class="para">
+ For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+ </div><div class="para">
+ <span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+ </div><div class="para">
+ <span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+ </div><div class="para">
+ <span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+ </div><div class="para">
+ <span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+ </div><div class="para">
+ All other trademarks are the property of their respective owners.
+ </div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Abstract</h6><div class="para">
+ The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="pref-Security_Guide-Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm16387472">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm7108496">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm61992816">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm42112384">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="pr01s02.html">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Security_Overview.html">1. Security Overview</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduc
tion_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Security Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.2. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security
_Guide-Attackers_and_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.2.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.2.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.2.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.3. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thin
king_Like_the_Enemy">1.3.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.3.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.3.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html">1.5.2. Verifying Signed Packages</a></span></dt><dt>
<span class="section"><a href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html">1.5.3. Installing Signed Packages</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">1.5.4. Applying the Changes</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Basic_Hardening.html">2. Basic Hardening Guide</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Basic_Hardening.html#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. General Principles</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html">2.2. Why is this important?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security.html">2.3. Physical Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Secur
ity-Why_is_this_important.html">2.4. Why this is important</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html">2.5. What else can I do?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Up_to_date.html">2.7. Keeping software up to date</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Services.html">2.8. Services</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-NTP.htm
l">2.9. NTP</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Securing_Your_Network.html">3. Securing Your Network</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Password Security</a></span></dt><dt><span class="section"><a href="chap-Security_G
uide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html">3.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Secur
ity-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">3.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">3.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">3.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">3.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">3.2.6. Securing FTP</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">3.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_
Security-Verifying_Which_Ports_Are_Listening.html">3.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduction</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">3.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">3.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">3.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_o
n_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">3.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Using Yubikey with a centralized server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Yubikey-Web_Sites.html">3.4.2. Authenticating to websites with your Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="sect-
Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">3.5.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">3.5.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">3.5.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">3.5.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">3.5.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">3.5.7. PAM
and Device Ownership</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">3.5.8. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">3.6. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">3.6.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">3.6.4. xinetd Configuration Files</a></span></dt><dt><span c
lass="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">3.6.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">3.7.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">3.7.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">3.7.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">3.7.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a hre
f="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">3.7.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">3.7.7. Domain-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">3.7.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">3.7.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">3.7.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">3.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter and IPTables</a></
span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">3.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">3.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">3.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">3.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">3.8.6. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">3.8.7. IPTables and Connection Tracking</a></span></dt><dt><span cl
ass="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">3.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html">3.9.2. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">3.9.3. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">3.9.4. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables
-IPTables_and_IPv6.html">3.9.5. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">3.9.6. Additional Resources</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Encryption.html">4. Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Data at Rest</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. File Based Encryption</a></span></dt></dl></dd><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html">4.2. Data in Motion</a></span></d
t><dd><dl><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">4.2.3. LUKS Disk Encryption</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">4.2.4. 7-Zip Encrypted Archives</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">4.2.5. Using GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html">5. General Principles of Information Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-General_Pr
inciples_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Tips, Guides, and Tools</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Secure_Installation.html">6. Secure Installation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">6.2. Utilize LUKS Partition Encryption</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Software_Maintenance.html">7. Software Maintenance</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Install Minimal Software</a></span></dt><dt><span
class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">7.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">7.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">7.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-CVE.html">8. Common Vulnerabilities and Exposures</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">8.1. YUM Plugin</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html">8.2. Using yum-plugin-security</a></span></dt></dl><
/dd><dt><span class="chapter"><a href="chap-Security_Guide-References.html">9. References</a></span></dt><dt><span class="appendix"><a href="chap-Security_Guide-Encryption_Standards.html">A. Encryption Standards</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idm33822784">A.1. Synchronous Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idm32999424">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idm30483360">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section"><a href="apas02.html">A.2. Public-key Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="apas02.html#idm18579936">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="apas02s02.html">A.2.2. RSA</a></span></dt><dt><span class="section"><a
href="apas02s03.html">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="apas02s04.html">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="apas02s05.html">A.2.5. Cramer-Shoup Cryptosystem</a></span></dt><dt><span class="section"><a href="apas02s06.html">A.2.6. ElGamal Encryption</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="appe-Publican-Revision_History.html">B. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/pr01s02.html b/public_html/en-US/Fedora/18/html/Security_Guide/pr01s02.html
new file mode 100644
index 0000000..7342289
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/pr01s02.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. We Need Feedback!</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="pref-Security_Guide-Preface.html" title="Preface" /><link rel="prev" href="pref-Security_Guide-Preface.html" title="Preface" /><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="
n" href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm37496672">2. We Need Feedback!</h2></div></div></div><a id="idm37495520" class="indexterm"></a><div class="para">
+ If you find a typographical error in this manual, or if you have thought of a way to make this manual better, we would love to hear from you! Please submit a report in Bugzilla: <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a> against the product <span class="application"><strong>Fedora.</strong></span>
+ </div><div class="para">
+ When submitting a bug report, be sure to mention the manual's identifier: <em class="citetitle">security-guide</em>
+ </div><div class="para">
+ If you have a suggestion for improving the documentation, try to be as specific as possible when describing it. If you have found an error, please include the section number and some of the surrounding text so we can find it easily.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><strong>Prev</strong>Preface</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong>Chapter 1. Security Overview</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html b/public_html/en-US/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html
new file mode 100644
index 0000000..08de330
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Preface</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="index.html" title="Security Guide" /><link rel="prev" href="index.html" title="Security Guide" /><link rel="next" href="pr01s02.html" title="2. We Need Feedback!" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="pref
ace" id="pref-Security_Guide-Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div xml:lang="en-US" class="section" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm16387472">1. Document Conventions</h2></div></div></div><div class="para">
+ This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
+ </div><div class="para">
+ In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm7108496">1.1. Typographic Conventions</h3></div></div></div><div class="para">
+ Four typographic conventions are used to call attention to specific words and phrases. These conventions, and the circumstances they apply to, are as follows.
+ </div><div class="para">
+ <code class="literal">Mono-spaced Bold</code>
+ </div><div class="para">
+ Used to highlight system input, including shell commands, file names and paths. Also used to highlight keycaps and key combinations. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ To see the contents of the file <code class="filename">my_next_bestselling_novel</code> in your current working directory, enter the <code class="command">cat my_next_bestselling_novel</code> command at the shell prompt and press <span class="keycap"><strong>Enter</strong></span> to execute the command.
+ </div></blockquote></div><div class="para">
+ The above includes a file name, a shell command and a keycap, all presented in mono-spaced bold and all distinguishable thanks to context.
+ </div><div class="para">
+ Key combinations can be distinguished from keycaps by the hyphen connecting each part of a key combination. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Press <span class="keycap"><strong>Enter</strong></span> to execute the command.
+ </div><div class="para">
+ Press <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F2</strong></span> to switch to the first virtual terminal. Press <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> to return to your X-Windows session.
+ </div></blockquote></div><div class="para">
+ The first paragraph highlights the particular keycap to press. The second highlights two key combinations (each a set of three keycaps with each set pressed simultaneously).
+ </div><div class="para">
+ If source code is discussed, class names, methods, functions, variable names and returned values mentioned within a paragraph will be presented as above, in <code class="literal">mono-spaced bold</code>. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ File-related classes include <code class="classname">filesystem</code> for file systems, <code class="classname">file</code> for files, and <code class="classname">dir</code> for directories. Each class has its own associated set of permissions.
+ </div></blockquote></div><div class="para">
+ <span class="application"><strong>Proportional Bold</strong></span>
+ </div><div class="para">
+ This denotes words or phrases encountered on a system, including application names; dialog box text; labeled buttons; check-box and radio button labels; menu titles and sub-menu titles. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Choose <span class="guimenu"><strong>System</strong></span> → <span class="guisubmenu"><strong>Preferences</strong></span> → <span class="guimenuitem"><strong>Mouse</strong></span> from the main menu bar to launch <span class="application"><strong>Mouse Preferences</strong></span>. In the <span class="guilabel"><strong>Buttons</strong></span> tab, click the <span class="guilabel"><strong>Left-handed mouse</strong></span> check box and click <span class="guibutton"><strong>Close</strong></span> to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).
+ </div><div class="para">
+ To insert a special character into a <span class="application"><strong>gedit</strong></span> file, choose <span class="guimenu"><strong>Applications</strong></span> → <span class="guisubmenu"><strong>Accessories</strong></span> → <span class="guimenuitem"><strong>Character Map</strong></span> from the main menu bar. Next, choose <span class="guimenu"><strong>Search</strong></span> → <span class="guimenuitem"><strong>Find…</strong></span> from the <span class="application"><strong>Character Map</strong></span> menu bar, type the name of the character in the <span class="guilabel"><strong>Search</strong></span> field and click <span class="guibutton"><strong>Next</strong></span>. The character you sought will be highlighted in the <span class="guilabel"><strong>Character Table</strong></span>. Double-click this highlighted character to place it in the <span class="guilabel"><strong>Text to copy</strong></span> field and then click the <span class="guibutton"><stron
g>Copy</strong></span> button. Now switch back to your document and choose <span class="guimenu"><strong>Edit</strong></span> → <span class="guimenuitem"><strong>Paste</strong></span> from the <span class="application"><strong>gedit</strong></span> menu bar.
+ </div></blockquote></div><div class="para">
+ The above text includes application names; system-wide menu names and items; application-specific menu names; and buttons and text found within a GUI interface, all presented in proportional bold and all distinguishable by context.
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>Mono-spaced Bold Italic</code></em></code> or <span class="application"><strong><em class="replaceable"><code>Proportional Bold Italic</code></em></strong></span>
+ </div><div class="para">
+ Whether mono-spaced bold or proportional bold, the addition of italics indicates replaceable or variable text. Italics denotes text you do not input literally or displayed text that changes depending on circumstance. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ To connect to a remote machine using ssh, type <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> at a shell prompt. If the remote machine is <code class="filename">example.com</code> and your username on that machine is john, type <code class="command">ssh john at example.com</code>.
+ </div><div class="para">
+ The <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> command remounts the named file system. For example, to remount the <code class="filename">/home</code> file system, the command is <code class="command">mount -o remount /home</code>.
+ </div><div class="para">
+ To see the version of a currently installed package, use the <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code> command. It will return a result as follows: <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>.
+ </div></blockquote></div><div class="para">
+ Note the words in bold italics above — username, domain.name, file-system, package, version and release. Each word is a placeholder, either for text you enter when issuing a command or for text displayed by the system.
+ </div><div class="para">
+ Aside from standard usage for presenting the title of a work, italics denotes the first use of a new and important term. For example:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Publican is a <em class="firstterm">DocBook</em> publishing system.
+ </div></blockquote></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm61992816">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
+ Terminal output and source code listings are set off visually from the surrounding text.
+ </div><div class="para">
+ Output sent to a terminal is set in <code class="computeroutput">mono-spaced roman</code> and presented thus:
+ </div><pre class="screen">books Desktop documentation drafts mss photos stuff svn
+books_tests Desktop1 downloads images notes scripts svgs</pre><div class="para">
+ Source-code listings are also set in <code class="computeroutput">mono-spaced roman</code> but add syntax highlighting as follows:
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+
+<span class="perl_Keyword">import</span> javax.naming.InitialContext;
+
+<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> ExClient
+{
+ <span class="perl_Keyword">public</span> <span class="perl_DataType">static</span> <span class="perl_DataType">void</span> <span class="perl_Function">main</span>(String args[])
+ <span class="perl_Keyword">throws</span> Exception
+ {
+ InitialContext iniCtx = <span class="perl_Keyword">new</span> InitialContext();
+ Object ref = iniCtx.<span class="perl_Function">lookup</span>(<span class="perl_String">"EchoBean"</span>);
+ EchoHome home = (EchoHome) ref;
+ Echo echo = home.<span class="perl_Function">create</span>();
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Created Echo"</span>);
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
+ }
+}</pre></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm42112384">1.3. Notes and Warnings</h3></div></div></div><div class="para">
+ Finally, we use three visual styles to draw attention to information that might otherwise be overlooked.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Notes are tips, shortcuts or alternative approaches to the task at hand. Ignoring a note should have no negative consequences, but you might miss out on a trick that makes your life easier.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Important boxes detail things that are easily missed: configuration changes that only apply to the current session, or services that need restarting before an update will apply. Ignoring a box labeled 'Important' will not cause data loss but may cause irritation and frustration.
+ </div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Warnings should not be ignored. Ignoring warnings will most likely cause data loss.
+ </div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Security Guide</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Next</strong>2. We Need Feedback!</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html
new file mode 100644
index 0000000..323659a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5.3. Related Books</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Additional Resources" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="3.6.5.2. Useful TCP Wrappers Websites" /><link rel="next" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey
="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Books"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">3.6.5.3. Related Books</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Hacking Linux Exposed</em> by Brian Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill — An excellent security resource with information about TCP Wrappers and <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong>3.6.5.2. Useful TCP Wrappers Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong>3.7. Kerberos</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html
new file mode 100644
index 0000000..e264183
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9.3. Related Documentation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Additional Resources" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="3.8.9.2. Useful Firewall Websites" /><link rel="next" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Securi
ty_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">3.8.9.3. Related Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Red Hat Linux Firewalls</em>, by Bill McCarty; Red Hat Press — a comprehensive reference to building network and server firewalls using open source packet filtering technology such as Netfilter and <code class="command">iptables</code>. It includes topics that cover analyzing firewall logs, developing firewall rules, and customizing your firewall using various graphical tools.
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Linux Firewalls</em>, by Robert Ziegler; New Riders Press — contains a wealth of information on building firewalls using both 2.2 kernel <code class="command">ipchains</code> as well as Netfilter and <code class="command">iptables</code>. Additional security topics such as remote access issues and intrusion detection systems are also covered.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong>3.8.9.2. Useful Firewall Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Next</strong>3.9. IPTables</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
new file mode 100644
index 0000000..175db6e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9.2. Useful Firewall Websites</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Additional Resources" /><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Additional Resources" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="3.8.9.3. Related Documentation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">3.8.9.2. Useful Firewall Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The official homepage of the Netfilter and <code class="command">iptables</code> project.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.tldp.org/">http://www.tldp.org/</a> — The Linux Documentation Project contains several useful guides relating to firewall creation and administration.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.iana.org/assignments/port-numbers">http://www.iana.org/assignments/port-numbers</a> — The official list of registered and common service ports as assigned by the Internet Assigned Numbers Authority.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong>3.8.9. Additional Resources</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong>3.8.9.3. Related Documentation</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
new file mode 100644
index 0000000..1dff6ac
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.6.2. Useful IP Tables Websites</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. Additional Resources" /><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. Additional Resources" /><link rel="next" href="chap-Security_Guide-Encryption.html" title="Chapter 4. Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPT
ables-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">3.9.6.2. Useful IP Tables Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The home of the netfilter/iptables project. Contains assorted information about <code class="command">iptables</code>, including a FAQ addressing specific problems and various helpful guides by Rusty Russell, the Linux IP firewall maintainer. The HOWTO documents on the site cover subjects such as basic networking concepts, kernel packet filtering, and NAT configurations.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong>3.9.6. Additional Resources</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Next</strong>Chapter 4. Encryption</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
new file mode 100644
index 0000000..e9b9ef2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.10.2. Useful Kerberos Websites</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. Additional Resources" /><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. Additional Resources" /><link rel="next" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-A
dditional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">3.7.10.2. Useful Kerberos Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a> — <em class="citetitle">Kerberos: The Network Authentication Protocol</em> webpage from MIT.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a> — The Kerberos Frequently Asked Questions (FAQ).
+ </div></li><li class="listitem"><div class="para">
+ <a href="ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS">ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS</a> — The PostScript version of <em class="citetitle">Kerberos: An Authentication Service for Open Network Systems</em> by Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. This document is the original paper describing Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/dialogue.html">http://web.mit.edu/kerberos/www/dialogue.html</a> — <em class="citetitle">Designing an Authentication System: a Dialogue in Four Scenes</em> originally by Bill Bryant in 1988, modified by Theodore Ts'o in 1997. This document is a conversation between two developers who are thinking through the creation of a Kerberos-style authentication system. The conversational style of the discussion make this a good starting place for people who are completely unfamiliar with Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.ornl.gov/~jar/HowToKerb.html">http://www.ornl.gov/~jar/HowToKerb.html</a> — <em class="citetitle">How to Kerberize your site</em> is a good reference for kerberizing a network.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.networkcomputing.com/netdesign/kerb1.html">http://www.networkcomputing.com/netdesign/kerb1.html</a> — <em class="citetitle">Kerberos Network Design Manual</em> is a thorough overview of the Kerberos system.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong>3.7.10. Additional Resources</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Next</strong>3.8. Firewalls</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
new file mode 100644
index 0000000..2210388
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.8.2. Useful PAM Websites</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. Additional Resources" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. Additional Resources" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers and xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">3.5.8.2. Useful PAM Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — The primary distribution website for the Linux-PAM project, containing information on various PAM modules, a FAQ, and additional PAM documentation.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The documentation in the above website is for the last released upstream version of PAM and might not be 100% accurate for the PAM version included in Fedora.
+ </div></div></div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong>3.5.8. Additional Resources</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong>3.6. TCP Wrappers and xinetd</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
new file mode 100644
index 0000000..327ff21
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5.2. Useful TCP Wrappers Websites</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Additional Resources" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Additional Resources" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="3.6.5.3. Related Books" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">3.6.5.2. Useful TCP Wrappers Websites</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.xinetd.org">http://www.xinetd.org/</a> — The home of <code class="systemitem">xinetd</code>, containing sample configuration files, a full listing of features, and an informative FAQ.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial">http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial</a> — A thorough tutorial that discusses many different ways to optimize default <code class="systemitem">xinetd</code> configuration files to meet specific security goals.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong>3.6.5. Additional Resources</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong>3.6.5.3. Related Books</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
new file mode 100644
index 0000000..6fad5b9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.2. Access Control Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Altering xinetd Configuration Files" /><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Altering xinetd Configuration Files" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="3.6.4.3.3. Binding and Redirection Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraprojec
t.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">3.6.4.3.2. Access Control Options</h5></div></div></div><div class="para">
+ Users of <code class="systemitem">xinetd</code> services can choose to use the TCP Wrappers hosts access rules, provide access control via the <code class="systemitem">xinetd</code> configuration files, or a mixture of both. Refer to <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">Section 3.6.2, “TCP Wrappers Configuration Files”</a> for more information about TCP Wrappers hosts access control files.
+ </div><div class="para">
+ This section discusses using <code class="systemitem">xinetd</code> to control access to services.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Unlike TCP Wrappers, changes to access control only take effect if the <code class="systemitem">xinetd</code> administrator restarts the <code class="systemitem">xinetd</code> service.
+ </div><div class="para">
+ Also, unlike TCP Wrappers, access control through <code class="systemitem">xinetd</code> only affects services controlled by <code class="systemitem">xinetd</code>.
+ </div></div></div><div class="para">
+ The <code class="systemitem">xinetd</code> hosts access control differs from the method used by TCP Wrappers. While TCP Wrappers places all of the access configuration within two files, <code class="filename">/etc/hosts.allow</code> and <code class="filename">/etc/hosts.deny</code>, <code class="systemitem">xinetd</code>'s access control is found in each service's configuration file in the <code class="filename">/etc/xinetd.d/</code> directory.
+ </div><div class="para">
+ The following hosts access options are supported by <code class="systemitem">xinetd</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">only_from</code> — Allows only the specified hosts to use the service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">no_access</code> — Blocks listed hosts from using the service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">access_times</code> — Specifies the time range when a particular service may be used. The time range must be stated in 24-hour format notation, HH:MM-HH:MM.
+ </div></li></ul></div><div class="para">
+ The <code class="option">only_from</code> and <code class="option">no_access</code> options can use a list of IP addresses or host names, or can specify an entire network. Like TCP Wrappers, combining <code class="systemitem">xinetd</code> access control with the enhanced logging configuration can increase security by blocking requests from banned hosts while verbosely recording each connection attempt.
+ </div><div class="para">
+ For example, the following <code class="filename">/etc/xinetd.d/telnet</code> file can be used to block Telnet access from a particular network group and restrict the overall time range that even allowed users can log in:
+ </div><pre class="screen">service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ no_access = 172.16.45.0/24
+ log_on_success += PID HOST EXIT
+ access_times = 09:45-16:15
+}</pre><div class="para">
+ In this example, when a client system from the <code class="systemitem">172.16.45.0/24</code> network, such as <code class="systemitem">172.16.45.2</code>, tries to access the Telnet service, it receives the following message:
+ </div><pre class="screen">Connection closed by foreign host.</pre><div class="para">
+ In addition, their login attempts are logged in <code class="filename">/var/log/messages</code> as follows:
+ </div><pre class="screen">Sep 7 14:58:33 localhost xinetd[5285]: FAIL: telnet address from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: START: telnet pid=5285 from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: EXIT: telnet status=0 pid=5285 duration=0(sec)</pre><div class="para">
+ When using TCP Wrappers in conjunction with <code class="systemitem">xinetd</code> access controls, it is important to understand the relationship between the two access control mechanisms.
+ </div><div class="para">
+ The following is the sequence of events followed by <code class="systemitem">xinetd</code> when a client requests a connection:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ The <code class="systemitem">xinetd</code> daemon accesses the TCP Wrappers hosts access rules using a <code class="filename">libwrap.a</code> library call. If a deny rule matches the client, the connection is dropped. If an allow rule matches the client, the connection is passed to <code class="systemitem">xinetd</code>.
+ </div></li><li class="listitem"><div class="para">
+ The <code class="systemitem">xinetd</code> daemon checks its own access control rules both for the <code class="systemitem">xinetd</code> service and the requested service. If a deny rule matches the client, the connection is dropped. Otherwise, <code class="systemitem">xinetd</code> starts an instance of the requested service and passes control of the connection to that service.
+ </div></li></ol></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Care should be taken when using TCP Wrappers access controls in conjunction with <code class="systemitem">xinetd</code> access controls. Misconfiguration can cause undesirable effects.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong>3.6.4.3. Altering xinetd Configuration Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong>3.6.4.3.3. Binding and Redirection Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
new file mode 100644
index 0000000..824904a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.3. Binding and Redirection Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Altering xinetd Configuration Files" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="3.6.4.3.2. Access Control Options" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="3.6.4.3.4. Resource Management Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">3.6.4.3.3. Binding and Redirection Options</h5></div></div></div><div class="para">
+ The service configuration files for <code class="systemitem">xinetd</code> support binding the service to an IP address and redirecting incoming requests for that service to another IP address, hostname, or port.
+ </div><div class="para">
+ Binding is controlled with the <code class="option">bind</code> option in the service-specific configuration files and links the service to one IP address on the system. When this is configured, the <code class="option">bind</code> option only allows requests to the correct IP address to access the service. You can use this method to bind different services to different network interfaces based on requirements.
+ </div><div class="para">
+ This is particularly useful for systems with multiple network adapters or with multiple IP addresses. On such a system, insecure services (for example, Telnet), can be configured to listen only on the interface connected to a private network and not to the interface connected to the Internet.
+ </div><div class="para">
+ The <code class="option">redirect</code> option accepts an IP address or hostname followed by a port number. It configures the service to redirect any requests for this service to the specified host and port number. This feature can be used to point to another port number on the same system, redirect the request to a different IP address on the same machine, shift the request to a totally different system and port number, or any combination of these options. A user connecting to a certain service on a system may therefore be rerouted to another system without disruption.
+ </div><div class="para">
+ The <code class="systemitem">xinetd</code> daemon is able to accomplish this redirection by spawning a process that stays alive for the duration of the connection between the requesting client machine and the host actually providing the service, transferring data between the two systems.
+ </div><div class="para">
+ The advantages of the <code class="option">bind</code> and <code class="option">redirect</code> options are most clearly evident when they are used together. By binding a service to a particular IP address on a system and then redirecting requests for this service to a second machine that only the first machine can see, an internal system can be used to provide services for a totally different network. Alternatively, these options can be used to limit the exposure of a particular service on a multi-homed machine to a known IP address, as well as redirect any requests for that service to another machine especially configured for that purpose.
+ </div><div class="para">
+ For example, consider a system that is used as a firewall with this setting for its Telnet service:
+ </div><pre class="screen">service telnet
+{
+ socket_type = stream
+ wait = no
+ server = /usr/kerberos/sbin/telnetd
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ bind = 123.123.123.123
+ redirect = 10.0.1.13 23
+}</pre><div class="para">
+ The <code class="option">bind</code> and <code class="option">redirect</code> options in this file ensure that the Telnet service on the machine is bound to the external IP address (<code class="systemitem">123.123.123.123</code>), the one facing the Internet. In addition, any requests for Telnet service sent to <code class="systemitem">123.123.123.123</code> are redirected via a second network adapter to an internal IP address (<code class="systemitem">10.0.1.13</code>) that only the firewall and internal systems can access. The firewall then sends the communication between the two systems, and the connecting system thinks it is connected to <code class="systemitem">123.123.123.123</code> when it is actually connected to a different machine.
+ </div><div class="para">
+ This feature is particularly useful for users with broadband connections and only one fixed IP address. When using Network Address Translation (NAT), the systems behind the gateway machine, which are using internal-only IP addresses, are not available from outside the gateway system. However, when certain services controlled by <code class="systemitem">xinetd</code> are configured with the <code class="option">bind</code> and <code class="option">redirect</code> options, the gateway machine can act as a proxy between outside systems and a particular internal machine configured to provide the service. In addition, the various <code class="systemitem">xinetd</code> access control and logging options are also available for additional protection.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong>3.6.4.3.2. Access Control Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong>3.6.4.3.4. Resource Management Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
new file mode 100644
index 0000000..123d4d2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.4. Resource Management Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Altering xinetd Configuration Files" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="3.6.4.3.3. Binding and Redirection Options" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Additional Resources" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">3.6.4.3.4. Resource Management Options</h5></div></div></div><div class="para">
+ The <code class="systemitem">xinetd</code> daemon can add a basic level of protection from Denial of Service (DoS) attacks. The following is a list of directives which can aid in limiting the effectiveness of such attacks:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">per_source</code> — Defines the maximum number of instances for a service per source IP address. It accepts only integers as an argument and can be used in both <code class="filename">xinetd.conf</code> and in the service-specific configuration files in the <code class="filename">xinetd.d/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Defines the maximum number of connections per second. This directive takes two integer arguments separated by white space. The first argument is the maximum number of connections allowed to the service per second. The second argument is the number of seconds that <code class="systemitem">xinetd</code> must wait before re-enabling the service. It accepts only integers as arguments and can be used in either the <code class="filename">xinetd.conf</code> file or the service-specific configuration files in the <code class="filename">xinetd.d/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">max_load</code> — Defines the CPU usage or load average threshold for a service. It accepts a floating point number argument.
+ </div><div class="para">
+ The load average is a rough measure of how many processes are active at a given time. See the <code class="command">uptime</code>, <code class="command">who</code>, and <code class="command">procinfo</code> commands for more information about load average.
+ </div></li></ul></div><div class="para">
+ There are more resource management options available for <code class="systemitem">xinetd</code>. Refer to the <code class="filename">xinetd.conf</code> man page for more information.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong>3.6.4.3.3. Binding and Redirection Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong>3.6.5. Additional Resources</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
new file mode 100644
index 0000000..1b5c0fc
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.2. Threats to Network Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attackers and Vulnerabilities" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attackers and Vulnerabilities" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Threats to Server Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Threats to Network Security</h3></div></div></div><div class="para">
+ Bad practices when configuring the following aspects of a network can increase the risk of attack.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.2.2.1. Insecure Architectures</h4></div></div></div><div class="para">
+ A misconfigured network is a primary entry point for unauthorized users. Leaving a trust-based, open local network vulnerable to the highly-insecure Internet is much like leaving a door ajar in a crime-ridden neighborhood — nothing may happen for an arbitrary amount of time, but <span class="emphasis"><em>eventually</em></span> someone exploits the opportunity.
+ </div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks">1.2.2.1.1. Broadcast Networks</h5></div></div></div><div class="para">
+ System administrators often fail to realize the importance of networking hardware in their security schemes. Simple hardware such as hubs and routers rely on the broadcast or non-switched principle; that is, whenever a node transmits data across the network to a recipient node, the hub or router sends a broadcast of the data packets until the recipient node receives and processes the data. This method is the most vulnerable to address resolution protocol (<em class="firstterm">ARP</em>) or media access control (<em class="firstterm">MAC</em>) address spoofing by both outside intruders and unauthorized users on local hosts.
+ </div></div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers">1.2.2.1.2. Centralized Servers</h5></div></div></div><div class="para">
+ Another potential networking pitfall is the use of centralized computing. A common cost-cutting measure for many businesses is to consolidate all services to a single powerful machine. This can be convenient as it is easier to manage and costs considerably less than multiple-server configurations. However, a centralized server introduces a single point of failure on the network. If the central server is compromised, it may render the network completely useless or worse, prone to data manipulation or theft. In these situations, a central server becomes an open door which allows access to the entire network.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong>1.2. Attackers and Vulnerabilities</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong>1.2.3. Threats to Server Security</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
new file mode 100644
index 0000000..51fc169
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3. Threats to Server Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attackers and Vulnerabilities" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.2.2. Threats to Network Security" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.2.3.2. Unpatched Services" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Threats to Server Security</h3></div></div></div><div class="para">
+ Server security is as important as network security because servers often hold a great deal of an organization's vital information. If a server is compromised, all of its contents may become available for the cracker to steal or manipulate at will. The following sections detail some of the main issues.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.2.3.1. Unused Services and Open Ports</h4></div></div></div><div class="para">
+ A full installation of Fedora contains 1000+ application and library packages. However, most server administrators do not opt to install every single package in the distribution, preferring instead to install a base installation of packages, including several server applications.
+ </div><div class="para">
+ A common occurrence among system administrators is to install the operating system without paying attention to what programs are actually being installed. This can be problematic because unneeded services may be installed, configured with the default settings, and possibly turned on. This can cause unwanted services, such as Telnet, DHCP, or DNS, to run on a server or workstation without the administrator realizing it, which in turn can cause unwanted traffic to the server, or even, a potential pathway into the system for crackers. Refer To <a class="xref" href="sect-Security_Guide-Server_Security.html">Section 3.2, “Server Security”</a> for information on closing ports and disabling unused services.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong>1.2.2. Threats to Network Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong>1.2.3.2. Unpatched Services</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
new file mode 100644
index 0000000..a7bddfd
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.4. Threats to Workstation and Home PC Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attackers and Vulnerabilities" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.2.3.4. Inherently Insecure Services" /><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.2.4.2. Vulnerable Client Applications" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Threats to Workstation and Home PC Security</h3></div></div></div><div class="para">
+ Workstations and home PCs may not be as prone to attack as networks or servers, but since they often contain sensitive data, such as credit card information, they are targeted by system crackers. Workstations can also be co-opted without the user's knowledge and used by attackers as "slave" machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can save users the headache of reinstalling the operating system, or worse, recovering from data theft.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.2.4.1. Bad Passwords</h4></div></div></div><div class="para">
+ Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">Section 3.1.3, “Password Security”</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong>1.2.3.4. Inherently Insecure Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong>1.2.4.2. Vulnerable Client Applications</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html
new file mode 100644
index 0000000..0e7c757
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Attackers and Vulnerabilities</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview" /><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.2.2. Threats to Network Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acce
sskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attackers and Vulnerabilities</h2></div></div></div><div class="para">
+ To plan and implement a good security strategy, first be aware of some of the issues which determined, motivated attackers exploit to compromise systems. However, before detailing these issues, the terminology used when identifying an attacker must be defined.
+ </div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. A Quick History of Hackers</h3></div></div></div><div class="para">
+ The modern meaning of the term <em class="firstterm">hacker</em> has origins dating back to the 1960s and the Massachusetts Institute of Technology (MIT) Tech Model Railroad Club, which designed train sets of large scale and intricate detail. Hacker was a name used for club members who discovered a clever trick or workaround for a problem.
+ </div><div class="para">
+ The term hacker has since come to describe everything from computer buffs to gifted programmers. A common trait among most hackers is a willingness to explore in detail how computer systems and networks function with little or no outside motivation. Open source software developers often consider themselves and their colleagues to be hackers, and use the word as a term of respect.
+ </div><div class="para">
+ Typically, hackers follow a form of the <em class="firstterm">hacker ethic</em> which dictates that the quest for information and expertise is essential, and that sharing this knowledge is the hackers duty to the community. During this quest for knowledge, some hackers enjoy the academic challenges of circumventing security controls on computer systems. For this reason, the press often uses the term hacker to describe those who illicitly access systems and networks with unscrupulous, malicious, or criminal intent. The more accurate term for this type of computer hacker is <em class="firstterm">cracker</em> — a term created by hackers in the mid-1980s to differentiate the two communities.
+ </div><div class="section" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray">1.2.1.1. Shades of Gray</h4></div></div></div><div class="para">
+ Within the community of individuals who find and exploit vulnerabilities in systems and networks are several distinct groups. These groups are often described by the shade of hat that they "wear" when performing their security investigations and this shade is indicative of their intent.
+ </div><div class="para">
+ The <em class="firstterm">white hat hacker</em> is one who tests networks and systems to examine their performance and determine how vulnerable they are to intrusion. Usually, white hat hackers crack their own systems or the systems of a client who has specifically employed them for the purposes of security auditing. Academic researchers and professional security consultants are two examples of white hat hackers.
+ </div><div class="para">
+ A <em class="firstterm">black hat hacker</em> is synonymous with a cracker. In general, crackers are less focused on programming and the academic side of breaking into systems. They often rely on available cracking programs and exploit well known vulnerabilities in systems to uncover sensitive information for personal gain or to inflict damage on the target system or network.
+ </div><div class="para">
+ The <em class="firstterm">gray hat hacker</em>, on the other hand, has the skills and intent of a white hat hacker in most situations but uses his knowledge for less than noble purposes on occasion. A gray hat hacker can be thought of as a white hat hacker who wears a black hat at times to accomplish his own agenda.
+ </div><div class="para">
+ Gray hat hackers typically subscribe to another form of the hacker ethic, which says it is acceptable to break into systems as long as the hacker does not commit theft or breach confidentiality. Some would argue, however, that the act of breaking into a system is in itself unethical.
+ </div><div class="para">
+ Regardless of the intent of the intruder, it is important to know the weaknesses a cracker may likely attempt to exploit. The remainder of the chapter focuses on these issues.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong>Chapter 1. Security Overview</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong>1.2.2. Threats to Network Security</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
new file mode 100644
index 0000000..30db8b4
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.6. Activating the IPTables Service</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="3.8.2.5. Saving the Settings" /><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Using IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previo
us"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">3.8.2.6. Activating the IPTables Service</h4></div></div></div><div class="para">
+ The firewall rules are only active if the <code class="command">iptables</code> service is running. To manually start the service, use the following command:
+ </div><pre class="screen">[root at myServer ~] # service iptables restart</pre><div class="para">
+ To ensure that <code class="command">iptables</code> starts when the system is booted, use the following command:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong>3.8.2.5. Saving the Settings</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong>3.8.3. Using IPTables</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
new file mode 100644
index 0000000..ad01023
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.2. Enabling and Disabling the Firewall</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="3.8.2.3. Trusted Services" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">3.8.2.2. Enabling and Disabling the Firewall</h4></div></div></div><div class="para">
+ Select one of the following options for the firewall:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Disabled</strong></span> — Disabling the firewall provides complete access to your system and does no security checking. This should only be selected if you are running on a trusted network (not the Internet) or need to configure a custom firewall using the iptables command line tool.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Firewall configurations and any customized firewall rules are stored in the <code class="filename">/etc/sysconfig/iptables</code> file. If you choose <span class="guilabel"><strong>Disabled</strong></span> and click <span class="guibutton"><strong>OK</strong></span>, these configurations and firewall rules will be lost.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Enabled</strong></span> — This option configures the system to reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
+ </div><div class="para">
+ If you are connecting your system to the Internet, but do not plan to run a server, this is the safest choice.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong>3.8.2. Basic Firewall Configuration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong>3.8.2.3. Trusted Services</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
new file mode 100644
index 0000000..d7aea35
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.4. Other Ports</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="3.8.2.3. Trusted Services" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="3.8.2.5. Saving the Settings" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">3.8.2.4. Other Ports</h4></div></div></div><div class="para">
+ The <span class="application"><strong>Firewall Administration Tool</strong></span> includes an <span class="guilabel"><strong>Other ports</strong></span> section for specifying custom IP ports as being trusted by <code class="command">iptables</code>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <span class="guilabel"><strong>Other ports</strong></span> section:
+ </div><div class="para">
+ <code class="computeroutput">194:tcp,631:tcp</code>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong>3.8.2.3. Trusted Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong>3.8.2.5. Saving the Settings</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
new file mode 100644
index 0000000..5bdf040
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.5. Saving the Settings</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="3.8.2.4. Other Ports" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="3.8.2.6. Activating the IPTables Service" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">3.8.2.5. Saving the Settings</h4></div></div></div><div class="para">
+ Click <span class="guibutton"><strong>OK</strong></span> to save the changes and enable or disable the firewall. If <span class="guilabel"><strong>Enable firewall</strong></span> was selected, the options selected are translated to <code class="command">iptables</code> commands and written to the <code class="filename">/etc/sysconfig/iptables</code> file. The <code class="command">iptables</code> service is also started so that the firewall is activated immediately after saving the selected options. If <span class="guilabel"><strong>Disable firewall</strong></span> was selected, the <code class="filename">/etc/sysconfig/iptables</code> file is removed and the <code class="command">iptables</code> service is stopped immediately.
+ </div><div class="para">
+ The selected options are also written to the <code class="filename">/etc/sysconfig/system-config-securitylevel</code> file so that the settings can be restored the next time the application is started. Do not edit this file by hand.
+ </div><div class="para">
+ Even though the firewall is activated immediately, the <code class="command">iptables</code> service is not configured to start automatically at boot time. Refer to <a class="xref" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html">Section 3.8.2.6, “Activating the IPTables Service”</a> for more information.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong>3.8.2.4. Other Ports</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong>3.8.2.6. Activating the IPTables Service</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
new file mode 100644
index 0000000..6343bb9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.3. Trusted Services</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="3.8.2.2. Enabling and Disabling the Firewall" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="3.8.2.4. Other Ports" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">3.8.2.3. Trusted Services</h4></div></div></div><div class="para">
+ Enabling options in the <span class="guilabel"><strong>Trusted services</strong></span> list allows the specified service to pass through the firewall.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
+ The HTTP protocol is used by Apache (and by other Web servers) to serve web pages. If you plan on making your Web server publicly available, select this check box. This option is not required for viewing pages locally or for developing web pages. This service requires that the <code class="filename">httpd</code> package be installed.
+ </div><div class="para">
+ Enabling <span class="guilabel"><strong>WWW (HTTP)</strong></span> will not open a port for HTTPS, the SSL version of HTTP. If this service is required, select the <span class="guilabel"><strong>Secure WWW (HTTPS)</strong></span> check box.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>FTP</strong></span></span></dt><dd><div class="para">
+ The FTP protocol is used to transfer files between machines on a network. If you plan on making your FTP server publicly available, select this check box. This service requires that the <code class="filename">vsftpd</code> package be installed.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>SSH</strong></span></span></dt><dd><div class="para">
+ Secure Shell (SSH) is a suite of tools for logging into and executing commands on a remote machine. To allow remote access to the machine via ssh, select this check box. This service requires that the <code class="filename">openssh-server</code> package be installed.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Telnet</strong></span></span></dt><dd><div class="para">
+ Telnet is a protocol for logging into remote machines. Telnet communications are unencrypted and provide no security from network snooping. Allowing incoming Telnet access is not recommended. To allow remote access to the machine via telnet, select this check box. This service requires that the <code class="filename">telnet-server</code> package be installed.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Mail (SMTP)</strong></span></span></dt><dd><div class="para">
+ SMTP is a protocol that allows remote hosts to connect directly to your machine to deliver mail. You do not need to enable this service if you collect your mail from your ISP's server using POP3 or IMAP, or if you use a tool such as <code class="command">fetchmail</code>. To allow delivery of mail to your machine, select this check box. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>NFS4</strong></span></span></dt><dd><div class="para">
+ The Network File System (NFS) is a file sharing protocol commonly used on *NIX systems. Version 4 of this protocol is more secure than its predecessors. If you want to share files or directories on your system with other network users, select this check box.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Samba</strong></span></span></dt><dd><div class="para">
+ Samba is an implementation of Microsoft's proprietary SMB networking protocol. If you need to share files, directories, or locally-connected printers with Microsoft Windows machines, select this check box.
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong>3.8.2.2. Enabling and Disabling the Firewall</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong>3.8.2.4. Other Ports</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html
new file mode 100644
index 0000000..ec4c250
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Why is this important?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html" title="2.3. Physical Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Gu
ide-Basic_Hardening.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Why is this important?</h2></div></div></div><div class="para">
+ The general principles from the NSA represent a best practices overview of security. There are items in the above list that probably won't be used by everyone and there are items missing that should be stressed as a best practice. Additional information on these ideas and others will be explained below.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Basic_Hardening.html"><strong>Prev</strong>Chapter 2. Basic Hardening Guide</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Next</strong>2.3. Physical Security</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html
new file mode 100644
index 0000000..9e2289c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.9. NTP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Services.html" title="2.8. Services" /><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Ha
rdening-Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-NTP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</h2></div></div></div><div class="para">
+ Network Time Protocol, or <em class="firstterm">NTP</em>, keeps the time on your systems accurate. Time is a very important piece of the security puzzle and should be maintained as precisely as possible. Time is used in log files, timestamps, and in encryption. If someone is able to control the time settings on one of your systems then they are able to make the recreation of a break-in that much more difficult.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>Prev</strong>2.8. Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong>Chapter 3. Securing Your Network</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html
new file mode 100644
index 0000000..fc7122e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6.2. IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. Networking" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. Networking" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html" title="2.7. Keeping software up to date" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_H
ardening-Networking.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</h3></div></div></div><div class="para">
+ IPv6 is the latest Internet protocol which aims to solve the address quantity shortfall inherent to IPv4. And while there are no security risks directly associated with the new protocol there are a few things to understand before utilizing this new technology.
+ </div><div class="para">
+ Most system administrators are familiar with IPv4 and the work-arounds that were put in place to make IPv4 work. One of these work-arounds is network address translation, or <em class="firstterm">NAT</em>. NAT is traditionally used to keep the number of needed public IP addresses to a minimum when setting up a local area network. Systems on these networks do not all require public IP addresses and valuable address space can be saved by implementing this technology. There are some security features that were side effects to NAT; the biggest being that outside traffic cannot make it inside the network unless a port is forwarded across the router. Because IPv6 solves the addressing problem there is no longer a need to use NAT. Everything can have a public IP address and, by extension, everything is not publically routable across the Internet when physical and logical connections are made.
+ </div><div class="para">
+ Another thing to worry about is how security software deals with this new protocol. <span class="application"><strong>iptables</strong></span> does not know or understand IPv6 and so it ignores those packets altogether. That means if your network is utilizing IPv6 and you have not activated <span class="application"><strong>ip6tables</strong></span> then you have just left the door to your system open to the world.
+ </div><div class="para">
+ Using IPv6 is not dangerous as long as you know and understand the changes that your system's software went through to make it possible to use this new network protocol.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>Prev</strong>2.6. Networking</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>Next</strong>2.7. Keeping software up to date</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html
new file mode 100644
index 0000000..ffa3299
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. Networking</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html" title="2.5. What else can I do?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html" title="2.6.2. IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</h2></div></div></div><div class="para">
+ The computer's network connection is the gateway to your system. Your files and processor time could be available to anyone who successfully connects to your system via this network connection if other safeguards have not been implemented. One of the primary ways to keep you in control of your system is to prevent the attackers from gaining access to your system in the first place.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> is the most widely used firewall software on Linux systems today. This program intercepts packets coming into your computer via the network connection and filters them according to rules you have specified. Additional information can be found in <a class="xref" href="sect-Security_Guide-IPTables.html">Section 3.9, “IPTables”</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Prev</strong>2.5. What else can I do?</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>Next</strong>2.6.2. IPv6</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html
new file mode 100644
index 0000000..783274f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. What else can I do?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html" title="2.4. Why this is important" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. Networking" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. What else can I do?</h2></div></div></div><div class="para">
+ Ever since Fedora 9, LUKS encryption has been natively supported to protect data stored in a LUKS encrypted partition. When you install Fedora 9, check the box to encrypt your file system when you setup your file system. By encrypting your root partition and your <code class="filename">/home</code> partition (or the single / partition if you accept the default file system) attackers using an external source or booting into single user mode. Of course you use a strong passphrase to protect your data.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Prev</strong>2.4. Why this is important</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>Next</strong>2.6. Networking</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html
new file mode 100644
index 0000000..a8cbfeb
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. Why this is important</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html" title="2.3. Physical Security" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html" title="2.5. What else can I do?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Why this is important</h2></div></div></div><div class="para">
+ An attacker could take complete control of your system by booting from an external source. By booting from an external source (e.g. a live Linux CD) many of the security settings are bypassed. If the attacker can modify the GRUB settings they can boot into single user mode which allows admin access to the system.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Prev</strong>2.3. Physical Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Next</strong>2.5. What else can I do?</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html
new file mode 100644
index 0000000..a7af869
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. Physical Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html" title="2.2. Why is this important?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html" title="2.4. Why this is important" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Physical Security</h2></div></div></div><div class="para">
+ Physical security of the system is of utmost importance. Many of the suggestions given here won't protect your system if the attacker has physical access to the system.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ This section contains information regarding GRUB Legacy and not the current release of GRUB (also known as GRUB2). Fedora 16 does not use GRUB Legacy so many of the commands below will not function in Fedora 16 or later versions.
+ </div></div></div><div class="para">
+ Configure the BIOS to disable booting from CDs/DVDs, floppies, and external devices, and set a password to protect these settings. Next, set a password for the GRUB bootloader. Generate a password hash using the command <code class="command">/sbin/grub-md5-crypt</code>. Add the hash to the first line of <code class="command">/etc/grub.conf</code> using <code class="command">password --md5 'passwordhash'</code>. This prevents users from entering single user mode or changing settings at boot time.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Prev</strong>2.2. Why is this important?</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Next</strong>2.4. Why this is important</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html
new file mode 100644
index 0000000..f56c934
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.8. Services</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html" title="2.7. Keeping software up to date" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-NTP.html" title="2.9. NTP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardenin
g-Up_to_date.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Services"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Services">2.8. Services</h2></div></div></div><div class="para">
+ Services in Linux are programs that run as daemons in the background. It is important to audit these programs regularly to determine if they need to be running. Many daemons open network ports in order to listen for calls. Having unnecessary ports open can harm the overall security of the system. An unknown security flaw in a piece of software can allow a hacker into a system for no good reason.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>Prev</strong>2.7. Keeping software up to date</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Next</strong>2.9. NTP</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html
new file mode 100644
index 0000000..b705d47
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.7. Keeping software up to date</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html" title="2.6.2. IPv6" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Services.html" title="2.8. Services" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Netw
orking-IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Up_to_date"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Keeping software up to date</h2></div></div></div><div class="para">
+ Software gets patched everyday. Some of these updates fix security problems that were identified by the developers. When these patches become available it is important that they are applied to your system as soon as possible. One of the easier ways to manage updates for your system is using <span class="application"><strong>yum</strong></span>. A special plugin is available to allow only security updates to be installed while ignoring bugfixes and enhancements. This plugin is explained better at <a class="xref" href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">Section 8.1, “YUM Plugin”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>Prev</strong>2.6.2. IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>Next</strong>2.8. Services</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html
new file mode 100644
index 0000000..4146bc2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Using yum-plugin-security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-CVE.html" title="Chapter 8. Common Vulnerabilities and Exposures" /><link rel="prev" href="chap-Security_Guide-CVE.html" title="Chapter 8. Common Vulnerabilities and Exposures" /><link rel="next" href="chap-Security_Guide-References.html" title="Chapter 9. References" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-CVE.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Using yum-plugin-security</h2></div></div></div><div class="para">
+ The first new subcommand this adds is <code class="command">yum list-sec</code>. This is similar to <code class="command">yum check-update</code>, except that it also lists Red Hat’s advisory ID number and the classification of each update as “enhancement”, “bugfix”, or “security”:
+ </div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ If <code class="command">yum list-sec cves</code> is used, the Red Hat advisory ID is replaced with the CVE IDs addressed by the update; if <code class="command">yum list-sec bzs</code> is used, the advisory ID is replaced by the Red Hat Bugzilla IDs which are addressed by the update. If a package addresses multiple bugs in Bugzilla or CVE IDs, the package may be listed multiple times:
+ </div><div class="para">
+ Example output of <code class="command">yum list-sec bzs</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>387431 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>345101 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Example output of <code class="command">yum list-sec cves</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ The second new subcommand added by the <span class="package">yum-plugin-security</span> package is <code class="command">info-sec</code>. This subcommand takes an advisory number, CVE, or Bugzilla ID as an argument, and returns detailed information on the advisory, including a brief text discussion of the nature of the issue or issues being addressed by the advisory.
+ </div><div class="para">
+ In addition to these two new yum subcommands, new options are provided to the <code class="command">yum update</code> command to help apply only security-related updates, or only updates associated with a particular advisory or bug.
+ </div><div class="para">
+ To apply all security-related updates only:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --security</code></td></tr></table>
+
+ </div><div class="para">
+ To apply all updates related to bugzilla bug 410101:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --bz 410101</code></td></tr></table>
+
+ </div><div class="para">
+ To apply all updates related to the CVE ID CVE-2007-5707 and updates related to the Red Hat advisory ID RHSA-2007:1082-5:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5</code></td></tr></table>
+
+ </div><div class="para">
+ More information about these new capabilities is documented in the <span class="package">yum-plugin-security</span>(8) man page.
+ </div><div class="para">
+ For more information on Fedora security updates, please visit the Fedora Security page at <a href="https://fedoraproject.org/wiki/Security">https://fedoraproject.org/wiki/Security</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-CVE.html"><strong>Prev</strong>Chapter 8. Common Vulnerabilities and Exposures</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Next</strong>Chapter 9. References</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
new file mode 100644
index 0000000..907fb53
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.2. Command Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="3.9.2.3. IPTables Parameter Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">3.9.2.2. Command Options</h4></div></div></div><div class="para">
+ Command options instruct <code class="command">iptables</code> to perform a specific action. Only one command option is allowed per <code class="command">iptables</code> command. With the exception of the help command, all commands are written in upper-case characters.
+ </div><div class="para">
+ The <code class="command">iptables</code> commands are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-A</code> — Appends the rule to the end of the specified chain. Unlike the <code class="option">-I</code> option described below, it does not take an integer argument. It always appends the rule to the end of the specified chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-C</code> — Checks a particular rule before adding it to the user-specified chain. This command can help you construct complex <code class="command">iptables</code> rules by prompting you for additional parameters and options.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-D <integer> | <rule></code> — Deletes a rule in a particular chain by number (such as <code class="option">5</code> for the fifth rule in a chain), or by rule specification. The rule specification must exactly match an existing rule.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-E</code> — Renames a user-defined chain. A user-defined chain is any chain other than the default, pre-existing chains. (Refer to the <code class="option">-N</code> option, below, for information on creating user-defined chains.) This is a cosmetic change and does not affect the structure of the table.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ If you attempt to rename one of the default chains, the system reports a <code class="computeroutput">Match not found</code> error. You cannot rename the default chains.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-F</code> — Flushes the selected chain, which effectively deletes every rule in the chain. If no chain is specified, this command flushes every rule from every chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-h</code> — Provides a list of command structures, as well as a quick summary of command parameters and options.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-I [<integer>]</code> — Inserts the rule in the specified chain at a point specified by a user-defined integer argument. If no argument is specified, the rule is inserted at the top of the chain.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ As noted above, the order of rules in a chain determines which rules apply to which packets. This is important to remember when adding rules using either the <code class="option">-A</code> or <code class="option">-I</code> option.
+ </div><div class="para">
+ This is especially important when adding rules using the <code class="option">-I</code> with an integer argument. If you specify an existing number when adding a rule to a chain, <code class="command">iptables</code> adds the new rule <span class="emphasis"><em>before</em></span> (or above) the existing rule.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-L</code> — Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default <code class="option">filter</code> table, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table:
+ </div><pre class="screen"><code class="computeroutput"> iptables -L <em class="replaceable"><code><chain-name></code></em> -t <em class="replaceable"><code><table-name></code></em></code></pre><div class="para">
+ Additional options for the <code class="option">-L</code> command option, which provide rule numbers and allow more verbose rule descriptions, are described in <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html">Section 3.9.2.6, “Listing Options”</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-N</code> — Creates a new chain with a user-specified name. The chain name must be unique, otherwise an error message is displayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-P</code> — Sets the default policy for the specified chain, so that when packets traverse an entire chain without matching a rule, they are sent to the specified target, such as ACCEPT or DROP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-R</code> — Replaces a rule in the specified chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-X</code> — Deletes a user-specified chain. You cannot delete a built-in chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-Z</code> — Sets the byte and packet counters in all chains for a table to zero.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong>3.9.2. Command Options for IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong>3.9.2.3. IPTables Parameter Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
new file mode 100644
index 0000000..fb6aa5a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4. IPTables Match Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="3.9.2.3. IPTables Parameter Options" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="3.9.2.4.2. UDP Protocol" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">3.9.2.4. IPTables Match Options</h4></div></div></div><div class="para">
+ Different network protocols provide specialized matching options which can be configured to match a particular packet using that protocol. However, the protocol must first be specified in the <code class="command">iptables</code> command. For example, <code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> enables options for the specified protocol. Note that you can also use the protocol ID, instead of the protocol name. Refer to the following examples, each of which have the same effect:
+ </div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code></pre><pre class="screen"><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code></pre><div class="para">
+ Service definitions are provided in the <code class="filename">/etc/services</code> file. For readability, it is recommended that you use the service names rather than the port numbers.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Secure the <code class="filename">/etc/services</code> file to prevent unauthorized editing. If this file is editable, crackers can use it to enable ports on your machine you have otherwise closed. To secure this file, type the following commands as root:
+ </div><pre class="screen">
+[root at myServer ~]# chown root.root /etc/services
+[root at myServer ~]# chmod 0644 /etc/services
+[root at myServer ~]# chattr +i /etc/services</pre><div class="para">
+ This prevents the file from being renamed, deleted or having links made to it.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol">3.9.2.4.1. TCP Protocol</h5></div></div></div><div class="para">
+ These match options are available for the TCP protocol (<code class="option">-p tcp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Sets the destination port for the packet.
+ </div><div class="para">
+ To configure this option, use a network service name (such as www or smtp); a port number; or a range of port numbers.
+ </div><div class="para">
+ To specify a range of port numbers, separate the two numbers with a colon (<code class="option">:</code>). For example: <code class="option">-p tcp --dport 3000:3200</code>. The largest acceptable valid range is <code class="option">0:65535</code>.
+ </div><div class="para">
+ Use an exclamation point character (<code class="option">!</code>) after the <code class="option">--dport</code> option to match all packets that <span class="emphasis"><em>do not</em></span> use that network service or port.
+ </div><div class="para">
+ To browse the names and aliases of network services and the port numbers they use, view the <code class="filename">/etc/services</code> file.
+ </div><div class="para">
+ The <code class="option">--destination-port</code> match option is synonymous with <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Sets the source port of the packet using the same options as <code class="option">--dport</code>. The <code class="option">--source-port</code> match option is synonymous with <code class="option">--sport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--syn</code> — Applies to all TCP packets designed to initiate communication, commonly called <em class="firstterm">SYN packets</em>. Any packets that carry a data payload are not touched.
+ </div><div class="para">
+ Use an exclamation point character (<code class="option">!</code>) after the <code class="option">--syn</code> option to match all non-SYN packets.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-flags <tested flag list> <set flag list></code> — Allows TCP packets that have specific bits (flags) set, to match a rule.
+ </div><div class="para">
+ The <code class="option">--tcp-flags</code> match option accepts two parameters. The first parameter is the mask; a comma-separated list of flags to be examined in the packet. The second parameter is a comma-separated list of flags that must be set for the rule to match.
+ </div><div class="para">
+ The possible flags are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ACK</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">FIN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PSH</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RST</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SYN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">URG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ALL</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NONE</code>
+ </div></li></ul></div><div class="para">
+ For example, an <code class="command">iptables</code> rule that contains the following specification only matches TCP packets that have the SYN flag set and the ACK and FIN flags not set:
+ </div><div class="para">
+ <code class="command">--tcp-flags ACK,FIN,SYN SYN</code>
+ </div><div class="para">
+ Use the exclamation point character (<code class="option">!</code>) after the <code class="option">--tcp-flags</code> to reverse the effect of the match option.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-option</code> — Attempts to match with TCP-specific options that can be set within a particular packet. This match option can also be reversed with the exclamation point character (<code class="option">!</code>).
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong>3.9.2.3. IPTables Parameter Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong>3.9.2.4.2. UDP Protocol</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
new file mode 100644
index 0000000..2ea4e7f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.3. IPTables Parameter Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="3.9.2.2. Command Options" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables Match Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">3.9.2.3. IPTables Parameter Options</h4></div></div></div><div class="para">
+ Certain <code class="command">iptables</code> commands, including those used to add, append, delete, insert, or replace rules within a particular chain, require various parameters to construct a packet filtering rule.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-c</code> — Resets the counters for a particular rule. This parameter accepts the <code class="option">PKTS</code> and <code class="option">BYTES</code> options to specify which counter to reset.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-d</code> — Sets the destination hostname, IP address, or network of a packet that matches the rule. When matching a network, the following IP address/netmask formats are supported:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M.M.M.M</code></em></code> — Where <em class="replaceable"><code>N.N.N.N</code></em> is the IP address range and <em class="replaceable"><code>M.M.M.M</code></em> is the netmask.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M</code></em></code> — Where <em class="replaceable"><code>N.N.N.N</code></em> is the IP address range and <em class="replaceable"><code>M</code></em> is the bitmask.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">-f</code> — Applies this rule only to fragmented packets.
+ </div><div class="para">
+ You can use the exclamation point character (<code class="option">!</code>) option after this parameter to specify that only unfragmented packets are matched.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Distinguishing between fragmented and unfragmented packets is desirable, despite fragmented packets being a standard part of the IP protocol.
+ </div><div class="para">
+ Originally designed to allow IP packets to travel over networks with differing frame sizes, these days fragmentation is more commonly used to generate DoS attacks using mal-formed packets. It's also worth noting that IPv6 disallows fragmentation entirely.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-i</code> — Sets the incoming network interface, such as <code class="option">eth0</code> or <code class="option">ppp0</code>. With <code class="command">iptables</code>, this optional parameter may only be used with the INPUT and FORWARD chains when used with the <code class="option">filter</code> table and the PREROUTING chain with the <code class="option">nat</code> and <code class="option">mangle</code> tables.
+ </div><div class="para">
+ This parameter also supports the following special options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Exclamation point character (<code class="option">!</code>) — Reverses the directive, meaning any specified interfaces are excluded from this rule.
+ </div></li><li class="listitem"><div class="para">
+ Plus character (<code class="option">+</code>) — A wildcard character used to match all interfaces that match the specified string. For example, the parameter <code class="option">-i eth+</code> would apply this rule to any Ethernet interfaces but exclude any other interfaces, such as <code class="option">ppp0</code>.
+ </div></li></ul></div><div class="para">
+ If the <code class="option">-i</code> parameter is used but no interface is specified, then every interface is affected by the rule.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-j</code> — Jumps to the specified target when a packet matches a particular rule.
+ </div><div class="para">
+ The standard targets are <code class="option">ACCEPT</code>, <code class="option">DROP</code>, <code class="option">QUEUE</code>, and <code class="option">RETURN</code>.
+ </div><div class="para">
+ Extended options are also available through modules loaded by default with the Fedora <code class="command">iptables</code> RPM package. Valid targets in these modules include <code class="option">LOG</code>, <code class="option">MARK</code>, and <code class="option">REJECT</code>, among others. Refer to the <code class="command">iptables</code> man page for more information about these and other targets.
+ </div><div class="para">
+ This option can also be used to direct a packet matching a particular rule to a user-defined chain outside of the current chain so that other rules can be applied to the packet.
+ </div><div class="para">
+ If no target is specified, the packet moves past the rule with no action taken. The counter for this rule, however, increases by one.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-o</code> — Sets the outgoing network interface for a rule. This option is only valid for the OUTPUT and FORWARD chains in the <code class="option">filter</code> table, and the POSTROUTING chain in the <code class="option">nat</code> and <code class="option">mangle</code> tables. This parameter accepts the same options as the incoming network interface parameter (<code class="option">-i</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-p <protocol></code> — Sets the IP protocol affected by the rule. This can be either <code class="option">icmp</code>, <code class="option">tcp</code>, <code class="option">udp</code>, or <code class="option">all</code>, or it can be a numeric value, representing one of these or a different protocol. You can also use any protocols listed in the <code class="filename">/etc/protocols</code> file.
+ </div><div class="para">
+ The "<code class="option">all</code>" protocol means the rule applies to every supported protocol. If no protocol is listed with this rule, it defaults to "<code class="option">all</code>".
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-s</code> — Sets the source for a particular packet using the same syntax as the destination (<code class="option">-d</code>) parameter.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong>3.9.2.2. Command Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong>3.9.2.4. IPTables Match Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
new file mode 100644
index 0000000..ecf3e7f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.6. Listing Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="3.9.2.5. Target Options" /><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="3.9.3. Saving IPTables Rules" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="prev
ious"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">3.9.2.6. Listing Options</h4></div></div></div><div class="para">
+ The default list command, <code class="command">iptables -L [<chain-name>]</code>, provides a very basic overview of the default filter table's current chains. Additional options provide more information:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-v</code> — Displays verbose output, such as the number of packets and bytes each chain has processed, the number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-x</code> — Expands numbers into their exact values. On a busy system, the number of packets and bytes processed by a particular chain or rule may be abbreviated to <code class="computeroutput">Kilobytes</code>, <code class="computeroutput">Megabytes</code> (Megabytes) or <code class="computeroutput">Gigabytes</code>. This option forces the full number to be displayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-n</code> — Displays IP addresses and port numbers in numeric format, rather than the default hostname and network service format.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--line-numbers</code> — Lists rules in each chain next to their numeric order in the chain. This option is useful when attempting to delete the specific rule in a chain or to locate where to insert a rule within a chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-t <table-name></code> — Specifies a table name. If omitted, defaults to the filter table.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong>3.9.2.5. Target Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong>3.9.3. Saving IPTables Rules</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
new file mode 100644
index 0000000..0a19c3e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.5. Target Options</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="3.9.2.4.4. Additional Match Option Modules" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="3.9.2.6. Listing Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">3.9.2.5. Target Options</h4></div></div></div><div class="para">
+ When a packet has matched a particular rule, the rule can direct the packet to a number of different targets which determine the appropriate action. Each chain has a default target, which is used if none of the rules on that chain match a packet or if none of the rules which match the packet specify a target.
+ </div><div class="para">
+ The following are the standard targets:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code><user-defined-chain></code></em></code> — A user-defined chain within the table. User-defined chain names must be unique. This target passes the packet to the specified chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ACCEPT</code> — Allows the packet through to its destination or to another chain.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DROP</code> — Drops the packet without responding to the requester. The system that sent the packet is not notified of the failure.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">QUEUE</code> — The packet is queued for handling by a user-space application.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RETURN</code> — Stops checking the packet against rules in the current chain. If the packet with a <code class="option">RETURN</code> target matches a rule in a chain called from another chain, the packet is returned to the first chain to resume rule checking where it left off. If the <code class="option">RETURN</code> rule is used on a built-in chain and the packet cannot move up to its previous chain, the default target for the current chain is used.
+ </div></li></ul></div><div class="para">
+ In addition, extensions are available which allow other targets to be specified. These extensions are called target modules or match option modules and most only apply to specific tables and situations. Refer to <a class="xref" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html">Section 3.9.2.4.4, “Additional Match Option Modules”</a> for more information about match option modules.
+ </div><div class="para">
+ Many extended target modules exist, most of which only apply to specific tables or situations. Some of the most popular target modules included by default in Fedora are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">LOG</code> — Logs all packets that match this rule. Because the packets are logged by the kernel, the <code class="filename">/etc/syslog.conf</code> file determines where these log entries are written. By default, they are placed in the <code class="filename">/var/log/messages</code> file.
+ </div><div class="para">
+ Additional options can be used after the <code class="option">LOG</code> target to specify the way in which logging occurs:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--log-level</code> — Sets the priority level of a logging event. Refer to the <code class="filename">syslog.conf</code> man page for a list of priority levels.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-ip-options</code> — Logs any options set in the header of an IP packet.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-prefix</code> — Places a string of up to 29 characters before the log line when it is written. This is useful for writing syslog filters for use in conjunction with packet logging.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Due to an issue with this option, you should add a trailing space to the <em class="replaceable"><code>log-prefix</code></em> value.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-options</code> — Logs any options set in the header of a TCP packet.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-sequence</code> — Writes the TCP sequence number for the packet in the log.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">REJECT</code> — Sends an error packet back to the remote system and drops the packet.
+ </div><div class="para">
+ The <code class="option">REJECT</code> target accepts <code class="option">--reject-with <em class="replaceable"><code><type></code></em></code> (where <em class="replaceable"><code><type></code></em> is the rejection type) allowing more detailed information to be returned with the error packet. The message <code class="computeroutput">port-unreachable</code> is the default error type given if no other option is used. Refer to the <code class="command">iptables</code> man page for a full list of <code class="option"><em class="replaceable"><code><type></code></em></code> options.
+ </div></li></ul></div><div class="para">
+ Other target extensions, including several that are useful for IP masquerading using the <code class="option">nat</code> table, or with packet alteration using the <code class="option">mangle</code> table, can be found in the <code class="command">iptables</code> man page.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong>3.9.2.4.4. Additional Match Option Modules</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong>3.9.2.6. Listing Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html
new file mode 100644
index 0000000..009c3e0
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Common Exploits and Attacks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.3.3.5. Anticipating Your Future Needs" /><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Common_Exploits_and_Attacks" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><div class="para">
+ <a class="xref" href="sect-Security_Guide-Common_Exploits_and_Attacks.html#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits">Table 1.1, “Common Exploits”</a> details some of the most common exploits and entry points used by intruders to access organizational network resources. Key to these common exploits are the explanations of how they are performed and how administrators can properly safeguard their network against such attacks.
+ </div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><h6>Table 1.1. Common Exploits</h6><div class="table-contents"><table summary="Common Exploits" border="1"><colgroup><col width="20%" class="Exploit" /><col width="40%" class="Description" /><col width="40%" class="Notes" /></colgroup><thead><tr><th>
+ Exploit
+ </th><th>
+ Description
+ </th><th>
+ Notes
+ </th></tr></thead><tbody><tr><td>
+ Null or Default Passwords
+ </td><td>
+ Leaving administrative passwords blank or using a default password set by the product vendor. This is most common in hardware such as routers and firewalls, though some services that run on Linux can contain default administrator passwords (though Fedora 12 does not ship with them).
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Commonly associated with networking hardware such as routers, firewalls, VPNs, and network attached storage (NAS) appliances. </td></tr><tr><td> Common in many legacy operating systems, especially those that bundle services (such as UNIX and Windows.) </td></tr><tr><td> Administrators sometimes create privileged user accounts in a rush and leave the password null, creating a perfect entry point for malicious users who discover the account. </td></tr></table>
+
+ </td></tr><tr><td>
+ Default Shared Keys
+ </td><td>
+ Secure services sometimes package default security keys for development or evaluation testing purposes. If these keys are left unchanged and are placed in a production environment on the Internet, <span class="emphasis"><em>all</em></span> users with the same default keys have access to that shared-key resource, and any sensitive information that it contains.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Most common in wireless access points and preconfigured secure server appliances. </td></tr></table>
+
+ </td></tr><tr><td>
+ IP Spoofing
+ </td><td>
+ A remote machine acts as a node on your local network, finds vulnerabilities with your servers, and installs a backdoor program or trojan horse to gain control over your network resources.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Spoofing is quite difficult as it involves the attacker predicting TCP/IP sequence numbers to coordinate a connection to target systems, but several tools are available to assist crackers in performing such a vulnerability. </td></tr><tr><td> Depends on target system running services (such as <code class="command">rsh</code>, <code class="command">telnet</code>, FTP and others) that use <em class="firstterm">source-based</em> authentication techniques, which are not recommended when compared to PKI or other forms of encrypted authentication used in <code class="command">ssh</code> or SSL/TLS. </td></tr></table>
+
+ </td></tr><tr><td>
+ Eavesdropping
+ </td><td>
+ Collecting data that passes between two active nodes on a network by eavesdropping on the connection between the two nodes.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> This type of attack works mostly with plain text transmission protocols such as Telnet, FTP, and HTTP transfers. </td></tr><tr><td> Remote attacker must have access to a compromised system on a LAN in order to perform such an attack; usually the cracker has used an active attack (such as IP spoofing or man-in-the-middle) to compromise a system on the LAN. </td></tr><tr><td> Preventative measures include services with cryptographic key exchange, one-time passwords, or encrypted authentication to prevent password snooping; strong encryption during transmission is also advised. </td></tr></table>
+
+ </td></tr><tr><td>
+ Service Vulnerabilities
+ </td><td>
+ An attacker finds a flaw or loophole in a service run over the Internet; through this vulnerability, the attacker compromises the entire system and any data that it may hold, and could possibly compromise other systems on the network.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> HTTP-based services such as CGI are vulnerable to remote command execution and even interactive shell access. Even if the HTTP service runs as a non-privileged user such as "nobody", information such as configuration files and network maps can be read, or the attacker can start a denial of service attack which drains system resources or renders it unavailable to other users. </td></tr><tr><td> Services sometimes can have vulnerabilities that go unnoticed during development and testing; these vulnerabilities (such as <em class="firstterm">buffer overflows</em>, where attackers crash a service using arbitrary values that fill the memory buffer of an application, giving the attacker an interactive command prompt from which they may execute arbitrary commands) can give complete administrative control to an attacker. </td></tr><tr><td> Administrators should make sure that services do not run as the root use
r, and should stay vigilant of patches and errata updates for applications from vendors or security organizations such as CERT and CVE. </td></tr></table>
+
+ </td></tr><tr><td>
+ Application Vulnerabilities
+ </td><td>
+ Attackers find faults in desktop and workstation applications (such as e-mail clients) and execute arbitrary code, implant trojan horses for future compromise, or crash systems. Further exploitation can occur if the compromised workstation has administrative privileges on the rest of the network.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> Workstations and desktops are more prone to exploitation as workers do not have the expertise or experience to prevent or detect a compromise; it is imperative to inform individuals of the risks they are taking when they install unauthorized software or open unsolicited email attachments. </td></tr><tr><td> Safeguards can be implemented such that email client software does not automatically open or execute attachments. Additionally, the automatic update of workstation software via Red Hat Network or other system management services can alleviate the burdens of multi-seat security deployments. </td></tr></table>
+
+ </td></tr><tr><td>
+ Denial of Service (DoS) Attacks
+ </td><td>
+ Attacker or group of attackers coordinate against an organization's network or server resources by sending unauthorized packets to the target host (either server, router, or workstation). This forces the resource to become unavailable to legitimate users.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> The most reported DoS case in the US occurred in 2000. Several highly-trafficked commercial and government sites were rendered unavailable by a coordinated ping flood attack using several compromised systems with high bandwidth connections acting as <em class="firstterm">zombies</em>, or redirected broadcast nodes. </td></tr><tr><td> Source packets are usually forged (as well as rebroadcasted), making investigation as to the true source of the attack difficult. </td></tr><tr><td> Advances in ingress filtering (IETF rfc2267) using <code class="command">iptables</code> and Network Intrusion Detection Systems such as <code class="command">snort</code> assist administrators in tracking down and preventing distributed DoS attacks. </td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong>1.3.3.5. Anticipating Your Future Needs</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong>1.5. Security Updates</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html
new file mode 100644
index 0000000..1034c10
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.4. Creating a Secure 7-Zip Archive via the GUI</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip Encrypted Archives" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="4.2.4.3. Step-by-Step Usage Instructions" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="4.2.4.5. Things of note" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI">4.2.4.4. Creating a Secure 7-Zip Archive via the GUI</h4></div></div></div><div class="para">
+ 7-Zip archives can be extracted just like any other archive via the GUI, but creating a secure 7-Zip archive requires a few additional steps.
+ </div><div class="para">
+ By following these instructions you are going to compress and encrypt your "Documents" directory. Your original "Documents" directory will remain unaltered. This technique can be applied to any directory or file you have access to on the filesystem.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Open the file browser: Click Activities -> Files
+ </div></li><li class="listitem"><div class="para">
+ Right-Click on the "Documents" folder
+ </div></li><li class="listitem"><div class="para">
+ Select the "Compress" option
+ </div></li><li class="listitem"><div class="para">
+ Select ".7z" as the file extension
+ </div></li><li class="listitem"><div class="para">
+ Expand "Other Options"
+ </div></li><li class="listitem"><div class="para">
+ Check "Encrypt the file list too"
+ </div></li><li class="listitem"><div class="para">
+ Enter a password into the password field
+ </div></li><li class="listitem"><div class="para">
+ Click the "Create" button
+ </div></li></ul></div><div class="para">
+ You will now see a "Documents.7z" file appear in your home directory. If you try to open the file, you will be asked for the archive password before being shown the contents of the archive. The file will open once the correct password is supplied, and the archive can then be manipulated as usual. Deleting the "Documents.7z" file will conclude this exercise and return your computer to its previous state.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong>4.2.4.3. Step-by-Step Usage Instructions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong>4.2.4.5. Things of note</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
new file mode 100644
index 0000000..5f671e1
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.2. Step-by-Step Installation Instructions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip Encrypted Archives" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip Encrypted Archives" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="4.2.4.3. Step-by-Step Usage Instructions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">4.2.4.2. Step-by-Step Installation Instructions</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Open a Terminal: <code class="code">Click Applications -> System Tools -> Terminal</code> or in GNOME 3: <code class="code">Activities -> Applications -> Terminal</code>
+ </div></li><li class="listitem"><div class="para">
+ Install 7-Zip with sudo access: <code class="code">sudo yum install p7zip</code>
+ </div></li><li class="listitem"><div class="para">
+ Close the Terminal: <code class="code">exit</code>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong>4.2.4. 7-Zip Encrypted Archives</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong>4.2.4.3. Step-by-Step Usage Instructions</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
new file mode 100644
index 0000000..fc71905
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.5. Things of note</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip Encrypted Archives" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html" title="4.2.4.4. Creating a Secure 7-Zip Archive via the GUI" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">4.2.4.5. Things of note</h4></div></div></div><div class="para">
+ 7-Zip is not shipped by default with Microsoft Windows or Mac OS X. If you need to use your 7-Zip files on those platforms you will need to install the appropriate version of 7-Zip on those computers. See the 7-Zip <a href="http://www.7-zip.org/download.html">download page</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Prev</strong>4.2.4.4. Creating a Secure 7-Zip Archive via the ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Next</strong>4.2.5. Using GNU Privacy Guard (GnuPG)</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
new file mode 100644
index 0000000..08984f6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.3. Step-by-Step Usage Instructions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip Encrypted Archives" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="4.2.4.2. Step-by-Step Installation Instructions" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html" title="4.2.4.4. Creating a Secure 7-Zip Archive via the GUI" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">4.2.4.3. Step-by-Step Usage Instructions</h4></div></div></div><div class="para">
+ By following these instructions you are going to compress and encrypt your "Documents" directory. Your original "Documents" directory will remain unaltered. This technique can be applied to any directory or file you have access to on the filesystem.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Open a Terminal:<code class="code">Click Applications -> System Tools -> Terminal</code>
+ </div></li><li class="listitem"><div class="para">
+ Compress and Encrypt: (enter a password when prompted) <code class="code">7za a -mhe=on -ms=on -p Documents.7z Documents/</code>
+ </div></li></ul></div><div class="para">
+ The "Documents" directory is now compressed and encrypted. The following instructions will move the encrypted archive somewhere new and then extract it.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Create a new directory: <code class="code">mkdir newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Move the encrypted file: <code class="code">mv Documents.7z newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Go to the new directory: <code class="code">cd newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Extract the file: (enter the password when prompted) <code class="code">7za x Documents.7z</code>
+ </div></li></ul></div><div class="para">
+ The archive is now extracted into the new location. The following instructions will clean up all the prior steps and restore your computer to its previous state.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Go up a directory: <code class="code">cd ..</code>
+ </div></li><li class="listitem"><div class="para">
+ Delete the test archive and test extraction: <code class="code">rm -r newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ Close the Terminal: <code class="code">exit</code>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong>4.2.4.2. Step-by-Step Installation Instructions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Next</strong>4.2.4.4. Creating a Secure 7-Zip Archive via the ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
new file mode 100644
index 0000000..62ae5f6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4. 7-Zip Encrypted Archives</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Data in Motion" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="4.2.3.5. Links of Interest" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="4.2.4.2. Step-by-Step Installation Instructions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav">
<li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip Encrypted Archives</h3></div></div></div><div class="para">
+ <a href="http://www.7-zip.org/">7-Zip</a> is a cross-platform, next generation, file compression tool that can also use strong encryption (AES-256) to protect the contents of the archive. This is extremely useful when you need to move data between multiple computers that use varying operating systems (i.e. Linux at home, Windows at work) and you want a portable encryption solution.
+ </div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">4.2.4.1. 7-Zip Installation in Fedora</h4></div></div></div><div class="para">
+ 7-Zip is not a base package in Fedora, but it is available in the software repository. Once installed, the package will update alongside the rest of the software on the computer with no special attention necessary.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong>4.2.3.5. Links of Interest</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong>4.2.4.2. Step-by-Step Installation Instructions</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
new file mode 100644
index 0000000..decb067
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.7. About Public Key Encryption</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html" title="4.2.5.6. Using GPG with Thunderbird" /><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 5. General Principles of Information Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">4.2.5.7. About Public Key Encryption</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Prev</strong>4.2.5.6. Using GPG with Thunderbird</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong>Chapter 5. General Principles of Information Secu...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
new file mode 100644
index 0000000..b2681ea
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.3. Generating GPG Keys Using the Command Line</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="4.2.5.2. Generating GPG Keys in KDE" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html" title="4.2.5.4. Using GPG with Alpine" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav">
<li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">4.2.5.3. Generating GPG Keys Using the Command Line</h4></div></div></div><div class="para">
+ Use the following shell command: <code class="code">gpg --gen-key</code>
+ </div><div class="para">
+ This command generates a key pair that consists of a public and a private key. Other people use your public key to authenticate and/or decrypt your communications. Distribute your public key as widely as possible, especially to people who you know will want to receive authentic communications from you, such as a mailing list. The Fedora Documentation Project, for example, asks participants to include a GPG public key in their self-introduction.
+ </div><div class="para">
+ A series of prompts directs you through the process. Press the <code class="code">Enter</code> key to assign a default value if desired. The first prompt asks you to select what kind of key you prefer:
+ </div><div class="para">
+
+<pre class="screen">Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+ Your selection?</pre>
+ In almost all cases, the default is the correct choice. A RSA key allows you not only to sign communications, but also to encrypt files.
+ </div><div class="para">
+ Next, choose the key size:
+<pre class="screen">RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048)</pre>
+ Again, the default is sufficient for almost all users, and represents a strong level of security.
+ </div><div class="para">
+ Next, choose when the key will expire. It is a good idea to choose an expiration date instead of using the default, which is none. If, for example, the email address on the key becomes invalid, an expiration date will remind others to stop using that public key.
+ </div><div class="para">
+
+<pre class="screen">Please specify how long the key should be valid.
+ 0 = key does not expire
+ d = key expires in n days
+ w = key expires in n weeks
+ m = key expires in n months
+ y = key expires in n years
+ Key is valid for? (0)</pre>
+
+ </div><div class="para">
+ Entering a value of <code class="code">1y</code>, for example, makes the key valid for one year. (You may change this expiration date after the key is generated, if you change your mind.)
+ </div><div class="para">
+ Before the <code class="code">gpg</code>code> program asks for signature information, the following prompt appears: <code class="code">Is this correct (y/n)?</code> Enter <code class="code">y</code>code> to finish the process.
+ </div><div class="para">
+ Next, enter your name and email address. Remember this process is about authenticating you as a real individual. For this reason, include your real name. Do not use aliases or handles, since these disguise or obfuscate your identity.
+ </div><div class="para">
+ Enter your real email address for your GPG key. If you choose a bogus email address, it will be more difficult for others to find your public key. This makes authenticating your communications difficult. If you are using this GPG key for [[DocsProject/SelfIntroduction| self-introduction]] on a mailing list, for example, enter the email address you use on that list.
+ </div><div class="para">
+ Use the comment field to include aliases or other information. (Some people use different keys for different purposes and identify each key with a comment, such as "Office" or "Open Source Projects.")
+ </div><div class="para">
+ At the confirmation prompt, enter the letter O to continue if all entries are correct, or use the other options to fix any problems. Finally, enter a passphrase for your secret key. The <code class="code">gpg</code> program asks you to enter your passphrase twice to ensure you made no typing errors.
+ </div><div class="para">
+ Finally, <code class="code">gpg</code> generates random data to make your key as unique as possible. Move your mouse, type random keys, or perform other tasks on the system during this step to speed up the process. Once this step is finished, your keys are complete and ready to use:
+ </div><pre class="screen">
+pub 1024D/1B2AFA1C 2005-03-31 John Q. Doe (Fedora Docs Project) <jqdoe at example.com>
+Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
+sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+</pre><div class="para">
+ The key fingerprint is a shorthand "signature" for your key. It allows you to confirm to others that they have received your actual public key without any tampering. You do not need to write this fingerprint down. To display the fingerprint at any time, use this command, substituting your email address: <code class="code"> gpg --fingerprint jqdoe at example.com </code>
+ </div><div class="para">
+ Your "GPG key ID" consists of 8 hex digits identifying the public key. In the example above, the GPG key ID is 1B2AFA1C. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x1B2AFA1C".
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Prev</strong>4.2.5.2. Generating GPG Keys in KDE</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Next</strong>4.2.5.4. Using GPG with Alpine</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
new file mode 100644
index 0000000..91df548
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.2. Generating GPG Keys in KDE</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="4.2.5.3. Generating GPG Keys Using the Command Line" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">4.2.5.2. Generating GPG Keys in KDE</h4></div></div></div><div class="para">
+ Start the KGpg program from the main menu by selecting Applications > Utilities > Encryption Tool. If you have never used KGpg before, the program walks you through the process of creating your own GPG keypair. A dialog box appears prompting you to create a new key pair. Enter your name, email address, and an optional comment. You can also choose an expiration time for your key, as well as the key strength (number of bits) and algorithms. The next dialog box prompts you for your passphrase. At this point, your key appears in the main <code class="code">KGpg</code> window.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
+ </div></div></div><div class="para">
+ To find your GPG key ID, look in the Key ID column next to the newly created key. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x6789ABCD". You should make a backup of your private key and store it somewhere secure.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Prev</strong>4.2.5. Using GNU Privacy Guard (GnuPG)</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Next</strong>4.2.5.3. Generating GPG Keys Using the Command Li...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html
new file mode 100644
index 0000000..cd13af2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.4. Using GPG with Alpine</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="4.2.5.3. Generating GPG Keys Using the Command Line" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Using GPG with Evolution" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">4.2.5.4. Using GPG with Alpine</h4></div></div></div><div class="para">
+ If you are using the email client <span class="package">Alpine</span> or <span class="package">Pine</span> then you will also need to download and install <span class="package">ez-pine-gpg</span>. This software is currently available from <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a>. Once you have installed ez-pine-gpg you will need to modify your <code class="code">~/.pinerc</code> file. You need to:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ /home/username/bin should be replaced with the installation path that you specified.
+ </div></li><li class="listitem"><div class="para">
+ In two places, the gpg-identifier after _RECIPIENTS_ should be replaced with your GPG public key's identifier. The reason you include your own GPG identifier here is so that if you send an encrypted message to "Alice", that message is also encrypted with your public key -- if you don't do this, then you will not be able to open that message in your sent-mail folder and remind yourself of what you wrote.
+ </div></li></ol></div><div class="para">
+ It should look something like this:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Prev</strong>4.2.5.3. Generating GPG Keys Using the Command Li...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Next</strong>4.2.5.5. Using GPG with Evolution</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html
new file mode 100644
index 0000000..87d6c5d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5.3. Signing and Encrypting email with Evolution</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Using GPG with Evolution" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html" title="4.2.5.5.2. Verifying email with Evolution" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html" title="4.2.5.6. Using GPG with Thunderbird" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">4.2.5.5.3. Signing and Encrypting email with Evolution</h5></div></div></div><div class="para">
+ Signing email allows the recipients to verify that the email actually came from you. The FDP (and the whole of the Fedora Project) encourage you to sign email to other participants, including on Fedora mailing lists. Encrypting email allows only your recipients to read your email. Please do not send encrypted email over the Fedora mailing lists, since almost no one will be able to read it.
+ </div><div class="para">
+ While composing your email, choose the Security menu, and then select PGP Sign to sign your message. To encrypt your message, select PGP Encrypt. You may sign an encrypted message as well, which is good practice. When you send the message, Evolution will ask you to enter your GPG key passphrase. (After three unsuccessful attempts Evolution generates an error.) If you select the option Remember this password for the remainder of this session, you will not need to use your passphrase again to sign or decrypt, unless you quit and restart Evolution.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Prev</strong>4.2.5.5.2. Verifying email with Evolution</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Next</strong>4.2.5.6. Using GPG with Thunderbird</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html
new file mode 100644
index 0000000..e24b155
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5.2. Verifying email with Evolution</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Using GPG with Evolution" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Using GPG with Evolution" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html" title="4.2.5.5.3. Signing and Encrypting email with Evolution" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">4.2.5.5.2. Verifying email with Evolution</h5></div></div></div><div class="para">
+ Evolution will automatically check any incoming GPG-signed messages for validity. If Evolution cannot GPG verify a message due to a missing public key (or tampering), it will end with a red banner. If the message is verified but you have not signed the key either locally or globally, the banner will be yellow. If the message is verified and you have signed the key, the banner will be green. When you click the seal icon, Evolution displays a dialog with more security information about the signature. To add a public key to your keyring, use the search function along with the key owner's email address: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>. To import the correct key, you may need to match the key ID with the information provided by Evolution.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Prev</strong>4.2.5.5. Using GPG with Evolution</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Next</strong>4.2.5.5.3. Signing and Encrypting email with Evol...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html
new file mode 100644
index 0000000..3c824ff
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5. Using GPG with Evolution</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html" title="4.2.5.4. Using GPG with Alpine" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html" title="4.2.5.5.2. Verifying email with Evolution" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">4.2.5.5. Using GPG with Evolution</h4></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">4.2.5.5.1. Configuring GPG for use with Evolution</h5></div></div></div><div class="para">
+ To configure GPG for use in <span class="application"><strong>Evolution</strong></span> select from the <span class="application"><strong>Evolution</strong></span> Main Menu, select Tools, Settings... In the left pane, select Mail Accounts. In the right pane, select the email account you use for Fedora Project correspondence. Then select the Edit button. The <span class="application"><strong>Evolution</strong></span> Account Editor dialog appears. Select the Security tab.
+ </div><div class="para">
+ In the PGP/GPG Key ID field, enter the GPG key ID matching this account's email address. If you are not sure what your key ID is, use this command: <code class="code">gpg --fingerprint EMAIL_ADDRESS</code>. The key ID is the same as the last eight characters (4 bytes) of the key fingerprint. It is a good idea to click the option Always encrypt to myself when sending encrypted mail. You may also want to select Always sign outgoing messages when using this account.
+ </div><div class="note"><div class="admonition_header"><h2>Notice</h2></div><div class="admonition"><div class="para">
+ If you do not mark public keys as trusted in your keyring, you will not be able to encrypt email to their owners unless you select the option Always trust keys in my keyring when encrypting. You will instead receive a dialog indicating that a trust check has failed.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Prev</strong>4.2.5.4. Using GPG with Alpine</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Next</strong>4.2.5.5.2. Verifying email with Evolution</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html
new file mode 100644
index 0000000..dda32f1
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.6. Using GPG with Thunderbird</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Using GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html" title="4.2.5.5.3. Signing and Encrypting email with Evolution" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="4.2.5.7. About Public Key Encryption" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" a
lt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">4.2.5.6. Using GPG with Thunderbird</h4></div></div></div><div class="para">
+ Fedora Core includes Mozilla Thunderbird in the thunderbird package, and the mozilla-mail package for the Mozilla Suite email application. Thunderbird is the recommended Mozilla email application. This appears on your desktop as Applications > Internet > Thunderbird Email.
+ </div><div class="para">
+ Mozilla products support extensions, plugins that add new features to the main application. The Enigmail extensions provide GPG support to email products from Mozilla. Versions of Enigmail exist for both Mozilla Thunderbird, and the Mozilla Suite (Seamonkey). Netscape software from AOL is based on the Mozilla products, and may also use this extension.
+ </div><div class="para">
+ To install Enigmail on Fedora systems, follow the instructions given below.
+ </div><div class="para">
+ Enigmail uses the term OpenPGP in menu items and options. GPG is an implementation of OpenPGP, and you may treat the terms as equivalent.
+ </div><div class="para">
+ The homepage for Enigmail is: <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a>.
+ </div><div class="para">
+ This page provides screenshots of Enigmail and GPG in action: <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">4.2.5.6.1. Installing Enigmail</h5></div></div></div><div class="para">
+ Enigmail is now available in fedora repository. It can be installed by typing: <code class="code">yum install thunderbird-enigmail</code> at a command line. Alternatively, you can install <span class="package">thunderbird-enigmail</span> using by going to <code class="code">System -> Administration -> Add/Remove Software</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Prev</strong>4.2.5.5.3. Signing and Encrypting email with Evol...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Next</strong>4.2.5.7. About Public Key Encryption</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html
new file mode 100644
index 0000000..d7831cc
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5. Using GNU Privacy Guard (GnuPG)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Data in Motion" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="4.2.4.5. Things of note" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="4.2.5.2. Generating GPG Keys in KDE" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previou
s"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Encryption-Using_GPG" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG">4.2.5. Using GNU Privacy Guard (GnuPG)</h3></div></div></div><div class="para">
+ <span class="application"><strong>GnuPG</strong></span> (GPG) is used to identify yourself and authenticate your communications, including those with people you don't know. GPG allows anyone reading a GPG-signed email to verify its authenticity. In other words, GPG allows someone to be reasonably certain that communications signed by you actually are from you. GPG is useful because it helps prevent third parties from altering code or intercepting conversations and altering the message.
+ </div><div class="para">
+ GPG can also be used to sign and/or encrypt files kept on your computer or on a network drive. This can add additional protection in preventing a file from being altered or read by unauthorized people.
+ </div><div class="para">
+ To utilize GPG for authentication or encryption of email you must first generate your public and private keys. After generating the keys you will have to setup your email client to utilize them.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">4.2.5.1. Generating GPG Keys in GNOME</h4></div></div></div><div class="para">
+ The Seahorse utility makes GPG key management easier. You can install <span class="package">Seahorse</span> at the command line with the command <code class="code">su -c "yum install seahorse"</code> or in the GUI using <span class="application"><strong>Add/Remove Software</strong></span>.
+ </div><div class="para">
+ To create a key select <span class="application"><strong>Passwords and Keys</strong></span>, which starts the application <span class="application"><strong>Seahorse</strong></span>. From the <code class="code">File</code> menu select <code class="code">New</code> then <code class="code">PGP Key</code> then select <code class="code">Continue</code>. Type your full name, email address, and an optional comment describing who are you (e.g.: John C. Smith, jsmith at example.com, The Man). Select <code class="code">Create</code>. A dialog is displayed asking for a passphrase for the key. Choose a strong passphrase but also easy to remember. Click <code class="code">OK</code> and the key is created.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
+ </div></div></div><div class="para">
+ To find your GPG key ID, look in the Key ID column next to the newly created key. In most cases, if you are asked for the key ID, you should prepend "0x" to the key ID, as in "0x6789ABCD". You should make a backup of your private key and store it somewhere secure.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong>4.2.4.5. Things of note</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Next</strong>4.2.5.2. Generating GPG Keys in KDE</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
new file mode 100644
index 0000000..6ff8673
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.5. Anticipating Your Future Needs</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Evaluating the Tools" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.3.3.4. VLAD the Scanner" /><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previou
s"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.3.3.5. Anticipating Your Future Needs</h4></div></div></div><div class="para">
+ Depending upon your target and resources, there are many tools available. There are tools for wireless networks, Novell networks, Windows systems, Linux systems, and more. Another essential part of performing assessments may include reviewing physical security, personnel screening, or voice/PBX network assessment. New concepts, such as <em class="firstterm">war walking</em>, which involves scanning the perimeter of your enterprise's physical structures for wireless network vulnerabilities, are some emerging concepts that you can investigate and, if needed, incorporate into your assessments. Imagination and exposure are the only limits of planning and conducting vulnerability assessments.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong>1.3.3.4. VLAD the Scanner</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong>1.4. Common Exploits and Attacks</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html
new file mode 100644
index 0000000..9e64cbf
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.2. Nessus</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Evaluating the Tools" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Evaluating the Tools" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.3.3.3. Nikto" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nessus"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.3.3.2. Nessus</h4></div></div></div><div class="para">
+ Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The Nessus client and server software is included in Fedora repositories but requires a subscription to use. It has been included in this document as a reference to users who may be interested in using this popular application.
+ </div></div></div><div class="para">
+ For more information about Nessus, refer to the official website at the following URL:
+ </div><div class="para">
+ <a href="http://www.nessus.org/">http://www.nessus.org/</a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong>1.3.3. Evaluating the Tools</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong>1.3.3.3. Nikto</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html
new file mode 100644
index 0000000..622ca23
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.3. Nikto</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Evaluating the Tools" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.3.3.2. Nessus" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.3.3.4. VLAD the Scanner" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="
p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nikto"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.3.3.3. Nikto</h4></div></div></div><div class="para">
+ Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It comes with thorough documentation which should be carefully reviewed prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
+ </div><div class="para">
+ More information about Nikto can be found at the following URL:
+ </div><div class="para">
+ <a href="http://www.cirt.net/code/nikto.shtml">http://www.cirt.net/code/nikto.shtml</a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong>1.3.3.2. Nessus</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong>1.3.3.4. VLAD the Scanner</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
new file mode 100644
index 0000000..064cc24
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.4. VLAD the Scanner</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Evaluating the Tools" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.3.3.3. Nikto" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.3.3.5. Anticipating Your Future Needs" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class
="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.3.3.4. VLAD the Scanner</h4></div></div></div><div class="para">
+ VLAD is a vulnerabilities scanner developed by the <acronym class="acronym">RAZOR</acronym> team at Bindview, Inc., which checks for the SANS Top Ten list of common security issues (SNMP issues, file sharing issues, etc.). While not as full-featured as Nessus, VLAD is worth investigating.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ VLAD is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
+ </div></div></div><div class="para">
+ More information about VLAD can be found on the RAZOR team website at the following URL:
+ </div><div class="para">
+ <a href="http://www.bindview.com/Support/Razor/Utilities/">http://www.bindview.com/Support/Razor/Utilities/</a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong>1.3.3.3. Nikto</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong>1.3.3.5. Anticipating Your Future Needs</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
new file mode 100644
index 0000000..71c2e18
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5.3. DMZs and IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD and NAT Rules" /><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="3.8.5.2. Prerouting" /><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="3.8.6. Malicious Software and Spoofed IP Addresses" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">3.8.5.3. DMZs and IPTables</h4></div></div></div><div class="para">
+ You can create <code class="command">iptables</code> rules to route traffic to certain machines, such as a dedicated HTTP or FTP server, in a <em class="firstterm">demilitarized zone</em> (<acronym class="acronym">DMZ</acronym>). A <acronym class="acronym">DMZ</acronym> is a special local subnetwork dedicated to providing services on a public carrier, such as the Internet.
+ </div><div class="para">
+ For example, to set a rule for routing incoming HTTP requests to a dedicated HTTP server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT uses the <code class="computeroutput">PREROUTING</code> table to forward the packets to the appropriate destination:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.4.2:80</pre><div class="para">
+ With this command, all HTTP connections to port 80 from outside of the LAN are routed to the HTTP server on a network separate from the rest of the internal network. This form of network segmentation can prove safer than allowing HTTP connections to a machine on the network.
+ </div><div class="para">
+ If the HTTP server is configured to accept secure connections, then port 443 must be forwarded as well.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong>3.8.5.2. Prerouting</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong>3.8.6. Malicious Software and Spoofed IP Addresses</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
new file mode 100644
index 0000000..35c97da
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5.2. Prerouting</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD and NAT Rules" /><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD and NAT Rules" /><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="3.8.5.3. DMZs and IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acce
sskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">3.8.5.2. Prerouting</h4></div></div></div><div class="para">
+ If you have a server on your internal network that you want make available externally, you can use the <code class="option">-j DNAT</code> target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded.
+ </div><div class="para">
+ For example, if you want to forward incoming HTTP requests to your dedicated Apache HTTP Server at 172.31.0.23, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80</pre><div class="para">
+ This rule specifies that the <acronym class="acronym">nat</acronym> table use the built-in PREROUTING chain to forward incoming HTTP requests exclusively to the listed destination IP address of 172.31.0.23.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ If you have a default policy of DROP in your FORWARD chain, you must append a rule to forward all incoming HTTP requests so that destination NAT routing is possible. To do this, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT</pre><div class="para">
+ This rule forwards all incoming HTTP requests from the firewall to the intended destination; the Apache HTTP Server behind the firewall.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong>3.8.5. FORWARD and NAT Rules</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong>3.8.5.3. DMZs and IPTables</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html
new file mode 100644
index 0000000..15cacb5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9. Additional Resources</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="3.8.8. IPv6" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="3.8.9.2. Useful Firewall Websites" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html">
<strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Additional Resources</h3></div></div></div><div class="para">
+ There are several aspects to firewalls and the Linux Netfilter subsystem that could not be covered in this chapter. For more information, refer to the following resources.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">3.8.9.1. Installed Firewall Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-IPTables.html">Section 3.9, “IPTables”</a> for more detailed information on the <code class="command">iptables</code> command, including definitions for many command options.
+ </div></li><li class="listitem"><div class="para">
+ The <code class="command">iptables</code> man page contains a brief summary of the various options.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong>3.8.8. IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong>3.8.9.2. Useful Firewall Websites</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
new file mode 100644
index 0000000..2f8635c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2. Basic Firewall Configuration</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="3.8.2.2. Enabling and Disabling the Firewall" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security
_Guide-Firewalls.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Basic Firewall Configuration</h3></div></div></div><div class="para">
+ Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized users from accessing your computer.
+ </div><div class="para">
+ In a default Fedora installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any Fedora system with an Internet connection.
+ </div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">3.8.2.1. <span class="application"><strong>Firewall Administration Tool</strong></span></h4></div></div></div><div class="para">
+ During the <span class="guilabel"><strong>Firewall Configuration</strong></span> screen of the Fedora installation, you were given the option to enable a basic firewall as well as to allow specific devices, incoming services, and ports.
+ </div><div class="para">
+ After installation, you can change this preference by using the <span class="application"><strong>Firewall Administration Tool</strong></span>.
+ </div><div class="para">
+ To start this application, use the following command:
+ </div><pre class="screen">[root at myServer ~] # system-config-firewall</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewall_config.png" width="444" alt="Firewall Administration Tool" /><div class="longdesc"><div class="para">
+ Security Level Configuration
+ </div></div></div></div><h6>Figure 3.10. <span class="application">Firewall Administration Tool</span></h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <span class="application"><strong>Firewall Administration Tool</strong></span> only configures a basic firewall. If the system needs more complex rules, refer to <a class="xref" href="sect-Security_Guide-IPTables.html">Section 3.9, “IPTables”</a> for details on configuring specific <code class="command">iptables</code> rules.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong>3.8. Firewalls</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong>3.8.2.2. Enabling and Disabling the Firewall</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
new file mode 100644
index 0000000..d32eee9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.4. Common IPTables Filtering</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="3.8.3.3. Saving and Restoring IPTables Rules" /><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD and NAT Rules" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="
p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Common IPTables Filtering</h3></div></div></div><div class="para">
+ Preventing remote attackers from accessing a LAN is one of the most important aspects of network security. The integrity of a LAN should be protected from malicious remote users through the use of stringent firewall rules.
+ </div><div class="para">
+ However, with a default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources.
+ </div><div class="para">
+ To allow users to perform network-related functions and to use networking applications, administrators must open certain ports for communication.
+ </div><div class="para">
+ For example, to allow access to port 80 <span class="emphasis"><em>on the firewall</em></span>, append the following rule:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</pre><div class="para">
+ This allows users to browse websites that communicate using the standard port 80. To allow access to secure websites (for example, https://www.example.com/), you also need to provide access to port 443, as follows:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ When creating an <code class="command">iptables</code> ruleset, order is important.
+ </div><div class="para">
+ If a rule specifies that any packets from the 192.168.100.0/24 subnet be dropped, and this is followed by a rule that allows packets from 192.168.100.13 (which is within the dropped subnet), then the second rule is ignored.
+ </div><div class="para">
+ The rule to allow packets from 192.168.100.13 must precede the rule that drops the remainder of the subnet.
+ </div><div class="para">
+ To insert a rule in a specific location in an existing chain, use the <code class="option">-I</code> option. For example:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT</pre><div class="para">
+ This rule is inserted as the first rule in the INPUT chain to allow local loopback device traffic.
+ </div></div></div><div class="para">
+ There may be times when you require remote access to the LAN. Secure services, for example SSH, can be used for encrypted remote connection to LAN services.
+ </div><div class="para">
+ Administrators with PPP-based resources (such as modem banks or bulk ISP accounts), dial-up access can be used to securely circumvent firewall barriers. Because they are direct connections, modem connections are typically behind a firewall/gateway.
+ </div><div class="para">
+ For remote users with broadband connections, however, special cases can be made. You can configure <code class="command">iptables</code> to accept connections from remote SSH clients. For example, the following rules allow remote SSH access:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+[root at myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT</pre><div class="para">
+ These rules allow incoming and outbound access for an individual system, such as a single PC directly connected to the Internet or a firewall/gateway. However, they do not allow nodes behind the firewall/gateway to access these services. To allow LAN access to these services, you can use <em class="firstterm">Network Address Translation</em> (<acronym class="acronym">NAT</acronym>) with <code class="command">iptables</code> filtering rules.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong>3.8.3.3. Saving and Restoring IPTables Rules</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong>3.8.5. FORWARD and NAT Rules</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
new file mode 100644
index 0000000..4203d5b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5. FORWARD and NAT Rules</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="3.8.4. Common IPTables Filtering" /><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="3.8.5.2. Prerouting" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewa
lls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</h3></div></div></div><div class="para">
+ Most ISPs provide only a limited number of publicly routable IP addresses to the organizations they serve.
+ </div><div class="para">
+ Administrators must, therefore, find alternative ways to share access to Internet services without giving public IP addresses to every node on the LAN. Using private IP addresses is the most common way of allowing all nodes on a LAN to properly access internal and external network services.
+ </div><div class="para">
+ Edge routers (such as firewalls) can receive incoming transmissions from the Internet and route the packets to the intended LAN node. At the same time, firewalls/gateways can also route outgoing requests from a LAN node to the remote Internet service.
+ </div><div class="para">
+ This forwarding of network traffic can become dangerous at times, especially with the availability of modern cracking tools that can spoof <span class="emphasis"><em>internal</em></span> IP addresses and make the remote attacker's machine act as a node on your LAN.
+ </div><div class="para">
+ To prevent this, <code class="command">iptables</code> provides routing and forwarding policies that can be implemented to prevent abnormal usage of network resources.
+ </div><div class="para">
+ The <code class="computeroutput">FORWARD</code> chain allows an administrator to control where packets can be routed within a LAN. For example, to allow forwarding for the entire LAN (assuming the firewall/gateway is assigned an internal IP address on eth1), use the following rules:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
+[root at myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT</pre><div class="para">
+ This rule gives systems behind the firewall/gateway access to the internal network. The gateway routes packets from one LAN node to its intended destination node, passing all packets through its <code class="filename">eth1</code> device.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ By default, the IPv4 policy in Fedora kernels disables support for IP forwarding. This prevents machines that run Fedora from functioning as dedicated edge routers. To enable IP forwarding, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</pre><div class="para">
+ This configuration change is only valid for the current session; it does not persist beyond a reboot or network service restart. To permanently set IP forwarding, edit the <code class="filename">/etc/sysctl.conf</code> file as follows:
+ </div><div class="para">
+ Locate the following line:
+ </div><pre class="screen">net.ipv4.ip_forward = 0</pre><div class="para">
+ Edit it to read as follows:
+ </div><pre class="screen">net.ipv4.ip_forward = 1</pre><div class="para">
+ Use the following command to enable the change to the <code class="filename">sysctl.conf</code> file:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -p /etc/sysctl.conf</pre></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading">3.8.5.1. Postrouting and IP Masquerading</h4></div></div></div><div class="para">
+ Accepting forwarded packets via the firewall's internal IP device allows LAN nodes to communicate with each other; however they still cannot communicate externally to the Internet.
+ </div><div class="para">
+ To allow LAN nodes with private IP addresses to communicate with external public networks, configure the firewall for <em class="firstterm">IP masquerading</em>, which masks requests from LAN nodes with the IP address of the firewall's external device (in this case, eth0):
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre><div class="para">
+ This rule uses the NAT packet matching table (<code class="option">-t nat</code>) and specifies the built-in POSTROUTING chain for NAT (<code class="option">-A POSTROUTING</code>) on the firewall's external networking device (<code class="option">-o eth0</code>).
+ </div><div class="para">
+ POSTROUTING allows packets to be altered as they are leaving the firewall's external device.
+ </div><div class="para">
+ The <code class="option">-j MASQUERADE</code> target is specified to mask the private IP address of a node with the external IP address of the firewall/gateway.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong>3.8.4. Common IPTables Filtering</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong>3.8.5.2. Prerouting</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
new file mode 100644
index 0000000..4eb22c7
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.7. IPTables and Connection Tracking</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="3.8.6. Malicious Software and Spoofed IP Addresses" /><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="3.8.8. IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Gu
ide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables and Connection Tracking</h3></div></div></div><div class="para">
+ You can inspect and restrict connections to services based on their <em class="firstterm">connection state.</em> A module within <code class="command">iptables</code> uses a method called <em class="firstterm">connection tracking</em> to store information about incoming connections. You can allow or deny access based on the following connection states:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — A packet requesting a new connection, such as an HTTP request.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — A packet that is part of an existing connection.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — A packet that is requesting a new connection but is part of an existing connection. For example, FTP uses port 21 to establish a connection, but data is transferred on a different port (typically port 20).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — A packet that is not part of any connections in the connection tracking table.
+ </div></li></ul></div><div class="para">
+ You can use the stateful functionality of <code class="command">iptables</code> connection tracking with any network protocol, even if the protocol itself is stateless (such as UDP). The following example shows a rule that uses connection tracking to forward only the packets that are associated with an established connection:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong>3.8.6. Malicious Software and Spoofed IP Addresses</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong>3.8.8. IPv6</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html
new file mode 100644
index 0000000..4ee39b1
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.8. IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="3.8.7. IPTables and Connection Tracking" /><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Additional Resources" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-S
ecurity_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</h3></div></div></div><div class="para">
+ The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier networks that are IPv6 aware are therefore able to address a larger number of routable addresses than IPv4.
+ </div><div class="para">
+ Fedora supports IPv6 firewall rules using the Netfilter 6 subsystem and the <code class="command">ip6tables</code> command. In Fedora 12, both IPv4 and IPv6 services are enabled by default.
+ </div><div class="para">
+ The <code class="command">ip6tables</code> command syntax is identical to <code class="command">iptables</code> in every aspect except that it supports 128-bit addresses. For example, use the following command to enable SSH connections on an IPv6-aware network server:
+ </div><pre class="screen">[root at myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT</pre><div class="para">
+ For more information about IPv6 networking, refer to the IPv6 Information Page at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong>3.8.7. IPTables and Connection Tracking</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong>3.8.9. Additional Resources</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
new file mode 100644
index 0000000..93a51cc
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.6. Malicious Software and Spoofed IP Addresses</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="3.8.5.3. DMZs and IPTables" /><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="3.8.7. IPTables and Connection Tracking" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Malicious Software and Spoofed IP Addresses</h3></div></div></div><div class="para">
+ More elaborate rules can be created that control access to specific subnets, or even specific nodes, within a LAN. You can also restrict certain dubious applications or programs such as trojans, worms, and other client/server viruses from contacting their server.
+ </div><div class="para">
+ For example, some trojans scan networks for services on ports from 31337 to 31340 (called the <span class="emphasis"><em>elite</em></span> ports in cracking terminology).
+ </div><div class="para">
+ Since there are no legitimate services that communicate via these non-standard ports, blocking them can effectively diminish the chances that potentially infected nodes on your network independently communicate with their remote master servers.
+ </div><div class="para">
+ The following rules drop all TCP traffic that attempts to use port 31337:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
+[root at myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP</pre><div class="para">
+ You can also block outside connections that attempt to spoof private IP address ranges to infiltrate your LAN.
+ </div><div class="para">
+ For example, if your LAN uses the 192.168.1.0/24 range, you can design a rule that instructs the Internet-facing network device (for example, eth0) to drop any packets to that device with an address in your LAN IP range.
+ </div><div class="para">
+ Because it is recommended to reject forwarded packets as a default policy, any other spoofed IP address to the external-facing device (eth0) is rejected automatically.
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ There is a distinction between the <code class="computeroutput">DROP</code> and <code class="computeroutput">REJECT</code> targets when dealing with <span class="emphasis"><em>appended</em></span> rules.
+ </div><div class="para">
+ The <code class="computeroutput">REJECT</code> target denies access and returns a <code class="computeroutput">connection refused</code> error to users who attempt to connect to the service. The <code class="computeroutput">DROP</code> target, as the name implies, drops the packet without any warning.
+ </div><div class="para">
+ Administrators can use their own discretion when using these targets. However, to avoid user confusion and attempts to continue connecting, the <code class="computeroutput">REJECT</code> target is recommended.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong>3.8.5.3. DMZs and IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong>3.8.7. IPTables and Connection Tracking</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html
new file mode 100644
index 0000000..66788ac
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3. Using IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewalls" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="3.8.2.6. Activating the IPTables Service" /><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="3.8.3.2. Basic Firewall Policies" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previou
s"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Using_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Using IPTables</h3></div></div></div><div class="para">
+ The first step in using <code class="command">iptables</code> is to start the <code class="command">iptables</code> service. Use the following command to start the <code class="command">iptables</code> service:
+ </div><pre class="screen">[root at myServer ~] # service iptables start</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="command">ip6tables</code> service can be turned off if you intend to use the <code class="command">iptables</code> service only. If you deactivate the <code class="command">ip6tables</code> service, remember to deactivate the IPv6 network also. Never leave a network device active without the matching firewall.
+ </div></div></div><div class="para">
+ To force <code class="command">iptables</code> to start by default when the system is booted, use the following command:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre><div class="para">
+ This forces <code class="command">iptables</code> to start whenever the system is booted into runlevel 3, 4, or 5.
+ </div><div class="section" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax">3.8.3.1. IPTables Command Syntax</h4></div></div></div><div class="para">
+ The following sample <code class="command">iptables</code> command illustrates the basic command syntax:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A <em class="replaceable"><code><chain></code></em> -j <em class="replaceable"><code><target></code></em></pre><div class="para">
+ The <code class="option">-A</code> option specifies that the rule be appended to <em class="firstterm"><chain></em>. Each chain is comprised of one or more <em class="firstterm">rules</em>, and is therefore also known as a <em class="firstterm">ruleset</em>.
+ </div><div class="para">
+ The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.
+ </div><div class="para">
+ The <code class="option">-j <em class="replaceable"><code><target></code></em></code> option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.
+ </div><div class="para">
+ Refer to the <code class="command">iptables</code> man page for more information on the available chains, options, and targets.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong>3.8.2.6. Activating the IPTables Service</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong>3.8.3.2. Basic Firewall Policies</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html
new file mode 100644
index 0000000..6055996
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8. Firewalls</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="3.7.10.2. Useful Kerberos Websites" /><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Basic Firewall Configuration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Firewalls" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Firewalls">3.8. Firewalls</h2></div></div></div><div class="para">
+ Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Fedora includes several tools to assist administrators and security engineers with network-level access control issues.
+ </div><div class="para">
+ Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint, McAfee, and Symantec have also developed proprietary software firewall solutions for home and business markets.
+ </div><div class="para">
+ Apart from the differences between hardware and software firewalls, there are also differences in the way firewalls function that separate one solution from another. <a class="xref" href="sect-Security_Guide-Firewalls.html#tabl-Security_Guide-Firewalls-Firewall_Types">Table 3.2, “Firewall Types”</a> details three common types of firewalls and how they function:
+ </div><div class="table" id="tabl-Security_Guide-Firewalls-Firewall_Types"><h6>Table 3.2. Firewall Types</h6><div class="table-contents"><table summary="Firewall Types" border="1"><colgroup><col width="10%" class="method" /><col width="30%" class="description" /><col width="30%" class="advantages" /><col width="30%" class="disadvantages" /></colgroup><thead><tr><th>
+ Method
+ </th><th>
+ Description
+ </th><th>
+ Advantages
+ </th><th>
+ Disadvantages
+ </th></tr></thead><tbody><tr><td>
+ NAT
+ </td><td>
+ <em class="firstterm">Network Address Translation</em> (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several. The Linux kernel has built-in NAT functionality through the Netfilter kernel subsystem.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Can be configured transparently to machines on a LAN </td></tr><tr><td> · Protection of many machines and services behind one or more external IP addresses simplifies administration duties </td></tr><tr><td> · Restriction of user access to and from the LAN can be configured by opening and closing ports on the NAT firewall/gateway </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Cannot prevent malicious activity once users connect to a service outside of the firewall </td></tr></table>
+
+ </td></tr><tr><td>
+ Packet Filter
+ </td><td>
+ A packet filtering firewall reads each data packet that passes through a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Customizable through the <code class="command">iptables</code> front-end utility </td></tr><tr><td> · Does not require any customization on the client side, as all network activity is filtered at the router level rather than the application level </td></tr><tr><td> · Since packets are not transmitted through a proxy, network performance is faster due to direct connection from client to remote host </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Cannot filter packets for content like proxy firewalls </td></tr><tr><td> · Processes packets at the protocol layer, but cannot filter packets at an application layer </td></tr><tr><td> · Complex network architectures can make establishing packet filtering rules difficult, especially if coupled with <em class="firstterm">IP masquerading</em> or local subnets and DMZ networks </td></tr></table>
+
+ </td></tr><tr><td>
+ Proxy
+ </td><td>
+ Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Gives administrators control over what applications and protocols function outside of the LAN </td></tr><tr><td> · Some proxy servers can cache frequently-accessed data locally rather than having to use the Internet connection to request it. This helps to reduce bandwidth consumption </td></tr><tr><td> · Proxy services can be logged and monitored closely, allowing tighter control over resource utilization on the network </td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td> · Proxies are often application-specific (HTTP, Telnet, etc.), or protocol-restricted (most proxies work with TCP-connected services only) </td></tr><tr><td> · Application services cannot run behind a proxy, so your application servers must use a separate form of network security </td></tr><tr><td> · Proxies can become a network bottleneck, as all requests and transmissions are passed through one source rather than directly from a client to a remote service </td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter and IPTables</h3></div></div></div><div class="para">
+ The Linux kernel features a powerful networking subsystem called <em class="firstterm">Netfilter</em>. The Netfilter subsystem provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfilter also has the ability to <em class="firstterm">mangle</em> IP header information for advanced routing and connection state management. Netfilter is controlled using the <code class="command">iptables</code> tool.
+ </div><div class="section" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview">3.8.1.1. IPTables Overview</h4></div></div></div><div class="para">
+ The power and flexibility of Netfilter is implemented using the <code class="command">iptables</code> administration tool, a command line tool similar in syntax to its predecessor, <code class="command">ipchains</code>, which Netfilter/iptables replaced in the Linux kernel 2.4 and above.
+ </div><div class="para">
+ <code class="command">iptables</code> uses the Netfilter subsystem to enhance network connection, inspection, and processing. <code class="command">iptables</code> features advanced logging, pre- and post-routing actions, network address translation, and port forwarding, all in one command line interface.
+ </div><div class="para">
+ This section provides an overview of <code class="command">iptables</code>. For more detailed information, refer to <a class="xref" href="sect-Security_Guide-IPTables.html">Section 3.9, “IPTables”</a>.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong>3.7.10.2. Useful Kerberos Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong>3.8.2. Basic Firewall Configuration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html
new file mode 100644
index 0000000..2791387
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.6. Additional Resources</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="3.9.5. IPTables and IPv6" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="3.9.6.2. Useful IP Tables Websites" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Gu
ide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Additional Resources</h3></div></div></div><div class="para">
+ Refer to the following sources for additional information on packet filtering with <code class="command">iptables</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Firewalls.html">Section 3.8, “Firewalls”</a> — Contains a chapter about the role of firewalls within an overall security strategy as well as strategies for constructing firewall rules.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation">3.9.6.1. Installed IP Tables Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man iptables</code> — Contains a description of <code class="command">iptables</code> as well as a comprehensive list of targets, options, and match extensions.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong>3.9.5. IPTables and IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong>3.9.6.2. Useful IP Tables Websites</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
new file mode 100644
index 0000000..60974ab
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2. Command Options for IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="3.9.2.2. Command Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Prev</strong><
/a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Command Options for IPTables</h3></div></div></div><div class="para">
+ Rules for filtering packets are created using the <code class="command">iptables</code> command. The following aspects of the packet are most often used as criteria:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Type</em></span> — Specifies the type of packets the command filters.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Source/Destination</em></span> — Specifies which packets the command filters based on the source or destination of the packet.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Target</em></span> — Specifies what action is taken on packets matching the above criteria.
+ </div></li></ul></div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html">Section 3.9.2.4, “IPTables Match Options”</a> and <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html">Section 3.9.2.5, “Target Options”</a> for more information about specific options that address these aspects of a packet.
+ </div><div class="para">
+ The options used with specific <code class="command">iptables</code> rules must be grouped logically, based on the purpose and conditions of the overall rule, for the rule to be valid. The remainder of this section explains commonly-used options for the <code class="command">iptables</code> command.
+ </div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options">3.9.2.1. Structure of IPTables Command Options</h4></div></div></div><div class="para">
+ Many <code class="command">iptables</code> commands have the following structure:
+ </div><pre class="screen"><code class="computeroutput"> iptables [-t <em class="replaceable"><code><table-name></code></em>] <em class="replaceable"><code><command></code></em> <em class="replaceable"><code><chain-name></code></em> \ <em class="replaceable"><code><parameter-1></code></em> <em class="replaceable"><code><option-1></code></em> \ <em class="replaceable"><code><parameter-n></code></em> <em class="replaceable"><code><option-n></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><table-name></code></em> — Specifies which table the rule applies to. If omitted, the <code class="option">filter</code> table is used.
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — Specifies the action to perform, such as appending or deleting a rule.
+ </div><div class="para">
+ <em class="replaceable"><code><chain-name></code></em> — Specifies the chain to edit, create, or delete.
+ </div><div class="para">
+ <em class="replaceable"><code><parameter>-<option></code></em> pairs — Parameters and associated options that specify how to process a packet that matches the rule.
+ </div><div class="para">
+ The length and complexity of an <code class="command">iptables</code> command can change significantly, based on its purpose.
+ </div><div class="para">
+ For example, a command to remove a rule from a chain can be very short:
+ </div><div class="para">
+ <code class="command">iptables -D <em class="replaceable"><code><chain-name> <line-number></code></em></code>
+ </div><div class="para">
+ In contrast, a command that adds a rule which filters packets from a particular subnet using a variety of specific parameters and options can be rather long. When constructing <code class="command">iptables</code> commands, it is important to remember that some parameters and options require further parameters and options to construct a valid rule. This can produce a cascading effect, with the further parameters requiring yet more parameters. Until every parameter and option that requires another set of options is satisfied, the rule is not valid.
+ </div><div class="para">
+ Type <code class="command">iptables -h</code> to view a comprehensive list of <code class="command">iptables</code> command structures.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Prev</strong>3.9. IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong>3.9.2.2. Command Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
new file mode 100644
index 0000000..4298c52
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.4. IPTables Control Scripts</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="3.9.3. Saving IPTables Rules" /><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="3.9.5. IPTables and IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IP
Tables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables Control Scripts</h3></div></div></div><div class="para">
+ There are two basic methods for controlling <code class="command">iptables</code> in Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="application"><strong>Firewall Administration Tool</strong></span> (<code class="command">system-config-firewall</code>) — A graphical interface for creating, activating, and saving basic firewall rules. Refer to <a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">Section 3.8.2, “Basic Firewall Configuration”</a> for more information.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/service iptables <em class="replaceable"><code><option></code></em></code> — Used to manipulate various functions of <code class="command">iptables</code> using its initscript. The following options are available:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">start</code> — If a firewall is configured (that is, <code class="filename">/etc/sysconfig/iptables</code> exists), all running <code class="command">iptables</code> are stopped completely and then started using the <code class="command">/sbin/iptables-restore</code> command. This option only works if the <code class="command">ipchains</code> kernel module is not loaded. To check if this module is loaded, type the following command as root:
+ </div><pre class="screen"><code class="command"> [root at MyServer ~]# lsmod | grep ipchains </code></pre><div class="para">
+ If this command returns no output, it means the module is not loaded. If necessary, use the <code class="command">/sbin/rmmod</code> command to remove the module.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">stop</code> — If a firewall is running, the firewall rules in memory are flushed, and all iptables modules and helpers are unloaded.
+ </div><div class="para">
+ If the <code class="command">IPTABLES_SAVE_ON_STOP</code> directive in the <code class="filename">/etc/sysconfig/iptables-config</code> configuration file is changed from its default value to <code class="command">yes</code>, current rules are saved to <code class="filename">/etc/sysconfig/iptables</code> and any existing rules are moved to the file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Section 3.9.4.1, “IPTables Control Scripts Configuration File”</a> for more information about the <code class="filename">iptables-config</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">restart</code> — If a firewall is running, the firewall rules in memory are flushed, and the firewall is started again if it is configured in <code class="filename">/etc/sysconfig/iptables</code>. This option only works if the <code class="command">ipchains</code> kernel module is not loaded.
+ </div><div class="para">
+ If the <code class="command">IPTABLES_SAVE_ON_RESTART</code> directive in the <code class="filename">/etc/sysconfig/iptables-config</code> configuration file is changed from its default value to <code class="command">yes</code>, current rules are saved to <code class="filename">/etc/sysconfig/iptables</code> and any existing rules are moved to the file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Section 3.9.4.1, “IPTables Control Scripts Configuration File”</a> for more information about the <code class="filename">iptables-config</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">status</code> — Displays the status of the firewall and lists all active rules.
+ </div><div class="para">
+ The default configuration for this option displays IP addresses in each rule. To display domain and hostname information, edit the <code class="filename">/etc/sysconfig/iptables-config</code> file and change the value of <code class="command">IPTABLES_STATUS_NUMERIC</code> to <code class="command">no</code>. Refer to <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Section 3.9.4.1, “IPTables Control Scripts Configuration File”</a> for more information about the <code class="filename">iptables-config</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">panic</code> — Flushes all firewall rules. The policy of all configured tables is set to <code class="command">DROP</code>.
+ </div><div class="para">
+ This option could be useful if a server is known to be compromised. Rather than physically disconnecting from the network or shutting down the system, you can use this option to stop all further network traffic but leave the machine in a state ready for analysis or other forensics.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">save</code> — Saves firewall rules to <code class="filename">/etc/sysconfig/iptables</code> using <code class="command">iptables-save</code>. Refer to <a class="xref" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">Section 3.9.3, “Saving IPTables Rules”</a> for more information.
+ </div></li></ul></div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ To use the same initscript commands to control netfilter for IPv6, substitute <code class="command">ip6tables</code> for <code class="command">iptables</code> in the <code class="command">/sbin/service</code> commands listed in this section. For more information about IPv6 and netfilter, refer to <a class="xref" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">Section 3.9.5, “IPTables and IPv6”</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">3.9.4.1. IPTables Control Scripts Configuration File</h4></div></div></div><div class="para">
+ The behavior of the <code class="command">iptables</code> initscripts is controlled by the <code class="filename">/etc/sysconfig/iptables-config</code> configuration file. The following is a list of directives contained in this file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES</code> — Specifies a space-separated list of additional <code class="command">iptables</code> modules to load when a firewall is activated. These can include connection tracking and NAT helpers.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES_UNLOAD</code> — Unloads modules on restart and stop. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — The default value. This option must be set to achieve a correct state for a firewall restart or stop.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — This option should only be set if there are problems unloading the netfilter modules.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_STOP</code> — Saves current firewall rules to <code class="filename">/etc/sysconfig/iptables</code> when the firewall is stopped. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Saves existing rules to <code class="filename">/etc/sysconfig/iptables</code> when the firewall is stopped, moving the previous version to the <code class="filename">/etc/sysconfig/iptables.save</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — The default value. Does not save existing rules when the firewall is stopped.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_RESTART</code> — Saves current firewall rules when the firewall is restarted. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Saves existing rules to <code class="filename">/etc/sysconfig/iptables</code> when the firewall is restarted, moving the previous version to the <code class="filename">/etc/sysconfig/iptables.save</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — The default value. Does not save existing rules when the firewall is restarted.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_COUNTER</code> — Saves and restores all packet and byte counters in all chains and rules. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Saves the counter values.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — The default value. Does not save the counter values.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_STATUS_NUMERIC</code> — Outputs IP addresses in numeric form instead of domain or hostnames. This directive accepts the following values:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — The default value. Returns only IP addresses within a status output.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Returns domain or hostnames within a status output.
+ </div></li></ul></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong>3.9.3. Saving IPTables Rules</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong>3.9.5. IPTables and IPv6</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html
new file mode 100644
index 0000000..9954ace
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.5. IPTables and IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="3.9.4. IPTables Control Scripts" /><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. Additional Resources" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTabl
es-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-IPTables_and_IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables and IPv6</h3></div></div></div><div class="para">
+ The <span class="application"><strong>iptables</strong></span> package includes support for the next-generation IPv6 Internet protocol. The command used to manipulate the IPv6 netfilter is <code class="command">ip6tables</code>.
+ </div><div class="para">
+ Most directives for this command are identical to those used for <code class="command">iptables</code>, except the <code class="command">nat</code> table is not yet supported. This means that it is not yet possible to perform IPv6 network address translation tasks, such as masquerading and port forwarding.
+ </div><div class="para">
+ Rules for <code class="command">ip6tables</code> are saved in the <code class="filename">/etc/sysconfig/ip6tables</code> file. Previous rules saved by the <code class="command">ip6tables</code> initscripts are saved in the <code class="filename">/etc/sysconfig/ip6tables.save</code> file.
+ </div><div class="para">
+ Configuration options for the <code class="command">ip6tables</code> init script are stored in <code class="filename">/etc/sysconfig/ip6tables-config</code>, and the names for each directive vary slightly from their <code class="command">iptables</code> counterparts.
+ </div><div class="para">
+ For example, the <code class="filename">iptables-config</code> directive <code class="command">IPTABLES_MODULES</code>:the equivalent in the <code class="filename">ip6tables-config</code> file is <code class="command">IP6TABLES_MODULES</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong>3.9.4. IPTables Control Scripts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong>3.9.6. Additional Resources</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
new file mode 100644
index 0000000..d9ae327
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.3. Saving IPTables Rules</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="3.9.2.6. Listing Options" /><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="3.9.4. IPTables Control Scripts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_
Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Saving IPTables Rules</h3></div></div></div><div class="para">
+ Rules created with the <code class="command">iptables</code> command are stored in memory. If the system is restarted before saving the <code class="command">iptables</code> rule set, all rules are lost. For netfilter rules to persist through a system reboot, they need to be saved. To save netfilter rules, type the following command as root:
+ </div><pre class="screen"><code class="command">/usr/libexec/iptables.init save </code></pre><div class="para">
+ This executes the <code class="command">iptables</code> init script, which runs the <code class="command">/sbin/iptables-save</code> program and writes the current <code class="command">iptables</code> configuration to <code class="filename">/etc/sysconfig/iptables</code>. The existing <code class="filename">/etc/sysconfig/iptables</code> file is saved as <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ The next time the system boots, the <code class="command">iptables</code> init script reapplies the rules saved in <code class="filename">/etc/sysconfig/iptables</code> by using the <code class="command">/sbin/iptables-restore</code> command.
+ </div><div class="para">
+ While it is always a good idea to test a new <code class="command">iptables</code> rule before committing it to the <code class="filename">/etc/sysconfig/iptables</code> file, it is possible to copy <code class="command">iptables</code> rules into this file from another system's version of this file. This provides a quick way to distribute sets of <code class="command">iptables</code> rules to multiple machines.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ If distributing the <code class="filename">/etc/sysconfig/iptables</code> file to other machines, type <code class="command">/sbin/service iptables restart</code> for the new rules to take effect.
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Note the difference between the <code class="command">iptables</code> <span class="emphasis"><em>command</em></span> (<code class="command">/sbin/iptables</code>), which is used to manipulate the tables and chains that constitute the <code class="command">iptables</code> functionality, and the <code class="command">iptables</code> <span class="emphasis"><em>service</em></span> (<code class="command">/sbin/iptables service</code>), which is used to enable and disable the <code class="command">iptables</code> service itself.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong>3.9.2.6. Listing Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong>3.9.4. IPTables Control Scripts</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html
new file mode 100644
index 0000000..88d4fee
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9. IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="3.8.9.3. Related Documentation" /><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Command Options for IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-IPTables" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-IPTables">3.9. IPTables</h2></div></div></div><div class="para">
+ Included with Fedora are advanced tools for network <em class="firstterm">packet filtering</em> — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Kernel versions prior to 2.4 relied on <code class="command">ipchains</code> for packet filtering and used lists of rules applied to packets at each step of the filtering process. The 2.4 kernel introduced <code class="command">iptables</code> (also called <em class="firstterm">netfilter</em>), which is similar to <code class="command">ipchains</code> but greatly expands the scope and control available for filtering network packets.
+ </div><div class="para">
+ This chapter focuses on packet filtering basics, explains various options available with <code class="command">iptables</code> commands, and explains how filtering rules can be preserved between system reboots.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-IPTables-Additional_Resources.html">Section 3.9.6, “Additional Resources”</a> for instructions on how to construct <code class="command">iptables</code> rules and setting up a firewall based on these rules.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The default firewall mechanism in the 2.4 and later kernels is <code class="command">iptables</code>, but <code class="command">iptables</code> cannot be used if <code class="command">ipchains</code> is already running. If <code class="command">ipchains</code> is present at boot time, the kernel issues an error and fails to start <code class="command">iptables</code>.
+ </div><div class="para">
+ The functionality of <code class="command">ipchains</code> is not affected by these errors.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables-Packet_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Packet Filtering</h3></div></div></div><div class="para">
+ The Linux kernel uses the <span class="application"><strong>Netfilter</strong></span> facility to filter packets, allowing some of them to be received by or pass through the system while stopping others. This facility is built in to the Linux kernel, and has three built-in <em class="firstterm">tables</em> or <em class="firstterm">rules lists</em>, as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">filter</code> — The default table for handling network packets.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">nat</code> — Used to alter packets that create a new connection and used for <em class="firstterm">Network Address Translation</em> (<em class="firstterm">NAT</em>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">mangle</code> — Used for specific types of packet alteration.
+ </div></li></ul></div><div class="para">
+ Each table has a group of built-in <em class="firstterm">chains</em>, which correspond to the actions performed on the packet by <code class="command">netfilter</code>.
+ </div><div class="para">
+ The built-in chains for the <code class="option">filter</code> table are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Applies to network packets that are targeted for the host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Applies to locally-generated network packets.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Applies to network packets routed through the host.
+ </div></li></ul></div><div class="para">
+ The built-in chains for the <code class="option">nat</code> table are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Alters network packets when they arrive.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Alters locally-generated network packets before they are sent out.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Alters network packets before they are sent out.
+ </div></li></ul></div><div class="para">
+ The built-in chains for the <code class="option">mangle</code> table are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Alters network packets targeted for the host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Alters locally-generated network packets before they are sent out.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Alters network packets routed through the host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Alters incoming network packets before they are routed.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Alters network packets before they are sent out.
+ </div></li></ul></div><div class="para">
+ Every network packet received by or sent from a Linux system is subject to at least one table. However, a packet may be subjected to multiple rules within each table before emerging at the end of the chain. The structure and purpose of these rules may vary, but they usually seek to identify a packet coming from or going to a particular IP address, or set of addresses, when using a particular protocol and network service.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ By default, firewall rules are saved in the <code class="filename">/etc/sysconfig/iptables</code> or <code class="filename">/etc/sysconfig/ip6tables</code> files.
+ </div><div class="para">
+ The <code class="command">iptables</code> service starts before any DNS-related services when a Linux system is booted. This means that firewall rules can only reference numeric IP addresses (for example, 192.168.0.1). Domain names (for example, host.example.com) in such rules produce errors.
+ </div></div></div><div class="para">
+ Regardless of their destination, when packets match a particular rule in one of the tables, a <em class="firstterm">target</em> or action is applied to them. If the rule specifies an <code class="command">ACCEPT</code> target for a matching packet, the packet skips the rest of the rule checks and is allowed to continue to its destination. If a rule specifies a <code class="command">DROP</code> target, that packet is refused access to the system and nothing is sent back to the host that sent the packet. If a rule specifies a <code class="command">QUEUE</code> target, the packet is passed to user-space. If a rule specifies the optional <code class="command">REJECT</code> target, the packet is dropped, but an error packet is sent to the packet's originator.
+ </div><div class="para">
+ Every chain has a default policy to <code class="command">ACCEPT</code>, <code class="command">DROP</code>, <code class="command">REJECT</code>, or <code class="command">QUEUE</code>. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy.
+ </div><div class="para">
+ The <code class="command">iptables</code> command configures these tables, as well as sets up new tables if necessary.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong>3.8.9.3. Related Documentation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong>3.9.2. Command Options for IPTables</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
new file mode 100644
index 0000000..a7c0a16
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.4. Additional Match Option Modules</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables Match Options" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="3.9.2.4.3. ICMP Protocol" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="3.9.2.5. Target Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">3.9.2.4.4. Additional Match Option Modules</h5></div></div></div><div class="para">
+ Additional match options are available through modules loaded by the <code class="command">iptables</code> command.
+ </div><div class="para">
+ To use a match option module, load the module by name using the <code class="option">-m <em class="replaceable"><code><module-name></code></em></code>, where <em class="replaceable"><code><module-name></code></em> is the name of the module.
+ </div><div class="para">
+ Many modules are available by default. You can also create modules to provide additional functionality.
+ </div><div class="para">
+ The following is a partial list of the most commonly used modules:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">limit</code> module — Places limits on how many packets are matched to a particular rule.
+ </div><div class="para">
+ When used in conjunction with the <code class="command">LOG</code> target, the <code class="option">limit</code> module can prevent a flood of matching packets from filling up the system log with repetitive messages or using up system resources.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html">Section 3.9.2.5, “Target Options”</a> for more information about the <code class="command">LOG</code> target.
+ </div><div class="para">
+ The <code class="option">limit</code> module enables the following options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--limit</code> — Sets the maximum number of matches for a particular time period, specified as a <code class="option"><em class="replaceable"><code><value>/<period></code></em></code> pair. For example, using <code class="option">--limit 5/hour</code> allows five rule matches per hour.
+ </div><div class="para">
+ Periods can be specified in seconds, minutes, hours, or days.
+ </div><div class="para">
+ If a number and time modifier are not used, the default value of <code class="option">3/hour</code> is assumed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--limit-burst</code> — Sets a limit on the number of packets able to match a rule at one time.
+ </div><div class="para">
+ This option is specified as an integer and should be used in conjunction with the <code class="option">--limit</code> option.
+ </div><div class="para">
+ If no value is specified, the default value of five (5) is assumed.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">state</code> module — Enables state matching.
+ </div><div class="para">
+ The <code class="option">state</code> module enables the following options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--state</code> — match a packet with the following connection states:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — The matching packet is associated with other packets in an established connection. You need to accept this state if you want to maintain a connection between a client and a server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — The matching packet cannot be tied to a known connection.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — The matching packet is either creating a new connection or is part of a two-way connection not previously seen. You need to accept this state if you want to allow new connections to a service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — The matching packet is starting a new connection related in some way to an existing connection. An example of this is FTP, which uses one connection for control traffic (port 21), and a separate connection for data transfer (port 20).
+ </div></li></ul></div><div class="para">
+ These connection states can be used in combination with one another by separating them with commas, such as <code class="option">-m state --state INVALID,NEW</code>.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">mac</code> module — Enables hardware MAC address matching.
+ </div><div class="para">
+ The <code class="option">mac</code> module enables the following option:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--mac-source</code> — Matches a MAC address of the network interface card that sent the packet. To exclude a MAC address from a rule, place an exclamation point character (<code class="option">!</code>) after the <code class="option">--mac-source</code> match option.
+ </div></li></ul></div></li></ul></div><div class="para">
+ Refer to the <code class="command">iptables</code> man page for more match options available through modules.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong>3.9.2.4.3. ICMP Protocol</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong>3.9.2.5. Target Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
new file mode 100644
index 0000000..56324d2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.3. ICMP Protocol</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables Match Options" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="3.9.2.4.2. UDP Protocol" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="3.9.2.4.4. Additional Match Option Modules" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">3.9.2.4.3. ICMP Protocol</h5></div></div></div><div class="para">
+ The following match options are available for the Internet Control Message Protocol (ICMP) (<code class="option">-p icmp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--icmp-type</code> — Sets the name or number of the ICMP type to match with the rule. A list of valid ICMP names can be retrieved by typing the <code class="command">iptables -p icmp -h</code> command.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong>3.9.2.4.2. UDP Protocol</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong>3.9.2.4.4. Additional Match Option Modules</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
new file mode 100644
index 0000000..58ac665
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.2. UDP Protocol</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables Match Options" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables Match Options" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="3.9.2.4.3. ICMP Protocol" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">3.9.2.4.2. UDP Protocol</h5></div></div></div><div class="para">
+ These match options are available for the UDP protocol (<code class="option">-p udp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Specifies the destination port of the UDP packet, using the service name, port number, or range of port numbers. The <code class="option">--destination-port</code> match option is synonymous with <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Specifies the source port of the UDP packet, using the service name, port number, or range of port numbers. The <code class="option">--source-port</code> match option is synonymous with <code class="option">--sport</code>.
+ </div></li></ul></div><div class="para">
+ For the <code class="option">--dport</code> and <code class="option">--sport</code> options, to specify a range of port numbers, separate the two numbers with a colon (:). For example: <code class="option">-p tcp --dport 3000:3200</code>. The largest acceptable valid range is 0:65535.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong>3.9.2.4. IPTables Match Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong>3.9.2.4.3. ICMP Protocol</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html
new file mode 100644
index 0000000..bf14d5c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.10. Additional Resources</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="3.7.9. Setting Up Cross Realm Authentication" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="3.7.10.2. Useful Kerberos Websites" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Additional Resources</h3></div></div></div><div class="para">
+ For more information about Kerberos, refer to the following resources.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">3.7.10.1. Installed Kerberos Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The <em class="citetitle">Kerberos V5 Installation Guide</em> and the <em class="citetitle">Kerberos V5 System Administrator's Guide</em> in PostScript and HTML formats. These can be found in the <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code> directory (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="command">krb5-server</code> package installed on your system).
+ </div></li><li class="listitem"><div class="para">
+ The <em class="citetitle">Kerberos V5 UNIX User's Guide</em> in PostScript and HTML formats. These can be found in the <code class="filename">/usr/share/doc/krb5-workstation-<em class="replaceable"><code><version-number></code></em>/</code> directory (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="command">krb5-workstation</code> package installed on your system).
+ </div></li><li class="listitem"><div class="para">
+ Kerberos man pages — There are a number of man pages for the various applications and configuration files involved with a Kerberos implementation. The following is a list of some of the more important man pages.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Client Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kerberos</code> — An introduction to the Kerberos system which describes how credentials work and provides recommendations for obtaining and destroying Kerberos tickets. The bottom of the man page references a number of related man pages.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kinit</code> — Describes how to use this command to obtain and cache a ticket-granting ticket.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdestroy</code> — Describes how to use this command to destroy Kerberos credentials.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man klist</code> — Describes how to use this command to list cached Kerberos credentials.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Administrative Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kadmin</code> — Describes how to use this command to administer the Kerberos V5 database.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdb5_util</code> — Describes how to use this command to create and perform low-level administrative functions on the Kerberos V5 database.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Server Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5kdc</code> — Describes available command line options for the Kerberos V5 KDC.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kadmind</code> — Describes available command line options for the Kerberos V5 administration server.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Configuration Files</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5.conf</code> — Describes the format and options available within the configuration file for the Kerberos V5 library.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdc.conf</code> — Describes the format and options available within the configuration file for the Kerberos V5 AS and KDC.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong>3.7.9. Setting Up Cross Realm Authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong>3.7.10.2. Useful Kerberos Websites</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
new file mode 100644
index 0000000..58dbf54
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.6. Configuring a Kerberos 5 Client</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="3.7.5. Configuring a Kerberos 5 Server" /><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="3.7.7. Domain-to-Realm Mapping" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-S
ecurity_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configuring a Kerberos 5 Client</h3></div></div></div><div class="para">
+ Setting up a Kerberos 5 client is less involved than setting up a server. At a minimum, install the client packages and provide each client with a valid <code class="filename">krb5.conf</code> configuration file. While <code class="command">ssh</code> and <code class="command">slogin</code> are the preferred method of remotely logging in to client systems, Kerberized versions of <code class="command">rsh</code> and <code class="command">rlogin</code> are still available, though deploying them requires that a few more configuration changes be made.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Be sure that time synchronization is in place between the Kerberos client and the KDC. Refer to <a class="xref" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">Section 3.7.5, “Configuring a Kerberos 5 Server”</a> for more information. In addition, verify that DNS is working properly on the Kerberos client before configuring the Kerberos client programs.
+ </div></li><li class="step"><div class="para">
+ Install the <code class="filename">krb5-libs</code> and <code class="filename">krb5-workstation</code> packages on all of the client machines. Supply a valid <code class="filename">/etc/krb5.conf</code> file for each client (usually this can be the same <code class="filename">krb5.conf</code> file used by the KDC).
+ </div></li><li class="step"><div class="para">
+ Before a workstation in the realm can use Kerberos to authenticate users who connect using <code class="command">ssh</code> or Kerberized <code class="command">rsh</code> or <code class="command">rlogin</code>, it must have its own host principal in the Kerberos database. The <code class="command">sshd</code>, <code class="command">kshd</code>, and <code class="command">klogind</code> server programs all need access to the keys for the <span class="emphasis"><em>host</em></span> service's principal. Additionally, in order to use the kerberized <code class="command">rsh</code> and <code class="command">rlogin</code> services, that workstation must have the <code class="filename">xinetd</code> package installed.
+ </div><div class="para">
+ Using <code class="command">kadmin</code>, add a host principal for the workstation on the KDC. The instance in this case is the hostname of the workstation. Use the <code class="command">-randkey</code> option for the <code class="command">kadmin</code>'s <code class="command">addprinc</code> command to create the principal and assign it a random key:
+ </div><pre class="screen">addprinc -randkey host/<em class="replaceable"><code>blah.example.com</code></em></pre><div class="para">
+ Now that the principal has been created, keys can be extracted for the workstation by running <code class="command">kadmin</code> <span class="emphasis"><em>on the workstation itself</em></span>, and using the <code class="command">ktadd</code> command within <code class="command">kadmin</code>:
+ </div><pre class="screen">ktadd -k /etc/krb5.keytab host/<em class="replaceable"><code>blah.example.com</code></em></pre></li><li class="step"><div class="para">
+ To use other kerberized network services, they must first be started. Below is a list of some common kerberized services and instructions about enabling them:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — OpenSSH uses GSS-API to authenticate users to servers if the client's and server's configuration both have <code class="option">GSSAPIAuthentication</code> enabled. If the client also has <code class="option">GSSAPIDelegateCredentials</code> enabled, the user's credentials are made available on the remote system.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rsh</code> and <code class="command">rlogin</code> — To use the kerberized versions of <code class="command">rsh</code> and <code class="command">rlogin</code>, enable <code class="command">klogin</code>, <code class="command">eklogin</code>, and <code class="command">kshell</code>.
+ </div></li><li class="listitem"><div class="para">
+ Telnet — To use kerberized Telnet, <code class="command">krb5-telnet</code> must be enabled.
+ </div></li><li class="listitem"><div class="para">
+ FTP — To provide FTP access, create and extract a key for the principal with a root of <code class="computeroutput">ftp</code>. Be certain to set the instance to the fully qualified hostname of the FTP server, then enable <code class="command">gssftp</code>.
+ </div></li><li class="listitem"><div class="para">
+ IMAP — To use a kerberized IMAP server, the <code class="filename">cyrus-imap</code> package uses Kerberos 5 if it also has the <code class="filename">cyrus-sasl-gssapi</code> package installed. The <code class="filename">cyrus-sasl-gssapi</code> package contains the Cyrus SASL plugins which support GSS-API authentication. Cyrus IMAP should function properly with Kerberos as long as the <code class="command">cyrus</code> user is able to find the proper key in <code class="filename">/etc/krb5.keytab</code>, and the root for the principal is set to <code class="command">imap</code> (created with <code class="command">kadmin</code>).
+ </div><div class="para">
+ An alternative to <code class="filename">cyrus-imap</code> can be found in the <code class="command">dovecot</code> package, which is also included in Fedora. This package contains an IMAP server but does not, to date, support GSS-API and Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ CVS — To use a kerberized CVS server, <code class="command">gserver</code> uses a principal with a root of <code class="computeroutput">cvs</code> and is otherwise identical to the CVS <code class="command">pserver</code>.
+ </div></li></ul></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong>3.7.5. Configuring a Kerberos 5 Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong>3.7.7. Domain-to-Realm Mapping</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
new file mode 100644
index 0000000..af95a1d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.5. Configuring a Kerberos 5 Server</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="3.7.4. Kerberos and PAM" /><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="3.7.6. Configuring a Kerberos 5 Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-
Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configuring a Kerberos 5 Server</h3></div></div></div><div class="para">
+ When setting up Kerberos, install the KDC first. If it is necessary to set up slave servers, install the master first.
+ </div><div class="para">
+ To configure the first Kerberos KDC, follow these steps:
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Ensure that time synchronization and DNS are functioning correctly on all client and server machines before configuring Kerberos. Pay particular attention to time synchronization between the Kerberos server and its clients. If the time difference between the server and client is greater than five minutes (this is configurable in Kerberos 5), Kerberos clients can not authenticate to the server. This time synchronization is necessary to prevent an attacker from using an old Kerberos ticket to masquerade as a valid user.
+ </div><div class="para">
+ It is advisable to set up a Network Time Protocol (NTP) compatible client/server network even if Kerberos is not being used. Fedora includes the <code class="filename">ntp</code> package for this purpose. Refer to <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="filename">ntp</code> package installed on your system) for details about how to set up Network Time Protocol servers, and <a href="http://www.ntp.org">http://www.ntp.org</a> for more information about NTP.
+ </div></li><li class="step"><div class="para">
+ Install the <code class="filename">krb5-libs</code>, <code class="filename">krb5-server</code>, and <code class="filename">krb5-workstation</code> packages on the dedicated machine which runs the KDC. This machine needs to be very secure — if possible, it should not run any services other than the KDC.
+ </div></li><li class="step"><div class="para">
+ Edit the <code class="filename">/etc/krb5.conf</code> and <code class="filename">/var/kerberos/krb5kdc/kdc.conf</code> configuration files to reflect the realm name and domain-to-realm mappings. A simple realm can be constructed by replacing instances of <em class="replaceable"><code>EXAMPLE.COM</code></em> and <em class="replaceable"><code>example.com</code></em> with the correct domain name — being certain to keep uppercase and lowercase names in the correct format — and by changing the KDC from <em class="replaceable"><code>kerberos.example.com</code></em> to the name of the Kerberos server. By convention, all realm names are uppercase and all DNS hostnames and domain names are lowercase. For full details about the formats of these configuration files, refer to their respective man pages.
+ </div></li><li class="step"><div class="para">
+ Create the database using the <code class="command">kdb5_util</code> utility from a shell prompt:
+ </div><pre class="screen">/usr/kerberos/sbin/kdb5_util create -s</pre><div class="para">
+ The <code class="command">create</code> command creates the database that stores keys for the Kerberos realm. The <code class="command">-s</code> switch forces creation of a <em class="firstterm">stash</em> file in which the master server key is stored. If no stash file is present from which to read the key, the Kerberos server (<code class="command">krb5kdc</code>) prompts the user for the master server password (which can be used to regenerate the key) every time it starts.
+ </div></li><li class="step"><div class="para">
+ Edit the <code class="filename">/var/kerberos/krb5kdc/kadm5.acl</code> file. This file is used by <code class="command">kadmind</code> to determine which principals have administrative access to the Kerberos database and their level of access. Most organizations can get by with a single line:
+ </div><pre class="screen">*/admin at EXAMPLE.COM *</pre><div class="para">
+ Most users are represented in the database by a single principal (with a <span class="emphasis"><em>NULL</em></span>, or empty, instance, such as <span class="emphasis"><em>joe at EXAMPLE.COM</em></span>). In this configuration, users with a second principal with an instance of <span class="emphasis"><em>admin</em></span> (for example, <span class="emphasis"><em>joe/admin at EXAMPLE.COM</em></span>) are able to wield full power over the realm's Kerberos database.
+ </div><div class="para">
+ After <code class="command">kadmind</code> has been started on the server, any user can access its services by running <code class="command">kadmin</code> on any of the clients or servers in the realm. However, only users listed in the <code class="filename">kadm5.acl</code> file can modify the database in any way, except for changing their own passwords.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="command">kadmin</code> utility communicates with the <code class="command">kadmind</code> server over the network, and uses Kerberos to handle authentication. Consequently, the first principal must already exist before connecting to the server over the network to administer it. Create the first principal with the <code class="command">kadmin.local</code> command, which is specifically designed to be used on the same host as the KDC and does not use Kerberos for authentication.
+ </div></div></div><div class="para">
+ Type the following <code class="command">kadmin.local</code> command at the KDC terminal to create the first principal:
+ </div><pre class="screen">/usr/kerberos/sbin/kadmin.local -q "addprinc <em class="replaceable"><code>username</code></em>/admin"</pre></li><li class="step"><div class="para">
+ Start Kerberos using the following commands:
+ </div><pre class="screen">/sbin/service krb5kdc start
+/sbin/service kadmin start
+/sbin/service krb524 start</pre></li><li class="step"><div class="para">
+ Add principals for the users using the <code class="command">addprinc</code> command within <code class="command">kadmin</code>. <code class="command">kadmin</code> and <code class="command">kadmin.local</code> are command line interfaces to the KDC. As such, many commands — such as <code class="command">addprinc</code> — are available after launching the <code class="command">kadmin</code> program. Refer to the <code class="command">kadmin</code> man page for more information.
+ </div></li><li class="step"><div class="para">
+ Verify that the KDC is issuing tickets. First, run <code class="command">kinit</code> to obtain a ticket and store it in a credential cache file. Next, use <code class="command">klist</code> to view the list of credentials in the cache and use <code class="command">kdestroy</code> to destroy the cache and the credentials it contains.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ By default, <code class="command">kinit</code> attempts to authenticate using the same system login username (not the Kerberos server). If that username does not correspond to a principal in the Kerberos database, <code class="command">kinit</code> issues an error message. If that happens, supply <code class="command">kinit</code> with the name of the correct principal as an argument on the command line (<code class="command">kinit <em class="replaceable"><code><principal></code></em></code>).
+ </div></div></div></li></ol></div><div class="para">
+ Once these steps are completed, the Kerberos server should be up and running.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong>3.7.4. Kerberos and PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong>3.7.6. Configuring a Kerberos 5 Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
new file mode 100644
index 0000000..8fdaae3
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.7. Domain-to-Realm Mapping</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="3.7.6. Configuring a Kerberos 5 Client" /><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="3.7.8. Setting Up Secondary KDCs" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="se
ct-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Domain-to-Realm Mapping</h3></div></div></div><div class="para">
+ When a client attempts to access a service running on a particular server, it knows the name of the service (<span class="emphasis"><em>host</em></span>) and the name of the server (<span class="emphasis"><em>foo.example.com</em></span>), but because more than one realm may be deployed on your network, it must guess at the name of the realm in which the service resides.
+ </div><div class="para">
+ By default, the name of the realm is taken to be the DNS domain name of the server, upper-cased.
+ </div><div class="literallayout"><p>foo.example.org → EXAMPLE.ORG<br />
+ foo.example.com → EXAMPLE.COM<br />
+ foo.hq.example.com → HQ.EXAMPLE.COM<br />
+</p></div><div class="para">
+ In some configurations, this will be sufficient, but in others, the realm name which is derived will be the name of a non-existant realm. In these cases, the mapping from the server's DNS domain name to the name of its realm must be specified in the <span class="emphasis"><em>domain_realm</em></span> section of the client system's <code class="filename">krb5.conf</code>. For example:
+ </div><pre class="screen">[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ The above configuration specifies two mappings. The first mapping specifies that any system in the "example.com" DNS domain belongs to the <span class="emphasis"><em>EXAMPLE.COM</em></span> realm. The second specifies that a system with the exact name "example.com" is also in the realm. (The distinction between a domain and a specific host is marked by the presence or lack of an initial ".".) The mapping can also be stored directly in DNS.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong>3.7.6. Configuring a Kerberos 5 Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong>3.7.8. Setting Up Secondary KDCs</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html
new file mode 100644
index 0000000..a840da8
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.3. How Kerberos Works</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="3.7.2. Kerberos Terminology" /><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="3.7.4. Kerberos and PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Term
inology.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-How_Kerberos_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. How Kerberos Works</h3></div></div></div><div class="para">
+ Kerberos differs from username/password authentication methods. Instead of authenticating each user to each network service, Kerberos uses symmetric encryption and a trusted third party (a KDC), to authenticate users to a suite of network services. When a user authenticates to the KDC, the KDC sends a ticket specific to that session back to the user's machine, and any Kerberos-aware services look for the ticket on the user's machine rather than requiring the user to authenticate using a password.
+ </div><div class="para">
+ When a user on a Kerberos-aware network logs in to their workstation, their principal is sent to the KDC as part of a request for a TGT from the Authentication Server. This request can be sent by the log-in program so that it is transparent to the user, or can be sent by the <code class="command">kinit</code> program after the user logs in.
+ </div><div class="para">
+ The KDC then checks for the principal in its database. If the principal is found, the KDC creates a TGT, which is encrypted using the user's key and returned to that user.
+ </div><div class="para">
+ The login or <code class="command">kinit</code> program on the client then decrypts the TGT using the user's key, which it computes from the user's password. The user's key is used only on the client machine and is <span class="emphasis"><em>not</em></span> transmitted over the network.
+ </div><div class="para">
+ The TGT is set to expire after a certain period of time (usually ten to twenty-four hours) and is stored in the client machine's credentials cache. An expiration time is set so that a compromised TGT is of use to an attacker for only a short period of time. After the TGT has been issued, the user does not have to re-enter their password until the TGT expires or until they log out and log in again.
+ </div><div class="para">
+ Whenever the user needs access to a network service, the client software uses the TGT to request a new ticket for that specific service from the TGS. The service ticket is then used to authenticate the user to that service transparently.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ The Kerberos system can be compromised if a user on the network authenticates against a non-Kerberos aware service by transmitting a password in plain text. The use of non-Kerberos aware services is highly discouraged. Such services include Telnet and FTP. The use of other encrypted protocols, such as SSH or SSL-secured services, however, is preferred, although not ideal.
+ </div></div></div><div class="para">
+ This is only a broad overview of how Kerberos authentication works. Refer to <a class="xref" href="sect-Security_Guide-Kerberos-Additional_Resources.html">Section 3.7.10, “Additional Resources”</a> for links to more in-depth information.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Kerberos depends on the following network services to function correctly.
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Approximate clock synchronization between the machines on the network.
+ </div><div class="para">
+ A clock synchronization program should be set up for the network, such as <code class="command">ntpd</code>. Refer to <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> for details on setting up Network Time Protocol servers (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="filename">ntp</code> package installed on your system).
+ </div></li><li class="listitem"><div class="para">
+ Domain Name Service (DNS).
+ </div><div class="para">
+ You should ensure that the DNS entries and hosts on the network are all properly configured. Refer to the <em class="citetitle">Kerberos V5 System Administrator's Guide</em> in <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em></code> for more information (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="filename">krb5-server</code> package installed on your system).
+ </div></li></ul></div>
+
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong>3.7.2. Kerberos Terminology</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong>3.7.4. Kerberos and PAM</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html
new file mode 100644
index 0000000..97de93b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.2. Kerberos Terminology</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="3.7.3. How Kerberos Works" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos.html"><strong>Prev</strong></a></li><li clas
s="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_Terminology"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos Terminology</h3></div></div></div><div class="para">
+ Kerberos has its own terminology to define various aspects of the service. Before learning how Kerberos works, it is important to learn the following terms.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">authentication server (AS)</span></dt><dd><div class="para">
+ A server that issues tickets for a desired service which are in turn given to users for access to the service. The AS responds to requests from clients who do not have or do not send credentials with a request. It is usually used to gain access to the ticket-granting server (TGS) service by issuing a ticket-granting ticket (TGT). The AS usually runs on the same host as the key distribution center (KDC).
+ </div></dd><dt class="varlistentry"><span class="term">ciphertext</span></dt><dd><div class="para">
+ Encrypted data.
+ </div></dd><dt class="varlistentry"><span class="term">client</span></dt><dd><div class="para">
+ An entity on the network (a user, a host, or an application) that can receive a ticket from Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">credentials</span></dt><dd><div class="para">
+ A temporary set of electronic credentials that verify the identity of a client for a particular service. Also called a ticket.
+ </div></dd><dt class="varlistentry"><span class="term">credential cache or ticket file</span></dt><dd><div class="para">
+ A file which contains the keys for encrypting communications between a user and various network services. Kerberos 5 supports a framework for using other cache types, such as shared memory, but files are more thoroughly supported.
+ </div></dd><dt class="varlistentry"><span class="term">crypt hash</span></dt><dd><div class="para">
+ A one-way hash used to authenticate users. These are more secure than using unencrypted data, but they are still relatively easy to decrypt for an experienced cracker.
+ </div></dd><dt class="varlistentry"><span class="term">GSS-API</span></dt><dd><div class="para">
+ The Generic Security Service Application Program Interface (defined in RFC-2743 published by The Internet Engineering Task Force) is a set of functions which provide security services. This API is used by clients and services to authenticate to each other without either program having specific knowledge of the underlying mechanism. If a network service (such as cyrus-IMAP) uses GSS-API, it can authenticate using Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">hash</span></dt><dd><div class="para">
+ Also known as a <em class="firstterm">hash value</em>. A value generated by passing a string through a <em class="firstterm">hash function</em>. These values are typically used to ensure that transmitted data has not been tampered with.
+ </div></dd><dt class="varlistentry"><span class="term">hash function</span></dt><dd><div class="para">
+ A way of generating a digital "fingerprint" from input data. These functions rearrange, transpose or otherwise alter data to produce a <em class="firstterm">hash value</em>.
+ </div></dd><dt class="varlistentry"><span class="term">key</span></dt><dd><div class="para">
+ Data used when encrypting or decrypting other data. Encrypted data cannot be decrypted without the proper key or extremely good fortune on the part of the cracker.
+ </div></dd><dt class="varlistentry"><span class="term">key distribution center (KDC)</span></dt><dd><div class="para">
+ A service that issues Kerberos tickets, and which usually run on the same host as the ticket-granting server (TGS).
+ </div></dd><dt class="varlistentry"><span class="term">keytab (or key table)</span></dt><dd><div class="para">
+ A file that includes an unencrypted list of principals and their keys. Servers retrieve the keys they need from keytab files instead of using <code class="command">kinit</code>. The default keytab file is <code class="filename">/etc/krb5.keytab</code>. The KDC administration server, <code class="command">/usr/kerberos/sbin/kadmind</code>, is the only service that uses any other file (it uses <code class="filename">/var/kerberos/krb5kdc/kadm5.keytab</code>).
+ </div></dd><dt class="varlistentry"><span class="term">kinit</span></dt><dd><div class="para">
+ The <code class="command">kinit</code> command allows a principal who has already logged in to obtain and cache the initial ticket-granting ticket (TGT). Refer to the <code class="command">kinit</code> man page for more information.
+ </div></dd><dt class="varlistentry"><span class="term">principal (or principal name)</span></dt><dd><div class="para">
+ The principal is the unique name of a user or service allowed to authenticate using Kerberos. A principal follows the form <code class="computeroutput">root[/instance]@REALM</code>. For a typical user, the root is the same as their login ID. The <code class="computeroutput">instance</code> is optional. If the principal has an instance, it is separated from the root with a forward slash ("/"). An empty string ("") is considered a valid instance (which differs from the default <code class="computeroutput">NULL</code> instance), but using it can be confusing. All principals in a realm have their own key, which for users is derived from a password or is randomly set for services.
+ </div></dd><dt class="varlistentry"><span class="term">realm</span></dt><dd><div class="para">
+ A network that uses Kerberos, composed of one or more servers called KDCs and a potentially large number of clients.
+ </div></dd><dt class="varlistentry"><span class="term">service</span></dt><dd><div class="para">
+ A program accessed over the network.
+ </div></dd><dt class="varlistentry"><span class="term">ticket</span></dt><dd><div class="para">
+ A temporary set of electronic credentials that verify the identity of a client for a particular service. Also called credentials.
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting server (TGS)</span></dt><dd><div class="para">
+ A server that issues tickets for a desired service which are in turn given to users for access to the service. The TGS usually runs on the same host as the KDC.
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting ticket (TGT)</span></dt><dd><div class="para">
+ A special ticket that allows the client to obtain additional tickets without applying for them from the KDC.
+ </div></dd><dt class="varlistentry"><span class="term">unencrypted password</span></dt><dd><div class="para">
+ A plain text, human-readable password.
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos.html"><strong>Prev</strong>3.7. Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong>3.7.3. How Kerberos Works</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
new file mode 100644
index 0000000..40f7155
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.4. Kerberos and PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="3.7.3. How Kerberos Works" /><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="3.7.5. Configuring a Kerberos 5 Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Gu
ide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos and PAM</h3></div></div></div><div class="para">
+ Kerberos-aware services do not currently make use of Pluggable Authentication Modules (PAM) — these services bypass PAM completely. However, applications that use PAM can make use of Kerberos for authentication if the <code class="filename">pam_krb5</code> module (provided in the <code class="filename">pam_krb5</code> package) is installed. The <code class="filename">pam_krb5</code> package contains sample configuration files that allow services such as <code class="command">login</code> and <code class="command">gdm</code> to authenticate users as well as obtain initial credentials using their passwords. If access to network servers is always performed using Kerberos-aware services or services that use GSS-API, such as IMAP, the network can be considered reasonably safe.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Administrators should be careful not to allow users to authenticate to most network services using Kerberos passwords. Many protocols used by these services do not encrypt the password before sending it over the network, destroying the benefits of the Kerberos system. For example, users should not be allowed to authenticate to Telnet services with the same password they use for Kerberos authentication.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong>3.7.3. How Kerberos Works</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong>3.7.5. Configuring a Kerberos 5 Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
new file mode 100644
index 0000000..21d1d5c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.9. Setting Up Cross Realm Authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="3.7.8. Setting Up Secondary KDCs" /><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. Additional Resources" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Ker
beros-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Setting Up Cross Realm Authentication</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>Cross-realm authentication</em></span> is the term which is used to describe situations in which clients (typically users) of one realm use Kerberos to authenticate to services (typically server processes running on a particular server system) which belong to a realm other than their own.
+ </div><div class="para">
+ For the simplest case, in order for a client of a realm named <code class="literal">A.EXAMPLE.COM</code> to access a service in the <code class="literal">B.EXAMPLE.COM</code> realm, both realms must share a key for a principal named <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code>, and both keys must have the same key version number associated with them.
+ </div><div class="para">
+ To accomplish this, select a very strong password or passphrase, and create an entry for the principal in both realms using kadmin.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong></p></div><div class="para">
+ Use the <code class="command">get_principal</code> command to verify that both entries have matching key version numbers (<code class="literal">kvno</code> values) and encryption types.
+ </div><div class="important"><div class="admonition_header"><h2>Dumping the Database Doesn't Do It</h2></div><div class="admonition"><div class="para">
+ Security-conscious administrators may attempt to use the <code class="command">add_principal</code> command's <code class="literal">-randkey</code> option to assign a random key instead of a password, dump the new entry from the database of the first realm, and import it into the second. This will not work unless the master keys for the realm databases are identical, as the keys contained in a database dump are themselves encrypted using the master key.
+ </div></div></div><div class="para">
+ Clients in the <code class="literal">A.EXAMPLE.COM</code> realm are now able to authenticate to services in the <code class="literal">B.EXAMPLE.COM</code> realm. Put another way, the <code class="literal">B.EXAMPLE.COM</code> realm now <span class="emphasis"><em>trusts</em></span> the <code class="literal">A.EXAMPLE.COM</code> realm, or phrased even more simply, <code class="literal">B.EXAMPLE.COM</code> now <span class="emphasis"><em>trusts</em></span> <code class="literal">A.EXAMPLE.COM</code>.
+ </div><div class="para">
+ This brings us to an important point: cross-realm trust is unidirectional by default. The KDC for the <code class="literal">B.EXAMPLE.COM</code> realm may trust clients from the <code class="literal">A.EXAMPLE.COM</code> to authenticate to services in the <code class="literal">B.EXAMPLE.COM</code> realm, but the fact that it does has no effect on whether or not clients in the <code class="literal">B.EXAMPLE.COM</code> realm are trusted to authenticate to services in the <code class="literal">A.EXAMPLE.COM</code> realm. To establish trust in the other direction, both realms would need to share keys for the <code class="literal">krbtgt/A.EXAMPLE.COM at B.EXAMPLE.COM</code> service (take note of the reversed in order of the two realms compared to the example above).
+ </div><div class="para">
+ If direct trust relationships were the only method for providing trust between realms, networks which contain multiple realms would be very difficult to set up. Luckily, cross-realm trust is transitive. If clients from <code class="literal">A.EXAMPLE.COM</code> can authenticate to services in <code class="literal">B.EXAMPLE.COM</code>, and clients from <code class="literal">B.EXAMPLE.COM</code> can authenticate to services in <code class="literal">C.EXAMPLE.COM</code>, then clients in <code class="literal">A.EXAMPLE.COM</code> can also authenticate to services in <code class="literal">C.EXAMPLE.COM</code>, <span class="emphasis"><em>even if <code class="literal">C.EXAMPLE.COM</code> doesn't directly trust <code class="literal">A.EXAMPLE.COM</code></em></span>. This means that, on a network with multiple realms which all need to trust each other, making good choices about which trust relationships to set up can greatly reduce the amount of effort required.
+ </div><div class="para">
+ Now you face the more conventional problems: the client's system must be configured so that it can properly deduce the realm to which a particular service belongs, and it must be able to determine how to obtain credentials for services in that realm.
+ </div><div class="para">
+ First things first: the principal name for a service provided from a specific server system in a given realm typically looks like this:
+ </div><div class="literallayout"><p>service/server.example.com at EXAMPLE.COM</p></div><div class="para">
+ In this example, <span class="emphasis"><em>service</em></span> is typically either the name of the protocol in use (other common values include <span class="emphasis"><em>ldap</em></span>, <span class="emphasis"><em>imap</em></span>, <span class="emphasis"><em>cvs</em></span>, and <span class="emphasis"><em>HTTP</em></span>) or <span class="emphasis"><em>host</em></span>, <span class="emphasis"><em>server.example.com</em></span> is the fully-qualified domain name of the system which runs the service, and <code class="literal">EXAMPLE.COM</code> is the name of the realm.
+ </div><div class="para">
+ To deduce the realm to which the service belongs, clients will most often consult DNS or the <code class="literal">domain_realm</code> section of <code class="filename">/etc/krb5.conf</code> to map either a hostname (<span class="emphasis"><em>server.example.com</em></span>) or a DNS domain name (<span class="emphasis"><em>.example.com</em></span>) to the name of a realm (<span class="emphasis"><em>EXAMPLE.COM</em></span>).
+ </div><div class="para">
+ Having determined which to which realm a service belongs, a client then has to determine the set of realms which it needs to contact, and in which order it must contact them, to obtain credentials for use in authenticating to the service.
+ </div><div class="para">
+ This can be done in one of two ways.
+ </div><div class="para">
+ The default method, which requires no explicit configuration, is to give the realms names within a shared hierarchy. For an example, assume realms named <code class="literal">A.EXAMPLE.COM</code>, <code class="literal">B.EXAMPLE.COM</code>, and <code class="literal">EXAMPLE.COM</code>. When a client in the <code class="literal">A.EXAMPLE.COM</code> realm attempts to authenticate to a service in <code class="literal">B.EXAMPLE.COM</code>, it will, by default, first attempt to get credentials for the <code class="literal">EXAMPLE.COM</code> realm, and then to use those credentials to obtain credentials for use in the <code class="literal">B.EXAMPLE.COM</code> realm.
+ </div><div class="para">
+ The client in this scenario treats the realm name as one might treat a DNS name. It repeatedly strips off the components of its own realm's name to generate the names of realms which are "above" it in the hierarchy until it reaches a point which is also "above" the service's realm. At that point it begins prepending components of the service's realm name until it reaches the service's realm. Each realm which is involved in the process is another "hop".
+ </div><div class="para">
+ For example, using credentials in <code class="literal">A.EXAMPLE.COM</code>, authenticating to a service in <code class="literal">B.EXAMPLE.COM</code><code class="literal">A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM </code> <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> and <code class="literal">EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EXAMPLE.COM at A.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> and <code class="literal">B.EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/B.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Another example, using credentials in <code class="literal">SITE1.SALES.EXAMPLE.COM</code>, authenticating to a service in <code class="literal">EVERYWHERE.EXAMPLE.COM</code><code class="literal">SITE1.SALES.EXAMPLE.COM → SALES.EXAMPLE.COM → EXAMPLE.COM → EVERYWHERE.EXAMPLE.COM </code> <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">SITE1.SALES.EXAMPLE.COM</code> and <code class="literal">SALES.EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/SALES.EXAMPLE.COM at SITE1.SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">SALES.EXAMPLE.COM</code> and <code class="literal">EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EXAMPLE.COM at SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> and <code class="literal">EVERYWHERE.EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EVERYWHERE.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Another example, this time using realm names whose names share no common suffix (<code class="literal">DEVEL.EXAMPLE.COM</code> and <code class="literal">PROD.EXAMPLE.ORG</code><code class="literal"> DEVEL.EXAMPLE.COM → EXAMPLE.COM → COM → ORG → EXAMPLE.ORG → PROD.EXAMPLE.ORG </code> <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">DEVEL.EXAMPLE.COM</code> and <code class="literal">EXAMPLE.COM</code> share a key for <code class="literal">krbtgt/EXAMPLE.COM at DEVEL.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> and <code class="literal">COM</code> share a key for <code class="literal">krbtgt/COM at EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">COM</code> and <code class="literal">ORG</code> share a key for <code class="literal">krbtgt/ORG at COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">ORG</code> and <code class="literal">EXAMPLE.ORG</code> share a key for <code class="literal">krbtgt/EXAMPLE.ORG at ORG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.ORG</code> and <code class="literal">PROD.EXAMPLE.ORG</code> share a key for <code class="literal">krbtgt/PROD.EXAMPLE.ORG at EXAMPLE.ORG</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ The more complicated, but also more flexible, method involves configuring the <code class="literal">capaths</code> section of <code class="filename">/etc/krb5.conf</code>, so that clients which have credentials for one realm will be able to look up which realm is next in the chain which will eventually lead to the being able to authenticate to servers.
+ </div><div class="para">
+ The format of the <code class="literal">capaths</code> section is relatively straightforward: each entry in the section is named after a realm in which a client might exist. Inside of that subsection, the set of intermediate realms from which the client must obtain credentials is listed as values of the key which corresponds to the realm in which a service might reside. If there are no intermediate realms, the value "." is used.
+ </div><div class="para">
+ Here's an example:
+ </div><div class="literallayout"><p> [capaths]<br />
+ A.EXAMPLE.COM = {<br />
+ B.EXAMPLE.COM = .<br />
+ C.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = C.EXAMPLE.COM<br />
+ }<br />
+<br />
+</p></div><div class="para">
+ In this example, clients in the <code class="literal">A.EXAMPLE.COM</code> realm can obtain cross-realm credentials for <code class="literal">B.EXAMPLE.COM</code> directly from the <code class="literal">A.EXAMPLE.COM</code> KDC.
+ </div><div class="para">
+ If those clients wish to contact a service in the<code class="literal">C.EXAMPLE.COM</code> realm, they will first need to obtain necessary credentials from the <code class="literal">B.EXAMPLE.COM</code> realm (this requires that <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code> exist), and then use <code class="literal">those</code> credentials to obtain credentials for use in the <code class="literal">C.EXAMPLE.COM</code> realm (using <code class="literal">krbtgt/C.EXAMPLE.COM at B.EXAMPLE.COM</code>).
+ </div><div class="para">
+ If those clients wish to contact a service in the <code class="literal">D.EXAMPLE.COM</code> realm, they will first need to obtain necessary credentials from the <code class="literal">B.EXAMPLE.COM</code> realm, and then credentials from the <code class="literal">C.EXAMPLE.COM</code> realm, before finally obtaining credentials for use with the <code class="literal">D.EXAMPLE.COM</code> realm.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Without a capath entry indicating otherwise, Kerberos assumes that cross-realm trust relationships form a hierarchy.
+ </div><div class="para">
+ Clients in the <code class="literal">A.EXAMPLE.COM</code> realm can obtain cross-realm credentials from <code class="literal">B.EXAMPLE.COM</code> realm directly. Without the "." indicating this, the client would instead attempt to use a hierarchical path, in this case:
+ </div><div class="literallayout"><p> A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM<br />
+<br />
+</p></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong>3.7.8. Setting Up Secondary KDCs</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong>3.7.10. Additional Resources</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
new file mode 100644
index 0000000..0b24abe
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.8. Setting Up Secondary KDCs</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="3.7.7. Domain-to-Realm Mapping" /><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="3.7.9. Setting Up Cross Realm Authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Setting Up Secondary KDCs</h3></div></div></div><div class="para">
+ For a number of reasons, you may choose to run multiple KDCs for a given realm. In this scenario, one KDC (the <span class="emphasis"><em>master KDC</em></span>) keeps a writable copy of the realm database and runs <code class="command">kadmind</code> (it is also your realm's <span class="emphasis"><em>admin server</em></span>), and one or more KDCs (<span class="emphasis"><em>slave KDCs</em></span>) keep read-only copies of the database and run <code class="command">kpropd</code>.
+ </div><div class="para">
+ The master-slave propagation procedure entails the master KDC dumping its database to a temporary dump file and then transmitting that file to each of its slaves, which then overwrite their previously-received read-only copies of the database with the contents of the dump file.
+ </div><div class="para">
+ To set up a slave KDC, first ensure that the master KDC's <code class="filename">krb5.conf</code> and <code class="filename">kdc.conf</code> files are copied to the slave KDC.
+ </div><div class="para">
+ Start <code class="command">kadmin.local</code> from a root shell on the master KDC and use its <code class="command">add_principal</code> command to create a new entry for the master KDC's <span class="emphasis"><em>host</em></span> service, and then use its <code class="command">ktadd</code> command to simultaneously set a random key for the service and store the random key in the master's default keytab file. This key will be used by the <code class="command">kprop</code> command to authenticate to the slave servers. You will only need to do this once, regardless of how many slave servers you install.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin.local -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal root/admin at EXAMPLE.COM with password.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/masterkdc.example.com</code></strong>
+
+Principal "host/host/masterkdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/masterkdc.example.com</code></strong>
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ Start <code class="command">kadmin</code> from a root shell on the slave KDC and use its <code class="command">add_principal</code> command to create a new entry for the slave KDC's <span class="emphasis"><em>host</em></span> service, and then use <code class="command">kadmin</code>'s <code class="command">ktadd</code> command to simultaneously set a random key for the service and store the random key in the slave's default keytab file. This key is used by the <code class="command">kpropd</code> service when authenticating clients.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -p jimbo/admin at EXAMPLE.COM -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal jimbo/admin at EXAMPLE.COM with password.
+
+<code class="prompt">Password for jimbo/admin at EXAMPLE.COM: </code>
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/slavekdc.example.com</code></strong>
+
+Principal "host/slavekdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/slavekdc.example.com at EXAMPLE.COM</code></strong>
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ With its service key, the slave KDC could authenticate any client which would connect to it. Obviously, not all of them should be allowed to provide the slave's <code class="command">kprop</code> service with a new realm database. To restrict access, the <code class="command">kprop</code> service on the slave KDC will only accept updates from clients whose principal names are listed in <code class="filename">/var/kerberos/krb5kdc/kpropd.acl</code>. Add the master KDC's host service's name to that file.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>echo host/masterkdc.example.com at EXAMPLE.COM > /var/kerberos/krb5kdc/kpropd.acl</code></strong></code></p></div><div class="para">
+ Once the slave KDC has obtained a copy of the database, it will also need the master key which was used to encrypt it. If your KDC database's master key is stored in a <span class="emphasis"><em>stash</em></span> file on the master KDC (typically named <code class="filename">/var/kerberos/krb5kdc/.k5.REALM</code>, either copy it to the slave KDC using any available secure method, or create a dummy database and identical stash file on the slave KDC by running <code class="command">kdb5_util create -s</code> (the dummy database will be overwritten by the first successful database propagation) and supplying the same password.
+ </div><div class="para">
+ Ensure that the slave KDC's firewall allows the master KDC to contact it using TCP on port 754 (<span class="emphasis"><em>krb5_prop</em></span>), and start the <code class="command">kprop</code> service. Then, double-check that the <code class="command">kadmin</code> service is <span class="emphasis"><em>disabled</em></span>.
+ </div><div class="para">
+ Now perform a manual database propagation test by dumping the realm database, on the master KDC, to the default data file which the <code class="command">kprop</code> command will read (<code class="filename">/var/kerberos/krb5kdc/slave_datatrans</code>), and then use the <code class="command">kprop</code> command to transmit its contents to the slave KDC.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>/usr/kerberos/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans</code></strong><code class="prompt">#</code> <strong class="userinput"><code>kprop slavekdc.example.com</code></strong></code></p></div><div class="para">
+ Using <code class="command">kinit</code>, verify that a client system whose <code class="filename">krb5.conf</code> lists only the slave KDC in its list of KDCs for your realm is now correctly able to obtain initial credentials from the slave KDC.
+ </div><div class="para">
+ That done, simply create a script which dumps the realm database and runs the <code class="command">kprop</code> command to transmit the database to each slave KDC in turn, and configure the <code class="command">cron</code> service to run the script periodically.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong>3.7.7. Domain-to-Realm Mapping</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong>3.7.9. Setting Up Cross Realm Authentication</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html
new file mode 100644
index 0000000..a7a06f6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7. Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="3.6.5.3. Related Books" /><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="3.7.2. Kerberos Terminology" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Kerberos" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Kerberos">3.7. Kerberos</h2></div></div></div><div class="para">
+ System security and integrity within a network can be unwieldy. It can occupy the time of several administrators just to keep track of what services are being run on a network and the manner in which these services are used.
+ </div><div class="para">
+ Further, authenticating users to network services can prove dangerous when the method used by the protocol is inherently insecure, as evidenced by the transfer of unencrypted passwords over a network using the traditional FTP and Telnet protocols.
+ </div><div class="para">
+ Kerberos is a way to eliminate the need for protocols that allow unsafe methods of authentication, thereby enhancing overall network security.
+ </div><div class="section" id="sect-Security_Guide-Kerberos-What_is_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. What is Kerberos?</h3></div></div></div><div class="para">
+ Kerberos is a network authentication protocol created by MIT, and uses symmetric-key cryptography<sup>[<a id="idm67840896" href="#ftn.idm67840896" class="footnote">14</a>]</sup> to authenticate users to network services, which means passwords are never actually sent over the network.
+ </div><div class="para">
+ Consequently, when users authenticate to network services using Kerberos, unauthorized users attempting to gather passwords by monitoring network traffic are effectively thwarted.
+ </div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">3.7.1.1. Advantages of Kerberos</h4></div></div></div><div class="para">
+ Most conventional network services use password-based authentication schemes. Such schemes require a user to authenticate to a given network server by supplying their username and password. Unfortunately, the transmission of authentication information for many services is unencrypted. For such a scheme to be secure, the network has to be inaccessible to outsiders, and all computers and users on the network must be trusted and trustworthy.
+ </div><div class="para">
+ Even if this is the case, a network that is connected to the Internet can no longer be assumed to be secure. Any attacker who gains access to the network can use a simple packet analyzer, also known as a packet sniffer, to intercept usernames and passwords, compromising user accounts and the integrity of the entire security infrastructure.
+ </div><div class="para">
+ The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords across the network. If used properly, Kerberos effectively eliminates the threat that packet sniffers would otherwise pose on a network.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos">3.7.1.2. Disadvantages of Kerberos</h4></div></div></div><div class="para">
+ Although Kerberos removes a common and severe security threat, it may be difficult to implement for a variety of reasons:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Migrating user passwords from a standard UNIX password database, such as <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>, to a Kerberos password database can be tedious, as there is no automated mechanism to perform this task. Refer to Question 2.23 in the online Kerberos FAQ:
+ </div><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#pwconvert"> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a>
+ </div></li><li class="listitem"><div class="para">
+ Kerberos has only partial compatibility with the Pluggable Authentication Modules (PAM) system used by most Fedora servers. Refer to <a class="xref" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">Section 3.7.4, “Kerberos and PAM”</a> for more information about this issue.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos assumes that each user is trusted but is using an untrusted host on an untrusted network. Its primary goal is to prevent unencrypted passwords from being transmitted across that network. However, if anyone other than the proper user has access to the one host that issues tickets used for authentication — called the <em class="firstterm">key distribution center</em> (<em class="firstterm">KDC</em>) — the entire Kerberos authentication system is at risk.
+ </div></li><li class="listitem"><div class="para">
+ For an application to use Kerberos, its source must be modified to make the appropriate calls into the Kerberos libraries. Applications modified in this way are considered to be <em class="firstterm">Kerberos-aware</em>, or <em class="firstterm">kerberized</em>. For some applications, this can be quite problematic due to the size of the application or its design. For other incompatible applications, changes must be made to the way in which the server and client communicate. Again, this may require extensive programming. Closed-source applications that do not have Kerberos support by default are often the most problematic.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos is an all-or-nothing solution. If Kerberos is used on the network, any unencrypted passwords transferred to a non-Kerberos aware service is at risk. Thus, the network gains no benefit from the use of Kerberos. To secure a network with Kerberos, one must either use Kerberos-aware versions of <span class="emphasis"><em>all</em></span> client/server applications that transmit passwords unencrypted, or not use <span class="emphasis"><em>any</em></span> such client/server applications at all.
+ </div></li></ul></div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm67840896" href="#idm67840896" class="para">14</a>] </sup>
+ A system where both the client and the server share a common key that is used to encrypt and decrypt network communication.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong>3.6.5.3. Related Books</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong>3.7.2. Kerberos Terminology</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
new file mode 100644
index 0000000..e6f9484
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.5. Links of Interest</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS Disk Encryption" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="4.2.3.4. What you have just accomplished." /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip Encrypted Archives" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" />
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">4.2.3.5. Links of Interest</h4></div></div></div><div class="para">
+ For additional information on LUKS or encrypting hard drives under Fedora please visit one of the following links:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="https://code.google.com/p/cryptsetup/">LUKS - Linux Unified Key Setup</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="https://bugzilla.redhat.com/attachment.cgi?id=161912">HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive, pvmove, and a Fedora LiveCD</a>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong>4.2.3.4. What you have just accomplished.</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong>4.2.4. 7-Zip Encrypted Archives</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
new file mode 100644
index 0000000..147d780
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.3. Step-by-Step Instructions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS Disk Encryption" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="4.2.3.2. Manually Encrypting Directories" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="4.2.3.4. What you have just accomplished." /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" a
lt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">4.2.3.3. Step-by-Step Instructions</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ enter runlevel 1: <code class="code">telinit 1</code>
+ </div></li><li class="listitem"><div class="para">
+ Fill your partition with random data: <code class="code">scrub -p random /home</code>
+ </div></li><li class="listitem"><div class="para">
+ unmount your existing /home: <code class="code"> umount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ if it fails use <code class="code">fuser</code> to find and kill processes hogging /home: <code class="code">fuser -mvk /home</code>
+ </div></li><li class="listitem"><div class="para">
+ verify /home is not mounted any longer: <code class="code">cat /proc/mounts | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ initialize your partition: <code class="code">cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home</code>
+ </div></li><li class="listitem"><div class="para">
+ open the newly encrypted device: <code class="code">cryptsetup luksOpen /dev/VG00/LV_home home</code>
+ </div></li><li class="listitem"><div class="para">
+ check it's there: <code class="code">ls -l /dev/mapper | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ create a filesystem: <code class="code">mkfs.ext3 /dev/mapper/home</code>
+ </div></li><li class="listitem"><div class="para">
+ mount it: <code class="code">mount /dev/mapper/home /home</code>
+ </div></li><li class="listitem"><div class="para">
+ check it's visible: <code class="code">df -h | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ add the following to /etc/crypttab: <code class="code">home /dev/VG00/LV_home none</code>
+ </div></li><li class="listitem"><div class="para">
+ edit your /etc/fstab, removing the old entry for /home and adding <code class="code">/dev/mapper/home /home ext3 defaults 1 2</code>
+ </div></li><li class="listitem"><div class="para">
+ verify your fstab entry: <code class="code">mount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ restore default SELinux security contexts: <code class="code">/sbin/restorecon -v -R /home</code>
+ </div></li><li class="listitem"><div class="para">
+ reboot: <code class="code">shutdown -r now</code>
+ </div></li><li class="listitem"><div class="para">
+ The entry in /etc/crypttab makes your computer ask your <code class="code">luks</code> passphrase on boot
+ </div></li><li class="listitem"><div class="para">
+ Login as root and restore your backup
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong>4.2.3.2. Manually Encrypting Directories</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong>4.2.3.4. What you have just accomplished.</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
new file mode 100644
index 0000000..fce3881
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.4. What you have just accomplished.</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS Disk Encryption" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="4.2.3.3. Step-by-Step Instructions" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="4.2.3.5. Links of Interest" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cla
ss="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">4.2.3.4. What you have just accomplished.</h4></div></div></div><div class="para">
+ Congratulations, you now have an encrypted partition for all of your data to safely rest while the computer is off.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong>4.2.3.3. Step-by-Step Instructions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong>4.2.3.5. Links of Interest</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
new file mode 100644
index 0000000..d5b2eee
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.2. Manually Encrypting Directories</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS Disk Encryption" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS Disk Encryption" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="4.2.3.3. Step-by-Step Instructions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">4.2.3.2. Manually Encrypting Directories</h4></div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Following this procedure will remove all data on the partition that you are encrypting. You WILL lose all your information! Make sure you backup your data to an external source before beginning this procedure!
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ This procedure uses <span class="package">scrub</span> to destroy the existing data on the partition and provide a random base for LUKS to use. This random base is important to prevent certain attacks against the cryptography. <span class="package">Scrub</span> is not installed by default and you will have to install it before use. Alternatively you may use another random number generator to accomplish the same thing.
+ </div></div></div><div class="para">
+ If you are running a version of Fedora prior to Fedora 9 and want to encrypt a partition, or you want to encrypt a partition after the installation of the current version of Fedora, the following directions are for you. The below example demonstrates encrypting your /home partition but any partition can be used.
+ </div><div class="para">
+ The following procedure will wipe all your existing data, so be sure to have a tested backup before you start. This also requires you to have a separate partition for /home (in my case that is /dev/VG00/LV_home). All the following must be done as root. Any of these steps failing means you must not continue until the step succeeded.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong>4.2.3. LUKS Disk Encryption</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong>4.2.3.3. Step-by-Step Instructions</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
new file mode 100644
index 0000000..18ab1be
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3. LUKS Disk Encryption</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Data in Motion" /><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="4.2.2. Secure Shell" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="4.2.3.2. Manually Encrypting Directories" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acce
sskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-LUKS_Disk_Encryption" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS Disk Encryption</h3></div></div></div><div class="para">
+ Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.
+ </div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">4.2.3.1. LUKS Implementation in Fedora</h4></div></div></div><div class="para">
+ Fedora 9, and later, utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt you hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings
+ </div><div class="para">
+ Fedora's default implementation of LUKS is AES 128 with a SHA256 hashing. Ciphers that are available are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ AES - Advanced Encryption Standard - <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">FIPS PUB 197</a>
+ </div></li><li class="listitem"><div class="para">
+ Twofish (A 128-bit Block Cipher)
+ </div></li><li class="listitem"><div class="para">
+ Serpent
+ </div></li><li class="listitem"><div class="para">
+ cast5 - <a href="http://www.ietf.org/rfc/rfc2144.txt">RFC 2144</a>
+ </div></li><li class="listitem"><div class="para">
+ cast6 - <a href="http://www.ietf.org/rfc/rfc2612.txt">RFC 2612</a>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong>4.2.2. Secure Shell</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong>4.2.3.2. Manually Encrypting Directories</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html
new file mode 100644
index 0000000..7a93ea0
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.2. Access Control</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Option Fields" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Option Fields" /><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="3.6.2.2.3. Shell Commands" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Access_Control"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">3.6.2.2.2. Access Control</h5></div></div></div><div class="para">
+ Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the <code class="option">allow</code> or <code class="option">deny</code> directive as the final option.
+ </div><div class="para">
+ For example, the following two rules allow SSH connections from <code class="systemitem">client-1.example.com</code>, but deny connections from <code class="systemitem">client-2.example.com</code>:
+ </div><pre class="screen">sshd : client-1.example.com : allow
+sshd : client-2.example.com : deny</pre><div class="para">
+ By allowing access control on a per-rule basis, the option field allows administrators to consolidate all access rules into a single file: either <code class="filename">hosts.allow</code> or <code class="filename">hosts.deny</code>. Some administrators consider this an easier way of organizing access rules.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong>3.6.2.2. Option Fields</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong>3.6.2.2.3. Shell Commands</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html
new file mode 100644
index 0000000..acdaecf
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.4. Expansions</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Option Fields" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="3.6.2.2.3. Shell Commands" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="3.6.3. xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sec
t-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Expansions"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">3.6.2.2.4. Expansions</h5></div></div></div><div class="para">
+ Expansions, when used in conjunction with the <code class="command">spawn</code> and <code class="command">twist</code> directives, provide information about the client, server, and processes involved.
+ </div><div class="para">
+ The following is a list of supported expansions:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">%a</code> — Returns the client's IP address.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%A</code> — Returns the server's IP address.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%c</code> — Returns a variety of client information, such as the username and hostname, or the username and IP address.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%d</code> — Returns the daemon process name.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%h</code> — Returns the client's hostname (or IP address, if the hostname is unavailable).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%H</code> — Returns the server's hostname (or IP address, if the hostname is unavailable).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%n</code> — Returns the client's hostname. If unavailable, <code class="computeroutput">unknown</code> is printed. If the client's hostname and host address do not match, <code class="computeroutput">paranoid</code> is printed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%N</code> — Returns the server's hostname. If unavailable, <code class="computeroutput">unknown</code> is printed. If the server's hostname and host address do not match, <code class="computeroutput">paranoid</code> is printed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%p</code> — Returns the daemon's process ID.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%s</code> —Returns various types of server information, such as the daemon process and the host or IP address of the server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%u</code> — Returns the client's username. If unavailable, <code class="computeroutput">unknown</code> is printed.
+ </div></li></ul></div><div class="para">
+ The following sample rule uses an expansion in conjunction with the <code class="command">spawn</code> command to identify the client host in a customized log file.
+ </div><div class="para">
+ When connections to the SSH daemon (<code class="systemitem">sshd</code>) are attempted from a host in the <code class="systemitem">example.com</code> domain, execute the <code class="command">echo</code> command to log the attempt, including the client hostname (by using the <code class="option">%h</code> expansion), to a special file:
+ </div><pre class="screen">sshd : .example.com \
+ : spawn /bin/echo `/bin/date` access denied to %h>>/var/log/sshd.log \
+ : deny</pre><div class="para">
+ Similarly, expansions can be used to personalize messages back to the client. In the following example, clients attempting to access FTP services from the <code class="systemitem">example.com</code> domain are informed that they have been banned from the server:
+ </div><pre class="screen">vsftpd : .example.com \
+: twist /bin/echo "421 %h has been banned from this server!"</pre><div class="para">
+ For a full explanation of available expansions, as well as additional access control options, refer to section 5 of the man pages for <code class="filename">hosts_access</code> (<code class="command">man 5 hosts_access</code>) and the man page for <code class="filename">hosts_options</code>.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">Section 3.6.5, “Additional Resources”</a> for more information about TCP Wrappers.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong>3.6.2.2.3. Shell Commands</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong>3.6.3. xinetd</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html
new file mode 100644
index 0000000..ecba076
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.3. Shell Commands</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Option Fields" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="3.6.2.2.2. Access Control" /><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="3.6.2.2.4. Expansions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Shell_Commands"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">3.6.2.2.3. Shell Commands</h5></div></div></div><div class="para">
+ Option fields allow access rules to launch shell commands through the following two directives:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">spawn</code> — Launches a shell command as a child process. This directive can perform tasks like using <code class="command">/usr/sbin/safe_finger</code> to get more information about the requesting client or create special log files using the <code class="command">echo</code> command.
+ </div><div class="para">
+ In the following example, clients attempting to access Telnet services from the <code class="systemitem">example.com</code> domain are quietly logged to a special file:
+ </div><pre class="screen">in.telnetd : .example.com \
+ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
+ : allow</pre></li><li class="listitem"><div class="para">
+ <code class="command">twist</code> — Replaces the requested service with the specified command. This directive is often used to set up traps for intruders (also called "honey pots"). It can also be used to send messages to connecting clients. The <code class="command">twist</code> directive must occur at the end of the rule line.
+ </div><div class="para">
+ In the following example, clients attempting to access FTP services from the <code class="systemitem">example.com</code> domain are sent a message using the <code class="command">echo</code> command:
+ </div><pre class="screen">vsftpd : .example.com \
+ : twist /bin/echo "421 This domain has been black-listed. Access denied!"</pre></li></ul></div><div class="para">
+ For more information about shell command options, refer to the <code class="filename">hosts_options</code> man page.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong>3.6.2.2.2. Access Control</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong>3.6.2.2.4. Expansions</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
new file mode 100644
index 0000000..fae517f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.2. Control Flag</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM Configuration File Format" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM Configuration File Format" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="3.5.3.3. Module Name" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">3.5.3.2. Control Flag</h4></div></div></div><div class="para">
+ All PAM modules generate a success or failure result when called. Control flags tell PAM what do with the result. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module is to the overall goal of authenticating the user to the service.
+ </div><div class="para">
+ There are four predefined control flags:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">required</code> — The module result must be successful for authentication to continue. If the test fails at this point, the user is not notified until the results of all module tests that reference that interface are complete.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">requisite</code> — The module result must be successful for authentication to continue. However, if a test fails at this point, the user is notified immediately with a message reflecting the first failed <code class="command">required</code> <span class="emphasis"><em>or</em></span> <code class="command">requisite</code> module test.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sufficient</code> — The module result is ignored if it fails. However, if the result of a module flagged <code class="command">sufficient</code> is successful <span class="emphasis"><em>and</em></span> no previous modules flagged <code class="command">required</code> have failed, then no other results are required and the user is authenticated to the service.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">optional</code> — The module result is ignored. A module flagged as <code class="command">optional</code> only becomes necessary for successful authentication when no other modules reference the interface.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The order in which <code class="command">required</code> modules are called is not critical. Only the <code class="command">sufficient</code> and <code class="command">requisite</code> control flags cause order to become important.
+ </div></div></div><div class="para">
+ A newer control flag syntax that allows for more precise control is now available for PAM.
+ </div><div class="para">
+ The <code class="command">pam.d</code> man page, and the PAM documentation, located in the <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> directory, where <em class="replaceable"><code><version-number></code></em> is the version number for PAM on your system, describe this newer syntax in detail.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong>3.5.3. PAM Configuration File Format</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong>3.5.3.3. Module Name</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
new file mode 100644
index 0000000..62fde9b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.4. Module Arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM Configuration File Format" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="3.5.3.3. Module Name" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="3.5.4. Sample PAM Configuration Files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">3.5.3.4. Module Arguments</h4></div></div></div><div class="para">
+ PAM uses <em class="firstterm">arguments</em> to pass information to a pluggable module during authentication for some modules.
+ </div><div class="para">
+ For example, the <code class="filename">pam_userdb.so</code> module uses information stored in a Berkeley DB file to authenticate the user. Berkeley DB is an open source database system embedded in many applications. The module takes a <code class="filename">db</code> argument so that Berkeley DB knows which database to use for the requested service.
+ </div><div class="para">
+ The following is a typical <code class="filename">pam_userdb.so</code> line in a PAM configuration. The <em class="replaceable"><code><path-to-file></code></em> is the full path to the Berkeley DB database file:
+ </div><pre class="screen">auth required pam_userdb.so db=<em class="replaceable"><code><path-to-file></code></em></pre><div class="para">
+ Invalid arguments are <span class="emphasis"><em>generally</em></span> ignored and do not otherwise affect the success or failure of the PAM module. Some modules, however, may fail on invalid arguments. Most modules report errors to the <code class="filename">/var/log/secure</code> file.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong>3.5.3.3. Module Name</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong>3.5.4. Sample PAM Configuration Files</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
new file mode 100644
index 0000000..653b56c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.3. Module Name</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM Configuration File Format" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="3.5.3.2. Control Flag" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="3.5.3.4. Module Arguments" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">3.5.3.3. Module Name</h4></div></div></div><div class="para">
+ The module name provides PAM with the name of the pluggable module containing the specified module interface. In older versions of Fedora, the full path to the module was provided in the PAM configuration file. However, since the advent of <em class="firstterm">multilib</em> systems, which store 64-bit PAM modules in the <code class="filename">/lib64/security/</code> directory, the directory name is omitted because the application is linked to the appropriate version of <code class="filename">libpam</code>, which can locate the correct version of the module.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong>3.5.3.2. Control Flag</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong>3.5.3.4. Module Arguments</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
new file mode 100644
index 0000000..2b41387
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.6.2. Common pam_timestamp Directives</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. PAM and Administrative Credential Caching" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. PAM and Administrative Credential Caching" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. PAM and Device Ownership" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="h
ttp://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">3.5.6.2. Common pam_timestamp Directives</h4></div></div></div><div class="para">
+ The <code class="filename">pam_timestamp.so</code> module accepts several directives. The following are the two most commonly used options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">timestamp_timeout</code> — Specifies the period (in seconds) for which the timestamp file is valid. The default value is 300 (five minutes).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">timestampdir</code> — Specifies the directory in which the timestamp file is stored. The default value is <code class="command">/var/run/sudo/</code>.
+ </div></li></ul></div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Firewalls-Additional_Resources.html#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Section 3.8.9.1, “Installed Firewall Documentation”</a> for more information about controlling the <code class="filename">pam_timestamp.so</code> module.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong>3.5.6. PAM and Administrative Credential Caching</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong>3.5.7. PAM and Device Ownership</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
new file mode 100644
index 0000000..c9714a5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.7.2. Application Access</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. PAM and Device Ownership" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. PAM and Device Ownership" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. Additional Resources" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">3.5.7.2. Application Access</h4></div></div></div><div class="para">
+ The console user also has access to certain programs configured for use in the <code class="filename">/etc/security/console.apps/</code> directory.
+ </div><div class="para">
+ This directory contains configuration files which enable the console user to run certain applications in <code class="filename">/sbin</code> and <code class="filename">/usr/sbin</code>.
+ </div><div class="para">
+ These configuration files have the same name as the applications that they set up.
+ </div><div class="para">
+ One notable group of applications that the console user has access to are three programs that shut down or reboot the system:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/halt</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/reboot</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/poweroff</code>
+ </div></li></ul></div><div class="para">
+ Because these are PAM-aware applications, they call the <code class="filename">pam_console.so</code> module as a requirement for use.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Firewalls-Additional_Resources.html#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Section 3.8.9.1, “Installed Firewall Documentation”</a> for more information.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong>3.5.7. PAM and Device Ownership</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong>3.5.8. Additional Resources</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
new file mode 100644
index 0000000..b3ac6ec
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.8. Additional Resources</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="3.5.7.2. Application Access" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="3.5.8.2. Useful PAM Websites" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Additional Resources</h3></div></div></div><div class="para">
+ The following resources further explain methods to use and configure PAM. In addition to these resources, read the PAM configuration files on the system to better understand how they are structured.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">3.5.8.1. Installed PAM Documentation</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ PAM-related man pages — Several man pages exist for the various applications and configuration files involved with PAM. The following is a list of some of the more important man pages.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Configuration Files</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">pam</code> — Good introductory information on PAM, including the structure and purpose of the PAM configuration files.
+ </div><div class="para">
+ Note that this man page discusses both <code class="filename">/etc/pam.conf</code> and individual configuration files in the <code class="filename">/etc/pam.d/</code> directory. By default, Fedora uses the individual configuration files in the <code class="filename">/etc/pam.d/</code> directory, ignoring <code class="filename">/etc/pam.conf</code> even if it exists.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_console</code> — Describes the purpose of the <code class="filename">pam_console.so</code> module. It also describes the appropriate syntax for an entry within a PAM configuration file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.apps</code> — Describes the format and options available in the <code class="filename">/etc/security/console.apps</code> configuration file, which defines which applications are accessible by the console user assigned by PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.perms</code> — Describes the format and options available in the <code class="filename">/etc/security/console.perms</code> configuration file, which specifies the console user permissions assigned by PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_timestamp</code> — Describes the <code class="filename">pam_timestamp.so</code> module.
+ </div></li></ul></div></dd></dl></div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em></code> — Contains a <em class="citetitle">System Administrators' Guide</em>, a <em class="citetitle">Module Writers' Manual</em>, and the <em class="citetitle">Application Developers' Manual</em>, as well as a copy of the PAM standard, DCE-RFC 86.0, where <em class="replaceable"><code><version-number></code></em> is the version number of PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/txts/README.pam_timestamp</code> — Contains information about the <code class="filename">pam_timestamp.so</code> PAM module, where <em class="replaceable"><code><version-number></code></em> is the version number of PAM.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong>3.5.7.2. Application Access</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong>3.5.8.2. Useful PAM Websites</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
new file mode 100644
index 0000000..0f5b0e2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.5. Creating PAM Modules</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="3.5.4. Sample PAM Configuration Files" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. PAM and Administrative Credential Caching" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creating PAM Modules</h3></div></div></div><div class="para">
+ You can create or add new PAM modules at any time for use by PAM-aware applications.
+ </div><div class="para">
+ For example, a developer might create a one-time-password creation method and write a PAM module to support it. PAM-aware programs can immediately use the new module and password method without being recompiled or otherwise modified.
+ </div><div class="para">
+ This allows developers and system administrators to mix-and-match, as well as test, authentication methods for different programs without recompiling them.
+ </div><div class="para">
+ Documentation on writing modules is included in the <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> directory, where <em class="replaceable"><code><version-number></code></em> is the version number for PAM on your system.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong>3.5.4. Sample PAM Configuration Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong>3.5.6. PAM and Administrative Credential Caching</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
new file mode 100644
index 0000000..05a9b8e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3. PAM Configuration File Format</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="3.5.2. PAM Configuration Files" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="3.5.3.2. Control Flag" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM Configuration File Format</h3></div></div></div><div class="para">
+ Each PAM configuration file contains a group of directives formatted as follows:
+ </div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em></pre><div class="para">
+ Each of these elements is explained in the following sections.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface">3.5.3.1. Module Interface</h4></div></div></div><div class="para">
+ Four types of PAM module interface are currently available. Each of these corresponds to a different aspect of the authorization process:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">auth</code> — This module interface authenticates use. For example, it requests and verifies the validity of a password. Modules with this interface can also set credentials, such as group memberships or Kerberos tickets.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account</code> — This module interface verifies that access is allowed. For example, it may check if a user account has expired or if a user is allowed to log in at a particular time of day.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password</code> — This module interface is used for changing user passwords.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">session</code> — This module interface configures and manages user sessions. Modules with this interface can also perform additional tasks that are needed to allow access, like mounting a user's home directory and making the user's mailbox available.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ An individual module can provide any or all module interfaces. For instance, <code class="filename">pam_unix.so</code> provides all four module interfaces.
+ </div></div></div><div class="para">
+ In a PAM configuration file, the module interface is the first field defined. For example, a typical line in a configuration may look like this:
+ </div><pre class="screen">auth required pam_unix.so</pre><div class="para">
+ This instructs PAM to use the <code class="filename">pam_unix.so</code> module's <code class="command">auth</code> interface.
+ </div><div class="section" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces">3.5.3.1.1. Stacking Module Interfaces</h5></div></div></div><div class="para">
+ Module interface directives can be <span class="emphasis"><em>stacked</em></span>, or placed upon one another, so that multiple modules are used together for one purpose. If a module's control flag uses the "sufficient" or "requisite" value (refer to <a class="xref" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html">Section 3.5.3.2, “Control Flag”</a> for more information on these flags), then the order in which the modules are listed is important to the authentication process.
+ </div><div class="para">
+ Stacking makes it easy for an administrator to require specific conditions to exist before allowing the user to authenticate. For example, the <code class="command">reboot</code> command normally uses several stacked modules, as seen in its PAM configuration file:
+ </div><pre class="screen">[root at MyServer ~]# cat /etc/pam.d/reboot
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_console.so
+#auth include system-auth
+account required pam_permit.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The first line is a comment and is not processed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth sufficient pam_rootok.so</code> — This line uses the <code class="filename">pam_rootok.so</code> module to check whether the current user is root, by verifying that their UID is 0. If this test succeeds, no other modules are consulted and the command is executed. If this test fails, the next module is consulted.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_console.so</code> — This line uses the <code class="filename">pam_console.so</code> module to attempt to authenticate the user. If this user is already logged in at the console, <code class="filename">pam_console.so</code> checks whether there is a file in the <code class="filename">/etc/security/console.apps/</code> directory with the same name as the service name (reboot). If such a file exists, authentication succeeds and control is passed to the next module.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">#auth include system-auth</code> — This line is commented and is not processed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_permit.so</code> — This line uses the <code class="filename">pam_permit.so</code> module to allow the root user or anyone logged in at the console to reboot the system.
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong>3.5.2. PAM Configuration Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong>3.5.3.2. Control Flag</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
new file mode 100644
index 0000000..a1a0e3c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.2. PAM Configuration Files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM Configuration File Format" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM Configuration Files</h3></div></div></div><div class="para">
+ The <code class="filename">/etc/pam.d/</code> directory contains the PAM configuration files for each PAM-aware application. In earlier versions of PAM, the <code class="filename">/etc/pam.conf</code> file was used, but this file is now deprecated and is only used if the <code class="filename">/etc/pam.d/</code> directory does not exist.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">3.5.2.1. PAM Service Files</h4></div></div></div><div class="para">
+ Each PAM-aware application or <em class="firstterm">service</em> has a file in the <code class="filename">/etc/pam.d/</code> directory. Each file in this directory has the same name as the service to which it controls access.
+ </div><div class="para">
+ The PAM-aware program is responsible for defining its service name and installing its own PAM configuration file in the <code class="filename">/etc/pam.d/</code> directory. For example, the <code class="command">login</code> program defines its service name as <code class="command">login</code> and installs the <code class="filename">/etc/pam.d/login</code> PAM configuration file.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong>3.5. Pluggable Authentication Modules (PAM)</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong>3.5.3. PAM Configuration File Format</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
new file mode 100644
index 0000000..9375aa7
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.6. PAM and Administrative Credential Caching</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="3.5.5. Creating PAM Modules" /><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="3.5.6.2. Common pam_timestamp Directives" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM and Administrative Credential Caching</h3></div></div></div><div class="para">
+ A number of graphical administrative tools in Fedora provide users with elevated privileges for up to five minutes using the <code class="filename">pam_timestamp.so</code> module. It is important to understand how this mechanism works, because a user who walks away from a terminal while <code class="filename">pam_timestamp.so</code> is in effect leaves the machine open to manipulation by anyone with physical access to the console.
+ </div><div class="para">
+ In the PAM timestamp scheme, the graphical administrative application prompts the user for the root password when it is launched. When the user has been authenticated, the <code class="filename">pam_timestamp.so</code> module creates a timestamp file. By default, this is created in the <code class="filename">/var/run/sudo/</code> directory. If the timestamp file already exists, graphical administrative programs do not prompt for a password. Instead, the <code class="filename">pam_timestamp.so</code> module freshens the timestamp file, reserving an extra five minutes of unchallenged administrative access for the user.
+ </div><div class="para">
+ You can verify the actual state of the timestamp file by inspecting the <code class="filename">/var/run/sudo/<user></code> file. For the desktop, the relevant file is <code class="filename">unknown:root</code>. If it is present and its timestamp is less than five minutes old, the credentials are valid.
+ </div><div class="para">
+ The existence of the timestamp file is indicated by an authentication icon, which appears in the notification area of the panel.
+ </div><div class="figure" id="figu-Security_Guide-PAM_and_Administrative_Credential_Caching-The_Authentication_Icon"><div class="figure-contents"><div class="mediaobject"><img src="images/authicon.png" alt="The Authentication Icon" /><div class="longdesc"><div class="para">
+ Illustration of the authentication icon.
+ </div></div></div></div><h6>Figure 3.7. The Authentication Icon</h6></div><br class="figure-break" /><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File">3.5.6.1. Removing the Timestamp File</h4></div></div></div><div class="para">
+ Before abandoning a console where a PAM timestamp is active, it is recommended that the timestamp file be destroyed. To do this from a graphical environment, click the authentication icon on the panel. This causes a dialog box to appear. Click the <span class="guibutton"><strong>Forget Authorization</strong></span> button to destroy the active timestamp file.
+ </div><div class="figure" id="figu-Security_Guide-Removing_the_Timestamp_File-Dismiss_Authentication_Dialog"><div class="figure-contents"><div class="mediaobject"><img src="images/auth-panel.png" width="444" alt="Dismiss Authentication Dialog" /><div class="longdesc"><div class="para">
+ Illustration of the authentication dismissal dialog box.
+ </div></div></div></div><h6>Figure 3.8. Dismiss Authentication Dialog</h6></div><br class="figure-break" /><div class="para">
+ You should be aware of the following with respect to the PAM timestamp file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ If logged in to the system remotely using <code class="command">ssh</code>, use the <code class="command">/sbin/pam_timestamp_check -k root</code> command to destroy the timestamp file.
+ </div></li><li class="listitem"><div class="para">
+ You need to run the <code class="command">/sbin/pam_timestamp_check -k root</code> command from the same terminal window from which you launched the privileged application.
+ </div></li><li class="listitem"><div class="para">
+ You must be logged in as the user who originally invoked the <code class="filename">pam_timestamp.so</code> module in order to use the <code class="command">/sbin/pam_timestamp_check -k</code> command. Do not log in as root to use this command.
+ </div></li><li class="listitem"><div class="para">
+ If you want to kill the credentials on the desktop (without using the <span class="guibutton"><strong>Forget Authorization</strong></span> action on the icon), use the following command:
+ </div><pre class="screen">/sbin/pam_timestamp_check -k root </dev/null >/dev/null 2>/dev/null</pre><div class="para">
+ Failure to use this command will only remove the credentials (if any) from the pty where you run the command.
+ </div></li></ul></div><div class="para">
+ Refer to the <code class="filename">pam_timestamp_check</code> man page for more information about destroying the timestamp file using <code class="command">pam_timestamp_check</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong>3.5.5. Creating PAM Modules</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong>3.5.6.2. Common pam_timestamp Directives</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
new file mode 100644
index 0000000..a33eef5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.7. PAM and Device Ownership</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="3.5.6.2. Common pam_timestamp Directives" /><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="3.5.7.2. Application Access" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM and Device Ownership</h3></div></div></div><div class="para">
+ In Fedora, the first user who logs in at the physical console of the machine can manipulate certain devices and perform certain tasks normally reserved for the root user. This is controlled by a PAM module called <code class="filename">pam_console.so</code>.
+ </div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">3.5.7.1. Device Ownership</h4></div></div></div><div class="para">
+ When a user logs in to a Fedora system, the <code class="filename">pam_console.so</code> module is called by <code class="command">login</code> or the graphical login programs, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, and <span class="application"><strong>xdm</strong></span>. If this user is the first user to log in at the physical console — referred to as the <em class="firstterm">console user</em> — the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. After this user has logged out, ownership of the devices reverts back to the root user.
+ </div><div class="para">
+ The devices affected include, but are not limited to, sound cards, diskette drives, and CD-ROM drives.
+ </div><div class="para">
+ This facility allows a local user to manipulate these devices without obtaining root access, thus simplifying common tasks for the console user.
+ </div><div class="para">
+ You can modify the list of devices controlled by <code class="filename">pam_console.so</code> by editing the following files:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms.d/50-default.perms</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ You can change the permissions of different devices than those listed in the above files, or override the specified defaults. Rather than modify the <code class="filename">50-default.perms</code> file, you should create a new file (for example, <code class="filename"><em class="replaceable"><code>xx</code></em>-name.perms</code>) and enter the required modifications. The name of the new default file must begin with a number higher than 50 (for example, <code class="filename">51-default.perms</code>). This will override the defaults in the <code class="filename">50-default.perms</code> file.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If the <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, or <span class="application"><strong>xdm</strong></span> display manager configuration file has been altered to allow remote users to log in <span class="emphasis"><em>and</em></span> the host is configured to run at runlevel 5, it is advisable to change the <code class="command"><console></code> and <code class="command"><xconsole></code> directives in the <code class="filename">/etc/security/console.perms</code> to the following values:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0
+<xconsole>=:0\.[0-9] :0</pre><div class="para">
+ This prevents remote users from gaining access to devices and restricted applications on the machine.
+ </div><div class="para">
+ If the <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, or <span class="application"><strong>xdm</strong></span> display manager configuration file has been altered to allow remote users to log in <span class="emphasis"><em>and</em></span> the host is configured to run at any multiple user runlevel other than 5, it is advisable to remove the <code class="command"><xconsole></code> directive entirely and change the <code class="command"><console></code> directive to the following value:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]*</pre></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong>3.5.6.2. Common pam_timestamp Directives</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong>3.5.7.2. Application Access</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
new file mode 100644
index 0000000..7b12796
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.4. Sample PAM Configuration Files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="3.5.3.4. Module Arguments" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="3.5.5. Creating PAM Modules" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Sample PAM Configuration Files</h3></div></div></div><div class="para">
+ The following is a sample PAM application configuration file:
+ </div><pre class="screen">#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_unix.so nullok
+auth required pam_nologin.so
+account required pam_unix.so
+password required pam_cracklib.so retry=3
+password required pam_unix.so shadow nullok use_authtok
+session required pam_unix.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The first line is a comment, indicated by the hash mark (<code class="command">#</code>) at the beginning of the line.
+ </div></li><li class="listitem"><div class="para">
+ Lines two through four stack three modules for login authentication.
+ </div><div class="para">
+ <code class="command">auth required pam_securetty.so</code> — This module ensures that <span class="emphasis"><em>if</em></span> the user is trying to log in as root, the tty on which the user is logging in is listed in the <code class="filename">/etc/securetty</code> file, <span class="emphasis"><em>if</em></span> that file exists.
+ </div><div class="para">
+ If the tty is not listed in the file, any attempt to log in as root fails with a <code class="computeroutput">Login incorrect</code> message.
+ </div><div class="para">
+ <code class="command">auth required pam_unix.so nullok</code> — This module prompts the user for a password and then checks the password using the information stored in <code class="filename">/etc/passwd</code> and, if it exists, <code class="filename">/etc/shadow</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The argument <code class="command">nullok</code> instructs the <code class="filename">pam_unix.so</code> module to allow a blank password.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_nologin.so</code> — This is the final authentication step. It checks whether the <code class="filename">/etc/nologin</code> file exists. If it exists and the user is not root, authentication fails.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ In this example, all three <code class="command">auth</code> modules are checked, even if the first <code class="command">auth</code> module fails. This prevents the user from knowing at what stage their authentication failed. Such knowledge in the hands of an attacker could allow them to more easily deduce how to crack the system.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_unix.so</code> — This module performs any necessary account verification. For example, if shadow passwords have been enabled, the account interface of the <code class="filename">pam_unix.so</code> module checks to see if the account has expired or if the user has not changed the password within the allowed grace period.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_cracklib.so retry=3</code> — If a password has expired, the password component of the <code class="filename">pam_cracklib.so</code> module prompts for a new password. It then tests the newly created password to see whether it can easily be determined by a dictionary-based password cracking program.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The argument <code class="command">retry=3</code> specifies that if the test fails the first time, the user has two more chances to create a strong password.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_unix.so shadow nullok use_authtok</code> — This line specifies that if the program changes the user's password, it should use the <code class="command">password</code> interface of the <code class="filename">pam_unix.so</code> module to do so.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The argument <code class="command">shadow</code> instructs the module to create shadow passwords when updating a user's password.
+ </div></li><li class="listitem"><div class="para">
+ The argument <code class="command">nullok</code> instructs the module to allow the user to change their password <span class="emphasis"><em>from</em></span> a blank password, otherwise a null password is treated as an account lock.
+ </div></li><li class="listitem"><div class="para">
+ The final argument on this line, <code class="command">use_authtok</code>, provides a good example of the importance of order when stacking PAM modules. This argument instructs the module not to prompt the user for a new password. Instead, it accepts any password that was recorded by a previous password module. In this way, all new passwords must pass the <code class="filename">pam_cracklib.so</code> test for secure passwords before being accepted.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">session required pam_unix.so</code> — The final line instructs the session interface of the <code class="filename">pam_unix.so</code> module to manage the session. This module logs the user name and the service type to <code class="filename">/var/log/secure</code> at the beginning and end of each session. This module can be supplemented by stacking it with other session modules for additional functionality.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong>3.5.3.4. Module Arguments</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong>3.5.5. Creating PAM Modules</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
new file mode 100644
index 0000000..4fa6fdf
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Yubikey-Web_Sites.html" title="3.4.2. Authenticating to websites with your Yubikey" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="3.5.2. PAM Configuration Files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</h2></div></div></div><div class="para">
+ Programs that grant users access to a system use <em class="firstterm">authentication</em> to verify each other's identity (that is, to establish that a user is who they say they are).
+ </div><div class="para">
+ Historically, each program had its own way of authenticating users. In Fedora, many programs are configured to use a centralized authentication mechanism called <em class="firstterm">Pluggable Authentication Modules</em> (<acronym class="acronym">PAM</acronym>).
+ </div><div class="para">
+ PAM uses a pluggable, modular architecture, which affords the system administrator a great deal of flexibility in setting authentication policies for the system.
+ </div><div class="para">
+ In most situations, the default PAM configuration file for a PAM-aware application is sufficient. Sometimes, however, it is necessary to edit a PAM configuration file. Because misconfiguration of PAM can compromise system security, it is important to understand the structure of these files before making any modifications. Refer to <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">Section 3.5.3, “PAM Configuration File Format”</a> for more information.
+ </div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Advantages of PAM</h3></div></div></div><div class="para">
+ PAM offers the following advantages:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ a common authentication scheme that can be used with a wide variety of applications.
+ </div></li><li class="listitem"><div class="para">
+ significant flexibility and control over authentication for both system administrators and application developers.
+ </div></li><li class="listitem"><div class="para">
+ a single, fully-documented library which allows developers to write programs without having to create their own authentication schemes.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Prev</strong>3.4.2. Authenticating to websites with your Yubik...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong>3.5.2. PAM Configuration Files</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
new file mode 100644
index 0000000..b854f62
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Utilize LUKS Partition Encryption</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 6. Secure Installation" /><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 6. Secure Installation" /><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 7. Software Maintenance" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_G
uide-Secure_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilize LUKS Partition Encryption</h2></div></div></div><div class="para">
+ Since Fedora 9, implementation of <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">Linux Unified Key Setup-on-disk-format</a>(LUKS) encryption has become a lot easier. During the installation process an option to encrypt your partitions will be presented to the user. The user must supply a passphrase that will be the key to unlock the bulk encryption key that will be used to secure the partition's data.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong>Chapter 6. Secure Installation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong>Chapter 7. Software Maintenance</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html
new file mode 100644
index 0000000..bc7d15b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.2. Anonymous Access</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Securing FTP" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Securing FTP" /><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="3.2.6.3. User Accounts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Serve
r_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-Anonymous_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">3.2.6.2. Anonymous Access</h4></div></div></div><div class="para">
+ The presence of the <code class="filename">/var/ftp/</code> directory activates the anonymous account.
+ </div><div class="para">
+ The easiest way to create this directory is to install the <code class="filename">vsftpd</code> package. This package establishes a directory tree for anonymous users and configures the permissions on directories to read-only for anonymous users.
+ </div><div class="para">
+ By default the anonymous user cannot write to any directories.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If enabling anonymous access to an FTP server, be aware of where sensitive data is stored.
+ </div></div></div><div class="section" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">3.2.6.2.1. Anonymous Upload</h5></div></div></div><div class="para">
+ To allow anonymous users to upload files, it is recommended that a write-only directory be created within <code class="filename">/var/ftp/pub/</code>.
+ </div><div class="para">
+ To do this, type the following command:
+ </div><pre class="screen">mkdir /var/ftp/pub/upload</pre><div class="para">
+ Next, change the permissions so that anonymous users cannot view the contents of the directory:
+ </div><pre class="screen">chmod 730 /var/ftp/pub/upload</pre><div class="para">
+ A long format listing of the directory should look like this:
+ </div><pre class="screen">drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload</pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Administrators who allow anonymous users to read and write in directories often find that their servers become a repository of stolen software.
+ </div></div></div><div class="para">
+ Additionally, under <code class="command">vsftpd</code>, add the following line to the <code class="filename">/etc/vsftpd/vsftpd.conf</code> file:
+ </div><pre class="screen">anon_upload_enable=YES</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong>3.2.6. Securing FTP</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong>3.2.6.3. User Accounts</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
new file mode 100644
index 0000000..2e6fb0d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.4. Use TCP Wrappers To Control Access</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Securing FTP" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="3.2.6.3. User Accounts" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Securing Sendmail" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_G
uide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">3.2.6.4. Use TCP Wrappers To Control Access</h4></div></div></div><div class="para">
+ Use TCP Wrappers to control access to either FTP daemon as outlined in <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">Section 3.2.1.1, “Enhancing Security With TCP Wrappers”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong>3.2.6.3. User Accounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong>3.2.7. Securing Sendmail</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html
new file mode 100644
index 0000000..3aea59a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.3. User Accounts</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Securing FTP" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="3.2.6.2. Anonymous Access" /><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="3.2.6.4. Use TCP Wrappers To Control Access" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">3.2.6.3. User Accounts</h4></div></div></div><div class="para">
+ Because FTP transmits unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
+ </div><div class="para">
+ To disable all user accounts in <code class="command">vsftpd</code>, add the following directive to <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">local_enable=NO</pre><div class="section" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts">3.2.6.3.1. Restricting User Accounts</h5></div></div></div><div class="para">
+ To disable FTP access for specific accounts or specific groups of accounts, such as the root user and those with <code class="command">sudo</code> privileges, the easiest way is to use a PAM list file as described in <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Section 3.1.4.2.4, “Disabling Root Using PAM”</a>. The PAM configuration file for <code class="command">vsftpd</code> is <code class="filename">/etc/pam.d/vsftpd</code>.
+ </div><div class="para">
+ It is also possible to disable user accounts within each service directly.
+ </div><div class="para">
+ To disable specific user accounts in <code class="command">vsftpd</code>, add the username to <code class="filename">/etc/vsftpd.ftpusers</code>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong>3.2.6.2. Anonymous Access</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong>3.2.6.4. Use TCP Wrappers To Control Access</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
new file mode 100644
index 0000000..502952e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.2. Beware of Syntax Errors</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Securing NFS" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Securing NFS" /><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="3.2.4.3. Do Not Use the no_root_squash Option" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">3.2.4.2. Beware of Syntax Errors</h4></div></div></div><div class="para">
+ The NFS server determines which file systems to export and which hosts to export these directories to by consulting the <code class="filename">/etc/exports</code> file. Be careful not to add extraneous spaces when editing this file.
+ </div><div class="para">
+ For instance, the following line in the <code class="filename">/etc/exports</code> file shares the directory <code class="command">/tmp/nfs/</code> to the host <code class="command">bob.example.com</code> with read/write permissions.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com(rw)</pre><div class="para">
+ The following line in the <code class="filename">/etc/exports</code> file, on the other hand, shares the same directory to the host <code class="computeroutput">bob.example.com</code> with read-only permissions and shares it to the <span class="emphasis"><em>world</em></span> with read/write permissions due to a single space character after the hostname.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com (rw)</pre><div class="para">
+ It is good practice to check any configured NFS shares by using the <code class="command">showmount</code> command to verify what is being shared:
+ </div><pre class="screen">showmount -e <em class="replaceable"><code><hostname></code></em></pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong>3.2.4. Securing NFS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong>3.2.4.3. Do Not Use the no_root_squash Option</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
new file mode 100644
index 0000000..65ac4a1
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.3. Do Not Use the no_root_squash Option</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Securing NFS" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="3.2.4.2. Beware of Syntax Errors" /><link rel="next" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html" title="3.2.4.4. NFS Firewall Configuration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">3.2.4.3. Do Not Use the <code class="command">no_root_squash</code> Option</h4></div></div></div><div class="para">
+ By default, NFS shares change the root user to the <code class="command">nfsnobody</code> user, an unprivileged user account. This changes the owner of all root-created files to <code class="command">nfsnobody</code>, which prevents uploading of programs with the setuid bit set.
+ </div><div class="para">
+ If <code class="command">no_root_squash</code> is used, remote root users are able to change any file on the shared file system and leave applications infected by trojans for other users to inadvertently execute.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong>3.2.4.2. Beware of Syntax Errors</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Next</strong>3.2.4.4. NFS Firewall Configuration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html
new file mode 100644
index 0000000..28e2b05
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.4. NFS Firewall Configuration</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Securing NFS" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="3.2.4.3. Do Not Use the no_root_squash Option" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="3.2.5. Securing the Apache HTTP Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">3.2.4.4. NFS Firewall Configuration</h4></div></div></div><div class="para">
+ The ports used for NFS are assigned dynamically by rpcbind, which can cause problems when creating firewall rules. To simplify this process, use the <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> file to specify which ports are to be used:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">MOUNTD_PORT</code> — TCP and UDP port for mountd (rpc.mountd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">STATD_PORT</code> — TCP and UDP port for status (rpc.statd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_TCPPORT</code> — TCP port for nlockmgr (rpc.lockd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_UDPPORT</code> — UDP port nlockmgr (rpc.lockd)
+ </div></li></ul></div><div class="para">
+ Port numbers specified must not be used by any other service. Configure your firewall to allow the port numbers specified, as well as TCP and UDP port 2049 (NFS).
+ </div><div class="para">
+ Run the <code class="command">rpcinfo -p</code> command on the NFS server to see which ports and RPC programs are being used.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong>3.2.4.3. Do Not Use the no_root_squash Option</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong>3.2.5. Securing the Apache HTTP Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
new file mode 100644
index 0000000..eacbed7
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.4. Assign Static Ports and Use iptables Rules</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Securing NIS" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="3.2.3.3. Edit the /var/yp/securenets File" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="3.2.3.5. Use Kerberos Authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">3.2.3.4. Assign Static Ports and Use iptables Rules</h4></div></div></div><div class="para">
+ All of the servers related to NIS can be assigned specific ports except for <code class="command">rpc.yppasswdd</code> — the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons, <code class="command">rpc.ypxfrd</code> and <code class="command">ypserv</code>, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
+ </div><div class="para">
+ To do this, add the following lines to <code class="filename">/etc/sysconfig/network</code>:
+ </div><pre class="screen">YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"</pre><div class="para">
+ The following iptables rules can then be used to enforce which network the server listens to for these ports:
+ </div><pre class="screen">iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROP
+iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP</pre><div class="para">
+ This means that the server only allows connections to ports 834 and 835 if the requests come from the 192.168.0.0/24 network, regardless of the protocol.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Firewalls.html">Section 3.8, “Firewalls”</a> for more information about implementing firewalls with iptables commands.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong>3.2.3.3. Edit the /var/yp/securenets File</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong>3.2.3.5. Use Kerberos Authentication</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
new file mode 100644
index 0000000..0d414a9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.3. Edit the /var/yp/securenets File</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Securing NIS" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="3.2.3.2. Use a Password-like NIS Domain Name and Hostname" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="3.2.3.4. Assign Static Ports and Use iptables Rules" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">3.2.3.3. Edit the <code class="filename">/var/yp/securenets</code> File</h4></div></div></div><div class="para">
+ If the <code class="filename">/var/yp/securenets</code> file is blank or does not exist (as is the case after a default installation), NIS listens to all networks. One of the first things to do is to put netmask/network pairs in the file so that <code class="command">ypserv</code> only responds to requests from the appropriate network.
+ </div><div class="para">
+ Below is a sample entry from a <code class="filename">/var/yp/securenets</code> file:
+ </div><pre class="screen">255.255.255.0 192.168.0.0</pre><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Never start an NIS server for the first time without creating the <code class="filename">/var/yp/securenets</code> file.
+ </div></div></div><div class="para">
+ This technique does not provide protection from an IP spoofing attack, but it does at least place limits on what networks the NIS server services.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong>3.2.3.2. Use a Password-like NIS Domain Name and ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong>3.2.3.4. Assign Static Ports and Use iptables Rul...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
new file mode 100644
index 0000000..66caa69
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.5. Use Kerberos Authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Securing NIS" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="3.2.3.4. Assign Static Ports and Use iptables Rules" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Securing NFS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="
previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">3.2.3.5. Use Kerberos Authentication</h4></div></div></div><div class="para">
+ One of the issues to consider when NIS is used for authentication is that whenever a user logs into a machine, a password hash from the <code class="filename">/etc/shadow</code> map is sent over the network. If an intruder gains access to an NIS domain and sniffs network traffic, they can collect usernames and password hashes. With enough time, a password cracking program can guess weak passwords, and an attacker can gain access to a valid account on the network.
+ </div><div class="para">
+ Since Kerberos uses secret-key cryptography, no password hashes are ever sent over the network, making the system far more secure. Refer to <a class="xref" href="sect-Security_Guide-Kerberos.html">Section 3.7, “Kerberos”</a> for more information about Kerberos.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong>3.2.3.4. Assign Static Ports and Use iptables Rul...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong>3.2.4. Securing NFS</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
new file mode 100644
index 0000000..3ddcda4
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.2. Use a Password-like NIS Domain Name and Hostname</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Securing NIS" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Securing NIS" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="3.2.3.3. Edit the /var/yp/securenets File" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">3.2.3.2. Use a Password-like NIS Domain Name and Hostname</h4></div></div></div><div class="para">
+ Any machine within an NIS domain can use commands to extract information from the server without authentication, as long as the user knows the NIS server's DNS hostname and NIS domain name.
+ </div><div class="para">
+ For instance, if someone either connects a laptop computer into the network or breaks into the network from outside (and manages to spoof an internal IP address), the following command reveals the <code class="command">/etc/passwd</code> map:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> passwd</pre><div class="para">
+ If this attacker is a root user, they can obtain the <code class="command">/etc/shadow</code> file by typing the following command:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> shadow</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ If Kerberos is used, the <code class="command">/etc/shadow</code> file is not stored within an NIS map.
+ </div></div></div><div class="para">
+ To make access to NIS maps harder for an attacker, create a random string for the DNS hostname, such as <code class="filename">o7hfawtgmhwg.domain.com</code>. Similarly, create a <span class="emphasis"><em>different</em></span> randomized NIS domain name. This makes it much more difficult for an attacker to access the NIS server.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong>3.2.3. Securing NIS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong>3.2.3.3. Edit the /var/yp/securenets File</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
new file mode 100644
index 0000000..7adc9bf
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2.2. Protect portmap With iptables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Securing Portmap" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Securing Portmap" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Securing NIS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Secur
ity_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">3.2.2.2. Protect portmap With iptables</h4></div></div></div><div class="para">
+ To further restrict access to the <code class="command">portmap</code> service, it is a good idea to add iptables rules to the server and restrict access to specific networks.
+ </div><div class="para">
+ Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the <code class="command">portmap</code> service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost. This is necessary for the <code class="command">sgi_fam</code> service used by <span class="application"><strong>Nautilus</strong></span>. All other packets are dropped.
+ </div><pre class="screen">iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
+iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT</pre><div class="para">
+ To similarly limit UDP traffic, use the following command.
+ </div><pre class="screen">iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Firewalls.html">Section 3.8, “Firewalls”</a> for more information about implementing firewalls with iptables commands.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong>3.2.2. Securing Portmap</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong>3.2.3. Securing NIS</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
new file mode 100644
index 0000000..d92d00d
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7.3. Mail-only Users</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Securing Sendmail" /><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="3.2.7.2. NFS and Sendmail" /><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="3.2.8. Verifying Which Ports Are Listening" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><l
i class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">3.2.7.3. Mail-only Users</h4></div></div></div><div class="para">
+ To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the Sendmail server using an email program. Shell accounts on the mail server should not be allowed and all user shells in the <code class="filename">/etc/passwd</code> file should be set to <code class="command">/sbin/nologin</code> (with the possible exception of the root user).
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong>3.2.7.2. NFS and Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong>3.2.8. Verifying Which Ports Are Listening</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
new file mode 100644
index 0000000..961186a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7.2. NFS and Sendmail</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Securing Sendmail" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Securing Sendmail" /><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="3.2.7.3. Mail-only Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
ef="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">3.2.7.2. NFS and Sendmail</h4></div></div></div><div class="para">
+ Never put the mail spool directory, <code class="filename">/var/spool/mail/</code>, on an NFS shared volume.
+ </div><div class="para">
+ Because NFSv2 and NFSv3 do not maintain control over user and group IDs, two or more users can have the same UID, and receive and read each other's mail.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ With NFSv4 using Kerberos, this is not the case, since the <code class="filename">SECRPC_GSS</code> kernel module does not utilize UID-based authentication. However, it is still considered good practice <span class="emphasis"><em>not</em></span> to put the mail spool directory on NFS shared volumes.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong>3.2.7. Securing Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong>3.2.7.3. Mail-only Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html
new file mode 100644
index 0000000..35f33a4
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5. Security Updates</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview" /><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html" title="1.5.2. Verifying Signed Packages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accessk
ey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Security_Updates" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Security Updates</h2></div></div></div><div class="para">
+ As security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks. If the software is part of a package within a Fedora distribution that is currently supported, Fedora is committed to releasing updated packages that fix the vulnerability as soon as is possible. Often, announcements about a given security exploit are accompanied with a patch (or source code that fixes the problem). This patch is then applied to the Fedora package and tested and released as an errata update. However, if an announcement does not include a patch, a developer first works with the maintainer of the software to fix the problem. Once the problem is fixed, the package is tested and released as an errata update.
+ </div><div class="para">
+ If an errata update is released for software used on your system, it is highly recommended that you update the affected packages as soon as possible to minimize the amount of time the system is potentially vulnerable.
+ </div><div class="section" id="sect-Security_Guide-Security_Updates-Updating_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</h3></div></div></div><div class="para">
+ When updating software on a system, it is important to download the update from a trusted source. An attacker can easily rebuild a package with the same version number as the one that is supposed to fix the problem but with a different security exploit and release it on the Internet. If this happens, using security measures such as verifying files against the original RPM does not detect the exploit. Thus, it is very important to only download RPMs from trusted sources, such as from Fedora and to check the signature of the package to verify its integrity.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Fedora includes a convenient panel icon that displays visible alerts when there is an update for a Fedora system.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong>1.4. Common Exploits and Attacks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Next</strong>1.5.2. Verifying Signed Packages</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html
new file mode 100644
index 0000000..08f7953
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6. Securing FTP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="3.2.5. Securing the Apache HTTP Server" /><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="3.2.6.2. Anonymous Access" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_FTP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Securing FTP</h3></div></div></div><div class="para">
+ The <em class="firstterm">File Transfer Protocol</em> (<abbr class="abbrev">FTP</abbr>) is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.
+ </div><div class="para">
+ Fedora provides three FTP servers.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">gssftpd</code> — A Kerberos-aware <code class="command">xinetd</code>-based FTP daemon that does not transmit authentication information over the network.
+ </div></li><li class="listitem"><div class="para">
+ <span class="application"><strong>Red Hat Content Accelerator</strong></span> (<code class="command">tux</code>) — A kernel-space Web server with FTP capabilities.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">vsftpd</code> — A standalone, security oriented implementation of the FTP service.
+ </div></li></ul></div><div class="para">
+ The following security guidelines are for setting up the <code class="command">vsftpd</code> FTP service.
+ </div><div class="section" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner">3.2.6.1. FTP Greeting Banner</h4></div></div></div><div class="para">
+ Before submitting a username and password, all users are presented with a greeting banner. By default, this banner includes version information useful to crackers trying to identify weaknesses in a system.
+ </div><div class="para">
+ To change the greeting banner for <code class="command">vsftpd</code>, add the following directive to the <code class="filename">/etc/vsftpd/vsftpd.conf</code> file:
+ </div><pre class="screen">ftpd_banner=<em class="replaceable"><code><insert_greeting_here></code></em></pre><div class="para">
+ Replace <em class="replaceable"><code><insert_greeting_here></code></em> in the above directive with the text of the greeting message.
+ </div><div class="para">
+ For mutli-line banners, it is best to use a banner file. To simplify management of multiple banners, place all banners in a new directory called <code class="filename">/etc/banners/</code>. The banner file for FTP connections in this example is <code class="filename">/etc/banners/ftp.msg</code>. Below is an example of what such a file may look like:
+ </div><pre class="screen">######### # Hello, all activity on ftp.example.com is logged. #########</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ It is not necessary to begin each line of the file with <code class="command">220</code> as specified in <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Section 3.2.1.1.1, “TCP Wrappers and Connection Banners”</a>.
+ </div></div></div><div class="para">
+ To reference this greeting banner file for <code class="command">vsftpd</code>, add the following directive to the <code class="filename">/etc/vsftpd/vsftpd.conf</code> file:
+ </div><pre class="screen">banner_file=/etc/banners/ftp.msg</pre><div class="para">
+ It also is possible to send additional banners to incoming connections using TCP Wrappers as described in <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Section 3.2.1.1.1, “TCP Wrappers and Connection Banners”</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong>3.2.5. Securing the Apache HTTP Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong>3.2.6.2. Anonymous Access</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html
new file mode 100644
index 0000000..1c17ca2
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4. Securing NFS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="3.2.3.5. Use Kerberos Authentication" /><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="3.2.4.2. Beware of Syntax Errors" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_NFS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Securing NFS</h3></div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The version of NFS included in Fedora, NFSv4, no longer requires the <code class="command">portmap</code> service as outlined in <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html">Section 3.2.2, “Securing Portmap”</a>. NFS traffic now utilizes TCP in all versions, rather than UDP, and requires it when using NFSv4. NFSv4 now includes Kerberos user and group authentication, as part of the <code class="filename">RPCSEC_GSS</code> kernel module. Information on <code class="command">portmap</code> is still included, since Fedora supports NFSv2 and NFSv3, both of which utilize <code class="command">portmap</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">3.2.4.1. Carefully Plan the Network</h4></div></div></div><div class="para">
+ Now that NFSv4 has the ability to pass all information encrypted using Kerberos over a network, it is important that the service be configured correctly if it is behind a firewall or on a segmented network. NFSv2 and NFSv3 still pass data insecurely, and this should be taken into consideration. Careful network design in all of these regards can help prevent security breaches.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong>3.2.3.5. Use Kerberos Authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong>3.2.4.2. Beware of Syntax Errors</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html
new file mode 100644
index 0000000..df1172c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3. Securing NIS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="3.2.2.2. Protect portmap With iptables" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="3.2.3.2. Use a Password-like NIS Domain Name and Hostname" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_NIS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Securing NIS</h3></div></div></div><div class="para">
+ The <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) is an RPC service, called <code class="command">ypserv</code>, which is used in conjunction with <code class="command">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+ </div><div class="para">
+ An NIS server is comprised of several applications. They include the following:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.yppasswdd</code> — Also called the <code class="command">yppasswdd</code> service, this daemon allows users to change their NIS passwords.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.ypxfrd</code> — Also called the <code class="command">ypxfrd</code> service, this daemon is responsible for NIS map transfers over the network.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/yppush</code> — This application propagates changed NIS databases to multiple NIS servers.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/ypserv</code> — This is the NIS server daemon.
+ </div></li></ul></div><div class="para">
+ NIS is somewhat insecure by today's standards. It has no host authentication mechanisms and transmits all of its information over the network unencrypted, including password hashes. As a result, extreme care must be taken when setting up a network that uses NIS. This is further complicated by the fact that the default configuration of NIS is inherently insecure.
+ </div><div class="para">
+ It is recommended that anyone planning to implement an NIS server first secure the <code class="command">portmap</code> service as outlined in <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html">Section 3.2.2, “Securing Portmap”</a>, then address the following issues, such as network planning.
+ </div><div class="section" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network">3.2.3.1. Carefully Plan the Network</h4></div></div></div><div class="para">
+ Because NIS transmits sensitive information unencrypted over the network, it is important the service be run behind a firewall and on a segmented and secure network. Whenever NIS information is transmitted over an insecure network, it risks being intercepted. Careful network design can help prevent severe security breaches.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong>3.2.2.2. Protect portmap With iptables</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong>3.2.3.2. Use a Password-like NIS Domain Name and ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html
new file mode 100644
index 0000000..19e30a1
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2. Securing Portmap</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="3.2.2.2. Protect portmap With iptables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security
_Guide-Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_Portmap"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Securing Portmap</h3></div></div></div><div class="para">
+ The <code class="command">portmap</code> service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Securing <code class="command">portmap</code> only affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement an NFSv2 or NFSv3 server, then <code class="command">portmap</code> is required, and the following section applies.
+ </div></div></div><div class="para">
+ If running RPC services, follow these basic rules.
+ </div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers">3.2.2.1. Protect portmap With TCP Wrappers</h4></div></div></div><div class="para">
+ It is important to use TCP Wrappers to limit which networks or hosts have access to the <code class="command">portmap</code> service since it has no built-in form of authentication.
+ </div><div class="para">
+ Further, use <span class="emphasis"><em>only</em></span> IP addresses when limiting access to the service. Avoid using hostnames, as they can be forged by DNS poisoning and other methods.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong>3.2. Server Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong>3.2.2.2. Protect portmap With iptables</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html
new file mode 100644
index 0000000..d55d900
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7. Securing Sendmail</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="3.2.6.4. Use TCP Wrappers To Control Access" /><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="3.2.7.2. NFS and Sendmail" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Securing Sendmail</h3></div></div></div><div class="para">
+ Sendmail is a Mail Transfer Agent (MTA) that uses the Simple Mail Transfer Protocol (SMTP) to deliver electronic messages between other MTAs and to email clients or delivery agents. Although many MTAs are capable of encrypting traffic between one another, most do not, so sending email over any public networks is considered an inherently insecure form of communication.
+ </div><div class="para">
+ It is recommended that anyone planning to implement a Sendmail server address the following issues.
+ </div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">3.2.7.1. Limiting a Denial of Service Attack</h4></div></div></div><div class="para">
+ Because of the nature of email, a determined attacker can flood the server with mail fairly easily and cause a denial of service. By setting limits to the following directives in <code class="filename">/etc/mail/sendmail.mc</code>, the effectiveness of such attacks is limited.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">confCONNECTION_RATE_THROTTLE</code> — The number of connections the server can receive per second. By default, Sendmail does not limit the number of connections. If a limit is set and reached, further connections are delayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_DAEMON_CHILDREN</code> — The maximum number of child processes that can be spawned by the server. By default, Sendmail does not assign a limit to the number of child processes. If a limit is set and reached, further connections are delayed.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMIN_FREE_BLOCKS</code> — The minimum number of free blocks which must be available for the server to accept mail. The default is 100 blocks.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_HEADERS_LENGTH</code> — The maximum acceptable size (in bytes) for a message header.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_MESSAGE_SIZE</code> — The maximum acceptable size (in bytes) for a single message.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong>3.2.6.4. Use TCP Wrappers To Control Access</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong>3.2.7.2. NFS and Sendmail</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
new file mode 100644
index 0000000..2d0147e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.5. Securing the Apache HTTP Server</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html" title="3.2.4.4. NFS Firewall Configuration" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Securing FTP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Securi
ty_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Securing the Apache HTTP Server</h3></div></div></div><div class="para">
+ The Apache HTTP Server is one of the most stable and secure services that ships with Fedora. A large number of options and techniques are available to secure the Apache HTTP Server — too numerous to delve into deeply here. The following section briefly explains good practices when running the Apache HTTP Server.
+ </div><div class="para">
+ Always verify that any scripts running on the system work as intended <span class="emphasis"><em>before</em></span> putting them into production. Also, ensure that only the root user has write permissions to any directory containing scripts or CGIs. To do this, run the following commands as the root user:
+ </div><div class="orderedlist"><ol><li class="listitem"><pre class="screen">chown root <em class="replaceable"><code><directory_name></code></em></pre></li><li class="listitem"><pre class="screen">chmod 755 <em class="replaceable"><code><directory_name></code></em></pre></li></ol></div><div class="para">
+ System administrators should be careful when using the following configuration options (configured in <code class="filename">/etc/httpd/conf/httpd.conf</code>):
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><code class="option">FollowSymLinks</code></span></dt><dd><div class="para">
+ This directive is enabled by default, so be sure to use caution when creating symbolic links to the document root of the Web server. For instance, it is a bad idea to provide a symbolic link to <code class="filename">/</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">Indexes</code></span></dt><dd><div class="para">
+ This directive is enabled by default, but may not be desirable. To prevent visitors from browsing files on the server, remove this directive.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">UserDir</code></span></dt><dd><div class="para">
+ The <code class="option">UserDir</code> directive is disabled by default because it can confirm the presence of a user account on the system. To enable user directory browsing on the server, use the following directives:
+ </div><pre class="screen">UserDir enabled
+UserDir disabled root</pre><div class="para">
+ These directives activate user directory browsing for all user directories other than <code class="filename">/root/</code>. To add users to the list of disabled accounts, add a space-delimited list of users on the <code class="option">UserDir disabled</code> line.
+ </div></dd></dl></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Do not remove the <code class="option">IncludesNoExec</code> directive. By default, the <em class="firstterm">Server-Side Includes</em> (<abbr class="abbrev">SSI</abbr>) module cannot execute commands. It is recommended that you do not change this setting unless absolutely necessary, as it could, potentially, enable an attacker to execute commands on the system.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Prev</strong>3.2.4.4. NFS Firewall Configuration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong>3.2.6. Securing FTP</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
new file mode 100644
index 0000000..c9946f5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.8. Verifying Which Ports Are Listening</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="3.2.7.3. Mail-only Users" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sen
dmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Verifying Which Ports Are Listening</h3></div></div></div><div class="para">
+ After configuring network services, it is important to pay attention to which ports are actually listening on the system's network interfaces. Any open ports can be evidence of an intrusion.
+ </div><div class="para">
+ There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack using commands such as <code class="command">netstat -an</code> or <code class="command">lsof -i</code>. This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized network ports by replacing <code class="command">netstat</code> and <code class="command">lsof</code> with their own, modified versions.
+ </div><div class="para">
+ A more reliable way to check which ports are listening on the network is to use a port scanner such as <code class="command">nmap</code>.
+ </div><div class="para">
+ The following command issued from the console determines which ports are listening for TCP connections from the network:
+ </div><pre class="screen">nmap -sT -O localhost</pre><div class="para">
+ The output of this command appears as follows:
+ </div><pre class="screen">Starting Nmap 4.68 ( http://nmap.org ) at 2009-03-06 12:08 EST
+Interesting ports on localhost.localdomain (127.0.0.1):
+Not shown: 1711 closed ports
+PORT STATE SERVICE
+22/tcp open ssh
+25/tcp open smtp
+111/tcp open rpcbind
+113/tcp open auth
+631/tcp open ipp
+834/tcp open unknown
+2601/tcp open zebra
+32774/tcp open sometimes-rpc11
+Device type: general purpose
+Running: Linux 2.6.X
+OS details: Linux 2.6.17 - 2.6.24
+Uptime: 4.122 days (since Mon Mar 2 09:12:31 2009)
+Network Distance: 0 hops
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 1.420 seconds</pre><div class="para">
+ This output shows the system is running <code class="command">portmap</code> due to the presence of the <code class="computeroutput">sunrpc</code> service. However, there is also a mystery service on port 834. To check if the port is associated with the official list of known services, type:
+ </div><pre class="screen">cat /etc/services | grep 834</pre><div class="para">
+ This command returns no output. This indicates that while the port is in the reserved range (meaning 0 through 1023) and requires root access to open, it is not associated with a known service.
+ </div><div class="para">
+ Next, check for information about the port using <code class="command">netstat</code> or <code class="command">lsof</code>. To check for port 834 using <code class="command">netstat</code>, use the following command:
+ </div><pre class="screen">netstat -anp | grep 834</pre><div class="para">
+ The command returns the following output:
+ </div><pre class="screen">tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind</pre><div class="para">
+ The presence of the open port in <code class="command">netstat</code> is reassuring because a cracker opening a port surreptitiously on a hacked system is not likely to allow it to be revealed through this command. Also, the <code class="option">[p]</code> option reveals the process ID (PID) of the service that opened the port. In this case, the open port belongs to <code class="command">ypbind</code> (<abbr class="abbrev">NIS</abbr>), which is an <abbr class="abbrev">RPC</abbr> service handled in conjunction with the <code class="command">portmap</code> service.
+ </div><div class="para">
+ The <code class="command">lsof</code> command reveals similar information to <code class="command">netstat</code> since it is also capable of linking open ports to services:
+ </div><pre class="screen">lsof -i | grep 834</pre><div class="para">
+ The relevant portion of the output from this command follows:
+ </div><pre class="screen">ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)</pre><div class="para">
+ These tools reveal a great deal about the status of the services running on a machine. These tools are flexible and can provide a wealth of information about network services and configuration. Refer to the man pages for <code class="command">lsof</code>, <code class="command">netstat</code>, <code class="command">nmap</code>, and <code class="filename">services</code> for more information.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong>3.2.7.3. Mail-only Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong>3.3. Single Sign-on (SSO)</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html
new file mode 100644
index 0000000..d100630
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Server Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Securing Portmap" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap
-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Server_Security" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Server_Security">3.2. Server Security</h2></div></div></div><div class="para">
+ When a system is used as a server on a public network, it becomes a target for attacks. Hardening the system and locking down services is therefore of paramount importance for the system administrator.
+ </div><div class="para">
+ Before delving into specific issues, review the following general tips for enhancing server security:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Keep all services current, to protect against the latest threats.
+ </div></li><li class="listitem"><div class="para">
+ Use secure protocols whenever possible.
+ </div></li><li class="listitem"><div class="para">
+ Serve only one type of network service per machine whenever possible.
+ </div></li><li class="listitem"><div class="para">
+ Monitor all servers carefully for suspicious activity.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Securing Services With TCP Wrappers and xinetd</h3></div></div></div><div class="para">
+ <em class="firstterm">TCP Wrappers</em> provide access control to a variety of services. Most modern network services, such as SSH, Telnet, and FTP, make use of TCP Wrappers, which stand guard between an incoming request and the requested service.
+ </div><div class="para">
+ The benefits offered by TCP Wrappers are enhanced when used in conjunction with <code class="command">xinetd</code>, a super server that provides additional access, logging, binding, redirection, and resource utilization control.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ It is a good idea to use iptables firewall rules in conjunction with TCP Wrappers and <code class="command">xinetd</code> to create redundancy within service access controls. Refer to <a class="xref" href="sect-Security_Guide-Firewalls.html">Section 3.8, “Firewalls”</a> for more information about implementing firewalls with iptables commands.
+ </div></div></div><div class="para">
+ The following subsections assume a basic knowledge of each topic and focus on specific security options.
+ </div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">3.2.1.1. Enhancing Security With TCP Wrappers</h4></div></div></div><div class="para">
+ TCP Wrappers are capable of much more than denying access to services. This section illustrates how they can be used to send connection banners, warn of attacks from particular hosts, and enhance logging functionality. Refer to the <code class="filename">hosts_options</code> man page for information about the TCP Wrapper functionality and control language.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">3.2.1.1.1. TCP Wrappers and Connection Banners</h5></div></div></div><div class="para">
+ Displaying a suitable banner when users connect to a service is a good way to let potential attackers know that the system administrator is being vigilant. You can also control what information about the system is presented to users. To implement a TCP Wrappers banner for a service, use the <code class="option">banner</code> option.
+ </div><div class="para">
+ This example implements a banner for <code class="command">vsftpd</code>. To begin, create a banner file. It can be anywhere on the system, but it must have same name as the daemon. For this example, the file is called <code class="filename">/etc/banners/vsftpd</code> and contains the following line:
+ </div><pre class="screen">220-Hello, %c
+220-All activity on ftp.example.com is logged.
+220-Inappropriate use will result in your access privileges being removed.</pre><div class="para">
+ The <code class="command">%c</code> token supplies a variety of client information, such as the username and hostname, or the username and IP address to make the connection even more intimidating.
+ </div><div class="para">
+ For this banner to be displayed to incoming connections, add the following line to the <code class="filename">/etc/hosts.allow</code> file:
+ </div><pre class="screen"><code class="command"> vsftpd : ALL : banners /etc/banners/ </code></pre></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings">3.2.1.1.2. TCP Wrappers and Attack Warnings</h5></div></div></div><div class="para">
+ If a particular host or network has been detected attacking the server, TCP Wrappers can be used to warn the administrator of subsequent attacks from that host or network using the <code class="command">spawn</code> directive.
+ </div><div class="para">
+ In this example, assume that a cracker from the 206.182.68.0/24 network has been detected attempting to attack the server. Place the following line in the <code class="filename">/etc/hosts.deny</code> file to deny any connection attempts from that network, and to log the attempts to a special file:
+ </div><pre class="screen"><code class="command"> ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert </code></pre><div class="para">
+ The <code class="command">%d</code> token supplies the name of the service that the attacker was trying to access.
+ </div><div class="para">
+ To allow the connection and log it, place the <code class="command">spawn</code> directive in the <code class="filename">/etc/hosts.allow</code> file.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Because the <code class="command">spawn</code> directive executes any shell command, it is a good idea to create a special script to notify the administrator or execute a chain of commands in the event that a particular client attempts to connect to the server.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">3.2.1.1.3. TCP Wrappers and Enhanced Logging</h5></div></div></div><div class="para">
+ If certain types of connections are of more concern than others, the log level can be elevated for that service using the <code class="command">severity</code> option.
+ </div><div class="para">
+ For this example, assume that anyone attempting to connect to port 23 (the Telnet port) on an FTP server is a cracker. To denote this, place an <code class="command">emerg</code> flag in the log files instead of the default flag, <code class="command">info</code>, and deny the connection.
+ </div><div class="para">
+ To do this, place the following line in <code class="filename">/etc/hosts.deny</code>:
+ </div><pre class="screen"><code class="command"> in.telnetd : ALL : severity emerg </code></pre><div class="para">
+ This uses the default <code class="command">authpriv</code> logging facility, but elevates the priority from the default value of <code class="command">info</code> to <code class="command">emerg</code>, which posts log messages directly to the console.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd">3.2.1.2. Enhancing Security With xinetd</h4></div></div></div><div class="para">
+ This section focuses on using <code class="command">xinetd</code> to set a trap service and using it to control resource levels available to any given <code class="command">xinetd</code> service. Setting resource limits for services can help thwart <em class="firstterm">Denial of Service</em> (<acronym class="acronym">DoS</acronym>) attacks. Refer to the man pages for <code class="command">xinetd</code> and <code class="filename">xinetd.conf</code> for a list of available options.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap">3.2.1.2.1. Setting a Trap</h5></div></div></div><div class="para">
+ One important feature of <code class="command">xinetd</code> is its ability to add hosts to a global <code class="filename">no_access</code> list. Hosts on this list are denied subsequent connections to services managed by <code class="command">xinetd</code> for a specified period or until <code class="command">xinetd</code> is restarted. You can do this using the <code class="command">SENSOR</code> attribute. This is an easy way to block hosts attempting to scan the ports on the server.
+ </div><div class="para">
+ The first step in setting up a <code class="command">SENSOR</code> is to choose a service you do not plan on using. For this example, Telnet is used.
+ </div><div class="para">
+ Edit the file <code class="filename">/etc/xinetd.d/telnet</code> and change the <code class="option">flags</code> line to read:
+ </div><pre class="screen">flags = SENSOR</pre><div class="para">
+ Add the following line:
+ </div><pre class="screen">deny_time = 30</pre><div class="para">
+ This denies any further connection attempts to that port by that host for 30 minutes. Other acceptable values for the <code class="command">deny_time</code> attribute are FOREVER, which keeps the ban in effect until <code class="command">xinetd</code> is restarted, and NEVER, which allows the connection and logs it.
+ </div><div class="para">
+ Finally, the last line should read:
+ </div><pre class="screen">disable = no</pre><div class="para">
+ This enables the trap itself.
+ </div><div class="para">
+ While using <code class="option">SENSOR</code> is a good way to detect and stop connections from undesirable hosts, it has two drawbacks:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ It does not work against stealth scans.
+ </div></li><li class="listitem"><div class="para">
+ An attacker who knows that a <code class="option">SENSOR</code> is running can mount a Denial of Service attack against particular hosts by forging their IP addresses and connecting to the forbidden port.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources">3.2.1.2.2. Controlling Server Resources</h5></div></div></div><div class="para">
+ Another important feature of <code class="command">xinetd</code> is its ability to set resource limits for services under its control.
+ </div><div class="para">
+ It does this using the following directives:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">cps = <number_of_connections> <wait_period></code> — Limits the rate of incoming connections. This directive takes two arguments:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><number_of_connections></code> — The number of connections per second to handle. If the rate of incoming connections is higher than this, the service is temporarily disabled. The default value is fifty (50).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><wait_period></code> — The number of seconds to wait before re-enabling the service after it has been disabled. The default interval is ten (10) seconds.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">instances = <number_of_connections></code> — Specifies the total number of connections allowed to a service. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">per_source = <number_of_connections></code> — Specifies the number of connections allowed to a service by each host. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_as = <number[K|M]></code> — Specifies the amount of memory address space the service can occupy in kilobytes or megabytes. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_cpu = <number_of_seconds></code> — Specifies the amount of time in seconds that a service may occupy the CPU. This directive accepts either an integer value or <code class="command">UNLIMITED</code>.
+ </div></li></ul></div><div class="para">
+ Using these directives can help prevent any single <code class="command">xinetd</code> service from overwhelming the system, resulting in a denial of service.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong>Chapter 3. Securing Your Network</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong>3.2.2. Securing Portmap</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
new file mode 100644
index 0000000..e8e101e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.5. Configuring Firefox to use Kerberos for SSO</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="3.3.4. How Smart Card Login Works" /><link rel="next" href="sect-Security_Guide-Yubikey.html" title="3.4. Yubikey" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_
Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configuring Firefox to use Kerberos for SSO</h3></div></div></div><div class="para">
+ You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <abbr class="abbrev">KDC</abbr>.The following section describes the configuration changes and other requirements to achieve this.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In the address bar of Firefox, type <strong class="userinput"><code>about:config</code></strong> to display the list of current configuration options.
+ </div></li><li class="listitem"><div class="para">
+ In the <span class="guilabel"><strong>Filter</strong></span> field, type <strong class="userinput"><code>negotiate</code></strong> to restrict the list of options.
+ </div></li><li class="listitem"><div class="para">
+ Double-click the <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> entry to display the <span class="emphasis"><em>Enter string value</em></span> dialog box.
+ </div></li><li class="listitem"><div class="para">
+ Enter the name of the domain against which you want to authenticate, for example, <em class="replaceable"><code>.example.com</code></em>.
+ </div></li><li class="listitem"><div class="para">
+ Repeat the above procedure for the <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> entry, using the same domain.
+ </div><div class="para">
+ <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You can leave this value blank, as it allows Kerberos ticket passing, which is not required.
+ </div><div class="para">
+ If you do not see these two configuration options listed, your version of Firefox may be too old to support Negotiate authentication, and you should consider upgrading.
+ </div></div></div>
+
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Configuring_Firefox_for_SSO_with_Kerberos"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firefox_kerberos_SSO.png" width="444" alt="Configuring Firefox for SSO with Kerberos" /><div class="longdesc"><div class="para">
+ Configuring Firefox to use Kerberos for SSO.
+ </div></div></div></div><h6>Figure 3.6. Configuring Firefox for SSO with Kerberos</h6></div><br class="figure-break" /><div class="para">
+ You now need to ensure that you have Kerberos tickets. In a command shell, type <code class="command">kinit</code> to retrieve Kerberos tickets. To display the list of available tickets, type <code class="command">klist</code>. The following shows an example output from these commands:
+ </div><pre class="screen">[user at host ~] $ kinit
+Password for user at EXAMPLE.COM:
+
+[user at host ~] $ klist
+Ticket cache: FILE:/tmp/krb5cc_10920
+Default principal: user at EXAMPLE.COM
+
+Valid starting Expires Service principal
+10/26/06 23:47:54 10/27/06 09:47:54 krbtgt/USER.COM at USER.COM
+ renew until 10/26/06 23:47:54
+
+Kerberos 4 ticket cache: /tmp/tkt10920
+klist: You have no tickets cached</pre><div class="section" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting">3.3.5.1. Troubleshooting</h4></div></div></div><div class="para">
+ If you have followed the configuration steps above and Negotiate authentication is not working, you can turn on verbose logging of the authentication process. This could help you find the cause of the problem. To enable verbose logging, use the following procedure:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Close all instances of Firefox.
+ </div></li><li class="listitem"><div class="para">
+ Open a command shell, and enter the following commands:
+ </div><pre class="screen">export NSPR_LOG_MODULES=negotiateauth:5
+export NSPR_LOG_FILE=/tmp/moz.log</pre></li><li class="listitem"><div class="para">
+ Restart Firefox <span class="emphasis"><em>from that shell</em></span>, and visit the website you were unable to authenticate to earlier. Information will be logged to <code class="filename">/tmp/moz.log</code>, and may give a clue to the problem. For example:
+ </div><pre class="screen">-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
+-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
+No credentials cache found</pre><div class="para">
+ This indicates that you do not have Kerberos tickets, and need to run <code class="command">kinit</code>.
+ </div></li></ol></div><div class="para">
+ If you are able to run <code class="command">kinit</code> successfully from your machine but you are unable to authenticate, you might see something like this in the log file:
+ </div><pre class="screen">-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
+-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
+Server not found in Kerberos database</pre><div class="para">
+ This generally indicates a Kerberos configuration problem. Make sure that you have the correct entries in the [domain_realm] section of the <code class="filename">/etc/krb5.conf</code> file. For example:
+ </div><pre class="screen">.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ If nothing appears in the log it is possible that you are behind a proxy, and that proxy is stripping off the HTTP headers required for Negotiate authentication. As a workaround, you can try to connect to the server using HTTPS instead, which allows the request to pass through unmodified. Then proceed to debug using the log file, as described above.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong>3.3.4. How Smart Card Login Works</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey.html"><strong>Next</strong>3.4. Yubikey</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
new file mode 100644
index 0000000..93d0f09
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.2. Getting Started with your new Smart Card</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="3.3.3. How Smart Card Enrollment Works" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p"
href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Getting Started with your new Smart Card</h3></div></div></div><div class="para">
+ Before you can use your smart card to log in to your system and take advantage of the increased security options this technology provides, you need to perform some basic installation and configuration steps. These are described below.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ This section provides a high-level view of getting started with your smart card. More detailed information is available in the Red Hat Certificate System Enterprise Security Client Guide.
+ </div></div></div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Log in with your Kerberos name and password
+ </div></li><li class="step"><div class="para">
+ Make sure you have the <code class="filename">nss-tools</code> package loaded.
+ </div></li><li class="step"><div class="para">
+ Download and install your corporate-specific root certificates. Use the following command to install the root CA certificate:
+ </div><pre class="screen">certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i ./ca_cert_in_base64_format.crt</pre></li><li class="step"><div class="para">
+ Verify that you have the following RPMs installed on your system: esc, pam_pkcs11, coolkey, ifd-egate, ccid, gdm, authconfig, and authconfig-gtk.
+ </div></li><li class="step"><div class="para">
+ Enable Smart Card Login Support
+ </div><ol class="a"><li class="step"><div class="para">
+ On the Gnome Title Bar, select System->Administration->Authentication.
+ </div></li><li class="step"><div class="para">
+ Type your machine's root password if necessary.
+ </div></li><li class="step"><div class="para">
+ In the Authentication Configuration dialog, click the <span class="guilabel"><strong>Authentication</strong></span> tab.
+ </div></li><li class="step"><div class="para">
+ Select the <span class="guilabel"><strong>Enable Smart Card Support</strong></span> check box.
+ </div></li><li class="step"><div class="para">
+ Click the <span class="guibutton"><strong>Configure Smart Card...</strong></span> button to display the Smartcard Settings dialog, and specify the required settings:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Require smart card for login</strong></span> — Clear this check box. After you have successfully logged in with the smart card you can select this option to prevent users from logging in without a smart card.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Card Removal Action</strong></span> — This controls what happens when you remove the smart card after you have logged in. The available options are:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Lock</strong></span> — Removing the smart card locks the X screen.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Ignore</strong></span> — Removing the smart card has no effect.
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </div></li></ol></li><li class="step"><div class="para">
+ If you need to enable the Online Certificate Status Protocol (<abbr class="abbrev">OCSP</abbr>), open the <code class="filename">/etc/pam_pkcs11/pam_pkcs11.conf</code> file, and locate the following line:
+ </div><div class="para">
+ <code class="command">enable_ocsp = false;</code>
+ </div><div class="para">
+ Change this value to true, as follows:
+ </div><div class="para">
+ <code class="command">enable_ocsp = true;</code>
+ </div></li><li class="step"><div class="para">
+ Enroll your smart card
+ </div></li><li class="step"><div class="para">
+ If you are using a CAC card, you also need to perform the following steps:
+ </div><ol class="a"><li class="step"><div class="para">
+ Change to the root account and create a file called <code class="filename">/etc/pam_pkcs11/cn_map</code>.
+ </div></li><li class="step"><div class="para">
+ Add the following entry to the <code class="filename">cn_map</code> file:
+ </div><div class="para">
+ <em class="replaceable"><code>MY.CAC_CN.123454</code></em> -> <em class="replaceable"><code>myloginid</code></em>
+ </div><div class="para">
+ where <em class="replaceable"><code>MY.CAC_CN.123454</code></em> is the Common Name on your CAC and <em class="replaceable"><code>myloginid</code></em> is your UNIX login ID.
+ </div></li></ol></li><li class="step"><div class="para">
+ Logout
+ </div></li></ol></div><div class="section" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting">3.3.2.1. Troubleshooting</h4></div></div></div><div class="para">
+ If you have trouble getting your smart card to work, try using the following command to locate the source of the problem:
+ </div><pre class="screen">pklogin_finder debug</pre><div class="para">
+ If you run the <code class="command">pklogin_finder</code> tool in debug mode while an enrolled smart card is plugged in, it attempts to output information about the validity of certificates, and if it is successful in attempting to map a login ID from the certificates that are on the card.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong>3.3. Single Sign-on (SSO)</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong>3.3.3. How Smart Card Enrollment Works</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
new file mode 100644
index 0000000..73a1ec8
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.3. How Smart Card Enrollment Works</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="3.3.2. Getting Started with your new Smart Card" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="3.3.4. How Smart Card Login Works" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. How Smart Card Enrollment Works</h3></div></div></div><div class="para">
+ Smart cards are said to be <em class="firstterm">enrolled</em> when they have received an appropriate certificate signed by a valid Certificate Authority (<abbr class="abbrev">CA</abbr>). This involves several steps, described below:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ The user inserts their smart card into the smart card reader on their workstation. This event is recognized by the Enterprise Security Client (<abbr class="abbrev">ESC</abbr>).
+ </div></li><li class="listitem"><div class="para">
+ The enrollment page is displayed on the user's desktop. The user completes the required details and the user's system then connects to the Token Processing System (<abbr class="abbrev">TPS</abbr>) and the <abbr class="abbrev">CA</abbr>.
+ </div></li><li class="listitem"><div class="para">
+ The <abbr class="abbrev">TPS</abbr> enrolls the smart card using a certificate signed by the <abbr class="abbrev">CA</abbr>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Enrollment_Works-How_Smart_Card_Enrollment_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLoginEnrollment.png" width="444" alt="How Smart Card Enrollment Works" /><div class="longdesc"><div class="para">
+ How Smart Card Enrollment Works.
+ </div></div></div></div><h6>Figure 3.4. How Smart Card Enrollment Works</h6></div><br class="figure-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong>3.3.2. Getting Started with your new Smart Card</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong>3.3.4. How Smart Card Login Works</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
new file mode 100644
index 0000000..f9e04a9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.4. How Smart Card Login Works</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="3.3.3. How Smart Card Enrollment Works" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="3.3.5. Configuring Firefox to use Kerberos for SSO" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Sit
e" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. How Smart Card Login Works</h3></div></div></div><div class="para">
+ This section provides a brief overview of the process of logging in using a smart card.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ When the user inserts their smart card into the smart card reader, this event is recognized by the PAM facility, which prompts for the user's PIN.
+ </div></li><li class="listitem"><div class="para">
+ The system then looks up the user's current certificates and verifies their validity. The certificate is then mapped to the user's UID.
+ </div></li><li class="listitem"><div class="para">
+ This is validated against the KDC and login granted.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Login_Works-How_Smart_Card_Login_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLogin.png" width="444" alt="How Smart Card Login Works" /><div class="longdesc"><div class="para">
+ How Smart Card Login Works.
+ </div></div></div></div><h6>Figure 3.5. How Smart Card Login Works</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ You cannot log in with a card that has not been enrolled, even if it has been formatted. You need to log in with a formatted, enrolled card, or not using a smart card, before you can enroll a new card.
+ </div></div></div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Kerberos.html">Section 3.7, “Kerberos”</a> and <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Section 3.5, “Pluggable Authentication Modules (PAM)”</a> for more information on Kerberos and <acronym class="acronym">PAM</acronym>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong>3.3.3. How Smart Card Enrollment Works</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong>3.3.5. Configuring Firefox to use Kerberos for SSO</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html
new file mode 100644
index 0000000..e4772d6
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Single Sign-on (SSO)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="3.2.8. Verifying Which Ports Are Listening" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="3.3.2. Getting Started with your new Smart Card" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Single_Sign_on_SSO" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduction</h3></div></div></div><div class="para">
+ The Fedora SSO functionality reduces the number of times Fedora desktop users have to enter their passwords. Several major applications leverage the same underlying authentication and authorization mechanisms so that users can log in to Fedora from the log-in screen, and then not need to re-enter their passwords. These applications are detailed below.
+ </div><div class="para">
+ In addition, users can log in to their machines even when there is no network (<em class="firstterm">offline mode</em>) or where network connectivity is unreliable, for example, wireless access. In the latter case, services will degrade gracefully.
+ </div><div class="section" id="sect-Security_Guide-Introduction-Supported_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Applications">3.3.1.1. Supported Applications</h4></div></div></div><div class="para">
+ The following applications are currently supported by the unified log-in scheme in Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Login
+ </div></li><li class="listitem"><div class="para">
+ Screensaver
+ </div></li><li class="listitem"><div class="para">
+ Firefox and Thunderbird
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">3.3.1.2. Supported Authentication Mechanisms</h4></div></div></div><div class="para">
+ Fedora currently supports the following authentication mechanisms:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Kerberos name/password login
+ </div></li><li class="listitem"><div class="para">
+ Smart card/PIN login
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Smart_Cards"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Smart_Cards">3.3.1.3. Supported Smart Cards</h4></div></div></div><div class="para">
+ Fedora has been tested with the Cyberflex e-gate card and reader, but any card that complies with both Java card 2.1.1 and Global Platform 2.0.1 specifications should operate correctly, as should any reader that is supported by PCSC-lite.
+ </div><div class="para">
+ Fedora has also been tested with Common Access Cards (CAC). The supported reader for CAC is the SCM SCR 331 USB Reader.
+ </div><div class="para">
+ As of Fedora 5.2, Gemalto smart cards (Cyberflex Access 64k v2, standard with DER SHA1 value configured as in PKCSI v2.1) are now supported. These smart cards now use readers compliant with Chip/Smart Card Interface Devices (CCID).
+ </div></div><div class="section" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">3.3.1.4. Advantages of Fedora Single Sign-on</h4></div></div></div><div class="para">
+ Numerous security mechanisms currently exist that utilize a large number of protocols and credential stores. Examples include SSL, SSH, IPsec, and Kerberos. Fedora SSO aims to unify these schemes to support the requirements listed above. This does not mean replacing Kerberos with X.509v3 certificates, but rather uniting them to reduce the burden on both system users and the administrators who manage them.
+ </div><div class="para">
+ To achieve this goal, Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Provides a single, shared instance of the NSS crypto libraries on each operating system.
+ </div></li><li class="listitem"><div class="para">
+ Ships the Certificate System's Enterprise Security Client (ESC) with the base operating system. The ESC application monitors smart card insertion events. If it detects that the user has inserted a smart card that was designed to be used with the Fedora Certificate System server product, it displays a user interface instructing the user how to enroll that smart card.
+ </div></li><li class="listitem"><div class="para">
+ Unifies Kerberos and NSS so that users who log in to the operating system using a smart card also obtain a Kerberos credential (which allows them to log in to file servers, etc.)
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong>3.2.8. Verifying Which Ports Are Listening</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong>3.3.2. Getting Started with your new Smart Card</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
new file mode 100644
index 0000000..4040851
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.4. Install Signed Packages from Well Known Repositories</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 7. Software Maintenance" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="7.3. Adjusting Automatic Updates" /><link rel="next" href="chap-Security_Guide-CVE.html" title="Chapter 8. Common Vulnerabilities and Exposures" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-CVE.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Install Signed Packages from Well Known Repositories</h2></div></div></div><div class="para">
+ Software packages are published through repositories. All well known repositories support package signing. Package signing uses public key technology to prove that the package that was published by the repository has not been changed since the signature was applied. This provides some protection against installing software that may have been maliciously altered after the package was created but before you downloaded it.
+ </div><div class="para">
+ Using too many repositories, untrustworthy repositories, or repositories with unsigned packages has a higher risk of introducing malicious or vulnerable code into your system. Use caution when adding repositories to yum/software update.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong>7.3. Adjusting Automatic Updates</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-CVE.html"><strong>Next</strong>Chapter 8. Common Vulnerabilities and Exposures</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
new file mode 100644
index 0000000..fcaa96b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. Adjusting Automatic Updates</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 7. Software Maintenance" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="7.2. Plan and Configure Security Updates" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="7.4. Install Signed Packages from Well Known Repositories" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Adjusting Automatic Updates</h2></div></div></div><div class="para">
+ Fedora is configured to apply all updates on a daily schedule. If you want to change the how your system installs updates you must do so via <span class="application"><strong>Software Update Preferences</strong></span>. You can change the schedule, the type of updates to apply or to notify you of available updates.
+ </div><div class="para">
+ In Gnome, you can find controls for your updates at: <code class="code">System -> Preferences -> Software Updates</code>. In KDE it is located at: <code class="code">Applications -> Settings -> Software Updates</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong>7.2. Plan and Configure Security Updates</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong>7.4. Install Signed Packages from Well Known Repo...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
new file mode 100644
index 0000000..37e4d91
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Plan and Configure Security Updates</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 7. Software Maintenance" /><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 7. Software Maintenance" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="7.3. Adjusting Automatic Updates" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Plan and Configure Security Updates</h2></div></div></div><div class="para">
+ All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Unpatched systems are a common cause of computer intrusions. You should have a plan to install security patches in a timely manner to close those vulnerabilities so they can not be exploited.
+ </div><div class="para">
+ For home users, security updates should be installed as soon as possible. Configuring automatic installation of security updates is one way to avoid having to remember, but does carry a slight risk that something can cause a conflict with your configuration or with other software on the system.
+ </div><div class="para">
+ For business or advanced home users, security updates should be tested and schedule for installation. Additional controls will need to be used to protect the system during the time between the patch release and its installation on the system. These controls would depend on the exact vulnerability, but could include additional firewall rules, the use of external firewalls, or changes in software settings.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong>Chapter 7. Software Maintenance</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong>7.3. Adjusting Automatic Updates</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
new file mode 100644
index 0000000..b351a12
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2. Option Fields</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. TCP Wrappers Configuration Files" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. TCP Wrappers Configuration Files" /><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="3.6.2.2.2. Access Control" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Sit
e" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">3.6.2.2. Option Fields</h4></div></div></div><div class="para">
+ In addition to basic rules that allow and deny access, the Fedora implementation of TCP Wrappers supports extensions to the access control language through <em class="firstterm">option fields</em>. By using option fields in hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
+ </div><div class="section" id="sect-Security_Guide-Option_Fields-Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">3.6.2.2.1. Logging</h5></div></div></div><div class="para">
+ Option fields let administrators easily change the log facility and priority level for a rule by using the <code class="option">severity</code> directive.
+ </div><div class="para">
+ In the following example, connections to the SSH daemon from any host in the <code class="systemitem">example.com</code> domain are logged to the default <code class="option">authpriv</code> <code class="option">syslog</code> facility (because no facility value is specified) with a priority of <code class="option">emerg</code>:
+ </div><pre class="screen">sshd : .example.com : severity emerg</pre><div class="para">
+ It is also possible to specify a facility using the <code class="option">severity</code> option. The following example logs any SSH connection attempts by hosts from the <code class="systemitem">example.com</code> domain to the <code class="option">local0</code> facility with a priority of <code class="option">alert</code>:
+ </div><pre class="screen">sshd : .example.com : severity local0.alert</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ In practice, this example does not work until the syslog daemon (<code class="systemitem">syslogd</code>) is configured to log to the <code class="command">local0</code> facility. Refer to the <code class="filename">syslog.conf</code> man page for information about configuring custom log facilities.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong>3.6.2. TCP Wrappers Configuration Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong>3.6.2.2.2. Access Control</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
new file mode 100644
index 0000000..e997036
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5. Additional Resources</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers and xinetd" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="3.6.4.3.4. Resource Management Options" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="3.6.5.2. Useful TCP Wrappers Websites" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" />
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Additional Resources</h3></div></div></div><div class="para">
+ More information about TCP Wrappers and <code class="systemitem">xinetd</code> is available from system documentation and on the Internet.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">3.6.5.1. Installed TCP Wrappers Documentation</h4></div></div></div><div class="para">
+ The documentation on your system is a good place to start looking for additional configuration options for TCP Wrappers, <code class="systemitem">xinetd</code>, and access control.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/tcp_wrappers-<em class="replaceable"><code><version></code></em>/</code> — This directory contains a <code class="filename">README</code> file that discusses how TCP Wrappers work and the various hostname and host address spoofing risks that exist.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/xinetd-<em class="replaceable"><code><version></code></em>/</code> — This directory contains a <code class="filename">README</code> file that discusses aspects of access control and a <code class="filename">sample.conf</code> file with various ideas for modifying service-specific configuration files in the <code class="filename">/etc/xinetd.d/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ TCP Wrappers and <code class="systemitem">xinetd</code>-related man pages — A number of man pages exist for the various applications and configuration files involved with TCP Wrappers and <code class="systemitem">xinetd</code>. The following are some of the more important man pages:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Server Applications</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man xinetd</code> — The man page for <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Configuration Files</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man 5 hosts_access</code> — The man page for the TCP Wrappers hosts access control files.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man hosts_options</code> — The man page for the TCP Wrappers options fields.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man xinetd.conf</code> — The man page listing <code class="systemitem">xinetd</code> configuration options.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong>3.6.4.3.4. Resource Management Options</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong>3.6.5.2. Useful TCP Wrappers Websites</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
new file mode 100644
index 0000000..319e8cc
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2. TCP Wrappers Configuration Files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers and xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers and xinetd" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Option Fields" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers Configuration Files</h3></div></div></div><div class="para">
+ To determine if a client is allowed to connect to a service, TCP Wrappers reference the following two files, which are commonly referred to as <em class="firstterm">hosts access</em> files:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.allow</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.deny</code>
+ </div></li></ul></div><div class="para">
+ When a TCP-wrapped service receives a client request, it performs the following steps:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>It references <code class="filename">/etc/hosts.allow</code>.</em></span> — The TCP-wrapped service sequentially parses the <code class="filename">/etc/hosts.allow</code> file and applies the first rule specified for that service. If it finds a matching rule, it allows the connection. If not, it moves on to the next step.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>It references <code class="filename">/etc/hosts.deny</code>.</em></span> — The TCP-wrapped service sequentially parses the <code class="filename">/etc/hosts.deny</code> file. If it finds a matching rule, it denies the connection. If not, it grants access to the service.
+ </div></li></ol></div><div class="para">
+ The following are important points to consider when using TCP Wrappers to protect network services:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Because access rules in <code class="filename">hosts.allow</code> are applied first, they take precedence over rules specified in <code class="filename">hosts.deny</code>. Therefore, if access to a service is allowed in <code class="filename">hosts.allow</code>, a rule denying access to that same service in <code class="filename">hosts.deny</code> is ignored.
+ </div></li><li class="listitem"><div class="para">
+ The rules in each file are read from the top down and the first matching rule for a given service is the only one applied. The order of the rules is extremely important.
+ </div></li><li class="listitem"><div class="para">
+ If no rules for the service are found in either file, or if neither file exists, access to the service is granted.
+ </div></li><li class="listitem"><div class="para">
+ TCP-wrapped services do not cache the rules from the hosts access files, so any changes to <code class="filename">hosts.allow</code> or <code class="filename">hosts.deny</code> take effect immediately, without restarting network services.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ If the last line of a hosts access file is not a newline character (created by pressing the <span class="keycap"><strong>Enter</strong></span> key), the last rule in the file fails and an error is logged to either <code class="filename">/var/log/messages</code> or <code class="filename">/var/log/secure</code>. This is also the case for a rule that spans multiple lines without using the backslash character. The following example illustrates the relevant portion of a log message for a rule failure due to either of these circumstances:
+ </div><pre class="screen">warning: /etc/hosts.allow, line 20: missing newline or line too long</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules">3.6.2.1. Formatting Access Rules</h4></div></div></div><div class="para">
+ The format for both <code class="filename">/etc/hosts.allow</code> and <code class="filename">/etc/hosts.deny</code> is identical. Each rule must be on its own line. Blank lines or lines that start with a hash (#) are ignored.
+ </div><div class="para">
+ Each rule uses the following basic format to control access to network services:
+ </div><pre class="screen"><em class="replaceable"><code><daemon list></code></em>: <em class="replaceable"><code><client list></code></em> [: <em class="replaceable"><code><option></code></em>: <em class="replaceable"><code><option></code></em>: ...]</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="replaceable"><code><daemon list></code></em> — A comma-separated list of process names (<span class="emphasis"><em>not</em></span> service names) or the <code class="option">ALL</code> wildcard. The daemon list also accepts operators (refer to <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Operators">Section 3.6.2.1.4, “Operators”</a>) to allow greater flexibility.
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><client list></code></em> — A comma-separated list of hostnames, host IP addresses, special patterns, or wildcards which identify the hosts affected by the rule. The client list also accepts operators listed in <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Operators">Section 3.6.2.1.4, “Operators”</a> to allow greater flexibility.
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><option></code></em> — An optional action or colon-separated list of actions performed when the rule is triggered. Option fields support expansions, launch shell commands, allow or deny access, and alter logging behavior.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ More information on the specialist terms above can be found elsewhere in this Guide:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Wildcards">Section 3.6.2.1.1, “Wildcards”</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Patterns">Section 3.6.2.1.2, “Patterns”</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Option_Fields-Expansions.html">Section 3.6.2.2.4, “Expansions”</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html">Section 3.6.2.2, “Option Fields”</a>
+ </div></li></ul></div></div></div><div class="para">
+ The following is a basic sample hosts access rule:
+ </div><pre class="screen">vsftpd : .example.com</pre><div class="para">
+ This rule instructs TCP Wrappers to watch for connections to the FTP daemon (<code class="systemitem">vsftpd</code>) from any host in the <code class="systemitem">example.com</code> domain. If this rule appears in <code class="filename">hosts.allow</code>, the connection is accepted. If this rule appears in <code class="filename">hosts.deny</code>, the connection is rejected.
+ </div><div class="para">
+ The next sample hosts access rule is more complex and uses two option fields:
+ </div><pre class="screen">sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny</pre><div class="para">
+ Note that each option field is preceded by the backslash (\). Use of the backslash prevents failure of the rule due to length.
+ </div><div class="para">
+ This sample rule states that if a connection to the SSH daemon (<code class="systemitem">sshd</code>) is attempted from a host in the <code class="systemitem">example.com</code> domain, execute the <code class="command">echo</code> command to append the attempt to a special log file, and deny the connection. Because the optional <code class="command">deny</code> directive is used, this line denies access even if it appears in the <code class="filename">hosts.allow</code> file. Refer to <a class="xref" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html">Section 3.6.2.2, “Option Fields”</a> for a more detailed look at available options.
+ </div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards">3.6.2.1.1. Wildcards</h5></div></div></div><div class="para">
+ Wildcards allow TCP Wrappers to more easily match groups of daemons or hosts. They are used most frequently in the client list field of access rules.
+ </div><div class="para">
+ The following wildcards are available:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ALL</code> — Matches everything. It can be used for both the daemon list and the client list.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">LOCAL</code> — Matches any host that does not contain a period (.), such as localhost.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">KNOWN</code> — Matches any host where the hostname and host address are known or where the user is known.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">UNKNOWN</code> — Matches any host where the hostname or host address are unknown or where the user is unknown.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PARANOID</code> — Matches any host where the hostname does not match the host address.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ The <code class="option">KNOWN</code>, <code class="option">UNKNOWN</code>, and <code class="option">PARANOID</code> wildcards should be used with care, because they rely on functioning DNS server for correct operation. Any disruption to name resolution may prevent legitimate users from gaining access to a service.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Patterns"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Patterns">3.6.2.1.2. Patterns</h5></div></div></div><div class="para">
+ Patterns can be used in the client field of access rules to more precisely specify groups of client hosts.
+ </div><div class="para">
+ The following is a list of common patterns for entries in the client field:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Hostname beginning with a period (.)</em></span> — Placing a period at the beginning of a hostname matches all hosts sharing the listed components of the name. The following example applies to any host within the <code class="systemitem">example.com</code> domain:
+ </div><pre class="screen">ALL : .example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>IP address ending with a period (.)</em></span> — Placing a period at the end of an IP address matches all hosts sharing the initial numeric groups of an IP address. The following example applies to any host within the <code class="systemitem">192.168.x.x</code> network:
+ </div><pre class="screen">ALL : 192.168.</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>IP address/netmask pair</em></span> — Netmask expressions can also be used as a pattern to control access to a particular group of IP addresses. The following example applies to any host with an address range of <code class="systemitem">192.168.0.0</code> through <code class="systemitem">192.168.1.255</code>:
+ </div><pre class="screen">ALL : 192.168.0.0/255.255.254.0</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ When working in the IPv4 address space, the address/prefix length (<em class="firstterm">prefixlen</em>) pair declarations (<abbr class="abbrev">CIDR</abbr> notation) are not supported. Only IPv6 rules can use this format.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>[IPv6 address]/prefixlen pair</em></span> — [net]/prefixlen pairs can also be used as a pattern to control access to a particular group of IPv6 addresses. The following example would apply to any host with an address range of <code class="systemitem">3ffe:505:2:1::</code> through <code class="systemitem">3ffe:505:2:1:ffff:ffff:ffff:ffff</code>:
+ </div><pre class="screen">ALL : [3ffe:505:2:1::]/64</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>The asterisk (*)</em></span> — Asterisks can be used to match entire groups of hostnames or IP addresses, as long as they are not mixed in a client list containing other types of patterns. The following example would apply to any host within the <code class="systemitem">example.com</code> domain:
+ </div><pre class="screen">ALL : *.example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>The slash (/)</em></span> — If a client list begins with a slash, it is treated as a file name. This is useful if rules specifying large numbers of hosts are necessary. The following example refers TCP Wrappers to the <code class="filename">/etc/telnet.hosts</code> file for all Telnet connections:
+ </div><pre class="screen">in.telnetd : /etc/telnet.hosts</pre></li></ul></div><div class="para">
+ Other, lesser used, patterns are also accepted by TCP Wrappers. Refer to the <code class="filename">hosts_access</code> man 5 page for more information.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Be very careful when using hostnames and domain names. Attackers can use a variety of tricks to circumvent accurate name resolution. In addition, disruption to DNS service prevents even authorized users from using network services. It is, therefore, best to use IP addresses whenever possible.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers">3.6.2.1.3. Portmap and TCP Wrappers</h5></div></div></div><div class="para">
+ <code class="command">Portmap</code>'s implementation of TCP Wrappers does not support host look-ups, which means <code class="command">portmap</code> can not use hostnames to identify hosts. Consequently, access control rules for portmap in <code class="filename">hosts.allow</code> or <code class="filename">hosts.deny</code> must use IP addresses, or the keyword <code class="option">ALL</code>, for specifying hosts.
+ </div><div class="para">
+ Changes to <code class="command">portmap</code> access control rules may not take effect immediately. You may need to restart the <code class="command">portmap</code> service.
+ </div><div class="para">
+ Widely used services, such as NIS and NFS, depend on <code class="command">portmap</code> to operate, so be aware of these limitations.
+ </div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Operators"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Operators">3.6.2.1.4. Operators</h5></div></div></div><div class="para">
+ At present, access control rules accept one operator, <code class="option">EXCEPT</code>. It can be used in both the daemon list and the client list of a rule.
+ </div><div class="para">
+ The <code class="option">EXCEPT</code> operator allows specific exceptions to broader matches within the same rule.
+ </div><div class="para">
+ In the following example from a <code class="filename">hosts.allow</code> file, all <code class="systemitem">example.com</code> hosts are allowed to connect to all services except <code class="systemitem">cracker.example.com</code>:
+ </div><pre class="screen">ALL: .example.com EXCEPT cracker.example.com</pre><div class="para">
+ In another example from a <code class="filename">hosts.allow</code> file, clients from the <code class="systemitem">192.168.0.<em class="replaceable"><code>x</code></em></code> network can use all services except for FTP:
+ </div><pre class="screen">ALL EXCEPT vsftpd: 192.168.0.</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Organizationally, it is often easier to avoid using <code class="option">EXCEPT</code> operators. This allows other administrators to quickly scan the appropriate files to see what hosts are allowed or denied access to services, without having to sort through <code class="option">EXCEPT</code> operators.
+ </div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong>3.6. TCP Wrappers and xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong>3.6.2.2. Option Fields</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
new file mode 100644
index 0000000..49a6734
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.3. xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers and xinetd" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="3.6.2.2.4. Expansions" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd Configuration Files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</h3></div></div></div><div class="para">
+ The <code class="systemitem">xinetd</code> daemon is a TCP-wrapped <em class="firstterm">super service</em> which controls access to a subset of popular network services, including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
+ </div><div class="para">
+ When a client attempts to connect to a network service controlled by <code class="systemitem">xinetd</code>, the super service receives the request and checks for any TCP Wrappers access control rules.
+ </div><div class="para">
+ If access is allowed, <code class="systemitem">xinetd</code> verifies that the connection is allowed under its own access rules for that service. It also checks that the service can have more resources allotted to it and that it is not in breach of any defined rules.
+ </div><div class="para">
+ If all these conditions are met (that is, access is allowed to the service; the service has not reached its resource limit; and the service is not in breach of any defined rule), <code class="systemitem">xinetd</code> then starts an instance of the requested service and passes control of the connection to it. After the connection has been established, <code class="systemitem">xinetd</code> takes no further part in the communication between the client and the server.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong>3.6.2.2.4. Expansions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong>3.6.4. xinetd Configuration Files</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
new file mode 100644
index 0000000..e76a9eb
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4. xinetd Configuration Files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers and xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="3.6.3. xinetd" /><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="3.6.4.2. The /etc/xinetd.d/ Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acce
sskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd Configuration Files</h3></div></div></div><div class="para">
+ The configuration files for <code class="systemitem">xinetd</code> are as follows:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> — The global <code class="systemitem">xinetd</code> configuration file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> — The directory containing all service-specific files.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File">3.6.4.1. The /etc/xinetd.conf File</h4></div></div></div><div class="para">
+ The <code class="filename">/etc/xinetd.conf</code> file contains general configuration settings which affect every service under <code class="systemitem">xinetd</code>'s control. It is read when the <code class="systemitem">xinetd</code> service is first started, so for configuration changes to take effect, you need to restart the <code class="systemitem">xinetd</code> service. The following is a sample <code class="filename">/etc/xinetd.conf</code> file:
+ </div><pre class="screen">defaults
+{
+ instances = 60
+ log_type = SYSLOG authpriv
+ log_on_success = HOST PID
+ log_on_failure = HOST
+ cps = 25 30
+}
+includedir /etc/xinetd.d</pre><div class="para">
+ These lines control the following aspects of <code class="systemitem">xinetd</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">instances</code> — Specifies the maximum number of simultaneous requests that <code class="systemitem">xinetd</code> can process.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_type</code> — Configures <code class="systemitem">xinetd</code> to use the <code class="command">authpriv</code> log facility, which writes log entries to the <code class="filename">/var/log/secure</code> file. Adding a directive such as <code class="option">FILE /var/log/xinetdlog</code> would create a custom log file called <code class="filename">xinetdlog</code> in the <code class="filename">/var/log/</code> directory.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_success</code> — Configures <code class="systemitem">xinetd</code> to log successful connection attempts. By default, the remote host's IP address and the process ID of the server processing the request are recorded.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Configures <code class="systemitem">xinetd</code> to log failed connection attempts or if the connection was denied.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Configures <code class="systemitem">xinetd</code> to allow no more than 25 connections per second to any given service. If this limit is exceeded, the service is retired for 30 seconds.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">includedir</code> <code class="filename">/etc/xinetd.d/</code> — Includes options declared in the service-specific configuration files located in the <code class="filename">/etc/xinetd.d/</code> directory. Refer to <a class="xref" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html">Section 3.6.4.2, “The /etc/xinetd.d/ Directory”</a> for more information.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ Often, both the <code class="option">log_on_success</code> and <code class="option">log_on_failure</code> settings in <code class="filename">/etc/xinetd.conf</code> are further modified in the service-specific configuration files. More information may therefore appear in a given service's log file than the <code class="filename">/etc/xinetd.conf</code> file may indicate. Refer to <a class="xref" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html#sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">Section 3.6.4.3.1, “Logging Options”</a> for further information.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong>3.6.3. xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong>3.6.4.2. The /etc/xinetd.d/ Directory</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html
new file mode 100644
index 0000000..fc9228a
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6. TCP Wrappers and xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="3.5.8.2. Useful PAM Websites" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. TCP Wrappers Configuration Files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers and xinetd</h2></div></div></div><div class="para">
+ Controlling access to network services is one of the most important security tasks facing a server administrator. Fedora provides several tools for this purpose. For example, an <code class="command">iptables</code>-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, <em class="firstterm">TCP Wrappers</em> add an additional layer of protection by defining which hosts are or are not allowed to connect to "<span class="emphasis"><em>wrapped</em></span>" network services. One such wrapped network service is the <code class="systemitem">xinetd</code> <span class="emphasis"><em>super server</em></span>. This service is called a super server because it controls connections to a subset of network services and further refines access control.
+ </div><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services">Figure 3.9, “Access Control to Network Services”</a> is a basic illustration of how these tools work together to protect network services.
+ </div><div class="figure" id="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"><div class="figure-contents"><div class="mediaobject"><img src="images/tcp_wrap_diagram.png" alt="Access Control to Network Services" /><div class="longdesc"><div class="para">
+ Exhibit A: Access Control to Network Services Flowchart
+ </div></div></div></div><h6>Figure 3.9. Access Control to Network Services</h6></div><br class="figure-break" /><div class="para">
+ This chapter focuses on the role of TCP Wrappers and <code class="systemitem">xinetd</code> in controlling access to network services and reviews how these tools can be used to enhance both logging and utilization management. Refer to <a class="xref" href="sect-Security_Guide-IPTables.html">Section 3.9, “IPTables”</a> for information about using firewalls with <code class="command">iptables</code>.
+ </div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</h3></div></div></div><div class="para">
+ The TCP Wrappers package (<code class="filename">tcp_wrappers</code>) is installed by default and provides host-based access control to network services. The most important component within the package is the <code class="filename">/usr/lib/libwrap.a</code> library. In general terms, a TCP-wrapped service is one that has been compiled against the <code class="filename">libwrap.a</code> library.
+ </div><div class="para">
+ When a connection attempt is made to a TCP-wrapped service, the service first references the host's access files (<code class="filename">/etc/hosts.allow</code> and <code class="filename">/etc/hosts.deny</code>) to determine whether or not the client is allowed to connect. In most cases, it then uses the syslog daemon (<code class="systemitem">syslogd</code>) to write the name of the requesting client and the requested service to <code class="filename">/var/log/secure</code> or <code class="filename">/var/log/messages</code>.
+ </div><div class="para">
+ If a client is allowed to connect, TCP Wrappers release control of the connection to the requested service and take no further part in the communication between the client and the server.
+ </div><div class="para">
+ In addition to access control and logging, TCP Wrappers can execute commands to interact with the client before denying or releasing control of the connection to the requested network service.
+ </div><div class="para">
+ Because TCP Wrappers are a valuable addition to any server administrator's arsenal of security tools, most network services within Fedora are linked to the <code class="filename">libwrap.a</code> library. Some such applications include <code class="systemitem">/usr/sbin/sshd</code>, <code class="command">/usr/sbin/sendmail</code>, and <code class="systemitem">/usr/sbin/xinetd</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ To determine if a network service binary is linked to <code class="filename">libwrap.a</code>, type the following command as the root user:
+ </div><pre class="screen">ldd <binary-name> | grep libwrap</pre><div class="para">
+ Replace <em class="replaceable"><code><binary-name></code></em> with the name of the network service binary.
+ </div><div class="para">
+ If the command returns straight to the prompt with no output, then the network service is <span class="emphasis"><em>not</em></span> linked to <code class="filename">libwrap.a</code>.
+ </div><div class="para">
+ The following example indicates that <code class="systemitem">/usr/sbin/sshd</code> is linked to <code class="filename">libwrap.a</code>:
+ </div><pre class="screen">[root at myServer ~]# ldd /usr/sbin/sshd | grep libwrap
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
+[root at myServer ~]#</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">3.6.1.1. Advantages of TCP Wrappers</h4></div></div></div><div class="para">
+ TCP Wrappers provide the following advantages over other network service control techniques:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transparency to both the client and the wrapped network service</em></span> — Both the connecting client and the wrapped network service are unaware that TCP Wrappers are in use. Legitimate users are logged and connected to the requested service while connections from banned clients fail.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Centralized management of multiple protocols</em></span> — TCP Wrappers operate separately from the network services they protect, allowing many server applications to share a common set of access control configuration files, making for simpler management.
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong>3.5.8.2. Useful PAM Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong>3.6.2. TCP Wrappers Configuration Files</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
new file mode 100644
index 0000000..6d3063f
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.3. Inattentive Administration</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Threats to Server Security" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.2.3.2. Unpatched Services" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.2.3.4. Inherently Insecure Services" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.2.3.3. Inattentive Administration</h4></div></div></div><div class="para">
+ Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="idm39803616" href="#ftn.idm39803616" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
+ </div><div class="para">
+ Some administrators fail to patch their servers and workstations, while others fail to watch log messages from the system kernel or network traffic. Another common error is when default passwords or keys to services are left unchanged. For example, some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If a database administrator fails to change this password, even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. These are only a few examples of how inattentive administration can lead to compromised servers.
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm39803616" href="#idm39803616" class="para">10</a>] </sup>
+ http://www.sans.org/resources/errors.php
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong>1.2.3.2. Unpatched Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong>1.2.3.4. Inherently Insecure Services</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
new file mode 100644
index 0000000..b06c712
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.4. Inherently Insecure Services</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Threats to Server Security" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.2.3.3. Inattentive Administration" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. Threats to Workstation and Home PC Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.2.3.4. Inherently Insecure Services</h4></div></div></div><div class="para">
+ Even the most vigilant organization can fall victim to vulnerabilities if the network services they choose are inherently insecure. For instance, there are many services developed under the assumption that they are used over trusted networks; however, this assumption fails as soon as the service becomes available over the Internet — which is itself inherently untrusted.
+ </div><div class="para">
+ One category of insecure network services are those that require unencrypted usernames and passwords for authentication. Telnet and FTP are two such services. If packet sniffing software is monitoring traffic between the remote user and such a service usernames and passwords can be easily intercepted.
+ </div><div class="para">
+ Inherently, such services can also more easily fall prey to what the security industry terms the <em class="firstterm">man-in-the-middle</em> attack. In this type of attack, a cracker redirects network traffic by tricking a cracked name server on the network to point to his machine instead of the intended server. Once someone opens a remote session to the server, the attacker's machine acts as an invisible conduit, sitting quietly between the remote service and the unsuspecting user capturing information. In this way a cracker can gather administrative passwords and raw data without the server or the user realizing it.
+ </div><div class="para">
+ Another category of insecure services include network file systems and information services such as NFS or NIS, which are developed explicitly for LAN usage but are, unfortunately, extended to include WANs (for remote users). NFS does not, by default, have any authentication or security mechanisms configured to prevent a cracker from mounting the NFS share and accessing anything contained therein. NIS, as well, has vital information that must be known by every computer on a network, including passwords and file permissions, within a plain text ASCII or DBM (ASCII-derived) database. A cracker who gains access to this database can then access every user account on a network, including the administrator's account.
+ </div><div class="para">
+ By default, Fedora is released with all such services turned off. However, since administrators often find themselves forced to use these services, careful configuration is critical. Refer to <a class="xref" href="sect-Security_Guide-Server_Security.html">Section 3.2, “Server Security”</a> for more information about setting up services in a safe manner.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong>1.2.3.3. Inattentive Administration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong>1.2.4. Threats to Workstation and Home PC Security</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
new file mode 100644
index 0000000..d207116
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.2. Unpatched Services</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Threats to Server Security" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Threats to Server Security" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.2.3.3. Inattentive Administration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.2.3.2. Unpatched Services</h4></div></div></div><div class="para">
+ Most server applications that are included in a default installation are solid, thoroughly tested pieces of software. Having been in use in production environments for many years, their code has been thoroughly refined and many of the bugs have been found and fixed.
+ </div><div class="para">
+ However, there is no such thing as perfect software and there is always room for further refinement. Moreover, newer software is often not as rigorously tested as one might expect, because of its recent arrival to production environments or because it may not be as popular as other server software.
+ </div><div class="para">
+ Developers and system administrators often find exploitable bugs in server applications and publish the information on bug tracking and security-related websites such as the Bugtraq mailing list (<a href="http://www.securityfocus.com">http://www.securityfocus.com</a>) or the Computer Emergency Response Team (CERT) website (<a href="http://www.cert.org">http://www.cert.org</a>). Although these mechanisms are an effective way of alerting the community to security vulnerabilities, it is up to system administrators to patch their systems promptly. This is particularly true because crackers have access to these same vulnerability tracking services and will use the information to crack unpatched systems whenever they can. Good system administration requires vigilance, constant bug tracking, and proper system maintenance to ensure a more secure computing environment.
+ </div><div class="para">
+ Refer to <a class="xref" href="sect-Security_Guide-Security_Updates.html">Section 1.5, “Security Updates”</a> for more information about keeping a system up-to-date.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong>1.2.3. Threats to Server Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong>1.2.3.3. Inattentive Administration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
new file mode 100644
index 0000000..ef6a8b9
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.4.2. Vulnerable Client Applications</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. Threats to Workstation and Home PC Security" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. Threats to Workstation and Home PC Security" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Vulnerability Assessment" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.2.4.2. Vulnerable Client Applications</h4></div></div></div><div class="para">
+ Although an administrator may have a fully secure and patched server, that does not mean remote users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public network, an attacker can capture the plain text usernames and passwords as they pass over the network, and then use the account information to access the remote user's workstation.
+ </div><div class="para">
+ Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.
+ </div><div class="para">
+ <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">Section 3.1, “Workstation Security”</a> discusses in more detail what steps administrators and home users should take to limit the vulnerability of computer workstations.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong>1.2.4. Threats to Workstation and Home PC Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong>1.3. Vulnerability Assessment</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html
new file mode 100644
index 0000000..d6f4820
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.4. Applying the Changes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html" title="1.5.3. Installing Signed Packages" /><link rel="next" href="chap-Security_Guide-Basic_Hardening.html" title="Chapter 2. Basic Hardening Guide" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Basic_Hardening.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applying the Changes</h3></div></div></div><div class="para">
+ After downloading and installing security errata and updates, it is important to halt usage of the older software and begin using the new software. How this is done depends on the type of software that has been updated. The following list itemizes the general categories of software and provides instructions for using the updated versions after a package upgrade.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ In general, rebooting the system is the surest way to ensure that the latest version of a software package is used; however, this option is not always required, or available to the system administrator.
+ </div></div></div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applications</span></dt><dd><div class="para">
+ User-space applications are any programs that can be initiated by a system user. Typically, such applications are used only when a user, script, or automated task utility launches them and they do not persist for long periods of time.
+ </div><div class="para">
+ Once such a user-space application is updated, halt any instances of the application on the system and launch the program again to use the updated version.
+ </div></dd><dt class="varlistentry"><span class="term">Kernel</span></dt><dd><div class="para">
+ The kernel is the core software component for the Fedora operating system. It manages access to memory, the processor, and peripherals as well as schedules all tasks.
+ </div><div class="para">
+ Because of its central role, the kernel cannot be restarted without also stopping the computer. Therefore, an updated version of the kernel cannot be used until the system is rebooted.
+ </div></dd><dt class="varlistentry"><span class="term">Shared Libraries</span></dt><dd><div class="para">
+ Shared libraries are units of code, such as <code class="filename">glibc</code>, which are used by a number of applications and services. Applications utilizing a shared library typically load the shared code when the application is initialized, so any applications using the updated library must be halted and relaunched.
+ </div><div class="para">
+ To determine which running applications link against a particular library, use the <code class="command">lsof</code> command as in the following example:
+ </div><pre class="screen"><code class="command">lsof /lib/libwrap.so*</code></pre><div class="para">
+ This command returns a list of all the running programs which use TCP wrappers for host access control. Therefore, any program listed must be halted and relaunched if the <code class="filename">tcp_wrappers</code> package is updated.
+ </div></dd><dt class="varlistentry"><span class="term">SysV Services</span></dt><dd><div class="para">
+ SysV services are persistent server programs launched during the boot process. Examples of SysV services include <code class="command">sshd</code>, <code class="command">vsftpd</code>, and <code class="command">xinetd</code>.
+ </div><div class="para">
+ Because these programs usually persist in memory as long as the machine is booted, each updated SysV service must be halted and relaunched after the package is upgraded. This can be done using the <span class="application"><strong>Services Configuration Tool</strong></span> or by logging into a root shell prompt and issuing the <code class="command">/sbin/service</code> command as in the following example:
+ </div><pre class="screen"><code class="command">/sbin/service <em class="replaceable"><code><service-name></code></em> restart</code></pre><div class="para">
+ In the previous example, replace <em class="replaceable"><code><service-name></code></em> with the name of the service, such as <code class="command">sshd</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="command">xinetd</code> Services</span></dt><dd><div class="para">
+ Services controlled by the <code class="command">xinetd</code> super service only run when a there is an active connection. Examples of services controlled by <code class="command">xinetd</code> include Telnet, IMAP, and POP3.
+ </div><div class="para">
+ Because new instances of these services are launched by <code class="command">xinetd</code> each time a new request is received, connections that occur after an upgrade are handled by the updated software. However, if there are active connections at the time the <code class="command">xinetd</code> controlled service is upgraded, they are serviced by the older version of the software.
+ </div><div class="para">
+ To kill off older instances of a particular <code class="command">xinetd</code> controlled service, upgrade the package for the service then halt all processes currently running. To determine if the process is running, use the <code class="command">ps</code> command and then use the <code class="command">kill</code> or <code class="command">killall</code> command to halt current instances of the service.
+ </div><div class="para">
+ For example, if security errata <code class="filename">imap</code> packages are released, upgrade the packages, then type the following command as root into a shell prompt:
+ </div><pre class="screen"><code class="command">ps -aux | grep imap</code></pre><div class="para">
+ This command returns all active IMAP sessions. Individual sessions can then be terminated by issuing the following command:
+ </div><pre class="screen"><code class="command">kill <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ If this fails to terminate the session, use the following command instead:
+ </div><pre class="screen"><code class="command">kill -9 <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ In the previous examples, replace <em class="replaceable"><code><PID></code></em> with the process identification number (found in the second column of the <code class="command">ps</code> command) for an IMAP session.
+ </div><div class="para">
+ To kill all active IMAP sessions, issue the following command:
+ </div><pre class="screen"><code class="command">killall imapd</code></pre></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Prev</strong>1.5.3. Installing Signed Packages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Basic_Hardening.html"><strong>Next</strong>Chapter 2. Basic Hardening Guide</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html
new file mode 100644
index 0000000..b1b3a3b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.3. Installing Signed Packages</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html" title="1.5.2. Verifying Signed Packages" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html" title="1.5.4. Applying the Changes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installing Signed Packages</h3></div></div></div><div class="para">
+ Installation for most packages can be done safely (except kernel packages) by issuing the following command:
+ </div><pre class="screen"><code class="command">rpm -Uvh /tmp/updates/*.rpm</code></pre><div class="para">
+ For kernel packages use the following command:
+ </div><pre class="screen"><code class="command">rpm -ivh /tmp/updates/<em class="replaceable"><code><kernel-package></code></em></code></pre><div class="para">
+ Replace <em class="replaceable"><code><kernel-package></code></em> in the previous example with the name of the kernel RPM.
+ </div><div class="para">
+ Once the machine has been safely rebooted using the new kernel, the old kernel may be removed using the following command:
+ </div><pre class="screen"><code class="command">rpm -e <em class="replaceable"><code><old-kernel-package></code></em></code></pre><div class="para">
+ Replace <em class="replaceable"><code><old-kernel-package></code></em> in the previous example with the name of the older kernel RPM.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ It is not a requirement that the old kernel be removed. The default boot loader, GRUB, allows for multiple kernels to be installed, then chosen from a menu at boot time.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Before installing any security errata, be sure to read any special instructions contained in the errata report and execute them accordingly. Refer to <a class="xref" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">Section 1.5.4, “Applying the Changes”</a> for general instructions about applying the changes made by an errata update.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Prev</strong>1.5.2. Verifying Signed Packages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Next</strong>1.5.4. Applying the Changes</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html
new file mode 100644
index 0000000..f815f3e
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.2. Verifying Signed Packages</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates" /><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html" title="1.5.3. Installing Signed Packages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Gu
ide-Security_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verifying Signed Packages</h3></div></div></div><div class="para">
+ All Fedora packages are signed with the Fedora <em class="firstterm">GPG</em> key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Fedora does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.
+ </div><div class="para">
+ The RPM utility within Fedora automatically tries to verify the GPG signature of an RPM package before installing it. If the Fedora GPG key is not installed, install it from a secure, static location, such as an Fedora installation CD-ROM or DVD.
+ </div><div class="para">
+ Assuming the disc is mounted in <code class="filename">/mnt/cdrom</code>, use the following command to import it into the <em class="firstterm">keyring</em> (a database of trusted keys on the system):
+ </div><pre class="screen"><code class="command">rpm --import /mnt/cdrom/RPM-GPG-KEY</code></pre><div class="para">
+ To display a list of all keys installed for RPM verification, execute the following command:
+ </div><pre class="screen"><code class="command">rpm -qa gpg-pubkey*</code></pre><div class="para">
+ The output will look similar to the following:
+ </div><pre class="screen"><code class="computeroutput">gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ To display details about a specific key, use the <code class="command">rpm -qi</code> command followed by the output from the previous command, as in this example:
+ </div><pre class="screen"><code class="command">rpm -qi gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:
+ </div><pre class="screen"><code class="command">rpm -K /tmp/updates/*.rpm</code></pre><div class="para">
+ For each package, if the GPG key verifies successfully, the command returns <code class="computeroutput">gpg OK</code>. If it doesn't, make sure you are using the correct Fedora public key, as well as verifying the source of the content. Packages that do not pass GPG verifications should not be installed, as they may have been altered by a third party.
+ </div><div class="para">
+ After verifying the GPG key and downloading all the packages associated with the errata report, install the packages as root at a shell prompt.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Security_Updates.html"><strong>Prev</strong>1.5. Security Updates</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Next</strong>1.5.3. Installing Signed Packages</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
new file mode 100644
index 0000000..3314594
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3.2. Basic Firewall Policies</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Using IPTables" /><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Using IPTables" /><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="3.8.3.3. Saving and Restoring IPTables Rules" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">3.8.3.2. Basic Firewall Policies</h4></div></div></div><div class="para">
+ Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules.
+ </div><div class="para">
+ Each <code class="command">iptables</code> chain is comprised of a default policy, and zero or more rules which work in concert with the default policy to define the overall ruleset for the firewall.
+ </div><div class="para">
+ The default policy for a chain can be either DROP or ACCEPT. Security-minded administrators typically implement a default policy of DROP, and only allow specific packets on a case-by-case basis. For example, the following policies block all incoming and outgoing packets on a network gateway:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P INPUT DROP
+[root at myServer ~ ] # iptables -P OUTPUT DROP</pre><div class="para">
+ It is also recommended that any <em class="firstterm">forwarded packets</em> — network traffic that is to be routed from the firewall to its destination node — be denied as well, to restrict internal clients from inadvertent exposure to the Internet. To do this, use the following rule:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P FORWARD DROP</pre><div class="para">
+ When you have established the default policies for each chain, you can create and save further rules for your particular network and security requirements.
+ </div><div class="para">
+ The following sections describe how to save iptables rules and outline some of the rules you might implement in the course of building your iptables firewall.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong>3.8.3. Using IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong>3.8.3.3. Saving and Restoring IPTables Rules</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
new file mode 100644
index 0000000..be5c24b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3.3. Saving and Restoring IPTables Rules</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Using IPTables" /><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="3.8.3.2. Basic Firewall Policies" /><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="3.8.4. Common IPTables Filtering" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acces
skey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">3.8.3.3. Saving and Restoring IPTables Rules</h4></div></div></div><div class="para">
+ Changes to <code class="command">iptables</code> are transitory; if the system is rebooted or if the <code class="command">iptables</code> service is restarted, the rules are automatically flushed and reset. To save the rules so that they are loaded when the <code class="command">iptables</code> service is started, use the following command:
+ </div><pre class="screen">[root at myServer ~ ] # service iptables save</pre><div class="para">
+ The rules are stored in the file <code class="filename">/etc/sysconfig/iptables</code> and are applied whenever the service is started or the machine is rebooted.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong>3.8.3.2. Basic Firewall Policies</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong>3.8.4. Common IPTables Filtering</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
new file mode 100644
index 0000000..9fef20c
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.2. Defining Assessment and Testing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Vulnerability Assessment" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Vulnerability Assessment" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Evaluating the Tools" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey
="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Defining Assessment and Testing</h3></div></div></div><div class="para">
+ Vulnerability assessments may be broken down into one of two types: <em class="firstterm">Outside looking in</em> and <em class="firstterm">inside looking around</em>.
+ </div><div class="para">
+ When performing an outside looking in vulnerability assessment, you are attempting to compromise your systems from the outside. Being external to your company provides you with the cracker's viewpoint. You see what a cracker sees — publicly-routable IP addresses, systems on your <em class="firstterm">DMZ</em>, external interfaces of your firewall, and more. DMZ stands for "demilitarized zone", which corresponds to a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
+ </div><div class="para">
+ When you perform an inside looking around vulnerability assessment, you are somewhat at an advantage since you are internal and your status is elevated to trusted. This is the viewpoint you and your co-workers have once logged on to your systems. You see print servers, file servers, databases, and other resources.
+ </div><div class="para">
+ There are striking distinctions between these two types of vulnerability assessments. Being internal to your company gives you elevated privileges more so than any outsider. Still today in most organizations, security is configured in such a manner as to keep intruders out. Very little is done to secure the internals of the organization (such as departmental firewalls, user-level access controls, authentication procedures for internal resources, and more). Typically, there are many more resources when looking around inside as most systems are internal to a company. Once you set yourself outside of the company, you immediately are given an untrusted status. The systems and resources available to you externally are usually very limited.
+ </div><div class="para">
+ Consider the difference between vulnerability assessments and <em class="firstterm">penetration tests</em>. Think of a vulnerability assessment as the first step to a penetration test. The information gleaned from the assessment is used for testing. Whereas the assessment is undertaken to check for holes and potential vulnerabilities, the penetration testing actually attempts to exploit the findings.
+ </div><div class="para">
+ Assessing network infrastructure is a dynamic process. Security, both information and physical, is dynamic. Performing an assessment shows an overview, which can turn up false positives and false negatives.
+ </div><div class="para">
+ Security administrators are only as good as the tools they use and the knowledge they retain. Take any of the assessment tools currently available, run them against your system, and it is almost a guarantee that there are some false positives. Whether by program fault or user error, the result is the same. The tool may find vulnerabilities which in reality do not exist (false positive); or, even worse, the tool may not find vulnerabilities that actually do exist (false negative).
+ </div><div class="para">
+ Now that the difference between a vulnerability assessment and a penetration test is defined, take the findings of the assessment and review them carefully before conducting a penetration test as part of your new best practices approach.
+ </div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+ Attempting to exploit vulnerabilities on production resources can have adverse effects to the productivity and efficiency of your systems and network.
+ </div></div></div><div class="para">
+ The following list examines some of the benefits to performing vulnerability assessments.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Creates proactive focus on information security
+ </div></li><li class="listitem"><div class="para">
+ Finds potential exploits before crackers find them
+ </div></li><li class="listitem"><div class="para">
+ Results in systems being kept up to date and patched
+ </div></li><li class="listitem"><div class="para">
+ Promotes growth and aids in developing staff expertise
+ </div></li><li class="listitem"><div class="para">
+ Abates financial loss and negative publicity
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology">1.3.2.1. Establishing a Methodology</h4></div></div></div><div class="para">
+ To aid in the selection of tools for a vulnerability assessment, it is helpful to establish a vulnerability assessment methodology. Unfortunately, there is no predefined or industry approved methodology at this time; however, common sense and best practices can act as a sufficient guide.
+ </div><div class="para">
+ <span class="emphasis"><em>What is the target? Are we looking at one server, or are we looking at our entire network and everything within the network? Are we external or internal to the company?</em></span> The answers to these questions are important as they help determine not only which tools to select but also the manner in which they are used.
+ </div><div class="para">
+ To learn more about establishing methodologies, refer to the following websites:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.isecom.org/osstmm/">http://www.isecom.org/osstmm/</a> <em class="citetitle">The Open Source Security Testing Methodology Manual</em> (OSSTMM)
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.owasp.org/">http://www.owasp.org/</a> <em class="citetitle">The Open Web Application Security Project</em>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong>1.3. Vulnerability Assessment</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong>1.3.3. Evaluating the Tools</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
new file mode 100644
index 0000000..08f3671
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3. Evaluating the Tools</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Vulnerability Assessment" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.3.2. Defining Assessment and Testing" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.3.3.2. Nessus" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Evaluating the Tools</h3></div></div></div><div class="para">
+ An assessment can start by using some form of an information gathering tool. When assessing the entire network, map the layout first to find the hosts that are running. Once located, examine each host individually. Focusing on these hosts requires another set of tools. Knowing which tools to use may be the most crucial step in finding vulnerabilities.
+ </div><div class="para">
+ Just as in any aspect of everyday life, there are many different tools that perform the same job. This concept applies to performing vulnerability assessments as well. There are tools specific to operating systems, applications, and even networks (based on the protocols used). Some tools are free; others are not. Some tools are intuitive and easy to use, while others are cryptic and poorly documented but have features that other tools do not.
+ </div><div class="para">
+ Finding the right tools may be a daunting task and in the end, experience counts. If possible, set up a test lab and try out as many tools as you can, noting the strengths and weaknesses of each. Review the README file or man page for the tool. Additionally, look to the Internet for more information, such as articles, step-by-step guides, or even mailing lists specific to a tool.
+ </div><div class="para">
+ The tools discussed below are just a small sampling of the available tools.
+ </div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap">1.3.3.1. Scanning Hosts with Nmap</h4></div></div></div><div class="para">
+ Nmap is a popular tool included in Fedora that can be used to determine the layout of a network. Nmap has been available for many years and is probably the most often used tool when gathering information. An excellent man page is included that provides a detailed description of its options and usage. Administrators can use Nmap on a network to find host systems and open ports on those systems.
+ </div><div class="para">
+ Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host. Nmap is a good foundation for establishing a policy of using secure services and stopping unused services.
+ </div><div class="section" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap">1.3.3.1.1. Using Nmap</h5></div></div></div><div class="para">
+ Nmap can be run from a shell prompt by typing the <code class="command">nmap</code> command followed by the hostname or IP address of the machine to scan.
+ </div><pre class="screen"><code class="command">nmap foo.example.com</code></pre><div class="para">
+ The results of a basic scan (which could take up to a few minutes, depending on where the host is located and other network conditions) should look similar to the following:
+ </div><pre class="screen">
+Starting Nmap 4.68 ( http://nmap.org )
+Interesting ports on foo.example.com:
+Not shown: 1710 filtered ports
+PORT STATE SERVICE
+22/tcp open ssh
+53/tcp open domain
+70/tcp closed gopher
+80/tcp open http
+113/tcp closed auth</pre><div class="para">
+ Nmap tests the most common network communication ports for listening or waiting services. This knowledge can be helpful to an administrator who wants to close down unnecessary or unused services.
+ </div><div class="para">
+ For more information about using Nmap, refer to the official homepage at the following URL:
+ </div><div class="para">
+ <a href="http://www.insecure.org/">http://www.insecure.org/</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong>1.3.2. Defining Assessment and Testing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong>1.3.3.2. Nessus</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html
new file mode 100644
index 0000000..c48a8a5
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Vulnerability Assessment</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview" /><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.2.4.2. Vulnerable Client Applications" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.3.2. Defining Assessment and Testing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Vulnerability_Assessment" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.3. Vulnerability Assessment</h2></div></div></div><div class="para">
+ Given time, resources, and motivation, a cracker can break into nearly any system. At the end of the day, all of the security procedures and technologies currently available cannot guarantee that any systems are completely safe from intrusion. Routers help secure gateways to the Internet. Firewalls help secure the edge of the network. Virtual Private Networks safely pass data in an encrypted stream. Intrusion detection systems warn you of malicious activity. However, the success of each of these technologies is dependent upon a number of variables, including:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The expertise of the staff responsible for configuring, monitoring, and maintaining the technologies.
+ </div></li><li class="listitem"><div class="para">
+ The ability to patch and update services and kernels quickly and efficiently.
+ </div></li><li class="listitem"><div class="para">
+ The ability of those responsible to keep constant vigilance over the network.
+ </div></li></ul></div><div class="para">
+ Given the dynamic state of data systems and technologies, securing corporate resources can be quite complex. Due to this complexity, it is often difficult to find expert resources for all of your systems. While it is possible to have personnel knowledgeable in many areas of information security at a high level, it is difficult to retain staff who are experts in more than a few subject areas. This is mainly because each subject area of information security requires constant attention and focus. Information security does not stand still.
+ </div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Thinking Like the Enemy</h3></div></div></div><div class="para">
+ Suppose that you administer an enterprise network. Such networks are commonly comprised of operating systems, applications, servers, network monitors, firewalls, intrusion detection systems, and more. Now imagine trying to keep current with each of these. Given the complexity of today's software and networking environments, exploits and bugs are a certainty. Keeping current with patches and updates for an entire network can prove to be a daunting task in a large organization with heterogeneous systems.
+ </div><div class="para">
+ Combine the expertise requirements with the task of keeping current, and it is inevitable that adverse incidents occur, systems are breached, data is corrupted, and service is interrupted.
+ </div><div class="para">
+ To augment security technologies and aid in protecting systems, networks, and data, you must think like a cracker and gauge the security of your systems by checking for weaknesses. Preventative vulnerability assessments against your own systems and network resources can reveal potential issues that can be addressed before a cracker exploits it.
+ </div><div class="para">
+ A vulnerability assessment is an internal audit of your network and system security; the results of which indicate the confidentiality, integrity, and availability of your network (as explained in <a class="xref" href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">Section 1.1.1.3, “Standardizing Security”</a>). Typically, vulnerability assessment starts with a reconnaissance phase, during which important data regarding the target systems and resources is gathered. This phase leads to the system readiness phase, whereby the target is essentially checked for all known vulnerabilities. The readiness phase culminates in the reporting phase, where the findings are classified into categories of high, medium, and low risk; and methods for improving the security (or mitigating the risk of vulnerability) of the target are discussed.
+ </div><div class="para">
+ If you were to perform a vulnerability assessment of your home, you would likely check each door to your home to see if they are closed and locked. You would also check every window, making sure that they closed completely and latch correctly. This same concept applies to systems, networks, and electronic data. Malicious users are the thieves and vandals of your data. Focus on their tools, mentality, and motivations, and you can then react swiftly to their actions.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong>1.2.4.2. Vulnerable Client Applications</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong>1.3.2. Defining Assessment and Testing</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html
new file mode 100644
index 0000000..85d1b97
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4.2. Authenticating to websites with your Yubikey</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-Yubikey.html" title="3.4. Yubikey" /><link rel="prev" href="sect-Security_Guide-Yubikey.html" title="3.4. Yubikey" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey.html"><strong>Prev</st
rong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-Yubikey-Web_Sites"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Authenticating to websites with your Yubikey</h3></div></div></div><div class="para">
+ While outside the scope of this guide Yubikey allows you to authenticate to websites supporting this authentication method. These websites typically support Yubico's authentication servers but some can be setup similar to the above centralized authentication. Yubico also provides OpenID services that can be utilized with certain websites.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey.html"><strong>Prev</strong>3.4. Yubikey</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong>3.5. Pluggable Authentication Modules (PAM)</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html
new file mode 100644
index 0000000..ac67d8b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4. Yubikey</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 3. Securing Your Network" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="3.3.5. Configuring Firefox to use Kerberos for SSO" /><link rel="next" href="sect-Security_Guide-Yubikey-Web_Sites.html" title="3.4.2. Authenticating to websites with your Yubikey" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Security_Guide-Yubikey" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Yubikey">3.4. Yubikey</h2></div></div></div><div class="para">
+ Yubikey is a hardware authentication token that utilizes open source software to operate. This token is a simple USB device that appears as a keyboard to your computer. The single touch button on the token provides a one time password (OTP) with each push that can be used to authenticate a user. Currently there are several different implementations of this solution of which we'll cover here.
+ </div><div class="section" id="sect-Security_Guide-Yubikey-Centralized_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Using Yubikey with a centralized server</h3></div></div></div><div class="para">
+ A PAM module already exists in the Fedora repositories that allow authentication of computers that can contact an authentication server. The server can either be setup at the domain level or the Yubico's servers can be utilized. This method of authentication is a great enterprise solution where multiple users may need access to multiple computers on the domain. The steps below describe this setup.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Install <span class="package">pam_yubico</span>
+ </div></li><li class="step"><div class="para">
+ For two factor authentication open <code class="filename">/etc/pam.d/gdm-password</code> and locate the following line:
+ </div><div class="para">
+ <code class="command">auth substack password-auth </code>
+ </div><div class="para">
+ In a new line after this add:
+ </div><div class="para">
+ <code class="command">auth sufficient pam_yubico.so id=16</code>
+ </div></li><li class="step"><div class="para">
+ To simple use the yubikey token without your password remove the first line from the step above and replace it with the second.
+ </div></li><li class="step"><div class="para">
+ Locate the yubikey token for the first yubikey you will be adding. This can be done by looking at the first 12 characters of any OTP or visit <a href="http://radius.yubico.com/demo/Modhex_Calculator.php"><em class="citetitle">http://radius.yubico.com/demo/Modhex_Calculator.php</em></a> and copy the Modhex encoded string after you enter an OTP into the textbox on the page.
+ </div></li><li class="step"><div class="para">
+ Add user's yubikeys to the config file. This can be done either globally in <code class="filename">/etc/yubikey_mapping</code> or by individual user in <code class="filename">~/.yubico/authorized_yubikeys</code>. The following is the syntax:
+ </div><div class="para">
+ <code class="command">username:yubikey_token:another_yubikey_token</code>
+ </div></li><li class="step"><div class="para">
+ Logout, when you attempt to log back in you should either be prompted to enter both your password and your yubikey OTP or both depending on how you configured your system.
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ A connection to the authentication server is required or proper authentication will not occur. This can be detrimental to systems that do not have constant network connectivity.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong>3.3.5. Configuring Firefox to use Kerberos for SSO</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Next</strong>3.4.2. Authenticating to websites with your Yubik...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
new file mode 100644
index 0000000..6cec37b
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3. Altering xinetd Configuration Files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd Configuration Files" /><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="3.6.4.2. The /etc/xinetd.d/ Directory" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="3.6.4.3.2. Access Control Options" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">3.6.4.3. Altering xinetd Configuration Files</h4></div></div></div><div class="para">
+ A range of directives is available for services protected by <code class="systemitem">xinetd</code>. This section highlights some of the more commonly used options.
+ </div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">3.6.4.3.1. Logging Options</h5></div></div></div><div class="para">
+ The following logging options are available for both <code class="filename">/etc/xinetd.conf</code> and the service-specific configuration files within the <code class="filename">/etc/xinetd.d/</code> directory.
+ </div><div class="para">
+ The following is a list of some of the more commonly used logging options:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ATTEMPT</code> — Logs the fact that a failed attempt was made (<code class="option">log_on_failure</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DURATION</code> — Logs the length of time the service is used by a remote system (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">EXIT</code> — Logs the exit status or termination signal of the service (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">HOST</code> — Logs the remote host's IP address (<code class="option">log_on_failure</code> and <code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PID</code> — Logs the process ID of the server receiving the request (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">USERID</code> — Logs the remote user using the method defined in RFC 1413 for all multi-threaded stream services (<code class="option">log_on_failure</code> and<code class="option">log_on_success</code>).
+ </div></li></ul></div><div class="para">
+ For a complete list of logging options, refer to the <code class="filename">xinetd.conf</code> man page.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong>3.6.4.2. The /etc/xinetd.d/ Directory</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong>3.6.4.3.2. Access Control Options</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
new file mode 100644
index 0000000..84f05d7
--- /dev/null
+++ b/public_html/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.2. The /etc/xinetd.d/ Directory</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-en-US-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Security Guide" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd Configuration Files" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd Configuration Files" /><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Altering xinetd Configuration Files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_righ
t.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">3.6.4.2. The /etc/xinetd.d/ Directory</h4></div></div></div><div class="para">
+ The <code class="filename">/etc/xinetd.d/</code> directory contains the configuration files for each service managed by <code class="systemitem">xinetd</code> and the names of the files correlate to the service. As with <code class="filename">xinetd.conf</code>, this directory is read only when the <code class="systemitem">xinetd</code> service is started. For any changes to take effect, the administrator must restart the <code class="systemitem">xinetd</code> service.
+ </div><div class="para">
+ The format of files in the <code class="filename">/etc/xinetd.d/</code> directory use the same conventions as <code class="filename">/etc/xinetd.conf</code>. The primary reason the configuration for each service is stored in a separate file is to make customization easier and less likely to affect other services.
+ </div><div class="para">
+ To gain an understanding of how these files are structured, consider the <code class="filename">/etc/xinetd.d/krb5-telnet</code> file:
+ </div><pre class="screen">service telnet
+{
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ disable = yes
+}</pre><div class="para">
+ These lines control various aspects of the <code class="command">telnet</code> service:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">service</code> — Specifies the service name, usually one of those listed in the <code class="filename">/etc/services</code> file.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">flags</code> — Sets any of a number of attributes for the connection. <code class="option">REUSE</code> instructs <code class="systemitem">xinetd</code> to reuse the socket for a Telnet connection.
+ </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ The <code class="option">REUSE</code> flag is deprecated. All services now implicitly use the <code class="option">REUSE</code> flag.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">socket_type</code> — Sets the network socket type to <code class="option">stream</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">wait</code> — Specifies whether the service is single-threaded (<code class="option">yes</code>) or multi-threaded (<code class="option">no</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">user</code> — Specifies which user ID the process runs under.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">server</code> — Specifies which binary executable to launch.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Specifies logging parameters for <code class="option">log_on_failure</code> in addition to those already defined in <code class="filename">xinetd.conf</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">disable</code> — Specifies whether the service is disabled (<code class="option">yes</code>) or enabled (<code class="option">no</code>).
+ </div></li></ul></div><div class="para">
+ Refer to the <code class="filename">xinetd.conf</code> man page for more information about these options and their usage.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong>3.6.4. xinetd Configuration Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong>3.6.4.3. Altering xinetd Configuration Files</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf b/public_html/en-US/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf
new file mode 100644
index 0000000..d04dbb1
Binary files /dev/null and b/public_html/en-US/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf differ
diff --git a/public_html/en-US/Site_Statistics.html b/public_html/en-US/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/en-US/Site_Statistics.html
+++ b/public_html/en-US/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/en-US/opds-Community_Services_Infrastructure.xml b/public_html/en-US/opds-Community_Services_Infrastructure.xml
index 5e2006b..5b6ca52 100644
--- a/public_html/en-US/opds-Community_Services_Infrastructure.xml
+++ b/public_html/en-US/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora.xml b/public_html/en-US/opds-Fedora.xml
index 46bdc94..a68729a 100644
--- a/public_html/en-US/opds-Fedora.xml
+++ b/public_html/en-US/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>en-US</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
index 98c851c..d8e428a 100644
--- a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Core.xml b/public_html/en-US/opds-Fedora_Core.xml
index fa134dd..ad6c5e0 100644
--- a/public_html/en-US/opds-Fedora_Core.xml
+++ b/public_html/en-US/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Draft_Documentation.xml b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
index bd62a84..58e4698 100644
--- a/public_html/en-US/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds.xml b/public_html/en-US/opds.xml
index e47e6f6..cfdac8f 100644
--- a/public_html/en-US/opds.xml
+++ b/public_html/en-US/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/en-US/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/en-US/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/en-US/toc.html b/public_html/en-US/toc.html
index 1c27a18..37957fb 100644
--- a/public_html/en-US/toc.html
+++ b/public_html/en-US/toc.html
@@ -93,6 +93,20 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed">
+ <a class="type" href="Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types" onclick="work=0;">
+ <a class="type" href="./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -111,7 +125,7 @@
<a class="type" href="./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed">
@@ -138,7 +152,7 @@
<a class="type" href="./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed">
@@ -174,7 +188,7 @@
<a class="type" href="./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed">
@@ -840,7 +854,7 @@
<a class="type" href="./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed">
@@ -1030,7 +1044,7 @@
<a class="type" href="./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed">
@@ -1268,7 +1282,7 @@
<a class="type" href="./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1403,7 +1417,7 @@
<a class="type" href="./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed">
diff --git a/public_html/es-ES/Site_Statistics.html b/public_html/es-ES/Site_Statistics.html
index 29053f9..560a149 100644
--- a/public_html/es-ES/Site_Statistics.html
+++ b/public_html/es-ES/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>Estadísticas</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
-<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">Esto es un iframe. Para poder observarlo, actualice su navegador o habilite la opción de visualización de iframes.</iframe></div>
+<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">Estadísticas</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>Idioma</th>
- <th>Código</th>
- <th>Productos</th>
- <th>Libros</th>
- <th>Versiones</th>
- <th>Paquetes</th>
+ <th>Language</th>
+ <th>Code</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>Idiomas totales: </b>43<br />
- <b>Paquetes totales: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/es-ES/opds-Community_Services_Infrastructure.xml b/public_html/es-ES/opds-Community_Services_Infrastructure.xml
index 49f93aa..69a8269 100644
--- a/public_html/es-ES/opds-Community_Services_Infrastructure.xml
+++ b/public_html/es-ES/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora.xml b/public_html/es-ES/opds-Fedora.xml
index a2ccdbe..93f0640 100644
--- a/public_html/es-ES/opds-Fedora.xml
+++ b/public_html/es-ES/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>es-ES</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Grabar imágenes ISO en disco</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-es-ES.epub</id>
<!--author>
diff --git a/public_html/es-ES/opds-Fedora_15.xml b/public_html/es-ES/opds-Fedora_15.xml
index 8662c20..b4e3e66 100644
--- a/public_html/es-ES/opds-Fedora_15.xml
+++ b/public_html/es-ES/opds-Fedora_15.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_15.xml</id>
<title>Fedora 15</title>
<subtitle>Fedora 15</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
index aa2e3ef..5b4b61d 100644
--- a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Documentación de Contribuyente</title>
<subtitle>Fedora Documentación de Contribuyente</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Core.xml b/public_html/es-ES/opds-Fedora_Core.xml
index 7b39bcd..e1bc70c 100644
--- a/public_html/es-ES/opds-Fedora_Core.xml
+++ b/public_html/es-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
index b8a73e6..29095c3 100644
--- a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds.xml b/public_html/es-ES/opds.xml
index ce9ddcd..6c41f48 100644
--- a/public_html/es-ES/opds.xml
+++ b/public_html/es-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/es-ES/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/es-ES/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora 15</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_15/opds-Fedora_15.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_15.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Documentación de Contribuyente</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/es-ES/toc.html b/public_html/es-ES/toc.html
index 3949a51..bab527c 100644
--- a/public_html/es-ES/toc.html
+++ b/public_html/es-ES/toc.html
@@ -16,16 +16,16 @@
</div>
<div id="outer" class="outer visible">
<h1>
- <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Bienvenido</span></a>
+ <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Welcome</span></a>
</h1>
<div class="tocnavwrap">
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">Ocultar todos</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">Idioma</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -72,14 +72,14 @@
</select>
</div>
<div class="hidden" id="nocookie">
- El Menú de navegación inferior se ocultará automáticamente cuando las páginas sean cargadas. Tenga la opción "cookies" habilitada para solucionar esta función del Menú de navegación.
+ The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
</div>
<div class="product collapsed" onclick="toggle(event, 'Community_Services_Infrastructure');work=1;">
<span class="product">Community Services Infrastructure</span>
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -120,7 +139,7 @@
</div>
</div>
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
<a class="type" href="../en-US/Fedora/17/html/FreeIPA_Guide/index.html" onclick="window.top.location='../en-US/Fedora/17/html/FreeIPA_Guide/index.html'"><span class="book">FreeIPA Guide</span></a>
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -265,7 +284,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -362,7 +381,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.Deployment_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.Deployment_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/Deployment_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/Deployment_Guide/index.html'"><span class="book">Deployment Guide</span></a>
@@ -505,7 +524,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -686,7 +705,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -813,7 +832,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -927,7 +946,7 @@
<a class="type" href="./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-es-ES.epub" >epub</a>
<a class="type" href="./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-es-ES.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-es-ES.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-es-ES.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-es-ES.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed">
@@ -940,7 +959,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -1031,7 +1050,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/10/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -1113,7 +1132,7 @@
</div>
</div>
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/9/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1168,7 +1187,7 @@
</div>
</div>
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
<a class="type" href="../en-US/Fedora/8/html/SELinux_FAQ/index.html" onclick="window.top.location='../en-US/Fedora/8/html/SELinux_FAQ/index.html'"><span class="book">SELinux FAQ</span></a>
@@ -1214,7 +1233,7 @@
</div>
</div>
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.7.SELinux_FAQ.types');">
<a class="type" href="../en-US/Fedora/7/html/SELinux_FAQ/index.html" onclick="window.top.location='../en-US/Fedora/7/html/SELinux_FAQ/index.html'"><span class="book">SELinux FAQ</span></a>
@@ -1242,7 +1261,7 @@
</div>
</div>
<div id='Fedora.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora..untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora..untrans_books' class="books hidden">
<div id='Fedora..SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora..SELinux_FAQ.types');">
<a class="type" href="../en-US/Fedora//html/SELinux_FAQ/index.html" onclick="window.top.location='../en-US/Fedora//html/SELinux_FAQ/index.html'"><span class="book">SELinux FAQ</span></a>
@@ -1290,7 +1309,7 @@
</div>
</div>
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Software_Collections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Software_Collections_Guide/index.html'"><span class="book">Software Collections Guide</span></a>
@@ -1359,7 +1378,7 @@
</div>
</div>
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.User_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1378,7 +1397,7 @@
<span class="version">5</span>
<div id='Fedora_Core.5.books' class="books hidden">
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1433,7 +1452,7 @@
</div>
</div>
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1456,7 +1475,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1496,7 +1515,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1527,7 +1546,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1554,7 +1573,7 @@
<div id='Fedora_Draft_Documentation' class="versions hidden">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1562,7 +1581,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1571,7 +1590,7 @@
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.books');"> <div id='Fedora_Draft_Documentation.0.1.books' class="books">
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1702,7 +1721,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1722,7 +1741,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">Aún sin traducir</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1740,12 +1759,12 @@
</div>
</div>
<div class="nocookie" id="nojs">
- <p>El Menú de navegación superior necesita de JavaScript para poder funcionar.</p><p> Habilite JavaScript para permitir su funcionamiento.</p><p> Deshabilite CSS para poder visualizar las opciones de navegación sin tener habilitado JavaScript.</p>
+ <p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >Mapa</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Estadísticas</a>
- <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tecnología</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
+ <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
</div>
diff --git a/public_html/fa-IR/Site_Statistics.html b/public_html/fa-IR/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/fa-IR/Site_Statistics.html
+++ b/public_html/fa-IR/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/fa-IR/opds-Community_Services_Infrastructure.xml b/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
index 63d9c6e..30a44c4 100644
--- a/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora.xml b/public_html/fa-IR/opds-Fedora.xml
index aff08fd..64a0191 100644
--- a/public_html/fa-IR/opds-Fedora.xml
+++ b/public_html/fa-IR/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>fa-IR</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
index 8ce76fc..888ee26 100644
--- a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Contributor_Documentation.xml</id>
<title>مستندات مشارکت کننده فدورا</title>
<subtitle>مستندات مشارکت کننده فدورا</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Core.xml b/public_html/fa-IR/opds-Fedora_Core.xml
index 5f5b68b..bc08140 100644
--- a/public_html/fa-IR/opds-Fedora_Core.xml
+++ b/public_html/fa-IR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
index 638da10..62bb71f 100644
--- a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds.xml b/public_html/fa-IR/opds.xml
index 199741a..cd3ef45 100644
--- a/public_html/fa-IR/opds.xml
+++ b/public_html/fa-IR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fa-IR/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fa-IR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>مستندات مشارکت کننده فدورا</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fa-IR/toc.html b/public_html/fa-IR/toc.html
index 1ed1e7b..a1036de 100644
--- a/public_html/fa-IR/toc.html
+++ b/public_html/fa-IR/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -877,7 +896,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1100,7 +1119,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1364,7 +1383,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1504,7 +1523,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/fi-FI/Site_Statistics.html b/public_html/fi-FI/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/fi-FI/Site_Statistics.html
+++ b/public_html/fi-FI/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/fi-FI/opds-Community_Services_Infrastructure.xml b/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
index 0245d80..5b247da 100644
--- a/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora.xml b/public_html/fi-FI/opds-Fedora.xml
index 04b69e3..baf5ccc 100644
--- a/public_html/fi-FI/opds-Fedora.xml
+++ b/public_html/fi-FI/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>fi-FI</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
index dd5af87..c1c48b1 100644
--- a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Core.xml b/public_html/fi-FI/opds-Fedora_Core.xml
index 2329925..a9c455c 100644
--- a/public_html/fi-FI/opds-Fedora_Core.xml
+++ b/public_html/fi-FI/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
index 35a1614..a40dbd6 100644
--- a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds.xml b/public_html/fi-FI/opds.xml
index 69a603c..2ba8f35 100644
--- a/public_html/fi-FI/opds.xml
+++ b/public_html/fi-FI/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fi-FI/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fi-FI/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fi-FI/toc.html b/public_html/fi-FI/toc.html
index 1468b01..3c0d0c6 100644
--- a/public_html/fi-FI/toc.html
+++ b/public_html/fi-FI/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -703,7 +722,7 @@
<a class="type" href="./Fedora/12/epub/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.epub" >epub</a>
<a class="type" href="./Fedora/12/html/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/12/html/Fedora_Live_images/index.html';return false;">html</a>
<a class="type" href="./Fedora/12/html-single/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/12/html-single/Fedora_Live_images/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf" onclick="window.top.location='./Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
@@ -830,7 +849,7 @@
<a class="type" href="./Fedora/11/epub/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.epub" >epub</a>
<a class="type" href="./Fedora/11/html/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/11/html/Fedora_Live_images/index.html';return false;">html</a>
<a class="type" href="./Fedora/11/html-single/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/11/html-single/Fedora_Live_images/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -903,7 +922,7 @@
<a class="type" href="./Fedora/10/epub/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.epub" >epub</a>
<a class="type" href="./Fedora/10/html/Fedora_Live_Images/index.html" onclick="window.top.location='./Fedora/10/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="./Fedora/10/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='./Fedora/10/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf" onclick="window.top.location='./Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.10.Making_Fedora_Discs' class="book collapsed">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/fr-FR/Site_Statistics.html b/public_html/fr-FR/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/fr-FR/Site_Statistics.html
+++ b/public_html/fr-FR/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/fr-FR/opds-Community_Services_Infrastructure.xml b/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
index 01dd93f..0cbcc47 100644
--- a/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora.xml b/public_html/fr-FR/opds-Fedora.xml
index 15fb060..15cd7cf 100644
--- a/public_html/fr-FR/opds-Fedora.xml
+++ b/public_html/fr-FR/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>fr-FR</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
index a717d53..61b6eaf 100644
--- a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Core.xml b/public_html/fr-FR/opds-Fedora_Core.xml
index 1719fa5..09da50e 100644
--- a/public_html/fr-FR/opds-Fedora_Core.xml
+++ b/public_html/fr-FR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
index 2565e28..4e8c6a9 100644
--- a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds.xml b/public_html/fr-FR/opds.xml
index 9f62448..e223f6f 100644
--- a/public_html/fr-FR/opds.xml
+++ b/public_html/fr-FR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fr-FR/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fr-FR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fr-FR/toc.html b/public_html/fr-FR/toc.html
index 609e9e8..70ac844 100644
--- a/public_html/fr-FR/toc.html
+++ b/public_html/fr-FR/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -128,7 +147,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -155,7 +174,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -874,7 +893,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1089,7 +1108,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1362,7 +1381,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1502,7 +1521,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/gu-IN/Site_Statistics.html b/public_html/gu-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/gu-IN/Site_Statistics.html
+++ b/public_html/gu-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/gu-IN/opds-Community_Services_Infrastructure.xml b/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
index 6e35332..96a3b05 100644
--- a/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora.xml b/public_html/gu-IN/opds-Fedora.xml
index 9469331..3efd468 100644
--- a/public_html/gu-IN/opds-Fedora.xml
+++ b/public_html/gu-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>gu-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
index c70859f..421bb6c 100644
--- a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Core.xml b/public_html/gu-IN/opds-Fedora_Core.xml
index c651704..10c9aa4 100644
--- a/public_html/gu-IN/opds-Fedora_Core.xml
+++ b/public_html/gu-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
index add79f7..ac6d6bb 100644
--- a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds.xml b/public_html/gu-IN/opds.xml
index 993a2a1..50bc9d0 100644
--- a/public_html/gu-IN/opds.xml
+++ b/public_html/gu-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/gu-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/gu-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/gu-IN/toc.html b/public_html/gu-IN/toc.html
index dab3318..9b12117 100644
--- a/public_html/gu-IN/toc.html
+++ b/public_html/gu-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/he-IL/Site_Statistics.html b/public_html/he-IL/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/he-IL/Site_Statistics.html
+++ b/public_html/he-IL/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/he-IL/opds-Community_Services_Infrastructure.xml b/public_html/he-IL/opds-Community_Services_Infrastructure.xml
index 203c485..61ac3a4 100644
--- a/public_html/he-IL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/he-IL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora.xml b/public_html/he-IL/opds-Fedora.xml
index 5e90a5f..c29f3b1 100644
--- a/public_html/he-IL/opds-Fedora.xml
+++ b/public_html/he-IL/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>he-IL</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
index fec46ed..e922974 100644
--- a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Core.xml b/public_html/he-IL/opds-Fedora_Core.xml
index 474ed0e..1b6b6a7 100644
--- a/public_html/he-IL/opds-Fedora_Core.xml
+++ b/public_html/he-IL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
index 3a4a906..0de8e40 100644
--- a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds.xml b/public_html/he-IL/opds.xml
index 57f76ff..fe0cfb3 100644
--- a/public_html/he-IL/opds.xml
+++ b/public_html/he-IL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/he-IL/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/he-IL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/he-IL/toc.html b/public_html/he-IL/toc.html
index ccf446b..bc58945 100644
--- a/public_html/he-IL/toc.html
+++ b/public_html/he-IL/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -334,7 +353,7 @@
<a class="type" href="./Fedora/15/epub/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-he-IL.epub" >epub</a>
<a class="type" href="./Fedora/15/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-he-IL.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-he-IL.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-he-IL.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-he-IL.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/hi-IN/Site_Statistics.html b/public_html/hi-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/hi-IN/Site_Statistics.html
+++ b/public_html/hi-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/hi-IN/opds-Community_Services_Infrastructure.xml b/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
index d499b6a..ed287cc 100644
--- a/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora.xml b/public_html/hi-IN/opds-Fedora.xml
index 2c5af68..ad6b231 100644
--- a/public_html/hi-IN/opds-Fedora.xml
+++ b/public_html/hi-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>hi-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
index fd608f9..e8b446d 100644
--- a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Core.xml b/public_html/hi-IN/opds-Fedora_Core.xml
index 5f4bfc6..5d5fac7 100644
--- a/public_html/hi-IN/opds-Fedora_Core.xml
+++ b/public_html/hi-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
index a18f832..7f7f54b 100644
--- a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds.xml b/public_html/hi-IN/opds.xml
index 80b6cc5..3633015 100644
--- a/public_html/hi-IN/opds.xml
+++ b/public_html/hi-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hi-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/hi-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/hi-IN/toc.html b/public_html/hi-IN/toc.html
index c268e3d..c0dc065 100644
--- a/public_html/hi-IN/toc.html
+++ b/public_html/hi-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/hu-HU/Site_Statistics.html b/public_html/hu-HU/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/hu-HU/Site_Statistics.html
+++ b/public_html/hu-HU/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/hu-HU/opds-Community_Services_Infrastructure.xml b/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
index 35990b6..6210d73 100644
--- a/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
+++ b/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora.xml b/public_html/hu-HU/opds-Fedora.xml
index 19fd674..4c11a78 100644
--- a/public_html/hu-HU/opds-Fedora.xml
+++ b/public_html/hu-HU/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>hu-HU</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
index 011632a..4ed2566 100644
--- a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Core.xml b/public_html/hu-HU/opds-Fedora_Core.xml
index 8f30bab..5c0199c 100644
--- a/public_html/hu-HU/opds-Fedora_Core.xml
+++ b/public_html/hu-HU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
index 6aa9b73..4462f16 100644
--- a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds.xml b/public_html/hu-HU/opds.xml
index cbf34ea..aba588c 100644
--- a/public_html/hu-HU/opds.xml
+++ b/public_html/hu-HU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hu-HU/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/hu-HU/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/hu-HU/toc.html b/public_html/hu-HU/toc.html
index b0d0ccc..72626e3 100644
--- a/public_html/hu-HU/toc.html
+++ b/public_html/hu-HU/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/id-ID/Site_Statistics.html b/public_html/id-ID/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/id-ID/Site_Statistics.html
+++ b/public_html/id-ID/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/id-ID/opds-Community_Services_Infrastructure.xml b/public_html/id-ID/opds-Community_Services_Infrastructure.xml
index 7653391..69c2928 100644
--- a/public_html/id-ID/opds-Community_Services_Infrastructure.xml
+++ b/public_html/id-ID/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora.xml b/public_html/id-ID/opds-Fedora.xml
index 7564f63..e130ab0 100644
--- a/public_html/id-ID/opds-Fedora.xml
+++ b/public_html/id-ID/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>id-ID</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
index 953566d..f7f4059 100644
--- a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Core.xml b/public_html/id-ID/opds-Fedora_Core.xml
index 6c90493..56f9325 100644
--- a/public_html/id-ID/opds-Fedora_Core.xml
+++ b/public_html/id-ID/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
index d2b1d66..1fec2fc 100644
--- a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds.xml b/public_html/id-ID/opds.xml
index c8b9552..d886ad4 100644
--- a/public_html/id-ID/opds.xml
+++ b/public_html/id-ID/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/id-ID/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/id-ID/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/id-ID/toc.html b/public_html/id-ID/toc.html
index 02875b0..75b8548 100644
--- a/public_html/id-ID/toc.html
+++ b/public_html/id-ID/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub b/public_html/it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub
new file mode 100644
index 0000000..36c7ab5
Binary files /dev/null and b/public_html/it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..d7dc3f2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css
@@ -0,0 +1,1528 @@
+* {
+ widows: 2 !important;
+ orphans: 2 !important;
+}
+
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+ line-height: 1.29em;
+}
+
+body {
+ background-color: white;
+ margin:0 auto;
+ font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+ font-size:12px;
+ max-width:55em;
+ color:black;
+}
+
+body.toc_embeded {
+ /*for web hosting system only*/
+ margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+ /*for web hosting system only*/
+ border-style:none;
+ position:fixed;
+ width:290px;
+ height:99.99%;
+ top:0;
+ left:0;
+ z-index: 100;
+ border-style:none;
+ border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+ margin-left: 3em;
+}
+
+iframe.notoc {
+ border-style:none;
+ border: none;
+ padding: 0em;
+ position:fixed;
+ width: 21px;
+ height: 29px;
+ top: 0px;
+ left:0;
+ overflow: hidden;
+ margin: 0em;
+ margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+ margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+ display:block;
+ width:24em;
+ height:99%;
+ position:fixed;
+ overflow:auto;
+ top:0px;
+ left:0px;
+ padding-left:1em;
+ background-color:#EEEEEE;
+}
+
+.toc {
+ line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+ margin-top:1em;
+}
+
+.toc .part {
+ margin-top:1em;
+ display:block;
+}
+
+span.glossary,
+span.appendix {
+ display:block;
+ margin-top:0.5em;
+}
+
+div {
+ padding-top:0px;
+}
+
+div.section {
+ padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+ padding-top:0px;
+ margin-top:0.3em;
+ padding-bottom:0px;
+ margin-bottom:1em;
+}
+
+/*Links*/
+a {
+ outline: none;
+}
+
+a:link {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#3366cc;
+}
+
+a:visited {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#003366;
+}
+
+div.longdesc-link {
+ float:right;
+ color:#999;
+}
+
+.toc a, .qandaset a {
+ font-weight:normal;
+ border:none;
+}
+
+.toc a:hover, .qandaset a:hover
+{
+ border-bottom: 1px dotted;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+ color: #336699;
+ margin-top: 0em;
+ margin-bottom: 0em;
+ background-color: transparent;
+ page-break-inside: avoid;
+ page-break-after: avoid;
+}
+
+h1 {
+ font-size:2.0em;
+}
+
+.titlepage h1.title {
+ font-size: 3.0em;
+ padding-top: 1em;
+ text-align:left;
+}
+
+.book > .titlepage h1.title {
+ text-align:center;
+}
+
+.article > .titlepage h1.title {
+ text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+ text-align:center;
+}
+
+.producttitle {
+ margin-top: 0em;
+ margin-bottom: 0em;
+ font-size: 3.0em;
+ font-weight: bold;
+ background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+ color: white;
+ text-align: center;
+ padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+ margin-top: 1em;
+ text-align: center;
+}
+
+.section h1.title {
+ font-size: 1.6em;
+ padding: 0em;
+ color: #336699;
+ text-align: left;
+ background: white;
+}
+
+h2 {
+ font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+.appendix h2 {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+
+
+h3 {
+ font-size:1.3em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+h4 {
+ font-size:1.1em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+
+h5 {
+ font-size:1em;
+}
+
+h6 {
+ font-size:1em;
+}
+
+h5.formalpara {
+ font-size:1em;
+ margin-top:2em;
+ margin-bottom:.8em;
+}
+
+.abstract h6 {
+ margin-top:1em;
+ margin-bottom:.5em;
+ font-size:2em;
+}
+
+/*element rules*/
+hr {
+ border-collapse: collapse;
+ border-style:none;
+ border-top: 1px dotted #ccc;
+ width:100%;
+ margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+ display:inline;
+ padding:0em;
+}
+
+.languages li a {
+ padding:0em .5em;
+ text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+ display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+ color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+ color:black;
+}
+
+ul.languages {
+ display:block;
+ background-color:#eee;
+ padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+ position:relative;
+}
+
+.versions li {
+ width:100%;
+ clear:both;
+ display:block;
+}
+
+a.version {
+ font-size:2em;
+ text-decoration:none;
+ width:100%;
+ display:block;
+ padding:1em 0em .2em 0em;
+ clear:both;
+}
+
+a.version:before {
+ content:"Version";
+ font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+ color:#666;
+}
+
+a.version:focus, a.version:hover {
+ color:black;
+}
+
+.books {
+ display:block;
+ position:relative;
+ clear:both;
+ width:100%;
+}
+
+.books li {
+ display:block;
+ width:200px;
+ float:left;
+ position:relative;
+ clear: none ;
+}
+
+.books .html {
+ width:170px;
+ display:block;
+}
+
+.books .pdf {
+ position:absolute;
+ left:170px;
+ top:0px;
+ font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+ color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+ color:#000;
+}
+
+.books li a {
+ text-decoration:none;
+}
+
+.books li a:hover {
+ color:black;
+}
+
+/*products*/
+.products li {
+ display: block;
+ width:300px;
+ float:left;
+}
+
+.products li a {
+ width:300px;
+ padding:.5em 0em;
+}
+
+.products ul {
+ clear:both;
+}
+
+/*revision history*/
+.revhistory {
+ display:block;
+}
+
+.revhistory table {
+ background-color:transparent;
+ border-color:#fff;
+ padding:0em;
+ margin: 0;
+ border-collapse:collapse;
+ border-style:none;
+}
+
+.revhistory td {
+ text-align :left;
+ padding:0em;
+ border: none;
+ border-top: 1px solid #fff;
+ font-weight: bold;
+}
+
+.revhistory .simplelist td {
+ font-weight: normal;
+}
+
+.revhistory .simplelist {
+ margin-bottom: 1.5em;
+ margin-left: 1em;
+}
+
+.revhistory table th {
+ display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+ clear:both;
+ text-align: center;
+}
+
+h3.author {
+ margin: 0em;
+ padding: 0em;
+ padding-top: 1em;
+}
+
+.authorgroup h4 {
+ padding: 0em;
+ margin: 0em;
+ padding-top: 1em;
+ margin-top: 1em;
+}
+
+.author,
+.editor,
+.translator,
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
+}
+
+.othercredit h3 {
+ padding-top: 1em;
+}
+
+
+.othercredit {
+ margin:0em;
+ padding:0em;
+}
+
+.releaseinfo {
+ clear: both;
+}
+
+.copyright {
+ margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+ margin-bottom:1em;
+ border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+ border-bottom:1px dotted #ccc;
+}
+
+.question {
+ font-weight:bold;
+}
+
+.answer .data, .question .data {
+ padding-left: 2.6em;
+}
+
+.answer label, .question label {
+ float:left;
+ font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+ color: #0000ff;
+}
+
+.perl_BaseN {
+ color: #007f00;
+}
+
+.perl_BString {
+ color: #5C3566;
+}
+
+.perl_Char {
+ color: #ff00ff;
+}
+
+.perl_Comment {
+ color: #FF00FF;
+}
+
+
+.perl_DataType {
+ color: #0000ff;
+}
+
+
+.perl_DecVal {
+ color: #00007f;
+}
+
+
+.perl_Error {
+ color: #ff0000;
+}
+
+
+.perl_Float {
+ color: #00007f;
+}
+
+
+.perl_Function {
+ color: #007f00;
+}
+
+
+.perl_IString {
+ color: #5C3566;
+}
+
+
+.perl_Keyword {
+ color: #002F5D;
+}
+
+
+.perl_Operator {
+ color: #ffa500;
+}
+
+
+.perl_Others {
+ color: #b03060;
+}
+
+
+.perl_RegionMarker {
+ color: #96b9ff;
+}
+
+
+.perl_Reserved {
+ color: #9b30ff;
+}
+
+
+.perl_String {
+ color: #5C3566;
+}
+
+
+.perl_Variable {
+ color: #0000ff;
+}
+
+
+.perl_Warning {
+ color: #0000ff;
+}
+
+/*Lists*/
+ul {
+ padding-left:1.6em;
+ list-style-image:url(../images/dot.png);
+ list-style-type: circle;
+}
+
+ul ul {
+ list-style-image:url(../images/dot2.png);
+ list-style-type: circle;
+}
+
+ol {
+ list-style-image:none;
+ list-style-type: decimal;
+}
+
+ol ol {
+ list-style-type: lower-alpha;
+}
+
+ol.arabic {
+ list-style-type: decimal;
+}
+
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
+dt {
+ font-weight:bold;
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+dd {
+ margin:0em;
+ margin-left:2em;
+ padding-top:0em;
+ padding-bottom: 1em;
+}
+
+li {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.4em;
+}
+
+li p, li div.para {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+ display:block;
+ margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+ display:inline;
+ margin:0em;
+}
+
+.figure img {
+ display:block;
+ margin:0;
+ page-break-inside: avoid;
+}
+
+.figure .title {
+ margin:0em;
+ margin-bottom:2em;
+ padding:0px;
+}
+
+/*document modes*/
+.confidential {
+ background-color:#900;
+ color:White;
+ padding:.5em .5em;
+ text-transform:uppercase;
+ text-align:center;
+}
+
+.longdesc-link {
+ display:none;
+}
+
+.longdesc {
+ display:none;
+}
+
+.prompt {
+ padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+ font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight: bold;
+ white-space: nowrap;
+}
+
+.example {
+ background-color: #ffffff;
+ border-left: 3px solid #aaaaaa;
+ padding-top: 1em;
+ padding-bottom: 0.1em;
+}
+
+.example h6 {
+ padding-left: 10px;
+}
+
+.example-contents {
+ padding-left: 10px;
+ background-color: #ffffff;
+}
+
+.example-contents .para {
+/* padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput,
+.option {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+.replaceable {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+ font-weight: inherit;
+}
+
+pre {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ display:block;
+ background-color: #f5f5f5;
+ color: #000000;
+ border: 1px solid #aaaaaa;
+ margin-bottom: 0.3em;
+ padding:.5em 1em;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+ font-size: 0.9em;
+}
+
+pre .replaceable,
+pre .keycap {
+}
+
+code {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+/* white-space: nowrap;*/
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-weight:bold;
+}
+
+.parameter code {
+ display: inline;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+ content:url(../images/warning.png);
+ padding-left: 5px;
+}
+
+div.note:before {
+ content:url(../images/note.png);
+ padding-left: 5px;
+}
+
+div.important:before {
+ content:url(../images/important.png);
+ padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+ color: black;
+ margin: 0em;
+ padding: 0em;
+ background: none;
+ background-color: white;
+ margin-bottom: 1em;
+ border-bottom: 1px solid #aaaaaa;
+ page-break-inside: avoid;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+ margin: 0em;
+ padding: 0em;
+ color: #eeeeec;
+ padding-top: 0px;
+ padding-bottom: 0px;
+ height: 1.4em;
+ line-height: 1.4em;
+ font-size: 1.4em;
+ display:inline;
+}
+
+div.admonition_header {
+ clear: both;
+ margin: 0em;
+ padding: 0em;
+ margin-top: -3.3em;
+ padding-left: 58px;
+ line-height: 1.0em;
+ font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+ background: url(../images/red.png) top left repeat-x;
+ background-color: #590000;
+}
+
+div.note div.admonition_header {
+ background: url(../images/green.png) top right repeat-x;
+ background-color: #597800;
+}
+
+div.important div.admonition_header {
+ background: url(../images/yellow.png) top right repeat-x;
+ background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+ padding: 0em;
+ margin: 0em;
+}
+
+div.admonition {
+ border: none;
+ border-left: 1px solid #aaaaaa;
+ border-right: 1px solid #aaaaaa;
+ padding:0em;
+ margin:0em;
+ padding-top: 1.5em;
+ padding-bottom: 1em;
+ padding-left: 2em;
+ padding-right: 1em;
+ background-color: #eeeeec;
+ -moz-border-radius: 0px;
+ -webkit-border-radius: 0px;
+ border-radius: 0px;
+}
+
+/*Page Title*/
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
+}
+
+#title a.left{
+ display:inline;
+ border:none;
+}
+
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
+ padding-bottom:1em;
+}
+
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+ margin-top:.7em;
+}
+
+/*Table*/
+div.table {
+ page-break-inside: avoid;
+}
+
+table {
+ border:1px solid #6c614b;
+ width:100%;
+ border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+ border-style: none;
+}
+
+table th {
+ text-align:left;
+ background-color:#6699cc;
+ padding:.3em .5em;
+ color:white;
+}
+
+table td {
+ padding:.15em .5em;
+}
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
+ margin-top:0em;
+ padding-top:0em;
+ display:inline;
+}
+
+th, td {
+ border-style:none;
+ vertical-align: top;
+ border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+ border: none;
+}
+
+table table td {
+ border-bottom:1px dotted #aaa;
+ background-color:white;
+ padding:.6em 0em;
+}
+
+table table {
+ border:1px solid white;
+}
+
+td.remarkval {
+ color:#444;
+}
+
+td.fieldval {
+ font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+ color:white;
+ font-weight:bold;
+ background-color:#999;
+ width:120px;
+}
+
+td.remarkval {
+ width:230px;
+}
+
+td.tname {
+ font-weight:bold;
+}
+
+th.dbfield {
+ width:120px;
+}
+
+th.dbtype {
+ width:70px;
+}
+
+th.dbdefault {
+ width:70px;
+}
+
+th.dbnul {
+ width:70px;
+}
+
+th.dbkey {
+ width:70px;
+}
+
+span.book {
+ margin-top:4em;
+ display:block;
+ font-size:11pt;
+}
+
+span.book a{
+ font-weight:bold;
+}
+span.chapter {
+ display:block;
+ margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+ border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+ content:" ";
+}
+
+#breadcrumbs {
+ color:#900;
+ padding:3px;
+ margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+ margin-left:0;
+ padding-left:0;
+ display:inline;
+ border:none;
+}
+
+#breadcrumbs ul li {
+ margin-left:0;
+ padding-left:2px;
+ border:none;
+ list-style:none;
+ display:inline;
+}
+
+#breadcrumbs ul li:before {
+ content:"\0020 \0020 \0020 \00BB \0020";
+ color:#333;
+}
+
+/*index*/
+.glossary h3,
+.index h3 {
+ font-size: 2em;
+ color:#aaa;
+ margin:0em;
+}
+
+.indexdiv {
+ margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+ color:#444;
+ padding-top:.5em;
+}
+
+.glossary dl dl dt,
+.index dl dl dt {
+ color:#777;
+ font-weight:normal;
+ padding-top:0em;
+}
+
+.index dl dl dt:before {
+ content:"- ";
+ color:#ccc;
+}
+
+/*changes*/
+.footnote {
+ font-size: .7em;
+ margin:0em;
+ color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+ color:#999;
+ margin:0em;
+ padding:0em;
+ line-height: .4em;
+ font-size: 1em;
+ padding-left:0em;
+}
+
+.footnote {
+ position:relative;
+}
+
+.footnote sup {
+ color:#e3dcc0;
+ position:absolute;
+ left: .4em;
+}
+
+.footnote sup a:link,
+.footnote sup a:visited {
+ color:#92917d;
+ text-decoration:none;
+}
+
+.footnote:hover sup a {
+ text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+ padding-left:2em;
+}
+
+.footnote a:link,
+.footnote a:visited {
+ color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+ margin-top:3em;
+ page-break-inside: avoid;
+}
+
+div.preface {
+ page-break-inside: avoid;
+}
+
+div.section {
+ margin-top:1em;
+ page-break-inside: auto;
+}
+
+div.note .replaceable,
+div.important .replaceable,
+div.warning .replaceable,
+div.note .keycap,
+div.important .keycap,
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+ border:none;
+ text-decoration:none;
+ font-weight:normal;
+}
+
+.docnav {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ position:relative;
+ width:100%;
+ padding-bottom:2em;
+ padding-top:1em;
+ border-top:1px dotted #ccc;
+}
+
+.docnav li {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ display:inline;
+ font-size:.8em;
+}
+
+.docnav li:before {
+ content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+ position:absolute;
+ top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+ margin:0em 1.5em;
+}
+
+.docnav li.previous {
+ left:0px;
+ text-align:left;
+}
+
+.docnav li.next {
+ right:0px;
+ text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+ height:22px;
+ display:block;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+.docnav li.next a strong {
+ background: url(../images/stock-go-forward.png) top right no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-right:28px;
+ font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+ background: url(../images/stock-go-back.png) top left no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-left:28px;
+ padding-right:0.5em;
+ font-size:1.2em;
+}
+
+.docnav li.home a strong {
+ background: url(../images/stock-home.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav li.up a strong {
+ background: url(../images/stock-go-up.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+ color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+ color:black;
+}
+
+.docnav a {
+ max-width: 10em;
+ overflow:hidden;
+}
+
+.docnav a:link strong {
+ text-decoration:none;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+ul.docnav {
+ margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.reports li{
+ margin:0em;
+ padding:0em;
+}
+
+.reports li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.reports dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+ max-width:57em ;
+ padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+ display:block;
+ float:left;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ height:1em;
+}
+
+div.progress span {
+ height:1em;
+ float:left;
+}
+
+div.progress span.translated {
+ background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+ background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.results li{
+ margin:0em;
+ padding:0em;
+}
+
+.results li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.results h2, .results h3 {
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+ -moz-border-radius:11px;
+ -webkit-border-radius:11px;
+ border-radius: 11px;
+ page-break-inside: avoid;
+}
+
+.example {
+ -moz-border-radius:0px;
+ -webkit-border-radius:0px;
+ border-radius: 0px;
+ page-break-inside: avoid;
+}
+
+.package, .citetitle {
+ font-style: italic;
+}
+
+.titlepage .edition {
+ color: #336699;
+ background-color: transparent;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ font-weight: bold;
+ text-align: center;
+}
+
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
+}
+
+
+.strikethrough {
+ text-decoration: line-through;
+}
+
+.underline {
+ text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+ padding: 0em;
+ margin: 0em;
+ width: 12pt;
+ display: inline;
+ vertical-align: middle;
+}
+
+.stepalternatives {
+ list-style-image: none;
+ list-style-type: none;
+}
+
+
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css
new file mode 100644
index 0000000..bf38ebb
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css
@@ -0,0 +1,3 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..057be29
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,51 @@
+a:link {
+ color:#0066cc;
+}
+
+a:hover, a:active {
+ color:#003366;
+}
+
+a:visited {
+ color:#6699cc;
+}
+
+
+h1 {
+ color:#3c6eb4
+}
+
+.producttitle {
+ background: #3c6eb4 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+ color:#3c6eb4;
+}
+
+
+h2,h3,h4,h5,h6 {
+ color:#3c6eb4;
+}
+
+table {
+ border:1px solid #3c6eb4;
+}
+
+table th {
+ background-color:#3c6eb4;
+}
+
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+.revhistory table th {
+ color:#3c6eb4;
+}
+
+.titlepage .edition {
+ color: #3c6eb4;
+}
+
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css
new file mode 100644
index 0000000..773d8ae
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css
@@ -0,0 +1,16 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
+
+#tocframe {
+ display: none;
+}
+
+body.toc_embeded {
+ margin-left: 30px;
+}
+
+.producttitle {
+ color: #336699;
+}
+
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..c21d7a3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..a2b3903
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..15b81da
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..af015ab
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..2fcc2dd
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..cb82b70
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..edebe20
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..3b6d822
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..ec48cef
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..226e461
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..33d5637
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..5aaa3a3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..f1a4eb2
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..f51dd96
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2839"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2841"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..d38a155
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..cb7e2f5
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d83e898
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..5d6f0ad
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..9e39de4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..9ea672c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..9eeedfb
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..80d1d09
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..ff9cc57
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..8e94260
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b28b4aa
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..409ac6e
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..eda952c
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..7bc03af
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..90b14b0
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..fe086f6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..8b35a74
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..f17ec29
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..6041b02
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..42a5333
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..ecb15e6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..a8d4672
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..4b2f560
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..3cf00ec
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..ecf058e
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..c8d6440
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..e64efb2
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..5acce93
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..dbbca1b
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..507dd44
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..4febe43
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..5e87e1f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..f4ffb14
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..434e663
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..0b29e87
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..08c3f2d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..a4740a3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..aa099c3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..f23ccea
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..fce979c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..7e2ab31
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..c67f8ec
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..02118e3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..da7780a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..30f4fdf
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..348549a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..6174706
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..7bc04d9
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..161661d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..ec2ad98
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..2d46b24
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..664ffdd
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..9b9dd88
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..bc06c73
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..fe2a68f
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..5a94d1b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..f239fb6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..82fb03d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..18866e6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..e2f62af
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+ id="path2846"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..52c3a18
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..a43460f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+ id="path2832"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..8a8cb21
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..2c82d3f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..0ae412f
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..b0f04c4
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png
new file mode 100644
index 0000000..2333a6d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png
new file mode 100644
index 0000000..c235534
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..79d0a80
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png
new file mode 100644
index 0000000..36a6859
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png
new file mode 100644
index 0000000..40aff92
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..a2aad24
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..e8fe7a4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..79509ad
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..f7594a3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..2d33045
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="important.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/important.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2611">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="681"
+ inkscape:window-width="738"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2613" />
+ </defs>
+ <g
+ transform="matrix(0.4626799,0,0,0.4626799,-5.2934127,-3.3160376)"
+ id="g5485">
+ <path
+ d="M 29.97756,91.885882 L 55.586992,80.409826 L 81.231619,91.807015 L 78.230933,63.90468 L 96.995009,43.037218 L 69.531053,37.26873 L 55.483259,12.974592 L 41.510292,37.311767 L 14.064204,43.164717 L 32.892392,63.97442 L 29.97756,91.885882 z"
+ id="path6799"
+ style="fill:#f3de82;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.536215,56.538729 L 55.48324,12.974601 L 41.51028,37.311813 L 55.536215,56.538729 z"
+ id="path6824"
+ style="opacity:0.91005291;fill:#f9f2cb;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 78.241135,63.937979 L 96.976198,43.044318 L 55.57947,56.614318 z"
+ id="use6833"
+ style="opacity:1;fill:#d0bc64;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 55.667994,80.684281 L 81.379011,91.931065 L 55.523838,56.869126 z"
+ id="use6835"
+ style="opacity:1;fill:#e0c656;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 13.877363,43.200977 L 32.640089,64.069652 L 55.283346,56.742618 z"
+ id="use6831"
+ style="opacity:1;fill:#d1ba59;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 55.32792,80.684281 L 29.616903,91.931065 L 55.472076,56.869126 z"
+ id="use6837"
+ style="opacity:1;fill:#d2b951;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 96.976198,43.044318 L 69.504294,37.314027 L 55.57947,56.614318 z"
+ id="path7073"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 81.379011,91.931065 L 78.214821,64.046881 L 55.523838,56.869126 z"
+ id="path7075"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 41.341708,37.434209 L 13.877363,43.200977 L 55.283346,56.742618 z"
+ id="path7077"
+ style="opacity:1;fill:#f6e59d;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 29.616903,91.931065 L 32.781093,64.046881 L 55.472076,56.869126 z"
+ id="path7079"
+ style="opacity:1;fill:#f3df8b;fill-opacity:1;enable-background:new" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png
new file mode 100644
index 0000000..66a3104
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..d6c4518
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..70e43b6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="note.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/note.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata16">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="1024"
+ inkscape:window-width="1205"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="22.217181"
+ inkscape:cy="20"
+ inkscape:window-x="334"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective18" />
+ </defs>
+ <g
+ transform="matrix(0.468275,0,0,0.468275,-5.7626904,-7.4142703)"
+ id="layer1">
+ <g
+ transform="matrix(0.115136,0,0,0.115136,9.7283,21.77356)"
+ id="g8014"
+ style="enable-background:new">
+ <g
+ id="g8518"
+ style="opacity:1">
+ <path
+ d="M -2512.4524,56.33197 L 3090.4719,56.33197 L 3090.4719,4607.3813 L -2512.4524,4607.3813 L -2512.4524,56.33197 z"
+ transform="matrix(0.1104659,-2.3734892e-2,2.2163258e-2,0.1031513,308.46782,74.820675)"
+ id="rect8018"
+ style="fill:#ffe680;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ <g
+ transform="matrix(0.5141653,-7.1944682e-2,7.1944682e-2,0.5141653,146.04015,-82.639785)"
+ id="g8020">
+ <path
+ d="M 511.14114,441.25315 C 527.3248,533.52772 464.31248,622.82928 370.39916,640.71378 C 276.48584,658.59828 187.23462,598.29322 171.05095,506.01865 C 154.86728,413.74408 217.8796,324.44253 311.79292,306.55803 C 405.70624,288.67353 494.95747,348.97858 511.14114,441.25315 z"
+ id="path8022"
+ style="opacity:1;fill:#e0c96f;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(1.2585415,-0.2300055,0.2168789,1.1867072,-248.76141,68.254424)"
+ id="path8024"
+ style="opacity:1;fill:#c00000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 358.5625,281.15625 C 348.09597,281.05155 337.43773,281.94729 326.71875,283.90625 C 240.96686,299.57789 183.37901,377.92385 198.15625,458.78125 C 209.70749,521.98673 262.12957,567.92122 325.40625,577.5625 L 357.25,433.6875 L 509.34375,405.875 C 509.14405,404.58166 509.0804,403.29487 508.84375,402 C 495.91366,331.24978 431.82821,281.88918 358.5625,281.15625 z"
+ id="path8026"
+ style="opacity:1;fill:#b60000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 294.2107,361.9442 L 282.79367,370.38482 L 261.73414,386.13346 C 253.13706,404.40842 254.3359,423.7989 259.7176,444.39774 C 273.6797,497.83861 313.42636,523.96124 369.50989,517.58957 C 398.21848,514.32797 424.51832,504.67345 440.64696,484.15958 L 469.89512,447.48298 L 294.2107,361.9442 z"
+ id="path8028"
+ style="fill:#750000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.09999999;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-78.013985,79.234385)"
+ id="path8030"
+ style="opacity:1;fill:#d40000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-69.306684,71.273294)"
+ id="path8032"
+ style="opacity:1;fill:#e11212;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png
new file mode 100644
index 0000000..a73afdf
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png
new file mode 100644
index 0000000..a18f7c4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..d320f26
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..1ee5a29
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..1cd7332
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..122536d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..d5182b4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..e8fd52b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="220"
+ height="70"
+ id="svg6180">
+ <defs
+ id="defs6182" />
+ <g
+ transform="translate(-266.55899,-345.34488)"
+ id="layer1">
+ <path
+ d="m 316.7736,397.581 c 0,0 0,0 -20.53889,0 0.3327,4.45245 3.92157,7.77609 8.70715,7.77609 3.38983,0 6.31456,-1.39616 8.64094,-3.65507 0.46553,-0.46679 0.99726,-0.59962 1.59519,-0.59962 0.79781,0 1.59561,0.39932 2.12692,1.06388 0.3327,0.46553 0.53216,0.99726 0.53216,1.52857 0,0.73118 -0.3327,1.52857 -0.93106,2.12734 -2.7919,2.99052 -7.51086,4.98503 -12.16403,4.98503 -8.44149,0 -15.22074,-6.77967 -15.22074,-15.22158 0,-8.44149 6.58022,-15.22074 15.02171,-15.22074 8.37529,0 14.62323,6.51317 14.62323,15.08749 0,1.26418 -1.12924,2.12861 -2.39258,2.12861 z m -12.23065,-11.76512 c -4.45329,0 -7.51085,2.92473 -8.17499,7.17731 10.03626,0 16.35083,0 16.35083,0 -0.59836,-4.05355 -3.78874,-7.17731 -8.17584,-7.17731 z"
+ id="path11"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 375.46344,410.80807 c -8.44106,0 -15.22074,-6.77968 -15.22074,-15.22159 0,-8.44149 6.77968,-15.22074 15.22074,-15.22074 8.44234,0 15.22159,6.77925 15.22159,15.22074 -4.2e-4,8.44149 -6.77968,15.22159 -15.22159,15.22159 z m 0,-24.65992 c -5.31688,0 -8.77377,4.25427 -8.77377,9.43833 0,5.18364 3.45689,9.43833 8.77377,9.43833 5.31731,0 8.77504,-4.25469 8.77504,-9.43833 -4.2e-4,-5.18406 -3.45773,-9.43833 -8.77504,-9.43833 z"
+ id="path13"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 412.66183,380.36574 c -4.45963,0 -7.40966,1.319 -10.01391,4.62956 l -0.24036,-1.53995 0,0 c -0.20198,-1.60743 -1.57326,-2.84926 -3.23382,-2.84926 -1.80139,0 -3.26206,1.459 -3.26206,3.26081 0,0.003 0,0.005 0,0.008 l 0,0 0,0.003 0,0 0,23.40712 c 0,1.79464 1.46194,3.25743 3.257,3.25743 1.79465,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-12.56209 c 0,-5.71621 4.98502,-8.57432 10.23613,-8.57432 1.59519,0 2.85726,-1.32953 2.85726,-2.92515 0,-1.59561 -1.26207,-2.85726 -2.85768,-2.85726 z"
+ id="path15"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 447.02614,395.58648 c 0.0666,-8.17541 -5.78326,-15.22074 -15.222,-15.22074 -8.44192,0 -15.28779,6.77925 -15.28779,15.22074 0,8.44191 6.64684,15.22159 14.68985,15.22159 4.01434,0 7.62682,-2.06621 9.23846,-4.22518 l 0.79359,2.01434 0,0 c 0.42589,1.13177 1.5176,1.93717 2.7978,1.93717 1.65001,0 2.98756,-1.33671 2.99009,-2.98545 l 0,0 0,-7.80687 0,0 0,-4.1556 z m -15.222,9.43833 c -5.31773,0 -8.77419,-4.25469 -8.77419,-9.43833 0,-5.18406 3.45604,-9.43833 8.77419,-9.43833 5.3173,0 8.77419,4.25427 8.77419,9.43833 0,5.18364 -3.45689,9.43833 -8.77419,9.43833 z"
+ id="path17"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 355.01479,368.3337 c 0,-1.7938 -1.46194,-3.18997 -3.25659,-3.18997 -1.79422,0 -3.25743,1.39659 -3.25743,3.18997 l 0,17.1499 c -1.66097,-3.05756 -5.25026,-5.11786 -9.50495,-5.11786 -8.64052,0 -14.42336,6.51318 -14.42336,15.22074 0,8.70757 5.98229,15.22159 14.42336,15.22159 3.76555,0 7.03057,-1.55429 8.98587,-4.25554 l 0.72317,1.83428 c 0.44782,1.25912 1.64917,2.16024 3.06051,2.16024 1.78621,0 3.24984,-1.45435 3.24984,-3.24815 0,-0.005 0,-0.009 0,-0.0139 l 0,0 0,-38.95128 -4.2e-4,0 z m -15.22116,36.69111 c -5.31731,0 -8.70715,-4.25469 -8.70715,-9.43833 0,-5.18406 3.38984,-9.43833 8.70715,-9.43833 5.31773,0 8.70714,4.0544 8.70714,9.43833 0,5.38309 -3.38941,9.43833 -8.70714,9.43833 z"
+ id="path19"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 287.21553,365.34023 c -0.59414,-0.0877 -1.19966,-0.13198 -1.80097,-0.13198 -6.73118,0 -12.20746,5.4767 -12.20746,12.20788 l 0,3.8132 -3.98903,0 c -1.46237,0 -2.65908,1.19671 -2.65908,2.65781 0,1.46321 1.19671,2.93738 2.65908,2.93738 l 3.98819,0 0,20.46004 c 0,1.79464 1.46236,3.25743 3.25658,3.25743 1.79507,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-20.46004 4.40986,0 c 1.46194,0 2.65823,-1.47417 2.65823,-2.93738 0,-1.46152 -1.19629,-2.65823 -2.65823,-2.65823 l -4.40733,0 0,-3.8132 c 0,-3.13852 2.55323,-6.11469 5.69175,-6.11469 0.28294,0 0.56757,0.0211 0.84672,0.062 1.78031,0.26355 3.4358,-0.54269 3.70019,-2.32342 0.2627,-1.77904 -0.96606,-3.43538 -2.74594,-3.69935 z"
+ id="path21"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 482.01243,363.57426 c 0,-10.06788 -8.16108,-18.22938 -18.22897,-18.22938 -10.06282,0 -18.22179,8.15475 -18.22854,18.21631 l -4.2e-4,-4.2e-4 0,14.1071 4.2e-4,4.2e-4 c 0.005,2.28463 1.85832,4.13409 4.14463,4.13409 0.007,0 0.0127,-8.4e-4 0.0194,-8.4e-4 l 0.001,8.4e-4 14.07083,0 0,0 c 10.06409,-0.004 18.22138,-8.16276 18.22138,-18.22812 z"
+ id="path25"
+ style="fill:#294172" />
+ <path
+ d="m 469.13577,349.66577 c -4.72528,0 -8.55576,3.83049 -8.55576,8.55577 0,0.002 0,0.004 0,0.006 l 0,4.52836 -4.51444,0 c -8.5e-4,0 -8.5e-4,0 -0.001,0 -4.72528,0 -8.55576,3.81193 -8.55576,8.53678 0,4.72528 3.83048,8.55577 8.55576,8.55577 4.72486,0 8.55534,-3.83049 8.55534,-8.55577 0,-0.002 0,-0.004 0,-0.006 l 0,-4.54733 4.51444,0 c 8.5e-4,0 0.001,0 0.002,0 4.72486,0 8.55534,-3.79296 8.55534,-8.51781 0,-4.72528 -3.83048,-8.55577 -8.55534,-8.55577 z m -8.55576,21.63483 c -0.004,2.48998 -2.02446,4.50811 -4.51571,4.50811 -2.49378,0 -4.53426,-2.02193 -4.53426,-4.5157 0,-2.49421 2.04048,-4.55366 4.53426,-4.55366 0.002,0 0.004,4.2e-4 0.006,4.2e-4 l 3.86971,0 c 0.001,0 0.002,-4.2e-4 0.003,-4.2e-4 0.35209,0 0.63799,0.28505 0.63799,0.63715 0,4.2e-4 -4.2e-4,8.4e-4 -4.2e-4,0.001 l 0,3.92284 -4.2e-4,0 z m 8.55534,-8.5448 c -0.001,0 -0.003,0 -0.004,0 l -3.87223,0 c -8.4e-4,0 -0.002,0 -0.002,0 -0.35252,0 -0.63757,-0.28506 -0.63757,-0.63758 l 0,-4.2e-4 0,-3.90343 c 0.004,-2.49083 2.02
446,-4.50854 4.51571,-4.50854 2.49378,0 4.53468,2.02193 4.53468,4.51613 4.2e-4,2.49336 -2.04048,4.53384 -4.53426,4.53384 z"
+ id="path29"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 460.58001,362.7558 0,-4.52836 c 0,-0.002 0,-0.004 0,-0.006 0,-4.72528 3.83048,-8.55577 8.55576,-8.55577 0.71685,0 1.22623,0.0805 1.88952,0.25469 0.96774,0.25385 1.75796,1.04618 1.75838,1.96922 4.2e-4,1.11575 -0.80919,1.92621 -2.0194,1.92621 -0.57642,0 -0.78473,-0.11048 -1.62892,-0.11048 -2.49125,0 -4.51149,2.01771 -4.51571,4.50854 l 0,3.90385 0,4.2e-4 c 0,0.35252 0.28505,0.63758 0.63757,0.63758 4.3e-4,0 0.001,0 0.002,0 l 2.96521,0 c 1.10521,0 1.99747,0.88467 1.99832,1.99283 0,1.10816 -0.89353,1.99114 -1.99832,1.99114 l -3.60489,0 0,4.54733 c 0,0.002 0,0.004 0,0.006 0,4.72485 -3.83048,8.55534 -8.55534,8.55534 -0.71684,0 -1.22623,-0.0805 -1.88952,-0.25469 -0.96774,-0.25343 -1.75838,-1.04618 -1.7588,-1.9688 0,-1.11575 0.80919,-1.92663 2.01982,-1.92663 0.576,0 0.78473,0.11048 1.6285,0.11048 2.49125,0 4.51191,-2.01771 4.51613,-4.50811 0,0 0,-3.92368 0,-3.9241 0,-0.35168 -0.2859,-0.63673 -0.63799,-0.63673 -4.3e-4,0 -8.5e-4,0 -0.002,0 l -2.96521,-4.2e-4 c -1.10521,0 -1.
99831,-0.88214 -1.99831,-1.9903 -4.3e-4,-1.11533 0.90238,-1.99367 2.01939,-1.99367 l 3.58339,0 0,0 z"
+ id="path31"
+ style="fill:#ffffff" />
+ <path
+ d="m 477.41661,378.55292 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="text6223"
+ style="fill:#294172;enable-background:new" />
+ </g>
+ <path
+ d="m 181.98344,61.675273 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="path2391"
+ style="fill:#294172;enable-background:new" />
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..ce09951
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..5f2612c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="warning.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/warning.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2482">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="910"
+ inkscape:window-width="1284"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2484" />
+ </defs>
+ <g
+ transform="matrix(0.4536635,0,0,0.4536635,-5.1836431,-4.6889387)"
+ id="layer1">
+ <g
+ transform="translate(2745.6887,-1555.5977)"
+ id="g8304"
+ style="enable-background:new">
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.8233528,8.9983906e-3,-8.9983906e-3,0.8233528,-1398.5561,740.7914)"
+ id="path8034"
+ style="opacity:1;fill:#efd259;fill-opacity:1;stroke:#efd259;stroke-opacity:1" />
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.6467652,7.0684723e-3,-7.0684723e-3,0.6467652,-1675.7492,927.16391)"
+ id="path8036"
+ style="opacity:1;fill:#a42324;fill-opacity:1;stroke:#a42324;stroke-opacity:1" />
+ <path
+ d="M -2686.7886,1597.753 C -2686.627,1596.5292 -2686.5462,1595.6987 -2686.5462,1595.218 C -2686.5462,1593.1637 -2688.0814,1592.0711 -2690.9899,1592.0711 C -2693.8985,1592.0711 -2695.4336,1593.12 -2695.4336,1595.218 C -2695.4336,1595.961 -2695.3528,1596.7914 -2695.1912,1597.753 L -2692.929,1614.4491 L -2689.0508,1614.4491 L -2686.7886,1597.753"
+ id="path8038"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ <path
+ d="M -2690.9899,1617.8197 C -2693.6124,1617.8197 -2695.8118,1619.9346 -2695.8118,1622.6416 C -2695.8118,1625.3486 -2693.6124,1627.4635 -2690.9899,1627.4635 C -2688.2829,1627.4635 -2686.168,1625.264 -2686.168,1622.6416 C -2686.168,1619.9346 -2688.2829,1617.8197 -2690.9899,1617.8197"
+ id="path8040"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ </g>
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..0ead5af
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/SCLogin.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/SCLogin.png
new file mode 100644
index 0000000..5bdef58
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/SCLogin.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png
new file mode 100644
index 0000000..2809b32
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/auth-panel.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/auth-panel.png
new file mode 100644
index 0000000..6335d2f
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/auth-panel.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/authicon.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/authicon.png
new file mode 100644
index 0000000..e397b63
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/authicon.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png
new file mode 100644
index 0000000..1dbf27d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png
new file mode 100644
index 0000000..6abd4b0
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png
new file mode 100644
index 0000000..4a236a7
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png
new file mode 100644
index 0000000..e49a5c1
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png
new file mode 100644
index 0000000..5457d97
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-service_config.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-service_config.png
new file mode 100644
index 0000000..71b4c21
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-service_config.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png
new file mode 100644
index 0000000..9527476
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png
new file mode 100644
index 0000000..54ccc33
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/icon.svg b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/icon.svg
new file mode 100644
index 0000000..c471a60
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/icon.svg
@@ -0,0 +1,3936 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
+ xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg3017"
+ sodipodi:version="0.32"
+ inkscape:version="0.44+devel"
+ sodipodi:docname="book.svg"
+ sodipodi:docbase="/home/andy/Desktop">
+ <metadata
+ id="metadata489">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="480"
+ inkscape:window-width="858"
+ inkscape:pageshadow="0"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ inkscape:zoom="1"
+ inkscape:cx="16"
+ inkscape:cy="15.944056"
+ inkscape:window-x="0"
+ inkscape:window-y="33"
+ inkscape:current-layer="svg3017" />
+ <defs
+ id="defs3019">
+ <linearGradient
+ id="linearGradient2381">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop2383" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop2385" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="XMLID_1758_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop3903" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3905" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3890" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3892" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1755_">
+ <use
+ id="use3874"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3877" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3879" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3881" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3883" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="XMLID_1754_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop3863" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop3865" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop3867" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop3869" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop3851" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3853" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1751_">
+ <use
+ id="use3837"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3840" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3842" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3844" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3846" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="XMLID_1750_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3830" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3832" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3818" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3820" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="XMLID_1748_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3803" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3805" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3807" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3809" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="XMLID_2275_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9947" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9949" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9951" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9953" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_2273_">
+ <use
+ id="use9933"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="XMLID_2274_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9936" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9938" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9940" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9942" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="XMLID_2272_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9917" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9919" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9921" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9923" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleInM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(-0.4,-0.4)"
+ style="fill:#5c5c4f"
+ id="path3197" />
+ </marker>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="XMLID_3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#bfbfbf;stop-opacity:1"
+ offset="0"
+ id="stop20103" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop20105" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="linearGradient36592"
+ xlink:href="#XMLID_3298_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="XMLID_3297_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop20096" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20098" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="linearGradient36595"
+ xlink:href="#XMLID_3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="XMLID_3296_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#0f6124;stop-opacity:1"
+ offset="0"
+ id="stop20087" />
+ <stop
+ style="stop-color:#219630;stop-opacity:1"
+ offset="1"
+ id="stop20089" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#219630" />
+ </linearGradient>
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="linearGradient36677"
+ xlink:href="#XMLID_3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="XMLID_3295_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20076" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.5"
+ id="stop20078" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20080" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="linearGradient36604"
+ xlink:href="#XMLID_3295_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="XMLID_3294_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop20069" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20071" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="linearGradient36607"
+ xlink:href="#XMLID_3294_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="XMLID_3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20056" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20058" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20060" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20062" />
+ <stop
+ style="stop-color:#c2c2c2;stop-opacity:1"
+ offset="0.5"
+ id="stop20064" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C2C2C2" />
+ </linearGradient>
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="linearGradient36610"
+ xlink:href="#XMLID_3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="XMLID_3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20043" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20045" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20047" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20049" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20051" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="linearGradient36613"
+ xlink:href="#XMLID_3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleOutM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(0.4,0.4)"
+ style="fill:#5c5c4f;fill-rule:evenodd;stroke-width:1pt;marker-start:none"
+ id="path3238" />
+ </marker>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="XMLID_3457_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="stop8309" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8311" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="stop8313" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#B2B2B2" />
+ </linearGradient>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="lg1997"
+ xlink:href="#XMLID_3457_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="XMLID_3456_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="stop8300" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8302" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8304" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="lg2000"
+ xlink:href="#XMLID_3456_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="XMLID_3455_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8291" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.69999999"
+ id="stop8293" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8295" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.7"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="lg2003"
+ xlink:href="#XMLID_3455_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ id="lg63694">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop63696" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop63698" />
+ </linearGradient>
+ <linearGradient
+ x1="458"
+ y1="483"
+ x2="465.20001"
+ y2="271.39999"
+ id="lg2006"
+ xlink:href="#lg63694"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(6.3e-2,0,0,6.3e-2,-1.3,-9.8)" />
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="XMLID_3453_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8271" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0.2"
+ id="stop8273" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8275" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="lg2009"
+ xlink:href="#XMLID_3453_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="XMLID_3449_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8232" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8234" />
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="1"
+ id="stop8236" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#ECD600" />
+ </linearGradient>
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="lg2016"
+ xlink:href="#XMLID_3449_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8219" />
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8221" />
+ <stop
+ style="stop-color:#c96b00;stop-opacity:1"
+ offset="0.89999998"
+ id="stop8223" />
+ <stop
+ style="stop-color:#9a5500;stop-opacity:1"
+ offset="1"
+ id="stop8225" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.9"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#9A5500" />
+ </radialGradient>
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="rg2020"
+ xlink:href="#XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.513992,0,0,2.347576,-689.1621,-378.5717)" />
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="XMLID_3447_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="0"
+ id="stop8204" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8206" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8208" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="lg2026"
+ xlink:href="#XMLID_3447_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop8197" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="1"
+ id="stop8199" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFF95E" />
+ </radialGradient>
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="rg2029"
+ xlink:href="#XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.7,0,0,1.7,-457.5,-266.8)" />
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="XMLID_3445_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8184" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8186" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8188" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8190" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8192" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="lg2032"
+ xlink:href="#XMLID_3445_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="XMLID_3444_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8171" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8173" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8175" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8177" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8179" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="lg2035"
+ xlink:href="#XMLID_3444_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="379.70001"
+ y1="167.89999"
+ x2="383.89999"
+ y2="172.89999"
+ id="lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16159" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16161" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s16163" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="379.60001"
+ y1="167.8"
+ x2="383.79999"
+ y2="172"
+ id="lg6416"
+ xlink:href="#lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.622156,0.623859,-0.623859,2.62182,-882.9706,-673.7921)" />
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="s16152" />
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="1"
+ id="s16154" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg6453"
+ xlink:href="#lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="0"
+ id="s16145" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="s16147" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#E5E5E5"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg6456"
+ xlink:href="#lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <radialGradient
+ cx="347.29999"
+ cy="244.5"
+ r="5.1999998"
+ fx="347.29999"
+ fy="244.5"
+ id="lg4282_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#333;stop-opacity:1"
+ offset="0"
+ id="s16135" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s16137" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0"
+ id="s16111" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.60000002"
+ id="s16113" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="1"
+ id="s16115" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.6" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg6467"
+ xlink:href="#lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16100" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.40000001"
+ id="s16102" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0.89999998"
+ id="s16104" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16106" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.9" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg6465"
+ xlink:href="#lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="307.79999"
+ y1="395.20001"
+ x2="313.79999"
+ y2="413.60001"
+ id="lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16091" />
+ <stop
+ style="stop-color:#fcd72f;stop-opacity:1"
+ offset="0.40000001"
+ id="s16093" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16095" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="306.5"
+ y1="393"
+ x2="309"
+ y2="404"
+ id="lg6400"
+ xlink:href="#lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="352.10001"
+ y1="253.60001"
+ x2="348.5"
+ y2="237.8"
+ id="lg4276_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16077" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16079" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s16057" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.80000001"
+ id="s16059" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="s16061" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.8" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg6463"
+ xlink:href="#lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16048" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16050" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16052" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg6461"
+ xlink:href="#lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16041" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16043" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="5.6e-003" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg6381"
+ xlink:href="#lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="348.39999"
+ y1="247.39999"
+ x2="354.10001"
+ y2="242"
+ id="lg4271_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s16025" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.40000001"
+ id="s16027" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="s16029" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#000000"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg4270_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16007" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16009" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg6459"
+ xlink:href="#lg4270_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)" />
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="XMLID_2708_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop75318" />
+ <stop
+ style="stop-color:#fffcea;stop-opacity:1"
+ offset="1"
+ id="stop75320" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#FFFCEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="lg1907"
+ xlink:href="#XMLID_2708_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="XMLID_2707_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffdea0;stop-opacity:1"
+ offset="0"
+ id="stop75305" />
+ <stop
+ style="stop-color:#ffd89e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75307" />
+ <stop
+ style="stop-color:#ffd79e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75309" />
+ <stop
+ style="stop-color:#dbaf6d;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75311" />
+ <stop
+ style="stop-color:#6f4c24;stop-opacity:1"
+ offset="1"
+ id="stop75313" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.3" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6F4C24"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="lg1910"
+ xlink:href="#XMLID_2707_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="58"
+ y1="73.199997"
+ x2="44.5"
+ y2="19"
+ id="XMLID_2704_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)">
+ <stop
+ style="stop-color:#d4a96c;stop-opacity:1"
+ offset="0.5"
+ id="stop75284" />
+ <stop
+ style="stop-color:#dcb273;stop-opacity:1"
+ offset="0.60000002"
+ id="stop75286" />
+ <stop
+ style="stop-color:#f0ca87;stop-opacity:1"
+ offset="0.80000001"
+ id="stop75288" />
+ <stop
+ style="stop-color:#ffdc96;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75290" />
+ <stop
+ style="stop-color:#c18a42;stop-opacity:1"
+ offset="1"
+ id="stop75292" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C18A42"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="XMLID_2703_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0"
+ id="stop75268" />
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0.40000001"
+ id="stop75270" />
+ <stop
+ style="stop-color:#c0aa94;stop-opacity:1"
+ offset="1"
+ id="stop75272" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.4" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C0AA94"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="lg1916"
+ xlink:href="#XMLID_2703_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="224.31"
+ y1="19.450001"
+ x2="214.33"
+ y2="11.46"
+ id="XMLID_419_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#404040;stop-opacity:1"
+ offset="0"
+ id="s1903" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1905" />
+ <stop
+ style="stop-color:#e9e9e9;stop-opacity:1"
+ offset="1"
+ id="s1907" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E9E9E9" />
+ </linearGradient>
+ <linearGradient
+ x1="221.84"
+ y1="32.779999"
+ x2="212.2"
+ y2="20.27"
+ id="lg1988"
+ xlink:href="#XMLID_419_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1900"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s1902" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s1906" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.33" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D3D3D3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="234.81"
+ y1="33.279999"
+ x2="228.27"
+ y2="33.279999"
+ id="lg1908"
+ xlink:href="#lg1900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="XMLID_416_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#575757;stop-opacity:1"
+ offset="0"
+ id="s1874" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1876" />
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1"
+ offset="1"
+ id="s1878" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#D3D3D3" />
+ </linearGradient>
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1991"
+ xlink:href="#XMLID_416_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.1,0,0,1.1,-54.33,-75.4)">
+ <stop
+ style="stop-color:#c9ffc9;stop-opacity:1"
+ offset="0"
+ id="stop29201" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="stop29203" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#23A11F" />
+ </radialGradient>
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="radialGradient5711"
+ xlink:href="#x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.23,0,0,1.23,-709.93,-245.02)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5722"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="x5002_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29134" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.2"
+ id="stop29136" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="stop29138" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.20"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#999999" />
+ </linearGradient>
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="lg5725"
+ xlink:href="#x5002_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29157" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29159" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="lg5728"
+ xlink:href="#x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="x5003_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="stop29143" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="stop29145" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E5E5E5" />
+ </linearGradient>
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5732"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29124" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29126" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="lg5735"
+ xlink:href="#x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="XMLID_2433_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d6d6d6;stop-opacity:1"
+ offset="0"
+ id="71615" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71617" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="lg1952"
+ xlink:href="#XMLID_2433_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.98,0,0,0.98,2.88,2.75)">
+ <stop
+ style="stop-color:#d2d2d2;stop-opacity:1"
+ offset="0.19"
+ id="71592" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.44999999"
+ id="71594" />
+ <stop
+ style="stop-color:#c7c7c7;stop-opacity:1"
+ offset="0.60000002"
+ id="71596" />
+ <stop
+ style="stop-color:#b9b9b9;stop-opacity:1"
+ offset="0.74000001"
+ id="71598" />
+ <stop
+ style="stop-color:#a4a4a4;stop-opacity:1"
+ offset="0.86000001"
+ id="71600" />
+ <stop
+ style="stop-color:#8a8a8a;stop-opacity:1"
+ offset="0.95999998"
+ id="71602" />
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="1"
+ id="71604" />
+ <a:midPointStop
+ offset="0.19"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="0.8"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#808080" />
+ </radialGradient>
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="radialGradient2331"
+ xlink:href="#XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-276.62,-121.54)" />
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="XMLID_2430_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b5d8ff;stop-opacity:1"
+ offset="0"
+ id="71582" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="71584" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#000000" />
+ </linearGradient>
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="lg2820"
+ xlink:href="#XMLID_2430_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="XMLID_2429_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0"
+ id="71564" />
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0.25"
+ id="71566" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="0.44"
+ id="71568" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71570" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.25"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.44"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="lg2818"
+ xlink:href="#XMLID_2429_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.851,0,0,0.849,69.297,51.658)">
+ <stop
+ style="stop-color:#23468e;stop-opacity:1"
+ offset="0"
+ id="stop10972" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10974" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </radialGradient>
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="rg5791"
+ xlink:href="#lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.858,0,0,0.857,-511.7,9.02)" />
+ <linearGradient
+ x1="616.112"
+ y1="76.247002"
+ x2="588.14099"
+ y2="60.742001"
+ id="lg3497_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#01326e;stop-opacity:1"
+ offset="0"
+ id="stop10962" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10964" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg3496_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop10950" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10952" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg5794"
+ xlink:href="#lg3496_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg3495_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10941" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10943" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10945" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg5771"
+ xlink:href="#lg3495_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.615,-43.098)" />
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg3494_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10932" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10934" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10936" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg5774"
+ xlink:href="#lg3494_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.616,-43.098)" />
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="g3302_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#005e00;stop-opacity:1"
+ offset="0"
+ id="s6504" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="s6506" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#23A11F"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="lg5851"
+ xlink:href="#g3302_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s6483" />
+ <stop
+ style="stop-color:#eee;stop-opacity:1"
+ offset="0.17"
+ id="s6485" />
+ <stop
+ style="stop-color:#e3e3e3;stop-opacity:1"
+ offset="0.34"
+ id="s6487" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.50999999"
+ id="s6489" />
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1"
+ offset="0.67000002"
+ id="s6491" />
+ <stop
+ style="stop-color:#919191;stop-opacity:1"
+ offset="0.83999997"
+ id="s6493" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6495" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.71" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="lg5855"
+ xlink:href="#g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,103.123)" />
+ <clipPath
+ id="g3299_">
+ <use
+ id="use6469"
+ x="0"
+ y="0"
+ width="1005.92"
+ height="376.97"
+ xlink:href="#g101_" />
+ </clipPath>
+ <radialGradient
+ cx="1189.9301"
+ cy="100.05"
+ r="40.400002"
+ fx="1189.9301"
+ fy="100.05"
+ id="g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,-8.46e-2,0,0.34,394.16,137.13)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6472" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s6474" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#000000"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1199.74"
+ cy="97.150002"
+ r="40.400002"
+ fx="1199.74"
+ fy="97.150002"
+ id="rg5860"
+ xlink:href="#g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.409,-0.107,0,0.429,-451.489,113.149)" />
+ <linearGradient
+ x1="796.38"
+ y1="67.580002"
+ x2="781.28003"
+ y2="58.549999"
+ id="g3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#4c8bca;stop-opacity:1"
+ offset="0"
+ id="s6462" />
+ <stop
+ style="stop-color:#b7e9ff;stop-opacity:1"
+ offset="1"
+ id="s6464" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B7E9FF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6448" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6450" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="lg5890"
+ xlink:href="#g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)" />
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(0,70.17)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6439" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.51999998"
+ id="s6441" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6443" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.52" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="lg5866"
+ xlink:href="#g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,28.6)" />
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="g3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6412" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6414" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="lg5871"
+ xlink:href="#g3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="g3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="s6403" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.28"
+ id="s6405" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6407" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.28" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="lg5874"
+ xlink:href="#g3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,137.29)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6380" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="s6382" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="lg5878"
+ xlink:href="#g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,113.351)" />
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6371" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6373" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="rg5881"
+ xlink:href="#g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,0,0,0.36,238.56,86.87)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6362" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.63999999"
+ id="s6364" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6366" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.64" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="rg5884"
+ xlink:href="#g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.408,0,0,0.448,-638.943,49.495)" />
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6347" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.38999999"
+ id="s6349" />
+ <stop
+ style="stop-color:#b1b1b1;stop-opacity:1"
+ offset="0.75"
+ id="s6351" />
+ <stop
+ style="stop-color:#aaa;stop-opacity:1"
+ offset="0.88"
+ id="s6353" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.97000003"
+ id="s6355" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6357" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.39" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.87" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="rg5887"
+ xlink:href="#g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <pattern
+ patternTransform="matrix(0.592927,0,0,0.592927,78,462)"
+ id="cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-365.3146,-513.505)"
+ id="g3047">
+ id="path2858" />
+ <path
+ inkscape:label="#path2854"
+ sodipodi:nodetypes="czzzz"
+ style="fill:#e3dcc0"
+ id="path3060"
+ d="M 390.31462,529.50504 C 390.31462,534.47304 386.28262,538.50504 381.31462,538.50504 C 376.34662,538.50504 372.31462,534.47304 372.31462,529.50504 C 372.31462,524.53704 376.34662,520.50504 381.31462,520.50504 C 386.28262,520.50504 390.31462,524.53704 390.31462,529.50504 z " />
+</g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.733751,0,0,0.733751,67,367)"
+ id="dark-cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-408.0946,-513.505)"
+ id="dark-cream-spot"
+ inkscape:label="#g3043">
+ <path
+ sodipodi:nodetypes="czzzz"
+ style="fill:#c8c5ac"
+ d="M 433.09458,529.50504 C 433.09458,534.47304 429.06258,538.50504 424.09458,538.50504 C 419.12658,538.50504 415.09458,534.47304 415.09458,529.50504 C 415.09458,524.53704 419.12658,520.50504 424.09458,520.50504 C 429.06258,520.50504 433.09458,524.53704 433.09458,529.50504 z "
+ id="path2953" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.375,0,0,0.375,379,400)"
+ id="white-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-484.3997,-513.505)"
+ id="white-spot"
+ inkscape:label="#g3035">
+ <path
+ style="opacity:0.25;fill:white"
+ id="path3033"
+ d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+ sodipodi:nodetypes="czzzz" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.455007,0,0,0.455007,-5e-5,1.9e-5)"
+ id="black-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-448.3997,-513.505)"
+ id="black-spot"
+ inkscape:label="#g3039">
+ <path
+ sodipodi:nodetypes="czzzz"
+ d="M 473.39967,529.50504 C 473.39967,534.47304 469.36767,538.50504 464.39967,538.50504 C 459.43167,538.50504 455.39967,534.47304 455.39967,529.50504 C 455.39967,524.53704 459.43167,520.50504 464.39967,520.50504 C 469.36767,520.50504 473.39967,524.53704 473.39967,529.50504 z "
+ id="path2961"
+ style="opacity:0.25;fill:black" />
+ </g>
+ </pattern>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="linearGradient17334"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17336" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17338" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17340" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17342" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5112"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.6461"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#16336E" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="linearGradient17426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop17428" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17430" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="linearGradient17434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17436" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17438" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17440" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17442" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="0.4213"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A6100C" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17709"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17711"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17713"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17715"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17717"
+ xlink:href="#XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17721"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17723"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17418" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17420" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <defs
+ id="defs9929">
+ <path
+ d="M 489.21,209.35 L 485.35,203.63 C 483.63,204.25 473.47,208.93 471.5,210.18 C 470.57,210.77 470.17,211.16 469.72,212.48 C 470.93,212.31 471.72,212.49 473.42,213.04 C 473.26,214.77 473.24,215.74 473.57,218.2 C 474.01,216.88 474.41,216.49 475.34,215.9 C 477.33,214.65 487.49,209.97 489.21,209.35 z "
+ id="XMLID_960_" />
+ </defs>
+ <clipPath
+ id="clipPath17448">
+ <use
+ id="use17450"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17452"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17454" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17456" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17458" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17460" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17463"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17465" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17467" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17469" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17471" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17807"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17810"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17812"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17814"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17816"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17818"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17349" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17351" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#96BAD6" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop17381" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17383" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17862"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,-166.1427,-0.18283)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17864"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3859">
+ <polygon
+ points="465.54,213.52 481.94,217.46 482.74,216.71 487.46,198.05 471.08,194.07 470.26,194.83 465.54,213.52 "
+ id="XMLID_343_" />
+ </defs>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="linearGradient17389"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop17391" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop17393" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop17395" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop17397" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17400">
+ <use
+ id="use17402"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17406" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17408" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17410" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17412" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17882"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3826">
+ <polygon
+ points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
+ id="XMLID_338_" />
+ </defs>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="linearGradient17357"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17359" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17361" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17364">
+ <use
+ id="use17366"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17370" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17372" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17374" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17376" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient2387"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5105"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5145"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient2381"
+ id="linearGradient2371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398" />
+ </defs>
+ <g
+ transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
+ id="g5089">
+ <path
+ d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
+ transform="translate(282.8327,227.1903)"
+ style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
+ id="path5091" />
+ <rect
+ width="27.85074"
+ height="29.369793"
+ rx="1.1414107"
+ ry="1.1414107"
+ x="286.96509"
+ y="227.63805"
+ style="fill:#032c87"
+ id="rect5093" />
+ <path
+ d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
+ style="fill:white"
+ id="rect5095" />
+ <path
+ d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
+ style="fill:#a70000;fill-opacity:1;stroke-width:2"
+ id="path5097" />
+ <rect
+ width="25.241802"
+ height="29.736675"
+ rx="0.89682275"
+ ry="0.89682275"
+ x="290.73544"
+ y="220.92249"
+ style="fill:#809cc9"
+ id="rect5099" />
+ <path
+ d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
+ transform="matrix(0.499065,-0.866565,0,1,0,0)"
+ style="fill:#4573b3;fill-opacity:1"
+ id="rect5101" />
+ <path
+ d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
+ style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
+ id="path5103" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png
new file mode 100644
index 0000000..281afd6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png
new file mode 100644
index 0000000..38ee5ea
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png differ
diff --git a/public_html/it-IT/Fedora/18/html-single/Security_Guide/index.html b/public_html/it-IT/Fedora/18/html-single/Security_Guide/index.html
new file mode 100644
index 0000000..bfa786d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html-single/Security_Guide/index.html
@@ -0,0 +1,4433 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Guida alla Sicurezza</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><meta name="description" content="La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi
Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="it-IT" class="book" id="idm100013456" lang="it-IT"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora</span> <span class="productnumber">18</span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm100013456" class="title">Guida alla Sicurezza</h1></d
iv><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">Guida alla protezione di Fedora Linux</h2></div><p class="edition">Edizione 18.0.1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ <span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
+
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="it-IT" class="authorgroup" lang="it-IT"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat
.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:gent86 at fedoraproject.org">gent86 at fedoraproject.org</a></code></
div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm74040256" class="legalnotice"><h1 class="legalnotice">Nota Legale</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2007-2012 Fedora Project Contributors.
+ </div><div class="para">
+ The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+ </div><div class="para">
+ Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+ </div><div class="para">
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+ </div><div class="para">
+ For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+ </div><div class="para">
+ <span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+ </div><div class="para">
+ <span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+ </div><div class="para">
+ <span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+ </div><div class="para">
+ <span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+ </div><div class="para">
+ All other trademarks are the property of their respective owners.
+ </div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Sommario</h6><div class="para">
+ La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione.
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">Prefazione</a></span></dt><dd><dl><dt><span class="section"><a href="#idm80144272">1. Convenzioni del documento</a></span></dt><dd><dl><dt><span class="section"><a href="#idm105859600">1.1. Convenzioni tipografiche</a></span></dt><dt><span class="section"><a href="#idm91524416">1.2. Convenzioni del documento</a></span></dt><dt><span class="section"><a href="#idm97819344">1.3. Note ed avvertimenti</a></span></dt></dl></dd><dt><span class="section"><a href="#idm107945056">2. Inviateci i vostri commenti!</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. Panoramica sulla Sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduzione alla Sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introductio
n_to_Security-What_is_Computer_Security">1.1.1. Cosa s'intende per Sicurezza Informatica?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Controlli di Sicurezza</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusione</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attaccanti e Vulnerabilità</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. Una breve storia degli Hacker</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Minacce alla sicurezza di rete</a></span></dt><dt><
span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Minacce alla sicurezza server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Minacce alla sicurezza di workstation e PC di casa</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.3. Analisi della vulnerabilità</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Pensare come il nemico</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Analisi e Test</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Valutazione degli strumenti</a></span></dt></dl></dd><dt><span
class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Rischi e Attacchi comuni</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Aggiornamenti di sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Aggiornare i pacchetti</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verificare la firma dei pachetti</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installare pacchetti firmati</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applicare i cambiamenti</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Basic_Hardening">2. Guida base all'hardening</a></span></dt><dd><dl><dt><spa
n class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Principi generali</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Perchè è importante?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Sicurezza fisica</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Perchè è importante</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. Cos'altro posso fare?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a
href="#sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Mantenere il software aggiornato</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Services">2.8. Servizi</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">3. Proteggere la rete locale</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Analizzare la sicurezza di una workstation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Se
curity">3.1.2. Protezione del BIOS e del Boot Loader</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Protezione delle password</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Controlli amministrativi</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Servizi di rete disponibili</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Firewall personali</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Strumenti di comunicazione che aumentano la sicurezza</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">3.2. Server Security</a></span></dt><dd><dl><dt><span class=
"section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Proteggere i servizi con TCP Wrapper e xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Proteggere Portmap</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Proteggere NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Proteggere NFS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Proteggere HTTP Apache</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Proteggere FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Proteggere Sendmail</a></span></dt><dt><span class="section"><a href=
"#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Controllare le porte in ascolto</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduzione</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Primo utilizzo di una nuova Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. Come funziona la registrazione di una Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. Come funziona l'accesso via Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Confi
guring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configurare Firefox ad usare Kerberos con SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Yubikey">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Utilizzo di Yubikey con un server centralizzato</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Autenticazione ai siti web con la Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Vantaggi di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. File di configurazione di PAM</
a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. Formato del file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Un esempio di file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creare moduli PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. Caching delle credenziali PAM ed Amministrative</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. Proprietario di PAM e di Dispositivo</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-P
luggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrapper e xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrapper</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. File di configurazione di TCP Wrapper</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. File di configuratione di xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="
section"><a href="#sect-Security_Guide-Kerberos">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Cos'è Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Terminologia Kerberos</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Come funziona Kerberos</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos e PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configurare un server Kerberos 5</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configurare un client Kerberos 5</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.
7. Associazione tra Dominio e Realm</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Impostare KDC secondari</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Impostare autenticazioni cross realm</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">3.8. Firewall</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter e IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Configurazione di un firewall di base</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Usare IPTables</a
></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Filtraggi IPTables comuni</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. Regole di <code class="computeroutput">FORWARD</code> e <acronym class="acronym">NAT</acronym></a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Software maliziosi e indirizzi IP spoofed</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables e Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables
">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Filtraggio pacchetti</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Opzioni di comando di IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Salvataggio delle regole IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. Script di controllo IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables ed IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Ulteriori risorse</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">4. Cifratura</a></span></dt><dd><dl><dt><span class=
"section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Dati a Riposo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Completa cifratura del disco</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. Cifratura basata su file</a></span></dt></dl></dd><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">4.2. Dati in Movimento</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPN)</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. Cifratura disco con LUKS</a></span></dt><dt><span class="section"><a href="#s
ect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. Archivi 7-Zip cifrati</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">4.2.5. Usare GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">5. Principi generali di Sicurezza dell'Informazione</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Consigli, guide e strumenti</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">6. Installazione sicura</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Partizioni del disco</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilizzo
di LUKS</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">7. Manutenzione del software</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Installare il software indispensabile</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Pianificare e configurare gli aggiornamenti di sicurezza</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Regolare gli aggiornamenti automatici</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Installare pacchetti firmati da repository fidati</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-CVE">8
. Common Vulnerabilities and Exposures</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin">8.1. Plugin YUM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Usare yum-plugin-security </a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">9. Riferimenti</a></span></dt><dt><span class="appendix"><a href="#chap-Security_Guide-Encryption_Standards">A. Standard di crittografia</a></span></dt><dd><dl><dt><span class="section"><a href="#idm85255024">A.1. Crittografia sincrona</a></span></dt><dd><dl><dt><span class="section"><a href="#idm61300624">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="#idm71479952">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section"><a href="#idm69853616">A.2. Cifratura a chiave pubblica</a></span></dt><dd><dl><dt><span class="se
ction"><a href="#idm68924496">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="#idm64996000">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="#idm107111296">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="#idm88919376">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="#idm52791664">A.2.5. Il sistema Cramer–Shoup</a></span></dt><dt><span class="section"><a href="#idm76869456">A.2.6. Cifratura ElGamal</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Publican-Revision_History">B. Cronologia Revisioni</a></span></dt></dl></div><div xml:lang="it-IT" class="preface" id="pref-Security_Guide-Preface" lang="it-IT"><div class="titlepage"><div><div><h1 class="title">Prefazione</h1></div></div></div><div xml:lang="it-IT" class="section" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm80144272">1. Convenzioni del documento</h2></div></d
iv></div><div class="para">
+ Questo manuale utilizza numerose convenzioni per evidenziare parole e frasi, ponendo attenzione su informazioni specifiche.
+ </div><div class="para">
+ Nelle edizioni PDF e cartacea questo manuale utilizza caratteri presenti nel set <a href="https://fedorahosted.org/liberation-fonts/">Font Liberation</a>. Il set Font Liberation viene anche utilizzato nelle edizioni HTML se il set stesso è stato installato sul vostro sistema. In caso contrario, verranno mostrati caratteri alternativi ma equivalenti. Da notare: Red Hat Enterprise Linux 5 e versioni più recenti, includono per default il set Font Liberation.
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm105859600">1.1. Convenzioni tipografiche</h3></div></div></div><div class="para">
+ Vengono utilizzate quattro convenzioni tipografiche per richiamare l'attenzione su parole e frasi specifiche. Queste convenzioni, e le circostanze alle quali vengono applicate, sono le seguenti.
+ </div><div class="para">
+ <code class="literal">Neretto monospazio</code>
+ </div><div class="para">
+ Usato per evidenziare l'input del sistema, incluso i comandi della shell, i nomi dei file ed i percorsi. Utilizzato anche per evidenziare tasti e combinazione di tasti. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Per visualizzare i contenuti del file <code class="filename">my_next_bestselling_novel</code> nella vostra directory di lavoro corrente, inserire il comando <code class="command">cat my_next_bestselling_novel</code> al prompt della shell e premere <span class="keycap"><strong>Invio</strong></span> per eseguire il comando.
+ </div></blockquote></div><div class="para">
+ Quanto sopra riportato include il nome del file, un comando della shell ed un tasto, il tutto riportato in neretto monospazio e distinguibile grazie al contesto.
+ </div><div class="para">
+ Le combinazioni di tasti possono essere distinte dai tasti tramite il trattino che collega ogni parte della combinazione. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Premere <span class="keycap"><strong>Invio</strong></span> per eseguire il comando.
+ </div><div class="para">
+ Premere <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F2</strong></span> per smistarsi sul primo virtual terminal. Premere <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> per ritornare alla sessione X-Windows.
+ </div></blockquote></div><div class="para">
+ Il primo paragrafo evidenzia il tasto specifico singolo da premere. Il secondo riporta due combinazioni di tasti, (ognuno dei quali è un set di tre tasti premuti contemporaneamente).
+ </div><div class="para">
+ Se si discute del codice sorgente, i nomi della classe, i metodi, le funzioni i nomi della variabile ed i valori ritornati indicati all'interno di un paragrafo, essi verranno indicati come sopra, e cioè in <code class="literal">neretto monospazio</code>. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Le classi relative ad un file includono <code class="classname">filesystem</code> per file system, <code class="classname">file</code> per file, e <code class="classname">dir</code> per directory. Ogni classe possiede il proprio set associato di permessi.
+ </div></blockquote></div><div class="para">
+ <span class="application"><strong>Proportional Bold</strong></span>
+ </div><div class="para">
+ Ciò denota le parole e le frasi incontrate su di un sistema, incluso i nomi delle applicazioni; il testo delle caselle di dialogo; i pulsanti etichettati; le caselle e le etichette per pulsanti di selezione, titoli del menu e dei sottomenu. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Selezionare <span class="guimenu"><strong>Sistema</strong></span> → <span class="guisubmenu"><strong>Preferenze</strong></span> → <span class="guimenuitem"><strong>Mouse</strong></span> dalla barra del menu principale per lanciare <span class="application"><strong>Preferenze del Mouse</strong></span>. Nella scheda <span class="guilabel"><strong>Pulsanti</strong></span>, fate clic sulla casella di dialogo <span class="guilabel"><strong>mouse per mancini</strong></span>, e successivamente fate clic su <span class="guibutton"><strong>Chiudi</strong></span> per cambiare il pulsante primario del mouse da sinistra a destra (rendendo così il mouse idoneo per un utilizzo con la mano sinistra).
+ </div><div class="para">
+ Per inserire un carattere speciale in un file <span class="application"><strong>gedit</strong></span>, selezionare <span class="guimenu"><strong>Applicazioni</strong></span> → <span class="guisubmenu"><strong>Accessori</strong></span> → <span class="guimenuitem"><strong>Mappa carattere</strong></span> dalla barra menu principale. Successivamente, selezionare <span class="guimenu"><strong>Cerca</strong></span> → <span class="guimenuitem"><strong>Trova…</strong></span> dalla barra del menu <span class="application"><strong>Mappa carattere</strong></span>, inserire il nome del carattere nel campo <span class="guilabel"><strong>Cerca</strong></span> e cliccare <span class="guibutton"><strong>Successivo</strong></span>. Il carattere ricercato verrà evidenziato nella <span class="guilabel"><strong>Tabella caratteri</strong></span>. Fare un doppio clic sul carattere evidenziato per posizionarlo nel campo <span class="guilabel"><strong>Testo da copiare</strong></span>,
e successivamente fare clic sul pulsante <span class="guibutton"><strong>Copia</strong></span>. Ritornare ora al documento e selezionare <span class="guimenu"><strong>Modifica</strong></span> → <span class="guimenuitem"><strong>Incolla</strong></span> dalla barra del menu di <span class="application"><strong>gedit</strong></span>.
+ </div></blockquote></div><div class="para">
+ Il testo sopra riportato include i nomi delle applicazioni; nomi ed oggetti del menu per l'intero sistema; nomi del menu specifici alle applicazioni; e pulsanti e testo trovati all'interno di una interfaccia GUI, tutti presentati in neretto proporzionale e distinguibili dal contesto.
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>Corsivo neretto monospazio</code></em></code> o <span class="application"><strong><em class="replaceable"><code>Corsivo neretto proporzionale</code></em></strong></span>
+ </div><div class="para">
+ Sia se si tratta di neretto monospazio o neretto proporzionale, l'aggiunta del carattere corsivo indica un testo variabile o sostituibile . Il carattere corsivo denota un testo che non viene inserito letteralmente, o visualizzato che varia a seconda delle circostanze. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Per collegarsi ad una macchina remota utilizzando ssh, digitare <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> al prompt della shell. Se la macchina remota è <code class="filename">example.com</code> ed il nome utente sulla macchina interessata è john, digitare <code class="command">ssh john at example.com</code>.
+ </div><div class="para">
+ Il comando <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> rimonta il file system indicato. Per esempio, per rimontare il file system <code class="filename">/home</code>, il comando è <code class="command">mount -o remount /home</code>.
+ </div><div class="para">
+ Per visualizzare la versione di un pacchetto attualmente installato, utilizzare il comando <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code>. Esso ritornerà il seguente risultato: <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>.
+ </div></blockquote></div><div class="para">
+ Da notare la parola in Corsivo neretto — nome utente, domain.name, file-system, pacchetto, versione e release. Ogni parola racchiude il testo da voi inserito durante l'emissione di un comando o per il testo mostrato dal sistema.
+ </div><div class="para">
+ Oltre all'utilizzo normale per la presentazione di un titolo, il carattere Corsivo denota il primo utilizzo di un termine nuovo ed importante. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Publican è un sistema di pubblicazione per <em class="firstterm">DocBook</em>.
+ </div></blockquote></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm91524416">1.2. Convenzioni del documento</h3></div></div></div><div class="para">
+ Gli elenchi originati dal codice sorgente e l'output del terminale vengono evidenziati rispetto al testo circostante.
+ </div><div class="para">
+ L'output inviato ad un terminale è impostato su <code class="computeroutput">tondo monospazio</code> e così presentato:
+ </div><pre class="screen">books Desktop documentation drafts mss photos stuff svn
+books_tests Desktop1 downloads images notes scripts svgs</pre><div class="para">
+ Gli elenchi del codice sorgente sono impostati in <code class="computeroutput">tondo monospazio</code> ma vengono presentati ed evidenziati nel modo seguente:
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+
+<span class="perl_Keyword">import</span> javax.naming.InitialContext;
+
+<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> ExClient
+{
+ <span class="perl_Keyword">public</span> <span class="perl_DataType">static</span> <span class="perl_DataType">void</span> <span class="perl_Function">main</span>(String args[])
+ <span class="perl_Keyword">throws</span> Exception
+ {
+ InitialContext iniCtx = <span class="perl_Keyword">new</span> InitialContext();
+ Object ref = iniCtx.<span class="perl_Function">lookup</span>(<span class="perl_String">"EchoBean"</span>);
+ EchoHome home = (EchoHome) ref;
+ Echo echo = home.<span class="perl_Function">create</span>();
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Created Echo"</span>);
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
+ }
+}</pre></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm97819344">1.3. Note ed avvertimenti</h3></div></div></div><div class="para">
+ E per finire, tre stili vengono usati per richiamare l'attenzione su informazioni che in caso contrario potrebbero essere ignorate.
+ </div><div class="note"><div class="admonition_header"><h2>Nota Bene</h2></div><div class="admonition"><div class="para">
+ Una nota è un suggerimento o un approccio alternativo per il compito da svolgere. Non dovrebbe verificarsi alcuna conseguenza negativa se la nota viene ignorata, ma al tempo stesso potreste non usufruire di qualche trucco in grado di facilitarvi il compito.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Le caselle 'importante' riportano informazioni che potrebbero passare facilmente inosservate: modifiche alla configurazione applicabili solo alla sessione corrente, o servizi i quali necessitano di un riavvio prima di applicare un aggiornamento. Ignorare queste caselle non causa alcuna perdita di dati ma potrebbe causare irritazione e frustrazione da parte dell'utente.
+ </div></div></div><div class="warning"><div class="admonition_header"><h2>Avvertenza</h2></div><div class="admonition"><div class="para">
+ Un Avvertimento non dovrebbe essere ignorato. Se ignorato, potrebbe verificarsi una perdita di dati.
+ </div></div></div></div></div><div xml:lang="it-IT" class="section" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm107945056">2. Inviateci i vostri commenti!</h2></div></div></div><a id="idm69024176" class="indexterm"></a><div class="para">
+ Se individuate degli errori di battitura in questo manuale, o se pensate di poter contribuire al suo miglioramento, contattateci subito! Inviate i vostri suggerimenti tramite Bugzilla: <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a> sul componente <span class="application"><strong>Fedora.</strong></span>
+ </div><div class="para">
+ Quando inviate un bug report, assicuratevi di indicare l'identificatore del manuale: <em class="citetitle">security-guide</em>
+ </div><div class="para">
+ Se inviate un suggerimento per contribuire al miglioramento della guida, cercate di essere il più specifici possibile. Se avete individuato un errore, indicate il numero della sezione e alcune righe di testo, in modo da agevolare la ricerca dell'errore.
+ </div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Security_Overview" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 1. Panoramica sulla Sicurezza</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. Introduzione alla Sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. Cosa s'intende per Sicurezza Informatica?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Controlli di Sicurezza</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusione</a></span></dt></dl></dd><dt><span class="section"><a
href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attaccanti e Vulnerabilità</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. Una breve storia degli Hacker</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Minacce alla sicurezza di rete</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Minacce alla sicurezza server</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Minacce alla sicurezza di workstation e PC di casa</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.3. Analisi della vulnerabilità</a></span></dt><dd><dl><dt><span class="secti
on"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Pensare come il nemico</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Analisi e Test</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Valutazione degli strumenti</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Rischi e Attacchi comuni</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. Aggiornamenti di sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Aggiornare i pacchetti</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verificare la firma dei pachetti</a></span
></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installare pacchetti firmati</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applicare i cambiamenti</a></span></dt></dl></dd></dl></div><div class="para">
+ In seguito al sempre crescente affidamento di attività commerciali e di dati personali a sistemi di rete distribuiti, molte industrie del settore si sono organizzate fondando standard di sicurezza informatica. Le Aziende, per controllare la sicurezza dei loro sistemi e progettare soluzioni adatte alle loro esigenze operative, nel corso del tempo hanno sempre più richiesto la consulenza e le competenze di esperti di sicurezza. Molte aziende sono per natura dinamiche, con dipendenti che hanno accesso alle risorse IT della compagnia sia localmente sia da remoto, con la necessità di avere ambienti di elaborazione delle informazioni sicuri.
+ </div><div class="para">
+ Sfortunatamente, molte organizzazioni (come pure i singoli utenti), considerano la sicurezza un aspetto secondario, un processo che viene tralasciato in favore di un aumento di efficenza, produttività e di entrate economiche. Spesso si pensa ad una vera pratica di sicurezza soltanto <span class="emphasis"><em>dopo</em></span> che si è avuta un'intrusione. Gli esperti in sicurezza concordano che adottare alcune buone pratiche, prima di connettersi ad una rete poco sicura come Internet, è un mezzo efficace per contrastare molti tentativi di intrusione.
+ </div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Introduction_to_Security" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. Introduzione alla Sicurezza</h2></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. Cosa s'intende per Sicurezza Informatica?</h3></div></div></div><div class="para">
+ Con Sicurezza Informatica si definisce un termine genarale che coinvolge un'ampia area dei processi informativi. Le aziende, per le loro transazioni economiche e per accedere ad informazioni strategiche, impiegano sistemi di computer e di rete, e considerano i dati trattati come una risorsa importante per la loro attività. Alcune definizioni e misurazioni di campo economico, come TCO (Total Cost of Ownership) o Costo Totale di Proprietà e QoS (Quality of Service) o Qualità del Servizio, rientrano anche nel nostro vocabolario. Attraverso questi strumenti, le aziende possono valutare integrità e disponibilità dei dati, come una parte dei costi nel processo di pianificazione e gestione. In alcune aziende, come nel commercio elettronico, la disponibilità e affidabilità dei dati può fare la differenza tra il succcesso e il fallimento aziendale.
+ </div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. Come è nata la Sicurezza Informatica? </h4></div></div></div><div class="para">
+ La sicurezza dell'informazione si è evoluta nel corso degli anni, stimolata da una domanda di reti pubbliche in grado di mantenere riservate informazioni personali, finanziarie ed altri dati sensibili. Esistono numerose istanze come il caso Mitnick <sup>[<a id="idm104125104" href="#ftn.idm104125104" class="footnote">1</a>]</sup> e il caso Vladimir Levin <sup>[<a id="idm104125984" href="#ftn.idm104125984" class="footnote">2</a>]</sup>, che hanno indotto molte organizzazioni industriali a ripensare ad un diverso modo di trattare l'informazione, la sua trasmissione e diffusione. La popolarità di Internet è stato uno degli sviluppi più importanti che ha portato a intensificare gli sforzi sulla sicurezza dei dati.
+ </div><div class="para">
+ Un numero sempre crescente di persone usano i loro computer per accedere alle risorse offerte da Internet. Dalla ricerca e recupero di informazione alla posta elettronica, al commercio elettronico, Internet è stato riconosciuto come uno dei più importanti sviluppi del XX secolo.
+ </div><div class="para">
+ Tuttavia, Internet e i suoi primi protocolli, sono stati sviluppati come un sistema <em class="firstterm">trust-based</em> o fidato. In altre parole, l'Internet Protocol non è stato progettato per essere sicuro. Non esistono nell'ambito degli stack di comunicazione TCP/IP degli standard di sicurezza approvati, risultando vulnerabile a potenziali utenti e processi maliziosi. Gli sviuppi moderni hanno reso la comunicazione su Internet più sicura, anche se di tanto in tanto, si verificano incidenti che conquistano l'attenzione mondiale e avvertono che nulla è ancora completamente sicuro.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Security_Today"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. La Sicurezza Oggi</h4></div></div></div><div class="para">
+ Nel Febbraio del 2000, contro diversi siti Internet molto frequentati, fu portato un attacco di tipo DDoS (Distributed Denial of Service). L'attacco coinvolse yahoo.com, cnn.com, amazon.com, fbi.gov e diversi altri domini risultarono completamente isolati, irraggiungibili da parte dei normali utenti, poichè l'attacco riuscì a bloccare, per alcune ore, diversi router con raffiche di pacchetti ICMP molto lunghi, detti <em class="firstterm">ping flood</em>. L'attacco fu realizzato da un gruppo di anonimi che usarono dei programmi molto diffusi, appositamente sviluppati, per intercettare la presenza di porte vulnerabili nei server di rete; riuscirono ad installare sui server, delle applicazioni client, i <em class="firstterm">trojans</em>, e al momento giusto sferrarono un attacco contro ogni server infettato, rendendo i siti inutilizzabili. Da questa storia, molti concludono che la colpa sia nelle falle inerenti al sistema Internet, in quanto i router e i protocolli sono
strutturati per accettare tutti i dati d'ingresso, a prescindere da dove vengano o del perchè siano stati spediti.
+ </div><div class="para">
+ Nel 2007, una violazione di dati riuscì a compromettere la già nota debolezza del protocollo di cifratura per reti wireless, WEP (Wired Equivalent Privacy), causando la sottrazione, ai danni di una istituzione finanziaria mondiale, di oltre 45 milioni di numeri di carte di credito. <sup>[<a id="idm80301648" href="#ftn.idm80301648" class="footnote">3</a>]</sup>
+ </div><div class="para">
+ In un altro caso, dall'auto del corriere, fu sottratto il disco che conteneva le registrazioni delle cedole assicurative di oltre 2,2 milioni di pazienti. <sup>[<a id="idm80303248" href="#ftn.idm80303248" class="footnote">4</a>]</sup>
+ </div><div class="para">
+ Oggigiorno, circa 1,8 miliardi di persone nel mondo usano o hanno usato Internet. <sup>[<a id="idm80304240" href="#ftn.idm80304240" class="footnote">5</a>]</sup> Nello stesso tempo:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Ogni giorno, secondo le registrazioni fornite dal CERT Coordination Center presso la Carnegie Mellon University.<sup>[<a id="idm84955024" href="#ftn.idm84955024" class="footnote">6</a>]</sup>, si verificano circa 225 casi piuttosto gravi di falle di sicurezza.
+ </div></li><li class="listitem"><div class="para">
+ Nel 2003, il numero di casi riportati dal CERT è cresciuto a 137.529, dagli 82.094 nel 2002 e dai 52.658 nel 2001. <sup>[<a id="idm84956624" href="#ftn.idm84956624" class="footnote">7</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ Il danno economico causato dall'impatto dei tre virus più pericolosi, diffusi su Internet negli ultimi tre anni, è di circa 13,2 miliardi di dollari.<sup>[<a id="idm107696608" href="#ftn.idm107696608" class="footnote">8</a>]</sup>
+ </div></li></ul></div><div class="para">
+ Da una indagine svolta nel 2008, per conto di <span class="emphasis"><em>CIO Magazine</em></span> dal gruppo di esperti tecnologici e commerciali, "The Global State of Information Security"<sup>[<a id="idm107694400" href="#ftn.idm107694400" class="footnote">9</a>]</sup>, sono emersi i seguenti punti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Appena il 43% degli intervistati analizzano o controllano la conformità degli utenti alle policy di sicurezza
+ </div></li><li class="listitem"><div class="para">
+ Soltanto il 22% mantiene un inventario delle aziende esterne che fanno uso dei loro dati
+ </div></li><li class="listitem"><div class="para">
+ Quasi la metà degli incidenti, dovuti a problemi di sicurezza, sono stati classificati come "Sconosciuti"
+ </div></li><li class="listitem"><div class="para">
+ Il 44% degli intervistati prevede di aumentare l'investimento in sicurezza nel prossimo anno
+ </div></li><li class="listitem"><div class="para">
+ Il 59% ritiene di avere una strategia di sicurezza informatica
+ </div></li></ul></div><div class="para">
+ Questi risultati sono una prova che la sicurezza informatica è diventata una spesa quantificabile e giustificabile negli investimenti IT. Le organizzazioni che richiedono integrità e pronta disponibilità dei dati, sollecitano le competenze di amministratori di rete, sviluppatori ed ingegneri a garantire una affidabilità di 24h x 7giorni settimanali, ai loro sistemi, servizi ed informazioni. Cadere vittima di utenti o processi malintenzionati o di attacchi coordinati, è una minaccia al successo stesso dell'organizzazione.
+ </div><div class="para">
+ Sfortunatamente, la sicurezza dei sistemi e della rete può risultare un affare piuttosto complicato, che richiede una conoscenza approfondita su come l'organizzazione considera, usa, manipola e trasmette le sue informazioni. Capire come un'organizzazione (e le persone che ne fanno parte) porta avanti i suoi affari è il punto di partenza per implementare un efficace progetto di sicurezza.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">1.1.1.3. Standardizzare la Sicurezza</h4></div></div></div><div class="para">
+ Le aziende di ogni settore si basano su regole e regolamenti che sono emanati da enti regolatori come l'IEEE (Institute of Electrical and Electronics Engineers). Lo stesso avviene per la sicurezza informatica. Molti consulenti e rivenditori del settore sicurezza informatica, concordano su un modello standard di sicurezza denominato CIA o <em class="firstterm">Confidentiality, Integrity and Availability</em>. Questo modello a tre livelli, è un componente generalmente accettato per stimare il rischio delle informazioni sensibili e per stabilire una policy di sicurezza. Di seguito si descrive il modello CIA in maggior dettaglio.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Confidentiality — Le informazioni sensibili devono essere rese disponobili solo a un numero predefinito di persone. La trasmissione e l'uso non autorizzato di informazioni deve quindi essere limitato. Per esempio, la confidenzialità assicura che le informazioni finanziarie o personali di un cliente, non siano ottenute da un individuo non autorizzato, per propositi fraudolenti come la sostituzione d'identità o la sottrazione di credito.
+ </div></li><li class="listitem"><div class="para">
+ Integrity — L'informazione non deve essere alterata in modo da renderla incompleta o scorretta. Gli utenti non autorizzati non devono avere la possibilità di modificare o distruggere informazioni sensibili.
+ </div></li><li class="listitem"><div class="para">
+ Availability — L'informazione deve essere disponibile agli utenti autorizzati ogni qualvolta ciò è richiesto. La disponibilità è una garanzia che l'informazione può essere ottenuta sempre, in ogni momento. Questa è spesso misurata in termini percentuale e stabilita nei Service Level Agreement (SLA) in fase di contratto tra service provider e clienti.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-SELinux"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</h3></div></div></div><div class="para">
+ Fedora include un miglioramento al kernel Linux, denominato SELinux, che implementa una architettura MAC (Mandatory Access Control) per la regolazione precisa del controllo su file, processi, utenti ed applicazioni. Per ulteriori informazioni su SELinux, fare riferimento alla <a href="http://docs.fedoraproject.org/it-IT/Fedora/13/html/Security-Enhanced_Linux/index.html">Fedora SELinux User Guide</a>. Per informazioni sulla configurazione e i servizi protetti da SELinux, consultare <a href="http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/index.html">Managing Confined Services</a>. Per altre risorse, vedere il <a class="xref" href="#chap-Security_Guide-References">Capitolo 9, <em>Riferimenti</em></a>.
+ </div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Security_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Controlli di Sicurezza</h3></div></div></div><div class="para">
+ La Sicurezza Informatica è spesso suddivisa in tre categorie principali o <em class="wordasword">controls</em>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Fisico
+ </div></li><li class="listitem"><div class="para">
+ Tecnico
+ </div></li><li class="listitem"><div class="para">
+ Amministrativo
+ </div></li></ul></div><div class="para">
+ Queste tre grandi categorie definiscono i principali obiettivi per una implemetazione di sicurezza. Nell'ambito di questi controlli, esistono delle sotto-categorie che ulteriormente suddividono i controlli e la loro implementazione.
+ </div><div class="section" id="sect-Security_Guide-Security_Controls-Physical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Physical_Controls">1.1.3.1. Controlli Fisici</h4></div></div></div><div class="para">
+ Il controllo fisico riguarda l'implementazione delle misure di sicurezza tali da impedire o prevenire accessi non autorizzati a materiale riservato. Esempi di controlli fisici includono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Video camere di sorveglianza a circuito chiuso
+ </div></li><li class="listitem"><div class="para">
+ Sistemi di allarme a sensore termico e di movimento
+ </div></li><li class="listitem"><div class="para">
+ Guardie di sicurezza
+ </div></li><li class="listitem"><div class="para">
+ Documenti d'identificazione
+ </div></li><li class="listitem"><div class="para">
+ Porte d'acciaio con serrature di sicurezza
+ </div></li><li class="listitem"><div class="para">
+ Sistemi Biometrici, tra cui strumenti di riconoscimento vocale e dell'iride, lettori di impronte digitali e facciali ed altri metodi usati per il riconoscimento degli individui
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Technical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Technical_Controls">1.1.3.2. Controlli Tecnici</h4></div></div></div><div class="para">
+ I controlli tecnici usano la tecnologia come base, per controllare l'accesso e l'uso di dati riservati in una struttura fisica e attraverso una rete. I controlli tecnici comprendono un'ampio ambito e diverse tecnologie, tra le quali:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Tecniche di cifratura
+ </div></li><li class="listitem"><div class="para">
+ Smart card
+ </div></li><li class="listitem"><div class="para">
+ Autenticazione di rete
+ </div></li><li class="listitem"><div class="para">
+ Access control lists (ACLs)
+ </div></li><li class="listitem"><div class="para">
+ Software per controllare l'integrità dei file
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Administrative_Controls">1.1.3.3. Controlli Amministrativi</h4></div></div></div><div class="para">
+ I controlli amministrativi definiscono i fattori umani legati alla sicurezza. Essi coinvolgono il personale di ogni livello di un'organizzazione e determinano quali utenti possono avere accesso a quali risorse ed informazioni, per mezzo di:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Addestramento e consapevolezza
+ </div></li><li class="listitem"><div class="para">
+ Preparazione per affrontare disastri ed avviare piani di ripristino
+ </div></li><li class="listitem"><div class="para">
+ Strategie per assumere e licenziare il personale
+ </div></li><li class="listitem"><div class="para">
+ Registrazione e controllo di accesso del personale
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Conclusion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusione</h3></div></div></div><div class="para">
+ Ora che si conoscono le origini, le ragioni e gli aspetti legati alla sicurezza, sarà più facile stabilire le azioni da intraprendere usando Fedora. Per poter pianificare ed implemetare una corretta strategia è importante individuare i fattori e le condizioni che garantiscono la sicurezza. Con queste informazioni, il processo può essere formalizzato e la sua realizzazione diventa più chiara, man mano che si procede nei dettagli specifici del processo di sicurezza.
+ </div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attaccanti e Vulnerabilità</h2></div></div></div><div class="para">
+ Per pianificare ed implementare una buona strategia di sicurezza, occorre conoscere i motivi che determinano, attaccanti motivati, ad avviare una intrusione nel sistema. Ma prima di affrontare questi motivi, bisogna introdurre la terminologia usata per identificare un attaccante.
+ </div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. Una breve storia degli Hacker</h3></div></div></div><div class="para">
+ Il significato moderno della parola <em class="firstterm">hacker</em>, risale al 1960 ed al Tech Model Railroad Club del Massachusetts Institute of Technology (MIT), dove i membri si dilettavano a realizzare trenini elettrici, ricchi di dettagli e in diverse scale. <em class="firstterm">Hacker</em> era usato per indicare i membri del club che scoprivano un trucco o una ingegnosa scorciatoia per risolvere un problema.
+ </div><div class="para">
+ Il termine hacker da allora è stato usato per descrivere sia gli appassionati di computer che i programmatori geniali. Una caratteristica che accomuna molti hacker è la curiosità di scoprire i dettagli di come funzionano i computer e le reti, senza una particolare motivazione ulteriore. Gli sviluppatori del software open source, spesso si considerano degli hacker, ed usano la parola hacker in senso di rispetto.
+ </div><div class="para">
+ Solitamente, gli hacker seguono una forma di <em class="firstterm">etica hacker</em>, in cui è essenziale la ricerca e la conoscenza di informazione, e la condivisione di questa conoscenza con la community è uno dei doveri di ogni hacker. Con questa motivazione, spesso capita di sentire di sfide lanciate da hacker ai sistemi di sicurezza di computer di istituzioni universitarie. Per questo motivo, la stampa usa spesso il termine hacker, per indicare chiunque tenti di accedere illecitamente ai sistemi ed alla rete con intenzioni illecite, maliziose o criminali. In realtà la terminologia esatta per questo tipo di individuo è <em class="firstterm">cracker</em> — un termine appositamente creato dagli hacker, a metà degli anni '80, per ben differenziare le due comunità.
+ </div><div class="section" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray">1.2.1.1. Tonalità di grigio</h4></div></div></div><div class="para">
+ Negli Stati Uniti, si distinguono sostanzialmente tre tipi di gruppi che trovano e analizzano le vulnerabilità nei sistemi e nella rete. Questi gruppi sono spessso individuati dal colore del cappello che "indossano" quando eseguono un intervento, ed il colore è una indicazione del grado di rischio che stanno affrontando.
+ </div><div class="para">
+ Chi porta un cappello di colore bianco o un <em class="firstterm">white hat hacker</em>, verifica le rete ed i sistemi valutando la loro performance e determinando quanto siano vulnerabili alle intrusioni. Di solito, un white hat hacker testa la sicurezza del sistema tentando di crackare il proprio sistema o quello di un cliente che lo ha appositamente chiamato. I ricercatori universitari e i consulenti in sicurezza, sono due esempi di white hat hacker.
+ </div><div class="para">
+ Chi indossa un cappello di colore nero o un <em class="firstterm">black hat hacker</em>, è un cracker. In generale, i cracker non sono molto interessati alla programmazione o al funzionamento del sistema. Spesso si affidano a programmi maliziosi realizzati da altri, per carpire informazioni sensibili per scopi personali o causare danni ai sistemi ed alla rete.
+ </div><div class="para">
+ Chi indossa un cappello grigio o un <em class="firstterm">gray hat hacker</em>, ha le competenze e, nella maggior parte dei casi, le intenzioni di un white hat hacker, ma occasionalmente utilizza le sue conoscenze con finalità meno nobili. Un gray hat hacker può essere immaginato come un white hat hacker che a volte, per propri motivi, diventa un black hat hacker.
+ </div><div class="para">
+ Si può dire che un gray hat hacker segua un'altra etica hacker, secondo cui sarebbe lecito intrufolarsi nei sistemi, a patto di non commettere danni o carpire dati sensibili. Si potrebbe obbiettare, comunque, che l'atto di intaccare un sistema è di per sè eticamente scorretto (n.d.t. oltre che legalmente perseguibile).
+ </div><div class="para">
+ Qualunque sia l'intenzione di un intrusore, importante è conoscere le debolezze sfruttate dal cracker. Nella parte restante di questo capitolo ci si focalizzerà su questi aspetti.
+ </div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Minacce alla sicurezza di rete</h3></div></div></div><div class="para">
+ Pratiche scorrette quando si configurano i seguenti aspetti di rete, aumentano il rischio di un attacco.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.2.2.1. Architetture non sicure</h4></div></div></div><div class="para">
+ Una rete non correttamente configurata è il punto d'accesso principale per utenti non autorizzati. Una rete locale fidata ed <span class="emphasis"><em>aperta</em></span> verso una rete altamente insicura come Internet, è vulnerabile come un'abitazione con una porta socchiusa in un quartiere a rischio — non è detto che succeda qualcosa, ma qualcuno potrebbe approfittare <span class="emphasis"><em>eventualmente</em></span> della ingenuità.
+ </div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks">1.2.2.1.1. Reti broadcast</h5></div></div></div><div class="para">
+ Spesso gli amministratori di sistema trascurano, nei loro schemi di sicurezza, l'importanza dei dispositivi di rete. Semplici dispositivi come hub e router si basano sul principio di broadcast; cioè, quando un nodo trasmette un pacchetto ad un'altro nodo della rete, l'hub o il router invia in broadcast il pacchetto finchè il nodo destinatario non riceve e analizza il pacchetto. Questo metodo rende particolarmente vulnerabile <em class="firstterm">ARP</em> (Address Resolution Protocol) o <em class="firstterm">MAC</em> (Media Access Control) all'address spoofing da parte di intrusi sia esterni sia interni.
+ </div></div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers">1.2.2.1.2. Server centralizzati</h5></div></div></div><div class="para">
+ Un'altra potenziale trappola è l'uso di sistemi centralizzati. Un modo comunemente usato da molte aziende, per il contenimento dei costi, è quello di concentrare tutti i servizi su una singola macchina molto potente. Ciò può risultare conveniente, perchè facilita la gestione e riduce i costi di gestione, rispetto a configurazioni con server multipli. Tuttavia, un server centralizzato introduce un unico punto di rottura: se il server viene compromesso, ciò può portare all'inutilizzo completo della rete o peggio ancora, alla manomissione o sottrazione di dati. In queste situazioni, un server centrale diventa una porta aperta che permette di accedere all'intera rete.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Minacce alla sicurezza server</h3></div></div></div><div class="para">
+ La sicurezza server è tanto importante quanto la sicurezza di rete, in quanto un server spesso gestisce moltissime informazioni vitali per un'organizzazione. Se un server viene compromesso, tutto il suo contenuto può diventare accessibile al cracker che può manometterlo o rubarlo. Le seguenti sezioni descrivono alcuni dei principali problemi.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.2.3.1. Servizi non usati e porte aperte</h4></div></div></div><div class="para">
+ Una installazione completa di Fedora comprende più di mille applicazioni e librerie. Comunque, molti amministratori di server non scelgono di installare tutti i pacchetti presenti nella distribuzione, preferendo invece una installazione di base con diverse applicazioni server.
+ </div><div class="para">
+ Una pratica comune a molti amministratori, è installare il sistema operativo senza prestare attenzione a quali programmi vengono effetivamente installati. Ciò può causare futuri problemi, perchè si installano servizi non necessari, configurati con impostazioni predefinite ed eventualmente in esecuzione. Il risultato è di trovarsi con servizi non richiesti come Telnet, DHCP o DNS, in esecuzione su un server o workstation a insaputa dell'amministratore, che possono causare traffico indesiderato verso il server o peggio, una potenziale breccia nel sistema per i cracker. Fare riferimento alla <a class="xref" href="#sect-Security_Guide-Server_Security">Sezione 3.2, «Server Security»</a>, per informazioni su come chiudere le porte e disabilitare i servizi non utilizzati.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.2.3.2. Servizi privi di patch</h4></div></div></div><div class="para">
+ Molte applicazioni server incluse in una installazione predefinita, risultano robuste ed ampiamente testate. Essendo state impiegate in ambienti di produzione per molti anni, il loro codice è stato estesamente rivisto e molti bug individuati e risolti.
+ </div><div class="para">
+ Tuttavia, non esiste software perfetto e c'è sempre spazio per ulteriori rifiniture. Inoltre, il software più recente, spesso non sempre è rigorosamente testato come ci si aspetterebbe, vuoi perchè appena arrivato negli ambienti di produzione vuoi perchè non così comune come altre applicazioni server.
+ </div><div class="para">
+ Gli amministratori di sistema insieme agli sviluppatori, spesso scoprono falle di vulnerabilità nelle applicazioni server e pubblicano le informazioni relative alla sicurezza, su mailing list come <a href="http://www.securityfocus.com">Bugtraq</a> o su siti come <a href="http://www.cert.org">Computer Emergency Response Team (CERT)</a>. Sebbene questi meccanismi siano un metodo efficace per avvisare la comunità sui problemi di sicurezza, rimane comunque una responsabilità dell'amministratore provvedere a correggere reattivamente il proprio sistema. Ciò è particolarmente rilevante, in quanto anche i cracker hanno accesso ai suddetti servizi di informazione sulla sicurezza, ed useranno tali informazioni per attaccare i sistemi non corretti con ogni mezzo possibile. Quindi, in ottica di una maggiore sicurezza, a un amministratore di sistema si richiede vigilanza, tracciatura costante dei bug e appropriata manutenzione.
+ </div><div class="para">
+ Per maggiori informazioni su come tenere aggiornato un sistema, vedere la <a class="xref" href="#sect-Security_Guide-Security_Updates">Sezione 1.5, «Aggiornamenti di sicurezza»</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.2.3.3. Amministrazione negligente</h4></div></div></div><div class="para">
+ Gli amministratori che trascurano di correggere i loro sistemi, sono la prima grande minaccia per la sicurezza dei loro server. Secondo l'istituto <em class="firstterm">SANS</em> o SysAdmin, Audit, Network, Security Institute, la causa primaria che rende vulnerabile la sicurezza di un computer è <span class="emphasis"><em>assegnare a personale impreparato la gestione della sicurezza e non fornire le risorse necessarie per l'addestramento</em></span>. <sup>[<a id="idm60617424" href="#ftn.idm60617424" class="footnote">10</a>]</sup> Ciò vale sia per gli amministratori senza esperienza sia per quelli troppo sicuri di sè o poco motivati.
+ </div><div class="para">
+ Alcuni amministratori trascurano di applicare patch a server e workstation, altri di controllare i messaggi di log provenienti dal kernel o dal traffico di rete. Un altro errore comune si ha quando si lasciano invariate ai loro valori predefiniti, le password o le chiavi di acceso ai servizi. Per esempio, alcuni database hanno delle password di amministrazione predefinite, perchè si presume che l'amministratore cambi questa password immediatamente dopo l'installazione. Se un amministratore di database dimentica di cambiare questa password, anche un cracker inesperto usando una password predefinita a tutti nota, sarà in grado di guadagnare i privilegi di amministrazione sul database. Questi sono solo alcuni esempi di come una amministrazione poco attenta possa portare alla compromissione dei server.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.2.3.4. Servizi intrinsecamente insicuri </h4></div></div></div><div class="para">
+ Anche l'organizzazione più scrupolosa può diventare vittima di vulnerabilità, se i servizi di rete scelti sono intrinsecamente non sicuri. Per esempio, esistono molti servizi che sono sviluppati con l'assunzione che siano usati in reti fidate; quindi questa assunzione crolla nel momento in cui il servizio diventa disponibile su Internet — che è una rete intrinsecamente non fidata.
+ </div><div class="para">
+ Una categoria di servizi di rete insicuri sono quelli che richiedono l'autenticazione con username e password non cifrate. Telnet ed FTP sono due di tali servizi. Se uno sniffer di pacchetti si trova a monitorare il traffico, tra l'utente remoto e un tale servizio, esso può facilmente intercettare username e password.
+ </div><div class="para">
+ Per loro natura, questi servizi possono molto facilmente cadere vittima di ciò che gli esperti di sicurezza definiscono con il termine, attacco <em class="firstterm">man-in-the-middle</em>. In questo tipo di attacco, un cracker una volta sabotato un name server, dirotta tutto il traffico sulla sua macchina. Quando l'utente apre una sessione remota con il server, la macchina dell'attaccante rimane trasparente, e silenziosamente situato <span class="emphasis"><em>in mezzo</em></span> tra il servizio remoto e l'iconsapevole utente, può intercettare tutto il traffico. In questo modo, un cracker è in grado di carpire password e altri dati importanti, a insaputa del server e dell'utente.
+ </div><div class="para">
+ Un'altra categoria di servizi insicuri includono NFS (Nework File Systems) e NIS (Network Information Services), sviluppati esplicitamente per l'impiego in LAN ma il cui uso, sfortunatamente, si è esteso alle WAN (per gli utenti remoti). NFS, per impostazione predefinita, non ha alcun meccanismo di autenticazione o sicurezza configurato per prevenire, da parte di un cracker, il montaggio del NFS e il conseguente accesso al suo contenuto. Anche NIS contiene informazioni, come password e permessi sui file, salvati in un file di testo ASCII in chiaro o (DBM ASCII-derived), che devono essere accessibili ad ogni computer della rete. Un cracker che riesce ad accedere al database può quindi scoprire ogni account utente sulla rete, incluso quello dell'amministratore.
+ </div><div class="para">
+ Per impostazione predefinita, Fedora viene rilasciata con tutti questi servizi disattivati. Si tenga presente che nel caso occorra usare questi servizi, la loro accurata configurazione può risultare piuttosto critica. Per maggiori informazioni sulla configurazione ottimale dei servizi, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Server_Security">Sezione 3.2, «Server Security»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Minacce alla sicurezza di workstation e PC di casa</h3></div></div></div><div class="para">
+ Workstation e PC non sono così frequentemente prede di attacchi come le reti o i server, ma siccome spesso contengono dati sensibili, come i dati relativi a carte di credito, essi possono diventare un obbiettivo dei cracker. Le workstation possono anche essere coinvolte ed usate, a insaputa dell'utente, come macchine "slave" per attacchi coordinati. Per queste ragioni, conoscere le vulnerabilità di workstation può evitare agli utenti la reinstallazione del sistema operativo o peggio, il difficile recupero dei dati trafugati.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.2.4.1. Password inadeguate</h4></div></div></div><div class="para">
+ Cattive password sono uno dei modi più semplici per agevolare ad un attaccante, l'accesso al sistema. Per saperne di più su come evitare di creare inutili falle con le password, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Workstation_Security-Password_Security">Sezione 3.1.3, «Protezione delle password»</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.2.4.2. Applicazioni client vulnerabili</h4></div></div></div><div class="para">
+ Anche se un amministratore ha configurato e reso sicuro un server in maniera corretta, ciò non significa che un accesso remoto, da parte di un utente, sia sicuro. Per esempio, se il server permette l'accesso attraverso una rete pubblica, ai servizi Telnet od FTP, un attaccante potrebbe intercettare la username e la password trasmesse in chiaro, e quindi usare tali informazioni per accedere alla workstation dell'utente remoto.
+ </div><div class="para">
+ Anche quando si usano protocolli sicuri come SSH, un utente remoto può essere vulnerabile a certi attacchi, se le applicazioni client non sono aggiornate. Per esempio, i client SSH della versione v.1, sono vulnerabili ad un attacco X-forwarding, da parte di server SSH maliziosi. Una volta connesso al server, l'attaccante può tranquillamente intercettare attraverso la rete, ogni tasto digitato od ogni click del mouse del client. Questo problema è stato risolto nella versione v.2 del protocollo SSH; in quasto caso è un compito dell'utente sapere quali applicazioni soffrono di quali vulnerabilità ed aggiornarle, se necessario.
+ </div><div class="para">
+ Nella <a class="xref" href="#sect-Security_Guide-Workstation_Security">Sezione 3.1, «Workstation Security»</a>, si discute in maggior dettaglio i passi che amministratori ed utenti dovrebbero seguire, per limitare la vulnerabilità delle proprie workstation.
+ </div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Vulnerability_Assessment" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.3. Analisi della vulnerabilità</h2></div></div></div><div class="para">
+ Con a disposizione una buona dose di tempo, risorse e motivazione, un cracker può sabotare quasi ogni sistema. Alla fine di una giornata, tutte le procedure e tecnologie di sicurezza correntemente disponibili, non possono garantire che tutti i sistemi siano completamente salvi da intrusioni. I router aiutano a proteggere i gateway da Internet. I firewall aiutano a proteggere il confine della rete. I VPN (Virtual Private Networks) fanno passare i dati, in modo sicuro, in un flusso criptato. I sistemi anti-intrusione avvisano in caso di attività maliziose. Tuttavia, il successo di ciascuna di queste tecnologie dipende da un certo numero di variabili, tra cui:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'esperienza dello staff responsabile della configurazione, monitoraggio e mantenimento delle tecnologie.
+ </div></li><li class="listitem"><div class="para">
+ L'abiilità di coreggere ed aggiornare rapidamente ed efficacemente, servizi e kernel
+ </div></li><li class="listitem"><div class="para">
+ L'abilità dei responsabili di mantenere una vigilanza continua sulla rete.
+ </div></li></ul></div><div class="para">
+ Data la natura dinamica dei sistemi e delle tecnologie dell'informazione, rendere sicure le proprie risorse, può essere piuttosto complesso. A causa di questa complessità, risulta spesso difficile trovare degli esperti in tutti i settori del sistema. Se in un'azienda è possibile avere del personale con conoscenze generali in molte aree della sicurezza informatica, tuttavia, risulta difficile mantenere uno staff d'alto livello che sia esperto in ogni area. Questo perchè ciascuna area della sicurezza informatica richiede una attenzione costante e la sicurezza informatica risulta essere in continua evoluzione.
+ </div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Pensare come il nemico</h3></div></div></div><div class="para">
+ Si supponga di dover amministrare una rete aziendale. La rete generalmente comprende vari sistemi operativi, applicazioni, server, monitor di rete, firewall, sistemi anti-intrusione ed altro. Ora si immagini di provare a tenere aggiornati tutti questi sistemi. Vista la complessità dei software e delle reti attuali, gli attacchi e i bug sono una certezza. Mantenere al passo una intera rete con correzioni ed aggiornamenti, può essere una <span class="emphasis"><em>impresa</em></span> in una grande organizzazione con sistemi etrogenei.
+ </div><div class="para">
+ Si combini la richiesta di esperienza con il compito di essere al passo, ed inevitabilmente si verificheranno incidenti, i sistemi saranno compromessi, i dati corrotti ed i servizi interrotti.
+ </div><div class="para">
+ Per migliorare le tecnologie relative alla sicurezza ed aiutare a proteggere i sistemi, le reti e i dati, occorre pensare come un cracker e valutare la sicurezza del proprio sistema, verificandone i punti di debolezza. Una valutazione preventiva della vulnerabilità del sistema e delle risorse di rete può rivelare potenziali problemi, che possono essere risolti prima che si verifichi un attacco.
+ </div><div class="para">
+ Una valutazione della vulnerabilità è una verifica interna della sicurezza della rete e del sistema, i cui risultati indicano la confidenzialità, l'integrità e la disponibilità della rete (vedere la <a class="xref" href="#sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">Sezione 1.1.1.3, «Standardizzare la Sicurezza»</a>). Tipicamente, la valutazione inizia con una fase di ricognizione, durante la quale sono raccolti importanti dati riguardanti i sistemi e le risorse disponibili. Questa, porta alla fase di "readiness", in cui l'intero sistema è controllato in tutti i suoi punti di vulnerabilità. Essa culmina con la fase di reporting, in cui le vulnerabilità sono classificate in categorie di rischio alto, medio e basso; successivamente, si studiano i metodi per aumentare la sicurezza (o mitigare il rischio di vulnerabilità).
+ </div><div class="para">
+ Se si facesse una valutazione di vulnerabilità della propria abitazione, si controllerebbero tutte le porte di casa per assicurarsi che siano chiuse e sicure. Si controllerebbero anche tutte le finestre, assicurandosi che siano chiuse e serrate. Lo stesso avviene con i sistemi, le reti e i dati informatici. Gli utenti maliziosi sono i ladri e i vandali dei dati. Occorre focalizzarsi sui loro strumenti, la loro mentalità e le loro motivazioni per poter reagire prontamente alle loro azioni.
+ </div></div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Analisi e Test</h3></div></div></div><div class="para">
+ L'analisi della vulnerabilità può essere svolta in due modalità: <em class="firstterm">Dall'esterno</em> e <em class="firstterm">Dall'interno</em>.
+ </div><div class="para">
+ Quando si fa un'analisi di vulnerabilità dall'esterno, si tenta di compromettere il sistema dall'esterno. E' il punto di vista del cracker che non facendo parte della propria attività produttiva, si trova all'esterno. Si vede ciò che vede il cracker — indirizzi di routing pubblici, i sistemi presenti sulla <em class="firstterm">DMZ</em>, le interfacce esterne del firewall ed altro. DMZ sta per "zona demilitarizzata", corrispondente ad un computer o ad una piccola sottorete che si trova tra una rete interna fidata, come una LAN privata e una rete esterna non fidata, come Internet. Solitamente, una DMZ possiede dispositivi che accedono ad Internet, come server Web (HTTP), server FTP, server mail (SMTP) e server DNS.
+ </div><div class="para">
+ Quando si fa un'analisi dall'interno, in un certo senso si è avvantaggiati, giacchè ci si trova all'interno e si gode della condizione di fiducia. Questo è il punto di vista che si acquista una volta loggati nel proprio sistema e che hanno anche i propri collaboratori all'interno della rete fidata. Si vedono server di stampa, file server, database ed altre risorse.
+ </div><div class="para">
+ Tra le due modalità di analisi esistono nette differenze. All'interno della rete fidata si hanno maggiori privilegi di chiunque altro si trovi all'esterno. E ancora oggi, in molte organizzazioni, la sicurezza è vista come una intrusione dall'esterno, per cui viene configurata come se si volessse mantenere gli intrusori all'esterno. Molto poco viene fatto per proteggere le risorse interne (come firewall dipartimentali, controlli d'accesso sugli utenti, procedure d'autenticazione per accedere alle risorse interne ed altro). Solitamente, ci sono molte più risorse da analizzare in un'analisi interna piochè i principali sistemi si trovano all'interno. Una volta che si è fuori dall'organizzazione, si passa in uno stato non fidato. I sistemi e le risorse disponibili dall'esterno spesso sono molto limitate.
+ </div><div class="para">
+ Si consideri la differenza tra analisi della vulnerabilità e <em class="firstterm">test di penetrazione </em>. Si pensi all'analisi di vulnerabilità come il primo passo per un test di penetrazione. L'informazione raccolta durante l'analisi viene usata per fare il test. Mentre l'analisi viene svolta per controllare la presenza di falle e potenziali vulnerabilità, il test di penetrazione praticamente ne verifica la loro pericolosità.
+ </div><div class="para">
+ Analizzare le infrastrutture di rete è un processo dinamico. Anche la sicurezza dell'informazione e dei sistemi è un processo dinamico. Eseguendo un'analisi, si possono intercettare sia falsi positivi che falsi negativi.
+ </div><div class="para">
+ Gli amministratori addetti alla sicurezza sono tanto validi quanto gli strumenti che usano e di cui sono a conoscenza. Si provi, per esempio, ad utlizzare uno degli strumenti di analisi disponibili, effettuando una verifica sul proprio sistema e quasi sicuramente si individueranno dei falsi positivi. Sia che si tratti di problemi nel programma o di un errore di utilizzo, l'effetto resta lo stesso. Lo strumento rileva vulnerabilità che in realtà non esistono (il falso positivo); o peggio ancora, non intercetta alcuna vulnerabilità che invece esiste (il falso negativo).
+ </div><div class="para">
+ Quindi, ora che è stata definita la distinzione tra analisi della vulnerabilità e test di penetrazione, e la natura dei potenziali falsi negativi/positivi, in analisi future, prima di avviare un test di penetrazione, si rivedano attentamente i punti di vulnerabilità trovati.
+ </div><div class="warning"><div class="admonition_header"><h2>Avvertimento</h2></div><div class="admonition"><div class="para">
+ Tentare di sfruttare le vulnerabilità in un sistema di produzione può avere effetti negativi sulla produttività ed efficenza dell'intero sistema e della rete.
+ </div></div></div><div class="para">
+ La seguente lista esamina alcuni benefici ricavabili da un'analisi di vulnerabilità:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Crea un'attenzione proattiva verso la sicurezza informatica
+ </div></li><li class="listitem"><div class="para">
+ Individua potenziali falle prima dei cracker
+ </div></li><li class="listitem"><div class="para">
+ Consente di mantenere il sistema aggiornato e ben funzionante
+ </div></li><li class="listitem"><div class="para">
+ Promuove la crescita ed aiuta a sviluppare l'esperienza del team
+ </div></li><li class="listitem"><div class="para">
+ Abbatte le perdite economiche e la pubblicità negativa
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology">1.3.2.1. Stabilre una metodologia</h4></div></div></div><div class="para">
+ Per individuare gli strumenti da usare in un'analisi di vulnerabilità, può essere utile stabilire una metodologia di analisi della vulnerabilità. Sfortunatamente, al momento non esiste una metodologia predefinita o standardizzata; ad ogni modo, il buon senso e una buona pratica possono essere una guida sufficiente.
+ </div><div class="para">
+ <span class="emphasis"><em>Qual'è l'obbiettivo? Si sta controllando un solo server o l'intera rete con tutti i suoi sistemi? Siamo all'interno o all'esterno della nostra organizzazione?</em></span> Le risposte a queste domande sono importanti perchè aiutano a stabilire non solo quali strumenti usare ma anche come usarli.
+ </div><div class="para">
+ Per saperne di più su come stabilire una metodologia, fare riferimento ai seguenti siti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">The Open Source Security Testing Methodology Manual</em> (OSSTMM): <a href="http://www.isecom.org/osstmm/"> http://www.isecom.org/osstmm </a>
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">The Open Web Application Security Project</em>: <a href="http://www.owasp.org/">http://www.owasp.org/ </a>
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Valutazione degli strumenti</h3></div></div></div><div class="para">
+ Un'analisi inizia dalle informazioni raccolte da un qualche strumento. Quando si analizza una intera rete conviene dapprima crearsi una mappa, per sapere gli host che sono in esecuzione. Una volta localizzati, si esamini ogni host, individualmente. La loro analisi richiederà, probabilmente, altri strumenti. Sapere quali strumenti usare può essere il passo più cruciale in un'analisi di vulnerabilità.
+ </div><div class="para">
+ Proprio come nella vita di tutti i giorni, esistono molti strumenti differenti che svolgono lo stesso lavoro. La stessa situazione si ha quando si affronta un'analisi di vulnerabilità. Esistono strumenti specifici per i sistemi operativi, le applicazioni ed anche per le reti (a seconda del protocollo usato). Alcuni sono free, altri no. Alcuni strumenti sono intuitivi e facili da usare, altri sono critpici e scarsamente documentati ma con proprietà che altri non hanno.
+ </div><div class="para">
+ Trovare gli strumenti giusti può essere piuttosto scoraggiante all'inizio e un po' d'esperienza può contare molto. Se possibile, impostare un sistema di test e si provino più strumenti possibile, notando i punti di forza e debolezza di ciascuno. Di ogni strumento si legga il README o le pagine man relative. Si cerchi anche su Internet articoli, guide passo-passo, o mailing-list dedicate allo strumento.
+ </div><div class="para">
+ Gli strumenti elencati sono solo un piccolo campione di quelli disponibili.
+ </div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap">1.3.3.1. Scansione degli Host con Nmap</h4></div></div></div><div class="para">
+ Nmap è uno strumento incluso in Fedora che può essere usato per determinare il layout di una rete. Nmap è disponibile da molti anni ed è probabilmente lo strumento più usato per raccogliere informazioni. Una notevole pagina man provvede a fornire una dettagliata descrizione sul suo uso e le sue opzioni. Gli amministratori possono usare Nmap su una rete per individuare gli host presenti ed aprire le porte di questi sistemi.
+ </div><div class="para">
+ Nmap è uno strumento molto adatto per un'analisi di vulnerabilità. Esso è in grado di creare una mappa di tutti gli host all'interno della rete e, passando un opzione, è possibile conoscere anche il sistema operativo in esecuzione su un particolare host. Nmap è un buon punto di partenza per creare una policy che usi servizi sicuri e blocchi quelli non utilizzati.
+ </div><div class="section" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap">1.3.3.1.1. Usare Nmap</h5></div></div></div><div class="para">
+ Nmap può essere avviato da un terminale con il comando <code class="command">nmap</code>, seguito dall'hostname o dall' indirizzo IP della macchina di cui si vuole eseguire una scansione.
+ </div><pre class="screen"><code class="command">nmap foo.example.com</code></pre><div class="para">
+ I risultati di una scansione base (che potrebbe durare anche un paio di minuti, dipendendo da dove sia localizzato l'host e da altre condizioni di rete), dovrebbero essere qualcosa di simile:
+ </div><pre class="screen">
+Starting Nmap 4.68 ( http://nmap.org )
+Interesting ports on foo.example.com:
+Not shown: 1710 filtered ports
+PORT STATE SERVICE
+22/tcp open ssh
+53/tcp open domain
+70/tcp closed gopher
+80/tcp open http
+113/tcp closed auth</pre><div class="para">
+ Nmap testa le più comuni porte di comunicazione in attesa o ascolto di servizi. Questa informazione può aiutare un amministratore a chiudere servizi non necessari o inutilizzati.
+ </div><div class="para">
+ Per maggiori informazioni sull'uso di Nmap, fare riferimento alla homepage ufficiale, al seguente URL:
+ </div><div class="para">
+ <a href="http://www.insecure.org/"> http://www.insecure.org/ </a>
+ </div></div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nessus"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.3.3.2. Nessus</h4></div></div></div><div class="para">
+ Nessus è uno scanner di sicurezza. L'architettura a plug-in di Nessus permette di personalizzare il suo utilizzo, secondo le necessità della rete e del sistema. Come ogni scanner, Nessus rimane uno strumento valido finchè rimane valido il database delle firme. Fortunatamente, Nessus è frequentemente aggiornato ed offre report completi, scansione degli host e ricerca in tempo reale di vulnerabilità. Si ricordi che potrebbero rivelarsi falsi positivi e falsi negativi, anche in uno strumento potente e frequentemente aggiornato come Nessus.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Il client e il server Nessus è disponibile nei repository di Fedora ma il suo uso richiede una iscrizione. Nessus è stato inserito in questo documento come riferimento per quegli utenti che potrebbero essere interessati ad usare questa diffusa applicazione.
+ </div></div></div><div class="para">
+ Per maggiori informazioni su Nessus, fare riferimento al sito web ufficiale, al seguente URL:
+ </div><div class="para">
+ <a href="http://www.nessus.org/"> http://www.nessus.org/ </a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nikto"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.3.3.3. Nikto</h4></div></div></div><div class="para">
+ Nikto è uno scanner di scrpit CGI (Common Gateway Interface). Nikto controlla le vulnerabilità in script CGI, ma in modo da essere evasivo così da eludere i sistemi anti-intrusione. Prima di usarlo, si consiglia di leggere attentamente la documentazione allegata alla sua distribuzione. Se si dispone di un server Web che serve script CGI, Nikto può essere una eccellente risorsa per controllare la sicurezza di questi server.
+ </div><div class="para">
+ Maggiori informazioni su Nikto, possono trovarsi al seguente URL:
+ </div><div class="para">
+ <a href="http://www.cirt.net/code/nikto.shtml"> http://www.cirt.net/code/nikto.shtml </a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.3.3.4. VLAD lo scanner</h4></div></div></div><div class="para">
+ VLAD è uno scanner di vulnerabilità sviluppato dal gruppo <acronym class="acronym">RAZOR</acronym> presso Bindview, Inc., che controlla la Top Ten dei problemi di sicurezza più comuni (probelmi SNMP, di condivisione file, ecc), nella lista SANS. Anche se non così ricco di funzionalità come Nessus, VLAD è comunque un buon investigatore.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ VLAD non è incluso in Fedora e non è supportato. E' stato inserito in questo documento come riferimento per quegli utenti che potrebbero essere interessati ad usare questa diffusa applicazione.
+ </div></div></div><div class="para">
+ Maggiori informazioni su VLAD, possono trovarsi sul sito web di RAZOR, al seguente URL:
+ </div><div class="para">
+ <a href="http://www.bindview.com/Support/Razor/Utilities/"> http://www.bindview.com/Support/Razor/Utilities/ </a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.3.3.5. Le necessità future</h4></div></div></div><div class="para">
+ Per ogni target e risorsa esistono molti strumenti disponibili. Esistono strumenti per reti wireless, reti Novell, sistemi windows, sistemi Linux ed altri ancora. Un altro aspetto importante da considerare, quando si analizzano le vulnerabilità, riguarda la sicurezza fisica, la selezione del personale e l'analisi delle reti vocali/PBX. Nuovi concetti come <em class="firstterm">war walking</em>, riguardanti la scansione perimetrale della struttura fisica in cui ha sede l'organizzazione, alla ricerca di vulnerabilità nelle reti wireless, sono alcuni concetti emergenti che si potrebbero investigare, e se necessario, includere in un'analisi di routine. L'immaginazione, il tempo e le risorse sono gli unici limiti per pianificare e condurre un'analisi di vulnerabilità.
+ </div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Common_Exploits_and_Attacks" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Rischi e Attacchi comuni</h2></div></div></div><div class="para">
+ La <a class="xref" href="#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits">Tabella 1.1, «Attacchi comuni»</a> illustra alcune delle azioni più comuni e i punti d'ingresso usati per accedere alle risorse di rete di un'organizzazione. Per ogni attacco si fornisce una descrizione di come sia stata realizzata e le contromisure da prendere, a protezione delle risorse di rete.
+ </div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><h6>Tabella 1.1. Attacchi comuni</h6><div class="table-contents"><table summary="Attacchi comuni" border="1"><colgroup><col width="20%" class="Exploit" /><col width="40%" class="Description" /><col width="40%" class="Notes" /></colgroup><thead><tr><th>
+ Attacco
+ </th><th>
+ Descrizione
+ </th><th>
+ Note
+ </th></tr></thead><tbody><tr><td>
+ Password vuote o predefinite
+ </td><td>
+ Lasciare le password amministrative vuote oppure utilizzare una password predefinita, impostata dal produttore. Ciò è molto comune in alcuni hardware come router e firewall ed anche in alcuni servizi in esecuzione su Linux (in Fedora invece non esistono password predefinite).
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Si trovano comunemente in hardware di rete come router, firewall, VPN e dispositivi di memorizzazione di rete (NAS).</td></tr><tr><td>Comune in molti sistemi operativi proprietari, specialmente in quelli che vendono servizi (come UNIX e Windows).</td></tr><tr><td>Gli amministratori a volte creano account di utenti privilegiati, in fretta e furia, lasciando la password vuota; ciò può essere un punto d'accesso ideale per utenti maliziosi che scoprono l'account.</td></tr></table>
+
+ </td></tr><tr><td>
+ Chiavi predefinite condivise
+ </td><td>
+ Alcuni servizi di sicurezza, a volte, per motivi di sviluppo o per test valutativi, impostano le chiavi di sicurezza in modo predefinito. Se le chiavi non vengono modificate e vengono usate in un ambiente di produzione su Internet, <span class="emphasis"><em>tutti</em></span> gli utenti con le stesse chiavi predefinite avranno accesso alle risorse di quella chiave ed alle informazioni sensibili che essa contiene.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Molto comune negli access point dei sistemi wireless e nelle appliance secure server preconfigurate.</td></tr></table>
+
+ </td></tr><tr><td>
+ IP Spoofing
+ </td><td>
+ Una macchina remota agisce come un nodo sulla rete locale, trova le vulnerabilità nei server ed installa un programma backdoor o trojan, per ottenere il controllo sulle risorse di rete.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Lo spoofing è abbastanza difficile da realizzare, dato che comporta prevedere, da parte dell'attaccante, i numeri della sequenza TCP/IP necessari per coordinare una connessione con il sistema target; tuttavia, sono disponibili molti strumenti che assistono i cracker nel perseguire questo tipo di attacco.</td></tr><tr><td>Dipende dai servizi in esecuzione sul sistema target (come <code class="command">rsh</code>, <code class="command">telnet</code>, FTP e altri) che usano tecniche di autenticazione <em class="firstterm">source-based</em>, i quali non sono raccomandati se confrontati con PKI o altre forme di autenticazione cifrata, usate in <code class="command">ssh</code> o SSL/TLS.</td></tr></table>
+
+ </td></tr><tr><td>
+ Eavesdropping (Origliare)
+ </td><td>
+ Raccogliere dati che passano tra i nodi attivi di una rete, stando in ascolto fra i due nodi della connessione.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Questo tipo di attacco funziona, principalmente, nei protocolli con trasmissione del testo in chiaro come Telnet, FTP ed HTTP.</td></tr><tr><td>Gli attaccanti remoti, per eseguire questo attacco, devono avere accesso ad un sistema compromesso sulla LAN; solitamente, il cracker usa un attacco attivo (come l'IP spoofing o man-in-the-middle), per compromettere il sistema sulla LAN.</td></tr><tr><td>Misure preventive includono servizi con scambio di chiavi crittografiche, password "usa e getta" oppure autenticazione cifrata; è inoltre consigliata una robusta cifratura durante la trasmissione.</td></tr></table>
+
+ </td></tr><tr><td>
+ Vulnerabilità nei servizi
+ </td><td>
+ L'attaccante può trovare una falla o una scappatoia in un servizio in esecuzione su Internet; attraverso questa vulnerabilità, l'attaccante compromette l'intero sistema e qualsiasi dato in esso contenuto, e potrebbe compromettere altri sistemi sulla rete.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>I servizi basati su HTTP come CGI, sono vulnerabili all'esecuzione di comandi remoti ed anche ad accessi da shell interattive. Anche se il servizio HTTP è in esecuzione come un utente non privilegiato, come "nobody", informazioni come file di configurazione e mappe di rete possono essere lette, oppure l'attaccante può avviare un attacco tipo DoS (Denial of Service) consumando risorse di sistema o renderle indisponibili agli utenti.</td></tr><tr><td>A volte i servizi possono presentare vulnerabilità che non vengono notate in fase di sviluppo e di test; queste vulnerabilità (come i <em class="firstterm">buffer overflows</em>, in cui l'attaccante manda in crash un servizio riempiendo il buffer di memoria di una applicazione con valori arbitrari, dandogli un prompt di comando interattivo dal quale può eseguire comandi arbitrari) possono fornire un controllo amministrativo completo a chi effettua l'atta
cco.</td></tr><tr><td>Gli amministratori dovrebbero assicurarsi che i servizi non siano in esecuzione come utente root, e dovrebbero vigilare su patch e aggiornamenti di errata per le applicazioni, da produttori o da organizzazioni di sicurezza come il CERT e il CVE.</td></tr></table>
+
+ </td></tr><tr><td>
+ Vulnerabilità nelle applicazioni
+ </td><td>
+ L'attaccante trova falle nelle applicazioni desktop e workstation (come i client e-mail) per eseguire codice arbitrario, impiantare <span class="emphasis"><em>trojan</em></span> per attacchi futuri o per mandare in crash il sistema. Potrebbero verificarsi ulteriori attacchi, se la workstation compromessa ha privilegi amministrativi sul resto della rete.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Le workstation e i desktop sono più facili da sfruttare se gli utenti non hanno le conoscenze o l'esperienza per prevenire o rilevare un rischio; è importante informare gli utenti sui rischi che si corrono, quando si installa software non autorizzato oppure si aprono allegati di mail non attese.</td></tr><tr><td>Si possono implementare dei metodi di sicurezza, facendo in modo che i software di gestione posta non aprano o eseguano automaticamente gli allegati. In aggiunta, l'aggiornamento automatico delle workstation tramite i servizi di rete Red Hat o altri servizi di gestione, possono ridurre il carico di lavoro e le disattenzioni sulla sicurezza in sistemi multi-utente.</td></tr></table>
+
+ </td></tr><tr><td>
+ Attacchi Denial of Service (DoS)
+ </td><td>
+ Gli attaccanti o gruppi di attaccanti si coordinano contro la rete di una organizzazione o contro le risorse di un server, inviando pacchetti non autorizzati all'host obiettivo (può essere un server, un router o una workstation). Ciò induce la risorsa a diventare non disponibile agli utenti legittimi.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Il caso più famoso di DoS si è verificato negli USA nel 2000. Molti siti commerciali e di governo ad alto traffico, sono stati resi in-disponibili da un attacco coordinato di ping flood usando diversi sistemi compromessi a banda larga, che agivano da <em class="firstterm">zombie</em> o nodi rimbalzanti di pacchetti broadcast.</td></tr><tr><td>Il mittente dei pacchetti, di solito, viene falsificato (oltre ad essere ritrasmesso) rendendo arduo scoprire l'origine dell'attacco.</td></tr><tr><td>Migliorare il filtraggio dei pacchetti in ingresso (IETF rfc2267), usando <code class="command">iptables</code> e sistemi di intrusione (IDS) come <code class="command">snort</code>, possono aiutare gli amministratori a individuare e prevenire attacchi DoS distribuiti.</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Security_Updates" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Aggiornamenti di sicurezza</h2></div></div></div><div class="para">
+ Se viene scoperto una vulnerabilità di sicurezza, il software colpito deve essere aggiornato per ridurre qualsiasi rischio connesso. Se il software fa parte di un pacchetto di Fedora, correntemente supportato, Fedora si impegna a rilasciare, prima possibile, gli aggiornamenti di correzione. Spesso, gli avvisi su un problema di sicurezza si accompagnano con una patch (una porzione di codice che risolve il problema). Questa patch, una volta applicata al pacchetto e testata, viene poi rilasciata come aggiornamento di correzione. Altre volte, quando un avviso non include una patch, lo sviluppatore lavora insieme con il manutentore del software per risolvere il problema. Poi una volta risolto, il pacchetto viene testato e rilasciato come aggiornamento di correzione.
+ </div><div class="para">
+ Se viene rilasciato un aggiornamento di correzione per il software in uso, si raccomanda di applicare l'aggiornamento prima possibile, in modo da ridurre la potenziale vulnerabilità del sistema.
+ </div><div class="section" id="sect-Security_Guide-Security_Updates-Updating_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Aggiornare i pacchetti</h3></div></div></div><div class="para">
+ Quando si aggiorna un sistema, è importante scaricare gli aggiornamenti da una sorgente fidata. Un attaccante può facilmente ricompilare un pacchetto con lo stesso numero di versione di quello che si suppone risolva il problema, ma con un'azione differente sulla sicurezza, per poi rilasciarlo su Internet. Anche usando misure di sicurezza, come la verifica dell'integrità dei file, non ci si accorgerebbe della minaccia presente nel pacchetto contraffatto. Quindi, è molto importante scaricare gli RPM soltanto da sorgenti fidate, come Fedora, e controllare la firma del pacchetto per verificarne l'integrità.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Fedora include una conveniente icona nel pannello del desktop, che si allerta quando è disponibile un aggiornamento per il sistema Fedora.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verificare la firma dei pachetti</h3></div></div></div><div class="para">
+ Tutti i pacchetti di Fedora sono firmati con la chiave <em class="firstterm">GPG</em> di Fedora. GPG sta per GNU Privacy Guard o GnuPG, ossia un software libero usato per assicurare l'autenticità dei file distribuiti. Per esempio, una chiave privata (segreta) sigilla il pacchetto mentre la chiave pubblica apre e verifica il pacchetto. Se la chiave pubblica, distribuita da Fedora, non corrisponde con la chiave privata durante la verifica di RPM, il pacchetto potrebbe essere stato alterato e perciò non è attendibile.
+ </div><div class="para">
+ L'utility RPM, presente in Fedora, prova a verificare la firma GPG di un pacchetto RPM, prima di procedere alla sua installazione. Se la firma GPG di Fedora non è stata installata, installarla da un repository sicuro, per esempio da un DVD di installazione di Fedora.
+ </div><div class="para">
+ Supponendo che il disco sia montato su <code class="filename">/mnt/cdrom</code>, usare il seguente comando per importare la firma nel <em class="firstterm">keyring</em> (un database di chiavi fidate presenti nel sistema):
+ </div><pre class="screen"><code class="command">rpm --import /mnt/cdrom/RPM-GPG-KEY</code></pre><div class="para">
+ Per visualizzare l'elenco di tutte le chiavi installate, per la verifica RPM, eseguire il comando:
+ </div><pre class="screen"><code class="command">rpm -qa gpg-pubkey*</code></pre><div class="para">
+ L'output sarà qualcosa di simile:
+ </div><pre class="screen"><code class="computeroutput">gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ Per visualizzare i dettagli di una chiave, usare il comando <code class="command">rpm -qi</code> seguito dall'output del comando precedente, come indicato di seguito:
+ </div><pre class="screen"><code class="command">rpm -qi gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ E' molto importante verificare la firma dei file RPM, prima di procedere all'installazione, per essere sicuri che non sinao stati alterati. Per verificare tutti i pacchetti scaricati, eseguire il seguente comando:
+ </div><pre class="screen"><code class="command">rpm -K /tmp/updates/*.rpm</code></pre><div class="para">
+ Per ciascun pacchetto, se la chiave GPG viene verificata con successo, il comando restituisce <code class="computeroutput">gpg OK</code>. Diversamente, assicurarsi di usare la chiave pubblica di Fedora e verificare la sorgente da cui sono stati scaricati i pacchetti. I pacchetti che non superano la verifica GPG non dovrebbero essere installati, poichè potrebbero essere stati alterati da terze parti.
+ </div><div class="para">
+ Dopo aver verificato la chiave GPG e scaricato tutti i pacchetti di correzione, procedere con l'installazione come utente root.
+ </div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installare pacchetti firmati</h3></div></div></div><div class="para">
+ L'installazione di molti pacchetti (esclusi quelli del kernel), si esegue con il seguente comando
+ </div><pre class="screen"><code class="command">rpm -Uvh /tmp/updates/*.rpm</code></pre><div class="para">
+ Per i pacchetti del kernel usare il seguente comando:
+ </div><pre class="screen"><code class="command">rpm -ivh /tmp/updates/<em class="replaceable"><code><kernel-package></code></em></code><code class="command">sshd</code>.</pre><div class="para">
+ Sostituire<em class="replaceable"><code><kernel-package></code></em> con il pacchetto RPM del kernel.
+ </div><div class="para">
+ Una volta riavviata la macchina, usare il nuovo kernel; il vecchio kernel può essere rimosso, con il seguente comando:
+ </div><pre class="screen"><code class="command">rpm -e <em class="replaceable"><code><old-kernel-package></code></em></code></pre><div class="para">
+ Sostituire <em class="replaceable"><code><old-kernel-package></code></em> con il pacchetto RPM del kernel da rimuovere.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Non è strettamente necessario rimuovere il vecchio kernel. Il gestore di boot, GRUB, permette di avere kernel multipli, selezionabili da un menu nella fase di boot.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Prima di installare una correzione di sicurezza, leggere le istruzioni nell'avviso di correzione allegato alla patch e poi procedere come indicato. Per istruzioni generali su come applicare le modifiche, in un aggiornamento di correzione, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">Sezione 1.5.4, «Applicare i cambiamenti»</a>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applicare i cambiamenti</h3></div></div></div><div class="para">
+ Dopo aver scaricato ed installato gli aggiornamenti di correzione e di sicurezza, è importante chiudere e riavviare qualsiasi software oggetto di aggiornamento. Ciò ovviamente dipende dal tipo di software aggiornato. La seguente lista mostra le varie categorie di software e indica come usare la versione aggiornata.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ In generale, il riavvio del sistema resta il modo più sicuro che garantisce che si stia usando la versione appena aggiornata; comunque il riavvio non sempre è richiesto o disponibile all'amministratore.
+ </div></div></div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applicazioni</span></dt><dd><div class="para">
+ Le applicazioni dello spazio utente sono tutti quei programmi avviabili da un utente. Solitamente, tali applicazioni sono usate soltanto quando un utente, uno script o una utilty automatizzata le avvia e non persistono per lunghi periodi di tempo.
+ </div><div class="para">
+ Una volta aggiornata un'applicazione, chiudere ogni istanza dell'applicazione presente nel sistema e riavviare l'applicazione in modo da usare la versione aggiornata.
+ </div></dd><dt class="varlistentry"><span class="term">Kernel</span></dt><dd><div class="para">
+ Il kernel è il nucleo centrale del sistema operativo Fedora. Esso gestisce l'accesso alla memoria, il processore, le periferiche e organizza tra loro i vari componenti citati.
+ </div><div class="para">
+ Data la sua centralità, il kernel non può essere riavviato senza riavviare la macchina. Perciò, una versione aggiornata del kernel non può essere usata se non si riavvia la macchina.
+ </div></dd><dt class="varlistentry"><span class="term">Librerie condivise</span></dt><dd><div class="para">
+ Le librerie condivise sono pezzi di codice, come <code class="filename">glibc</code>, usate da applicazioni e servizi. Le applicazioni che utilizzano una libreria condivisa, di solito caricano il codice condiviso durante l'inizializzazione dell'applicazione, perciò le applicazioni che usano una libreria che è stata aggiornata devono essere chiuse e riavviate.
+ </div><div class="para">
+ Per determinare quali applicazioni sono collegate ad una libreria, usare il comando <code class="command">lsof</code> come indicato:
+ </div><pre class="screen"><code class="command">lsof /lib/libwrap.so*</code></pre><div class="para">
+ Il comando restituisce un elenco di tutti i programmi in esecuzione che usano involucri (wrapper) TCP per il controllo d'accesso. Perciò, tutti i programmi in elenco devono essere fermati e riavviati nel caso in cui il pacchetto <code class="filename">tcp_wrappers</code> venga aggiornato.
+ </div></dd><dt class="varlistentry"><span class="term">Servizi SysV</span></dt><dd><div class="para">
+ I servizi SysV sono programmi server persistenti, avviati durante il processo di boot. Esempi di Servizi SysV includono <code class="command">sshd</code>, <code class="command">vsftpd</code>, e <code class="command">xinetd</code>.
+ </div><div class="para">
+ Poichè questi servizi, generalmente persistono in memoria dopo il boot, ogni servizio SysV aggiornato deve essere fermato e riavviato. Ciò può essere fatto usando <span class="application"><strong>Sistema > Amministrazione > Servizi</strong></span>, oppure eseguendo il comando <code class="command">/sbin/service</code>, da una shell di root, come indicato di seguito:
+ </div><pre class="screen"><code class="command">/sbin/service <em class="replaceable"><code><service-name></code></em> restart</code></pre><div class="para">
+ Nel precedente esempio, sostituire <em class="replaceable"><code><service-name></code></em> con il nome del servizio, per esempio <code class="command">sshd</code>.
+ </div></dd><dt class="varlistentry"><span class="term">Servizi <code class="command">xinetd</code></span></dt><dd><div class="para">
+ I servizi controllati dal super servizio <code class="command">xinetd</code> sono in esecuzione soltanto se è attiva una connessione. Esempi di servizi controllati da <code class="command">xinetd</code> includono Telnet, IMAP e POP3.
+ </div><div class="para">
+ Poichè nuove istanze di questi servizi sono avviati da <code class="command">xinetd</code> ogni volta che viene ricevuta una nuova richiesta, le connessioni che si attivano dopo un aggiornamento sono gestite dal software aggiornato. Invece, le connessioni attive precedenti all'aggiornamento continuano ad essere gestite dalla versione precedente.
+ </div><div class="para">
+ Per arrestare (kill) le vecchie istanze di un servizio controllato da <code class="command">xinetd</code>, aggiornare il pacchetto del servizio e poi arrestare tutti i processi in esecuzione. Per sapere se il processo è in esecuzione usare il comando <code class="command">ps</code> e poi il comando <code class="command">kill</code> o <code class="command">killall</code>, per arrestare tutte le istanze correnti del servizio
+ </div><div class="para">
+ Per esempio, se viene rilasciato un aggiornamento di sicurezza per il pacchetto <code class="filename">imap</code>, aggiornare il pacchetto e poi eseguire il seguente comando in una shell di root:
+ </div><pre class="screen"><code class="command">ps -aux | grep imap</code></pre><div class="para">
+ Questo comando restituisce tutte le sessioni IMAP attive. Le sessioni individuali possono essere chiuse con il seguente comando:
+ </div><pre class="screen"><code class="command">kill <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ Se con il precedente comando la sessione non si chiude, usare allora il seguente comando:
+ </div><pre class="screen"><code class="command">kill -9 <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ Nei precedenti esempi, sostituire <em class="replaceable"><code><PID></code></em> con l'ID del processo (l'ID del processo si trova nella seconda colonna del comando <code class="command">ps</code>), della sessione IMAP.
+ </div><div class="para">
+ Per chiudere tutte le sessione IMAP attive, eseguire il comando:
+ </div><pre class="screen"><code class="command">killall imapd</code></pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm104125104" href="#idm104125104" class="para">1</a>] </sup>
+ http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm104125984" href="#idm104125984" class="para">2</a>] </sup>
+ http://www.livinginternet.com/i/ia_hackers_levin.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm80301648" href="#idm80301648" class="para">3</a>] </sup>
+ http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm80303248" href="#idm80303248" class="para">4</a>] </sup>
+ http://www.healthcareitnews.com/story.cms?id=9408
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm80304240" href="#idm80304240" class="para">5</a>] </sup>
+ http://www.internetworldstats.com/stats.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm84955024" href="#idm84955024" class="para">6</a>] </sup>
+ http://www.cert.org
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm84956624" href="#idm84956624" class="para">7</a>] </sup>
+ http://www.cert.org/stats/fullstats.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm107696608" href="#idm107696608" class="para">8</a>] </sup>
+ http://www.newsfactor.com/perl/story/16407.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm107694400" href="#idm107694400" class="para">9</a>] </sup>
+ http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm60617424" href="#idm60617424" class="para">10</a>] </sup>
+ http://www.sans.org/resources/errors.php
+ </div></div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Basic_Hardening" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 2. Guida base all'hardening</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Principi generali</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Perchè è importante?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Sicurezza fisica</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Perchè è importante</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. Cos'altro posso fare?</a></span></dt><dt><span clas
s="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Mantenere il software aggiornato</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Services">2.8. Servizi</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</a></span></dt></dl></div><div class="para">
+ La <a href="http://www.nsa.gov">US National Security Agency</a> (NSA) ha messo a punto due guide per l'hardening di una installazione standard di Red Hat Enterprise Linux 5. Molti dei suggerimenti forniti in queste guide sono valide anche per le installazioni di Fedora. Questa guida base dell'hardening riguarderà porzioni della NSA Hardening Tips e spiegherà perché l'implementazione di tali suggerimenti è importante. Il presente documento non rappresenta l'intera guida NSA all'Hardening.
+ </div><div class="para">
+ Come per qualsiasi modifica di un sistema questi cambiamenti potrebbero portare a risultati indesiderati. Le modifiche dovrebbero essere valutate sul sistema prima di atturle.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Principi generali</h2></div></div></div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Criptare tutti i dati trasmessi in rete. L'informazione di autenticazione criptata (come le password) è particolarmente importante. </td></tr><tr><td>Limitare la quantità del software installato ed avviato in modo da ridurre le vulneràbilità.</td></tr><tr><td>Usare software di security-enhancing e gli strumenti disponibili (ad esempio SELinux e IPTables).</td></tr><tr><td>Avviare ogni servizio di rete su un server separato se possibile. Questo limita i rischi di compromissione da un servizio ad altri.</td></tr><tr><td>Mantenere gli account utente. Creare delle buone regole per le password e blindarne l'uso. Eliminare gli account utente inutilizzati.</td></tr><tr><td>Rivedere i log di sistema e applicazioni su base programmata. Inviare i log su server dedicati. Questo inpedisce le intrusioni evitando il rilevamento di modifiche locali.</td></tr><tr><td>Mai accedere come root, a meno che non strettamente
necessario. Gli amministratori dovrebbero usare <code class="command">sudo</code> per eseguire i comandi come root quando richiesti. Gli account che usano sudo sono specificati in <code class="filename">/etc/sudoers</code>, che è modificato tramite l'utilità visudo. Normalmente i log rilevanti sono scritti in <code class="filename">/var/log/secure</code>.</td></tr></table>
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Perchè è importante?</h2></div></div></div><div class="para">
+ I principi generali della NSA rappresentano una panoramica sulle migliori procedure di sicurezza. Ci sono articoli di questo elenco che probabilmente non verranno utilizzati da tutti e ci sono elementi mancanti che dovrebbero essere sottolineato come best practice. Ulteriori informazioni su queste e altre idee verranno spiegate in seguito.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Sicurezza fisica</h2></div></div></div><div class="para">
+ La sicurezza fisica di un sistema è di estrema importanza. Molti dei suggerimenti dati qui non proteggono se l'attaccante ha accesso fisico al tuo sistema.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Questa sezione contiene informazioni riguardo GRUB Legacy e non sono valide per il rilascio attuale (conosciuto anche come GRUB2). Fedora 16 e versioni successive non usano GRUB Legacy così molti dei comandi non funzioneranno.
+ </div></div></div><div class="para">
+ Configurare il BIOS per disabilitare l'avvio da CD/DVD, floppy e dispositivo esterno, ed impostare una password per proteggerli. Poi impostare una password per il bootloader GRUB. Generare una password hash usando il comando <code class="command">/sbin/grub-md5-crypt</code>. Aggiungere l'hash alla prima linea del <code class="command">/etc/grub.conf</code> usando <code class="command">password --md5 'passwordhash'</code>. Questo impedisce agli utenti di usare la modalità single user o cambiare le impostazioni.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Perchè è importante</h2></div></div></div><div class="para">
+ Un attaccante può prendere il controllo completo del tuo sistema eseguendo il boot da una sorgente esterna. Eseguendo il boot da una sorgente esterna (p.e. un live CD Linux) molte delle impostazioni di sicurezza vengono superate. Se l'attaccante può modificare le impostazioni di GRUB può eseguire il boot in modalità utente singolo che permette l'accesso amministrativo al sistema.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. Cos'altro posso fare?</h2></div></div></div><div class="para">
+ Fin da Fedora 9, la crittografia LUKS è stata supportata in modo nativo per proteggere i dati memorizzati in una partizione criptata LUKS. Quando si installa Fedora 9, selezionare la casella per crittografare il file system quando si imposta il file system. Criptando la partizione root e la <code class="filename">/home</code> (o la partizione singola / se si accetta il file system predefinito), gli attaccanti usano una sorgente esterna o l'avvio in modalità utente singolo. Naturalmente si utilizza una passphrase per proteggere i dati.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</h2></div></div></div><div class="para">
+ La connessione di rete del computer è il gateway verso il sistema. I file e il tempo d'elaborazione potrebbero essere a disposizione di chiunque si colleghi con successo al sistema tramite la connessione di rete se le altre garanzie non sono state implementate. Uno dei modi principali per mantenere il controllo del sistema è in primo luogo quello di evitare che gli aggressori possano accedere al sistema.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> è oggi il software firewall più utilizzato sui sistemi Linux. Questo programma intercetta i pacchetti in entrata al computer attraverso la connessione di rete e li filtra in base alle regole specificate. Ulteriori informazioni possono essere trovate su <a class="xref" href="#sect-Security_Guide-IPTables">Sezione 3.9, «IPTables»</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</h3></div></div></div><div class="para">
+ IPv6 è il protocollo Internet più recente che mira a risolvere il deficit quantitativo degli indirizzi IPv4. E, sebbene non ci siano rischi per la sicurezza direttamente associati con il nuovo protocollo, ci sono alcune cose da capire prima di utilizzare questa nuova tecnologia.
+ </div><div class="para">
+ Molti amministratori di sistema hanno familiarità con IPv4 e i work-around che sono stati messi in atto per farlo lavorare. Uno di questi è la traduzione dell'indirizzo di rete o <em class="firstterm">NAT</em> . NAT è tradizionalmente utilizzato per mantenere al minimo il numero di indirizzi IP pubblici necessari quando si imposta una rete locale. Non tutti i sistemi su queste reti richiedono indirizzi IP pubblici ed indirizzi preziosi possono essere salvati mediante l'attuazione di questa tecnologia. Ci sono alcune caratteristiche di sicurezza che rappresentano effetti collaterali di NAT; il più grande dei quali è che il traffico in uscita non è permesso senza il port forwarding attraverso il router. Poiché IPv6 risolve il problema dell'indirizzamento, non c'è più la necessità di utilizzare NAT. Ogni cosa può avere un indirizzo IP pubblico e, in senso lato, non tutto è pubblicamente instradabile su Internet quando si stabiliscono connessioni fisiche e logich
e.
+ </div><div class="para">
+ Un'altra cosa di cui preoccuparsi è come il software di sicurezza si occupa di questo nuovo protocollo. <span class="application"><strong>iptables</strong></span> non sa o non capisce l'IPv6 e quindi ne ignora tutti i pacchetti. Ciò significa che se la rete sta utilizzando IPv6 e non è stato attivato <span class="application"><strong>ip6tables</strong></span> allora si lascia una porta al sistema aperto al mondo.
+ </div><div class="para">
+ L'utilizzo di IPv6 non è pericoloso fino a quando se ne conoscono e se ne capiscono i cambiamenti che il software del sistema ha subìto per rendere possibile l'utilizzo di questo nuovo protocollo di rete.
+ </div></div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Up_to_date"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Mantenere il software aggiornato</h2></div></div></div><div class="para">
+ Il software viene patchato tutti i giorni. Alcuni di questi aggiornamenti risolvono i problemi di sicurezza che sono stati identificati dagli sviluppatori. Quando queste diventano disponibili è importante che vengano applicate al sistema appena possibile. Uno dei modi più semplici per gestire gli aggiornamenti per il sistema è quello di usare <span class="application"><strong>yum</strong></span>. Un plugin speciale è disponibile per consentire solo aggiornamenti di sicurezza ignorando correzioni di bug e miglioramenti. Questo plugin è descritto meglio su <a class="xref" href="#sect-Security_Guide-CVE-yum_plugin">Sezione 8.1, «Plugin YUM»</a> .
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Services"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Services">2.8. Servizi</h2></div></div></div><div class="para">
+ I servizi in Linux sono programmi che vengono eseguiti come demoni in background. E 'importante controllare questi programmi regolarmente per determinare se bisogna tenerli in esecuzione. Molti demoni aprono le porte di rete al fine di ascoltare le chiamate. Mantenere aperte porte non necessarie può danneggiare la sicurezza complessiva del sistema. Una falla di sicurezza sconosciuta in un software è in grado di dare il via libera ad un hacker all'interno del sistema senza una buona ragione.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-NTP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</h2></div></div></div><div class="para">
+ Il Network Time Protocol o <em class="firstterm">NTP</em> mantiene sincronizzata l'ora sui sistemi. L'ora è un pezzo molto importante per la sicurezza e dovrebbe essere mantenuta più precisamente possibile. L'ora è utilizzata nei file di log, i timestamp e nella crittografia. Se qualcuno è in grado di controllare le impostazioni dell'orario allora sarà anche in grado di ricreare un'irruzione che è molto più difficile.
+ </div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Securing_Your_Network" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 3. Proteggere la rete locale</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Analizzare la sicurezza di una workstation</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. Protezione del BIOS e del Boot Loader</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Protezione delle password</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Controlli ammi
nistrativi</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Servizi di rete disponibili</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Firewall personali</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Strumenti di comunicazione che aumentano la sicurezza</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">3.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Proteggere i servizi con TCP Wrapper e xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Proteggere Portmap</a></span></dt><dt><span class="section"><a hre
f="#sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Proteggere NIS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Proteggere NFS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Proteggere HTTP Apache</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Proteggere FTP</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Proteggere Sendmail</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Controllare le porte in ascolto</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_
SSO-Introduction">3.3.1. Introduzione</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Primo utilizzo di una nuova Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. Come funziona la registrazione di una Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. Come funziona l'accesso via Smart Card</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configurare Firefox ad usare Kerberos con SSO</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Yubikey">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Utilizzo di Yubikey con u
n server centralizzato</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Autenticazione ai siti web con la Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Vantaggi di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. File di configurazione di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. Formato del file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. U
n esempio di file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creare moduli PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. Caching delle credenziali PAM ed Amministrative</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. Proprietario di PAM e di Dispositivo</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrapper e xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6
.1. TCP Wrapper</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. File di configurazione di TCP Wrapper</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. File di configuratione di xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Cos'è Kerberos?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Terminologia Kerberos</a></span><
/dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Come funziona Kerberos</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos e PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configurare un server Kerberos 5</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configurare un client Kerberos 5</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Associazione tra Dominio e Realm</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Impostare KDC secondari</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Impostare autenticazioni cross real
m</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">3.8. Firewall</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter e IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Configurazione di un firewall di base</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Usare IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Filtraggi IPTables comuni</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. Regole di <code class="computeroutput">FORWARD</code> e <acronym class="acronym">NAT<
/acronym></a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Software maliziosi e indirizzi IP spoofed</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables e Connection Tracking</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Filtraggio pacchetti</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Opzioni di comando di IPTables</a></span></dt><dt><span class="secti
on"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Salvataggio delle regole IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. Script di controllo IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables ed IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Ulteriori risorse</a></span></dt></dl></dd></dl></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Workstation_Security" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Workstation_Security">3.1. Workstation Security</h2></div></div></div><div class="para">
+ La sicurezza di un ambiente Linux inizia dalle workstation. La policy di sicurezza deve partire dalla singola macchina, in modo da assicurare la sicurezza alla macchina e al sistema di cui la macchina fa parte. Un rete di computer è sicura soltanto se non esiste alcun punto debole.
+ </div><div class="section" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Analizzare la sicurezza di una workstation</h3></div></div></div><div class="para">
+ Quando si analizza la sicurezza di una workstation Fedora, occorre tener conto dei seguenti fattori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Sicurezza del BIOS e del Boot Loader</em></span> — Può un utente non autorizzato accedere fisicamente alla macchina ed avviare la macchina in modalità mono utente o di ripristino, senza usare una password?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Sicurezza della Password</em></span> — Quanto sono sicure le password di accesso degli utenti?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Controlli Amministrativi</em></span> — Chi può accedere al sistema e quanti controlli amministrativi possiede?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Servizi di rete disponibili</em></span> — Quali servizi sono in ascolto per servire richieste dalla rete: devono essere tutti in esecuzione?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Firewall</em></span> — Che tipo di firewall, se occorre, è necessario?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Strumenti di comunicazione sicuri</em></span> — Quali strumenti dovrebbero essere usati per le comunicazioni tra workstation e quali evitati?
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. Protezione del BIOS e del Boot Loader</h3></div></div></div><div class="para">
+ Proteggere con password BIOS e Boot Loader, impedisce ad utenti non autorizzati di avviare la macchina con dischi di avvio o di ottenere privilegi amministrativi, in modalità single user. Le misure da prendere servono sia a proteggere le informazioni nella macchina sia la macchina stessa.
+ </div><div class="para">
+ Per esempio, se una macchina viene usata in una posizione sicura dove hanno accesso solo persone di fiducia ed il computer non contiene informazioni sensibili, allora non dovrebbe essere cruciale prevenire questo tipo di attacchi. Comunque, se un portatile di un utente con chiavi SSH non cifrate private per la rete corporativa viene lasciato scollegato in una zona pubblica, esso potrebbe portare ad una falla nella sicurezza con ramificazione all'intera compagnia.
+ </div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">3.1.2.1. Password per accedere al BIOS</h4></div></div></div><div class="para">
+ Le ragioni per proteggere il BIOS di un compter con password, sono fondamentalmente due, <sup>[<a id="idm106839184" href="#ftn.idm106839184" class="footnote">11</a>]</sup>:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire le modifiche alle impostazioni del BIOS</em></span> — Se un intrusore ha accesso al BIOS, egli può configurare l'avvio da USB o DVD, permettendogli di avviare la modalità rescue del sistema o la modalità single user, con possibilità di avviare processi arbitrari o copiare dati sensibili.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire il Boot di sistema</em></span> — Alcuni BIOS permettono di proteggere con password, il processo di boot. Se attivato, all'accensione della macchina viene richiesto di inserire una passowrd. In tal modo, un attacker deve conoscere la password per avviare il processo di boot.
+ </div></li></ol></div><div class="para">
+ I metodi per l'impostazione della password di BIOS variano tra produttori, consultare perciò il manuale della motherboard allegato al computer, per informazioni specifiche.
+ </div><div class="para">
+ La password di BIOS può essere resettata, disconnettendo la pila CMOS o agendo sui ponticelli di contatto nella motherboard: per questo motivo, si consiglia di rendere inaccessibile, per quanto possibile, il case del computer. Comunque, prima di manovrare sulla motherboard, fare riferimento ai manuali a disposizione.
+ </div><div class="section" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms">3.1.2.1.1. Rendere sicure le piattaforme non-x86</h5></div></div></div><div class="para">
+ Altre architetture usano degli assembler con operazioni hardware di basso livello, grosso modo simili al BIOS dei sistemi x86. Per esempio, le macchine con processori <span class="trademark">Intel</span>® <span class="trademark">Itanium</span>™ usano la shell <em class="firstterm">Extensible Firmware Interface</em> (<em class="firstterm">EFI</em>).
+ </div><div class="para">
+ Per istruzioni su come proteggere con password, i simil-BIOS di altre architetture, fare riferimento alle indicazioni del produttore.
+ </div></div></div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">3.1.2.2. Password per Boot Loader</h4></div></div></div><div class="para">
+ Le ragioni principali per proteggere con password, un boot loader Linux sono le seguenti:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire l'accesso Single User Mode</em></span> — Se un attacker può avviare il sistema in modalità mono utente, egli accede automaticamente come utente root senza che venga richiesta la passoword di root.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire l'accesso alla console GRUB</em></span> — Se la macchina usa GRUB come proprio boot loader, un attacker può usare l'interfaccia di editazione di GRUB per modificare la configurazione o per carpire informazioni, con il comando <code class="command">cat</code>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire l'accesso a sistemi operativi poco sicuri</em></span> — In un sistema dual boot, un attacker può selezionare un sistema operativo privo di policy di controllo d'accesso e di permessi, come DOS.
+ </div></li></ol></div><div class="para">
+ Nelle piattaforme x86, Fedora viene distribuito con il boot loader GRUB. Per informazioni dettagliate su GRUB, fare riferimento alla <span class="application"><strong>Fedora Installation Guide</strong></span> su <a href="http://docs.fedoraproject.org">http://docs.fedoraproject.org</a>.
+ </div><div class="section" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB">3.1.2.2.1. Proteggere GRUB con password</h5></div></div></div><div class="para">
+ Per configurare GRUB secondo le richieste della <a class="xref" href="#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Sezione 3.1.2.2, «Password per Boot Loader»</a>, aggiungere una direttiva di password al suo file di configurazione. Le operazioni da eseguire sono, scegliere per prima cosa una password robusta, aprire un terminale, avviando una shell di root, e poi digitare il seguente comando:
+ </div><pre class="screen"><code class="command">/sbin/grub-md5-crypt</code></pre><div class="para">
+ Quando richiesto, inserire la password per GRUB e premere <span class="keycap"><strong>Invio</strong></span>. Il comando restituisce un hash MD5 della password.
+ </div><div class="para">
+ Successivamente, aprire il file di configurazione di GRUB, <code class="filename">/boot/grub/grub.conf</code> e inserire, immediatamente dopo la riga contente la stringa <code class="command">timeout</code> nella sezione principale del file, la seguente riga:
+ </div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre><div class="para">
+ Sostituire <em class="replaceable"><code><password-hash></code></em> con il valore restituito dal comando <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="idm92948160" href="#ftn.idm92948160" class="footnote">12</a>]</sup>.
+ </div><div class="para">
+ Al successivo riavvio del sistema, il menu di GRUB vieta l'accesso all'interfaccia di editazione o di comando, se non dopo aver digitato <span class="keycap"><strong>p</strong></span> seguito dalla password di GRUB.
+ </div><div class="para">
+ Per impostare la terza richiesta, ossia impedire in un sistema dual boot l'avvio di un s.o. poco sicuro, occorre editare sempre il file <code class="filename">/boot/grub/grub.conf</code>.
+ </div><div class="para">
+ Nella riga contenente la stringa <code class="computeroutput">title</code>, individuare il sistema operativo che si vuole proteggere ed aggiungere immediatamente dopo, la direttiva <code class="command">lock</code>.
+ </div><div class="para">
+ Per un sistema DOS, la riga diventerebbe qualcosa di simile:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock</code></pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Perchè questo metodo funzioni correttamente, occorre che sia presente una riga <code class="computeroutput">password</code>, nella sezione principale del file <code class="filename">/boot/grub/grub.conf</code>. Diversamente, un attacker potrebbe accedere all'interfaccia di editazione di GRUB e rimuovere il lock.
+ </div></div></div><div class="para">
+ Per creare una password diversa per ogni kernel o sistema operativo, aggiungere <code class="command">lock</code>, seguito dalla password, su ogni riga relativa.
+ </div><div class="para">
+ Ogni sistema protetto da una password dovrebbe iniziare con una riga simile:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Password_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Protezione delle password</h3></div></div></div><div class="para">
+ Le password sono il metodo principale usato da Fedora per verificare l'dentità di un utente. Per questo motivo, la sicurezza della password è molto importante: serve a proteggere l'utente, la workstation e la rete.
+ </div><div class="para">
+ Per motivi di sicurezza, il processo di installazione configura il sistema usando <em class="firstterm">Message-Digest Algorithm</em> (<span class="emphasis"><em>MD5</em></span>) e password non leggibili. Si raccomanda vivamente di non alterare queste impostazioni.
+ </div><div class="para">
+ Se durante l'installazione, si deseleziona la codifica MD5, le password saranno generate usando il vecchio formato <em class="firstterm">Data Encryption Standard</em> (<em class="firstterm"><acronym class="acronym">DES</acronym></em>). Questo standard, limita le password ad otto caratteri alfanumerici (vietando l'uso di caratteri di punteggiatura e di altri caratteri speciali), con un modesto livello di codifica a 56 bit.
+ </div><div class="para">
+ Inoltre se si deseleziona l'illeggibilità delle password, le password saranno salvate e cifrate con un funzione hash one-way, nel file <code class="filename">/etc/passwd</code> accessibile a tutti, rendendo il sistema vulnerabile ad attacchi da parte di cracker di password. Infatti, se un intrusore riesce ad accedere ad una macchina come un regolare utente, egli può copiare il file <code class="filename">/etc/passwd</code> sulla propria macchina, e carpire le password salvate, sebbene cifrate, usando una delle tante applicazioni di cracking disponibili. A questo punto è solo una questione di tempo: se è presente una password poco sicura, l'applicazione prima o poi riuscirà facilmente a decodificarla.
+ </div><div class="para">
+ Le password illeggibili eliminano questo tipo di attacco, salvando le password cifrate nel file <code class="filename">/etc/shadow</code>, leggibile soltanto da parte dell'utente root.
+ </div><div class="para">
+ Un potenziale attacker può tentare di carpire le password anche da remoto, tramite un servizio di rete attivo sulla macchina come SSH o FTP. Questo tipo di attacco richiede più tempo e lascia traccia nei file di log del sistema. Ma in presenza di <span class="emphasis"><em>password deboli</em></span>, a suo favore, il cracker che inizia un attacco contro un sistema, p.e in piena notte, potrebbe avere accesso al sistema prima dell'alba, e tempo sufficiente per cancellare nel file di log, ogni traccia dei suoi tentativi d'accesso.
+ </div><div class="para">
+ Oltre al formato e al salvataggio che sono considerazioni di sistema, c'è il problema del contenuto, che è la cosa effettivamente fondamentale che spetta all'utente, ossia creare una password robusta.
+ </div><div class="section" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords">3.1.3.1. Creare password robuste</h4></div></div></div><div class="para">
+ Per creare una password sicura è una buona idea seguire queste linee guida:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare solo parole o solo numeri</em></span> — In una password usare una miscela di parole e numeri (Sull'uso delle parole vedi più avanti).
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 8675309
+ </div></li><li class="listitem"><div class="para">
+ antonio
+ </div></li><li class="listitem"><div class="para">
+ hackme
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare parole riconoscibili</em></span> — Parole come nomi propri, sostantivi o anche termini di show televisi o di attori, anche se terminanti con dei numeri, dovrebbero essere evitati.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ bisio45
+ </div></li><li class="listitem"><div class="para">
+ jolie-34
+ </div></li><li class="listitem"><div class="para">
+ mazingaZ
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare parole di lingue straniere</em></span> — Le applicazioni di cracking, spesso, scansionano le parole nei dizionari di molte lingue straniere. Affidarsi a una parola straniera non è molto sicuro.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cheguevara
+ </div></li><li class="listitem"><div class="para">
+ bienvenido1
+ </div></li><li class="listitem"><div class="para">
+ 1dumbKopf
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare la terminologia Hacker</em></span> — Se si ritiene di rientrare in una elite, perchè per la propria password usa la terminologia Hacker — anche chiamato linguaggio l337 (LEET) — si rifletta bene. Molti dizionari includono il linguaggio 1337.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ H4X0R
+ </div></li><li class="listitem"><div class="para">
+ 1337
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare informazioni personali</em></span> — Evitare di usare ogni informazione personale. Se l'attacker conosce un pò l'identità della vittima, il suo compito di deduzione della password si semplifica. La seguente lista mostra il genere di password da evitare:
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Il proprio nome
+ </div></li><li class="listitem"><div class="para">
+ I nomi dei propri animali domestici
+ </div></li><li class="listitem"><div class="para">
+ I nomi dei familiari
+ </div></li><li class="listitem"><div class="para">
+ Le date di nascita
+ </div></li><li class="listitem"><div class="para">
+ Il proprio numero di telefono o codice postale
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non invertire parole riconoscibili</em></span> — Buoni programmi di cracking sono capaci di invertire parole comuni, per cui invertire una password debole non ne aumenta la sicurezza.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ R0X4H
+ </div></li><li class="listitem"><div class="para">
+ oinotna
+ </div></li><li class="listitem"><div class="para">
+ 43-eiloj
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non trascrivere la password</em></span> — Mai conservare una password su un pezzo di carta. Meglio impararla a memoria!
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare la stessa password su tutte le macchine</em></span> — Su ogni macchina usare una password differente. In questo modo, se un sistema viene compromesso, le altre macchine non sono immediatamente a rischio.
+ </div></li></ul></div><div class="para">
+ Di seguito si riportano alcuni suggerimenti per creare password robuste:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Creare password lunghe almeno otto caratteri</em></span> — Più lunga la password, tanto meglio. Se si usa la codifica MD5, la password dovrebbe essere lunga almeno 15 caratteri. Con la codifica DES usare la lunghezza massima (otto caratteri).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Usare lettere maiuscole e minuscole</em></span> — Fedora è case sensitive (distingue tra maiuscole/minuscole), per cui l'uso di lettere miste aumenta la robustezza delle password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Usare lettere e numeri</em></span> — L'aggiunta di numeri alle password, soprattutto se inserite all'interno (non solo all'inizio o alla fine), aumenta la robustezza delle password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Includere caratteri speciali</em></span> — L'uso di caratteri speciali, come &, $, e >, può notevolmente migliorare la robustezza di una password (ciò non è possibile con la codifica DES).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Scegliere una password da ricordare</em></span> — La miglior password del mondo serve a ben poco, se poi non si può ricordare; usare acronimi o altre tecniche di memorizzazione, per tenere a mente la password.
+ </div></li></ul></div><div class="para">
+ Con tutte queste regole, può sembrare difficile creare una password che soddisfi tutti i criteri di una buona password, evitando tutte le caratteristiche di una cattiva. Fortunatamente, esistono alcuni procedimenti per creare una password, sicura e facile da ricordare.
+ </div><div class="section" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology">3.1.3.1.1. Metodologia per creare password sicure</h5></div></div></div><div class="para">
+ Esistono diversi metodi per creare password sicure. Uno dei più comuni impiega acronimi. Ecco un esempio:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Si pensi ad una frase facile da ricordare, come
+ </div><div class="para">
+ <span class="emphasis"><em>con un mazzo di rose rosse, fischiettando, vado all'appuntamento con la mia bella</em></span>
+ </div></li><li class="listitem"><div class="para">
+ Successivamente, trasformare la frase, inclusa la punteggiatura, in un acronimo.
+ </div><div class="para">
+ <strong class="userinput"><code>cumdrr,f,vaaclmb</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Aggiungere un pò di "rumore" sostituendo, numeri e simboli al posto delle lettere. Per esempio, sostituire, la <strong class="userinput"><code>a</code></strong> con <strong class="userinput"><code>7</code></strong> e la <strong class="userinput"><code>d</code></strong> con il simbolo at (<strong class="userinput"><code>@</code></strong>):
+ </div><div class="para">
+ <strong class="userinput"><code>cum at rr,f,v77clmb</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Aggiungere ulteriore "rumore", capitalizzando almeno una lettera, per esempio la <strong class="userinput"><code>m</code></strong>.
+ </div><div class="para">
+ <strong class="userinput"><code>cum at rr,f,v77clMb</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Non usare mai come password, la <span class="emphasis"><em>riproduzione fedele</em></span> di questo esempio.
+ </div></li></ul></div><div class="para">
+ Se è imperativo creare password sicure, la loro corretta gestione è altrattanto importante, soprattutto per gli amministratori di organizzazioni più grandi. Il paragrafo seguente, illustrerà buone pratiche per creare e gestire le password degli utenti di una organizzazione.
+ </div></div></div><div class="section" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization">3.1.3.2. Creare le password degli utenti di una organizzazione</h4></div></div></div><div class="para">
+ Se un'organizzazione ha un gran numero di utenti, gli amministratori di sistema hanno a disposizione due opzioni di base per incoraggiare l'uso di buone password. Possono creare le password per i loro utenti oppure possono lasciare agli utenti la creazione delle proprie password, verificando che esse siano qualitativamente accettabili.
+ </div><div class="para">
+ La creazione delle password da assegnare agli utenti, assicura che esse siano buone ma alla lunga può appesantire, soprattutto se l'organizzazione manifesta una certa dinamicità nel turn over del personale. Inoltre ciò aumenta il rischio che gli utenti appuntino la password su carta.
+ </div><div class="para">
+ Per questi motivi, la maggior parte degli amministratori peferisce lasciare agli utenti la creazione delle proprie password, per poi verificare attivamente che siano buone ed in alcuni casi, obbligare gli utenti a cambiarle periodicamente, usando delle password con validità temporale limitata.
+ </div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords">3.1.3.2.1. Obbligare ad usare password robuste</h5></div></div></div><div class="para">
+ Per proteggere la rete da intrusioni, è buona norma per gli amministratori verificare che le password usate all'interno dell'organizzazione siano robuste. Quando gli utenti devono creare o modificare la password, essi possono usare l'applicazione <code class="command">passwd</code> gestito da <em class="firstterm">Pluggable Authentication Manager</em> (<em class="firstterm">PAM</em>), in grado di verificare se la password digitata è troppo corta o facile da crackare. Questa verifica avviene tramite il modulo PAM, <code class="filename">pam_cracklib.so</code>. Poichè PAM è configurabile, è possibile aggiungere altri moduli di verifica delle password, come <code class="filename">pam_passwdqc</code> (disponibile su <a href="http://www.openwall.com/passwdqc/"> openwall.com </a>) o anche realizzare un nuovo modulo. Per una lista dei moduli PAM disponibili, fare riferimento a <a href="http://www.kernel.org/pub/linux/libs/pam/modules.html">PAM modules</a> sul sito di kern
el.org. Per maggiori informazioni su PAM, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>.
+ </div><div class="para">
+ La verifica fatta all'atto di creazione della password, tuttavia, non rileva password cattive così efficacemente come invece fanno le applicazioni di cracking.
+ </div><div class="para">
+ Sono disponibili molte applicazioni di cracking che funzionano su Fedora, anche se nessuna viene distribuita con il sistame operativo. Di seguito viene fornito un elenco delle più comuni applicazioni di cracking:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>John The Ripper</strong></span></em></span> — Un'applicazione di cracking, flessibile e veloce. Permette di usare più liste di parole e, tramite ricerca esaustiva (o forza bruta) di crackare le password. L'applicazione è disponibile sul sito <a href="http://www.openwall.com/john/">openwall.com</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Crack</strong></span></em></span> — Forse l'applicativo di cracking più conosciuto, <span class="application"><strong>Crack</strong></span> è anche molto veloce, sebbene non così semplice da usare come <span class="application"><strong>John The Ripper</strong></span>. Può essere trovato sul sito <a href="http://www.crypticide.com/alecm/security/crack/c50-faq.html">crypticide.com</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Slurpie</strong></span></em></span> — <span class="application"><strong>Slurpie</strong></span>, simile a <span class="application"><strong>John The Ripper</strong></span> ed a <span class="application"><strong>Crack</strong></span>, è stato progettato per essere eseguito contemporaneamente su più computer, in modo da creare un sistema di cracking distribuito. Può essere trovato, insieme ad altri strumenti di attacco che operano su sistemi distribuiti, su <a href="http://www.ussrback.com/distributed.htm"> ussrback.com</a>.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Assicurarsi sempre di avere le necessarie autorizzazioni, prima di tentare qualsiasi cracking di password, nella propria organizzazione.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Passphrases"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Passphrases">3.1.3.2.2. Passphrase</h5></div></div></div><div class="para">
+ Nei sistemi moderni, le passphrase (o frasi d'accesso) e le password, sono le pietre angolari della sicurezza. Sfortunatamente, tecniche ben più sicure ed affidabili come biometrie o autenticazioni a due fattori, ancora non fano parte di molti sistemi. Se le password vengono impiegate per rendere sicuro un sistema, occorre spiegare il ruolo svolto dalle passphrase. Queste ultime sono più lunghe delle password e permettono una migliore protezione rispetto alle password, anche quando vengono implementate senza usare caratteri non-standard, come numeri e simboli.
+ </div></div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging">3.1.3.2.3. Durata delle password</h5></div></div></div><div class="para">
+ Limitare la durata delle password, è un'altra tecnica usata dagli amministratori di sistema per proteggere l'organizzazione da cattive password. Con tale tecnica, dopo un determinato periodo di tempo (generalmente 90 giorni), all'utente viene richiesto di ricreare una nuova password. La teoria che giustifica tutto ciò è che, se un utente è obbligato a cambiare periodicamente la propria password, allora una password crackata rimane utile ad un intrusore, soltanto per un periodo di tempo limitato. L'aspetto negativo è che potrebbe aumentare la tendenza dell'utente a trascrivere su carta, la propria password.
+ </div><div class="para">
+ In Fedora sono disponibili due applicazioni usate per impostare la durata di una password: il comando <code class="command">chage</code> e l'applicazione grafica <span class="application"><strong>Gestione Utenti</strong></span> (<code class="command">system-config-users</code>).
+ </div><div class="para">
+ L'opzione <code class="option">-M</code> nel comando <code class="command">chage</code>, permette di specificare il numero di giorni di validità della password. Per esempio, per impostare la scadenza di una password dopo 90 giorni, usare il seguente comando:
+ </div><pre class="screen"><code class="command">chage -M 90 <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ Nel comando precedente, sostituire <em class="replaceable"><code><username></code></em> con il nome dell'utente. Per disabilitare la scadenza su una password, è consuetudine usare il valore <code class="command">99999</code> (equivalente a circa 273 anni).
+ </div><div class="para">
+ Per modificare scadenze e informazioni di più account, si può usare il comando <code class="command">chage</code> in modo interattivo. Per entrare in modalità interattiva, digitare il segente comando:
+ </div><pre class="screen"><code class="command">chage <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ Di seguito si riporta un esempio di sessione interattiva:
+ </div><pre class="screen">[root at myServer ~]# chage davido
+Changing the aging information for davido
+Enter the new value, or press ENTER for the default
+Minimum Password Age [0]: 10
+Maximum Password Age [99999]: 90
+Last Password Change (YYYY-MM-DD) [2006-08-18]:
+Password Expiration Warning [7]:
+Password Inactive [-1]:
+Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
+[root at myServer ~]#</pre><div class="para">
+ Per maggiori informazioni sulle opzioni disponibili, fare riferimento alle pagine di man.
+ </div><div class="para">
+ Per impostare scadenze su password, si può usare anche l'applicazione grafica <span class="application"><strong>Gestione Utenti</strong></span>. Nota: occorre essere amministratore per effettuare questa operazione.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Per avviare l'interfaccia Gestione Utenti, selezionare dal menu <span class="guimenuitem"><strong>Sistema > Amministrazione > Utenti e Gruppi</strong></span>. Oppure in un terminale, digitare il comando <code class="command">system-config-users</code>.
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda, <span class="guilabel"><strong>Utenti</strong></span> e quindi l'utente interessato, nella lista degli utenti.
+ </div></li><li class="step"><div class="para">
+ Per visualizzare la finestra delle Proprietà dell'Utente, cliccare sul bottone <span class="guibutton"><strong>Proprietà</strong></span>, (oppure dal menu, selezionare <span class="guimenuitem"><strong>File > Proprietà</strong></span>).
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda <span class="guilabel"><strong>Password Info</strong></span> e abilitare la casella di contollo con l'etichetta, <span class="guilabel"><strong>Abilitare la scadenza sulla password</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Inserire il valore richiesto nel campo <span class="guilabel"><strong>Giorni di validità</strong></span> e poi cliccare sul bottone <span class="guibutton"><strong>OK</strong></span>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Password_Aging-Specifying_password_aging_options"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_info.png" width="444" alt="Impostazione della scadenza" /><div class="longdesc"><div class="para">
+ Illustrazione <span class="guilabel"><strong>Informazione Password</strong></span>
+ </div></div></div></div><h6>Figura 3.1. Impostazione della scadenza</h6></div><br class="figure-break" /></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Controlli amministrativi</h3></div></div></div><div class="para">
+ Quando si gestisce un PC, per esempio il PC di casa, l'utente può svolgere i compiti di amministrazione come utente root, oppure acquisire privilegi effettivi di root, con programmi <em class="firstterm">setuid</em>, come <code class="command">sudo</code> o <code class="command">su</code>. Un programma setuid opera con l'ID utente (o <span class="emphasis"><em>UID</em></span>) del proprietario del programma, e non con l'UID di colui che utilizza il programma. Questi programmi, in un listato di formato lungo, sono denotati con una <code class="computeroutput">s</code> nei flag di proprietà, come indicato di seguito:
+ </div><pre class="screen"><code class="computeroutput">-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su</code></pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ La <code class="computeroutput">s</code> può essere maiuscola o minuscola. Se è maiuscola vuol dire che il bit di permesso non è stato impostato.
+ </div></div></div><div class="para">
+ Nell'ambito di una organizzazione, gli amministratori devono stabilire se e quali tipi di accessi amministrativi assegnare agli utenti delle proprie macchine. Per esempio, attraverso il modulo PAM denominato <code class="filename">pam_console.so</code>, alcuni compiti normalmente riservati soltanto all'utente root, come il riavvio o il montaggio di supporti rimovibili, sono estesi al primo utente che accede ad un terminale (fare riferimento alla <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>, per maggiori informazioni sul modulo <code class="filename">pam_console.so</code>). Inoltre, altri importatnti compiti amministrativi, come modificare le impostazioni di rete, configurare un nuovo mouse o montare un dispositivo di rete, sono possbili soltanto se si hanno i privilegi necessari. Quindi, gli amministratori di sistemi, devono stabilire il livello di accesso da attribuire agli u
tenti della rete aziendale.
+ </div><div class="section" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access">3.1.4.1. Permettere l'accesso come utente root</h4></div></div></div><div class="para">
+ Se gli utenti di una organizzazione sono fidati ed adeguatamente esperti, allora il loro accesso come root non dovrebbe essere un problema. Permettere di accedere come root, significa assegnare agli utenti attività di minore importanza, come aggiungere dispositivi o configurare interfacce di rete, lasciando agli amministratori maggiore libertà per aspetti più importanti, come garantire la sicurezza della rete e del sistema.
+ </div><div class="para">
+ Dall'altro lato, permettere ai singoli utenti l'accesso come utente root, può generare i seguenti problemi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Errata configurazione della macchina</em></span> — Gli utenti con accesso privilegiato, potrebbero configurare erroneamente la propria macchina e richiedere la necessaria assistenza. Peggio ancora, potrebbero causare, inconsapevolmente, delle falle nella sicurezza del sistema.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Eseguire servizi non sicuri</em></span> — Gli utenti con accesso root, potrebbero eseguire sulle proprie macchine, servizi insicuri come FTP o Telnet, mettendo potenzialmente a rischio le loro credenziali di accesso, ossia username e password. Infatti, questi servizi trasmettono in chiaro queste informazioni nella rete.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Inviare allegati e-mail come root</em></span> — Sebbene piuttosto rari, si può dire che non esistono virus allegati in email, che possano minacciare un sistema Linux. L'unica situazione che può rivelarsi una minaccia, si ha quando gli allegati vengono aperti dall'utente root.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access">3.1.4.2. Disabilitare l'accesso come utente root</h4></div></div></div><div class="para">
+ Se per queste o altre ragioni, un amministratore ritiene opportuno non dover assegnare agli utenti i privilegi di root, allora la password di root dovrebbe essere custodita segretamente, e l'accesso al runlevel 1 o l'accesso <span class="emphasis"><em>single user mode</em></span>, dovrebbe essere disabilitato (vedere la <a class="xref" href="#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Sezione 3.1.2.2, «Password per Boot Loader»</a>, per maggiori ragguagli su questo tipo di protezione).
+ </div><div class="para">
+ La <a class="xref" href="#tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account">Tabella 3.1, «Metodi per disabilitare l'account root»</a> descrive altri metodi disponibili all'amministratore, per disabilitare gli accessi come utente root:
+ </div><div class="table" id="tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account"><h6>Tabella 3.1. Metodi per disabilitare l'account root</h6><div class="table-contents"><table summary="Metodi per disabilitare l'account root" border="1"><colgroup><col width="12%" class="method" /><col width="29%" class="description" /><col width="29%" class="effect" /><col width="29%" class="noaffect" /></colgroup><thead><tr><th>
+ Metodo
+ </th><th>
+ Descrizione
+ </th><th>
+ Influenza
+ </th><th>
+ Non influenza
+ </th></tr></thead><tbody><tr><td>
+ Modificare la shell di root
+ </td><td>
+ Aprire il file <code class="filename">/etc/passwd</code> e modificare la shell da <code class="command">/bin/bash</code> in <code class="command">/sbin/nologin</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso alla shell di root e registra nei file log di sistema, ogni tentativo d'accesso.</td></tr><tr><td>I seguenti programmi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Programmi che non necessitano di una shell, come client FTP, e-mail e molti programmi setuid.</td></tr><tr><td>I seguenti programmi <span class="emphasis"><em>possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· client FTP</td></tr><tr><td>· client e-mail</td></tr></table>
+
+ </td></tr><tr><td>
+ Disabilitare l'accesso root da ogni terminale (tty)
+ </td><td>
+ Un file <code class="filename">/etc/securetty</code> vuoto, nega l'accesso come utente root, da qualsiasi terminale collegato al computer.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso all'account root da un terminale locale o da remoto. I seguenti programmi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· Altri servizi di rete che aprono un tty</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>I programmi che non eseguono come root, ma eseguono compiti amministrativi attraverso setuid o altri meccanismi.</td></tr><tr><td>I seguenti programmi <span class="emphasis"><em>possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td></tr><tr><td>
+ Disabilitare gli accessi SSH di root
+ </td><td>
+ Aprire il file <code class="filename">/etc/ssh/sshd_config</code> e impostare il parametro <code class="command">PermitRootLogin</code> su <code class="command">no</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso all'account root via gli strumenti OpenSSH. I seguenti programmi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Il metodo vieta l'accesso all'account root, soltanto attraverso gli strumenti OpenSSH.</td></tr></table>
+
+ </td></tr><tr><td>
+ Usare PAM per limitare l'accesso all'account root da parte dei servizi.
+ </td><td>
+ Nella directory <code class="filename">/etc/pam.d/</code>, modificare il file relativo al servizio interessato. Assicurarsi che per l'autenticazione sia richiesto il file <code class="filename">pam_listfile.so</code>.<sup>[<a id="idm88980384" href="#ftn.idm88980384" class="footnote">a</a>]</sup>
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso all'account root ai servizi di rete controllati da PAM.</td></tr><tr><td>I seguenti servizi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· client FTP</td></tr><tr><td>· client e-mail</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr><tr><td>· Tutti i servizi controllati da PAM</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>I programmi e i servizi non controllati da PAM.</td></tr></table>
+
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><div class="para"><sup>[<a id="ftn.idm88980384" href="#idm88980384" class="para">a</a>] </sup>
+ Fare riferimento alla <a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Sezione 3.1.4.2.4, «Disabilitare l'account root usando PAM»</a> per i dettagli.
+ </div></div></td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">3.1.4.2.1. Disabilitare la shell di root</h5></div></div></div><div class="para">
+ Per evitare che gli utenti accedano direttamente come root, l'amministratore di sistema può impostare nel file <code class="filename">/etc/passwd</code>, la shell dell'account root su <code class="command">/sbin/nologin</code>. Ciò impedisce di accedere all'account root, con i comandi che richiedono una shell, come <code class="command">su</code> e <code class="command">ssh</code>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ I programmi che non necessitano di accedere alla shell, come client e-mail o il comando <code class="command">sudo</code>, tuttavia possono continuare ad accedere all'account root.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins">3.1.4.2.2. Disabilitare le sessioni di root</h5></div></div></div><div class="para">
+ Per ulteriormente limitare l'accesso all'accout root, gli amministratori possono disabilitare le sessioni di root da terminale, modificando il file <code class="filename">/etc/securetty</code>. Questo file elenca tutti i dispositivi da cui l'utente root può avviare una sessione. Se il file non esiste, allora l'utente root può avviare una sessione da ogni tipo di dispositivo di comunicazione presente, sia via terminale sia attraverso una interfaccia di rete. Ciò potrebbe essere piuttosto rischioso per la sicurezza della rete, giacchè si potrebbe avviare una sessione come utente root, via Telnet, servizio che trasmette in chiaro le informazioni di accesso. In Fedora, per impostazione, il file <code class="filename">/etc/securetty</code> permette di avviare una sessione di root, soltanto attraverso un terminale fisicamente collegato alla macchina. Per vietare ogni tipo di sessione di root, rimuovere il contenuto di questo file, digitando il seguente comando:
+ </div><pre class="screen"><code class="command">echo > /etc/securetty</code></pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Un file <code class="filename">/etc/securetty</code> completamente vuoto, <span class="emphasis"><em>consente</em></span> tuttavia di avviare sessioni di root da remoto, usando l'insieme di strumenti OpenSSH, poichè il terminale non viene aperto fino ad autenticazione avvenuta.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins">3.1.4.2.3. Disabilitare le sessioni SSH di root</h5></div></div></div><div class="para">
+ Le sessioni di root, attraverso il protocollo SSH, in Fedora sono disabilitate per impostazione; comunque, se questa impostazione viene abilitata può essere nuovamente disabilitata, modificando il file di configurazione del demone SSH (<code class="filename">/etc/ssh/sshd_config</code>). Modificare la riga:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin yes</code></pre><div class="para">
+ con la seguente:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin no</code></pre><div class="para">
+ Per rendere effettive le modifiche, riavviare il demone SSH, per esempio con il seguente comando:
+ </div><pre class="screen"><code class="computeroutput">kill -HUP `cat /var/run/sshd.pid`</code></pre></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">3.1.4.2.4. Disabilitare l'account root usando PAM</h5></div></div></div><div class="para">
+ PAM, con il modulo <code class="filename">/lib/security/pam_listfile.so</code>, permette di regolare in maniera flessibilie gli accessi degli account. L'amministratore può usare questo modulo, per creare una lista di utenti non autorizzati ad avviare sessioni. Il file di configurazione <code class="filename">/etc/pam.d/vsftpd</code>, nel seguente esempio, mostra un utilizzo del modulo sul server FTP, <code class="command">vsftpd</code> (il carattere <code class="computeroutput">\ </code> alla fine della prima riga, <span class="emphasis"><em>non</em></span> è necessario se la direttiva rientra in un'unica riga):
+ </div><pre class="screen">auth required /lib/security/pam_listfile.so item=user \
+sense=deny file=/etc/vsftpd.ftpusers onerr=succeed</pre><div class="para">
+ Con questa istruzione, PAM legge il file <code class="filename">/etc/vsftpd.ftpusers</code> in cui sono elencati tutti gli utenti a cui è vietato l'accesso al servizio. L'amministratore può modificare il nome di questo file, mantenere una lista separata per ogni servizio oppure usare una lista unica per vietare l'accesso a più servizi.
+ </div><div class="para">
+ Se un amministratore vuole negare l'accesso a più servizi, un'analoga riga può essere aggiunta ai file PAM di configurazione, come <code class="filename">/etc/pam.d/pop</code> e <code class="filename">/etc/pam.d/imap</code> per client e-mail o <code class="filename">/etc/pam.d/ssh</code> per client SSH.
+ </div><div class="para">
+ Per maggiori informazioni su PAM, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access">3.1.4.3. Limitare l'accesso all'account root</h4></div></div></div><div class="para">
+ Piuttosto che negare completamente l'accesso all'utente root, l'amministratore potrebbe limitare l'accesso solo ai programmi setuid, come <code class="command">su</code> o <code class="command">sudo</code>.
+ </div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">3.1.4.3.1. Il comando <code class="command">su</code></h5></div></div></div><div class="para">
+ Quando si esegue il comando <code class="command">su</code>, viene richiesto di inserire la password di root, e dopo autenticazione si ha a disposizione una shell di root.
+ </div><div class="para">
+ Una volta avviata la sessione con il comando <code class="command">su</code>, l'utente <span class="emphasis"><em>è</em></span> l'utente root, con pieno ed assoluto controllo sul sistema.<sup>[<a id="idm101302608" href="#ftn.idm101302608" class="footnote">13</a>]</sup> Inoltre, una volta diventato root, l'utente può usare il comando <code class="command">su</code> per diventare altri utenti presenti nel sistema, senza che sia richiesta alcuna password.
+ </div><div class="para">
+ Data la grande potenza di questo programma, gli amministratori potrebbero limitarne l'accesso ad un numero ristretto di utenti.
+ </div><div class="para">
+ Uno dei modi più semplici per far ciò, consiste nell'aggiungere gli utenti scelti, ad un gruppo amministrativo speciale, denominato <em class="firstterm">wheel</em>. In concreto, come utente root digitare il seguente comando:
+ </div><pre class="screen"><code class="command">usermod -G wheel <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ Nel precedente comando, sostituire <em class="replaceable"><code><username></code></em> con lo username dell'utente che si vuole aggiungere al gruppo <code class="command">wheel</code>.
+ </div><div class="para">
+ Alternativamente, si può usare la GUI <span class="application"><strong>Gestione Utenti</strong></span> per modificare il gruppo di appartenenza degli utenti, come spiegato di seguito. Nota: Occorre possedere i privilegi di amministratore per effettuare questa operazione.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Per avviare l'interfaccia Gestione Utenti, selezionare dal menu <span class="guimenuitem"><strong>Sistema > Amministrazione > Utenti e Gruppi</strong></span>. Oppure in un terminale, digitare il comando <code class="command">system-config-users</code>.
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda, <span class="guilabel"><strong>Utenti</strong></span> e quindi l'utente interessato, nella lista degli utenti.
+ </div></li><li class="step"><div class="para">
+ Per visualizzare la finestra delle Proprietà dell'Utente, cliccare sul bottone <span class="guibutton"><strong>Proprietà</strong></span>, (oppure dal menu, selezionare <span class="guimenuitem"><strong>File > Proprietà</strong></span>).
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda <span class="guilabel"><strong>Gruppi</strong></span>, nella lista attivare la checkbox relativa al gruppo wheel e poi cliccare sul bottone <span class="guibutton"><strong>OK</strong></span>. Fare riferimento alla <a class="xref" href="#figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group.">Figura 3.2, «Aggiungere utenti al gruppo "wheel"»</a>.
+ </div></li><li class="step"><div class="para">
+ In un editor di testo, aprire il file di configurazione PAM per il comando <code class="command">su</code> (<code class="filename">/etc/pam.d/su</code>) e rimuovere il carattere di commento <span class="keycap"><strong>#</strong></span>, dalla seguente riga:
+ </div><pre class="screen">auth required /lib/security/$ISA/pam_wheel.so use_uid</pre><div class="para">
+ Questa modifica comporta che soltanto i membri del gruppo di amministrazione <code class="computeroutput">wheel</code> possono usare questo programma.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group."><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_groups.png" width="444" alt="Aggiungere utenti al gruppo "wheel"" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>Gruppi</strong></span>
+ </div></div></div></div><h6>Figura 3.2. Aggiungere utenti al gruppo "wheel"</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione predefinita, l'utente root fa parte del gruppo <code class="computeroutput">wheel</code>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command">3.1.4.3.2. Il comando <code class="command">sudo</code></h5></div></div></div><div class="para">
+ Anche il comando <code class="command">sudo</code>, come il precedente, consente agli utenti di ottenere i privilegi amministrativi. Anteponendo <code class="command">sudo</code> ad un comando amministrativo, viene richiesto di inserire la <span class="emphasis"><em>propria</em></span> password. In tal modo, dopo autenticazione positiva, viene eseguito il comando come se fosse eseguto dall'utente root.
+ </div><div class="para">
+ Il formato base del comando <code class="command">sudo</code>, è il seguente:
+ </div><pre class="screen"><code class="command">sudo <em class="replaceable"><code><command></code></em></code></pre><div class="para">
+ Nell'esempio precedente, <em class="replaceable"><code><command></code></em> è il comando amministrativo da eseguire, per esempio il comando <code class="command">mount</code>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Gli utenti che usano il comando <code class="command">sudo</code>, dovrebbero prestare particolare attenzione a chiudere la sessione prima di allontanarsi dalla propria macchina, giacchè tutti i sudoers (ossia gli utenti abilitati ad usare il comando sudo), possono continuare ad usare il comando per un periodo di cinque minuti, senza che venga richiesto di inserire la password. Questa impostazione può essere modificata nel file di configurazione relativo, <code class="filename">/etc/sudoers</code>.
+ </div></div></div><div class="para">
+ Il comando <code class="command">sudo</code> consente una maggiore flessibilità. Per esempio, soltanto gli utenti elencati nel file di configurazione <code class="filename">/etc/sudoers</code>, possono utilizzare il comando <code class="command">sudo</code> che esegue nella shell dell'<span class="emphasis"><em>utente</em></span> e non nella shell di root. Ciò significa che la sheel di root può essere completamente disabilitata. (<a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">Sezione 3.1.4.2.1, «Disabilitare la shell di root»</a>).
+ </div><div class="para">
+ Il comando <code class="command">sudo</code> offre anche una registrazione degli accessi effettuati. Ogni tentativo di autenticazione è registrato nel file <code class="filename">/var/log/messages</code>, mentre il comando associato insieme allo username dell'utente è registrato nel file <code class="filename">/var/log/secure</code>.
+ </div><div class="para">
+ Un altro vantaggio del comando <code class="command">sudo</code>, deriva dal fatto che un amministratore può autorizzare gli utenti ad accedere solo a specifici comandi, secondo le loro necessità.
+ </div><div class="para">
+ Per modificare il file di configurazione <code class="filename">/etc/sudoers</code> del comando <code class="command">sudo</code>, si dovrebbe usare il comando <code class="command">visudo</code>.
+ </div><div class="para">
+ Per estendere a qualcuno pieni privilegi amministrativi, digitare <code class="command">visudo</code> ed aggiungere, nella sezione che specifica i privilegi utenti, una riga simile alla seguente:
+ </div><pre class="screen"><code class="command">juan ALL=(ALL) ALL</code></pre><div class="para">
+ Questo esempio stabilisce che l'utente <code class="computeroutput">juan</code> può usare il comando <code class="command">sudo</code> da ogni host ed eseguire ogni comando.
+ </div><div class="para">
+ L'esempio seguente illustra il grado di configurazione del comando <code class="command">sudo</code>:
+ </div><pre class="screen"><code class="command">%users localhost=/sbin/shutdown -h now</code></pre><div class="para">
+ L'esempio stabilisce che tutti gli utenti possono lanciare il comando <code class="command">/sbin/shutdown -h now</code>.
+ </div><div class="para">
+ Le pagine di man su <code class="filename">sudoers</code> descrivono tutte le opzioni di configurazione possibili.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Available_Network_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Servizi di rete disponibili</h3></div></div></div><div class="para">
+ Se il controllo degli utenti sugli accessi amministrativi è un problema importante soprattutto per chi gestisce una organizzazione, monitorare quali servizi di rete devono essere attivi è di fondamentale importanza per chiunque amministri o operi con un sistema Linux.
+ </div><div class="para">
+ Molti servizi in Fedora si comportano come dei server di rete. Se un servizio di rete è in esecuzione su una macchina, allora l'applicazione server (o <em class="firstterm">demone</em>) è in ascolto, in attesa di connessioni su una o più porte di rete. Ognuno di questi server dovrebbe essere trattato come una possbile via di attacco.
+ </div><div class="section" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services">3.1.5.1. I rischi per i servizi</h4></div></div></div><div class="para">
+ I servizi di rete possono creare molti rischi ai sistemi Linux. Di seguito si riporta un elenco dei principali problemi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Denial of Service Attacks (DoS)</em></span> — Un attacco che intasa un servizio con raffiche di richieste, rendendo il sistema inutilizzabile.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Distributed Denial of Service Attack (DDoS)</em></span> — Un attacco di tipo DoS che usa più macchine compromesse (spesso in numero di mille e più), per condurre un attacco coordinato su un servizio, inondando la macchina vittima con raffiche di richieste in modo da renderla inutilizzabile.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Attacchi alle vulnerabilità di script</em></span> — Se un server utilizza script per eseguire compiti sul lato server, come comunemente fanno i server Web, un cracker può tentare un attacco sfruttando le vulnerabilità presenti negli script. Gli attacchi alle vulnerabilità di script, possono causare condizioni di buffer overflow o addirittura consentire l'alterazione di file.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Attacchi di Buffer Overflow</em></span> — I servizi che si connettono usando le porte numerate tra 0 e 1023 devono eseguire con privilegi di root, quindi se il servizio viene compromesso da un Buffer Overflow, l'attacker in ascolto può accedere al sistema con pieni privilegi. Poichè di tanto in tanto, si verificano buffer overflow nei sistemi, i cracker, per identificare i sistemi con tale vulnerabilità usano strumenti automatizzati, e una volta ottenuto l'accesso, utilizzano strumenti di rootkit automatizzati per preservare i privilegi di accesso. (n.d.t.: rootkit = accesso di livello amministrativo).
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Le minacce alle vulnerabilità di tipo buffer overflow sono ridotte in Fedora, grazie a <em class="firstterm">ExecShield</em>, una tecnologia supportata nei kernel per mono- e multi-processori x86-compatibili che proteggono e segmentano la memoria. ExecShield riduce il rischio di buffer overflow, separando la memoria virtuale in segmenti eseguibili e non eseguibili. Ogni pezzo di programma che tenti di eseguire al di fuori del segmento eseguibile (come fanno i codici maliziosi generati da un buffer overflow), genera un segmentation fault e viene arrestato.
+ </div><div class="para">
+ Execshield include supporto anche per la tecnologia <em class="firstterm">No eXecute</em> (<acronym class="acronym">NX</acronym>) su piattaforme AMD64 e la tecnologia <em class="firstterm">eXecute Disable</em> (<acronym class="acronym">XD</acronym>) su sistemi Itanium e <span class="trademark">Intel</span>® 64. Queste tecnologie operano in congiunzione con ExecShield, prevenendo l'esecuzione di codice malizioso nella zone eseguibile della memoria virtuale, con una granularità di 4KB per codice.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Per limitare la possibilità di attacchi, tutti i servizi non utilizzati dovrebbero essere disattivati.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">3.1.5.2. Identificare e configurare i servizi</h4></div></div></div><div class="para">
+ Per aumentare la sicurezza, molti servizi di rete installati con Fedora sono disattivati per impostazione predefinita. Esistono tuttavia alcune importanti eccezioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">cupsd</code> — Il server di stampa predefinito di Fedora.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">lpd</code> — Un server di stampa alternativo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">xinetd</code> — Un server particolare che controlla le connessioni da alcuni server subordinati, come <code class="command">gssftp</code> e <code class="command">telnet</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code> — Il <em class="firstterm">Mail Transport Agent</em> (<abbr class="abbrev">MTA</abbr> o server di posta), sendmail, è abilitato per impostazione predefinita, ma è in ascolto solo per connessioni da <span class="interface">localhost</span>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sshd</code> — Il server OpenSSH, un sicuro sostitutivo di Telnet.
+ </div></li></ul></div><div class="para">
+ In caso di indecisione se lasciare attivi questi servizi, si consiglia buon senso ed eccesso di prudenza. Per esempio, se una stampante non è disponibile, non conviene lasciare <code class="command">cupsd</code> in esecuzione. Analogamente con <code class="command">portmap</code>: se non si montano volumi NFSv3 o non si usa NIS (il servizio <code class="command">ypbind</code>), allora anche il servizio <code class="command">portmap</code> dovrebbe essere disabilitato.
+ </div><div class="figure" id="figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-service_config.png" width="444" alt="Strumento per configurare i servizi" /><div class="longdesc"><div class="para">
+ <span class="application"><strong>Strumento per configurare i servizi</strong></span>
+ </div></div></div></div><h6>Figura 3.3. <span class="application">Strumento per configurare i servizi</span></h6></div><br class="figure-break" /><div class="para">
+ Se non si è sicuri sulla funzione di un certo servizio, lo <span class="application"><strong>Strumento per configurare i servizi</strong></span> ha un campo descrittivo, illustrato in <a class="xref" href="#figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool">Figura 3.3, «<span class="application">Strumento per configurare i servizi</span>»</a>, che fornisce qualche informazione.
+ </div><div class="para">
+ Controllare i servizi di rete che sia avviano al boot, costituisce soltanto una parte della storia; si dovrebbero controllare anche le porte in ascolto (o aperte). Fare riferimento alla <a class="xref" href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">Sezione 3.2.8, «Controllare le porte in ascolto»</a>, per maggiori informazioni.
+ </div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Insecure_Services">3.1.5.3. Servizi poco sicuri</h4></div></div></div><div class="para">
+ Potenzialmente, tutti i servizi di rete sono poco sicuri, per questo è molto importante disabilitare i servizi non utilizzati. Falle nei servizi, vengono di tanto in tanto scoperti e corretti, per cui diventa assolutamente indispensabile aggiornare regolarmente i pacchetti associati ai servizi di rete. Vedere la <a class="xref" href="#sect-Security_Guide-Security_Updates">Sezione 1.5, «Aggiornamenti di sicurezza»</a>, per maggiori informazioni.
+ </div><div class="para">
+ Alcuni protocolli di rete sono intrinsecamente molto più insicuri di altri. Tra questi servizi rientrano quelli che:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Trasmettono in chiaro, username e password</em></span> — Molti protocolli, piuttosto datati, come Telnet ed FTP, non cifrano la fase di autenticazione di una sessione, per cui dovrebbero essere evitati.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Trasmettere in chiaro, dati sensibili</em></span> — Molti protocolli trasmettono in chiaro (ossia senza cifratura), i dati. Tra questi protocolli rientrano Telnet, FTP, HTTP, ed SMTP. Anche molti file system di rete, come NFS ed SMB, trasmettono in chiaro. Usando questi protocolli, è responsabilità dell'utente stabilire se è il caso di trasmettere in chiaro i propri dati.
+ </div><div class="para">
+ Servizi remoti di memory dump, come <code class="command">netdump</code>, trasmettono in chiaro il contenuto della memoria. Le memory dump possono contenere password, o anche i dati di un database ed altre informazioni sensibili.
+ </div><div class="para">
+ Altri servizi come <code class="command">finger</code> e <code class="command">rwhod</code> rivelano informazioni sugli utenti di un sistema.
+ </div></li></ul></div><div class="para">
+ Esempi di servizi intrinsecamente poco sicuri sono <code class="command">rlogin</code>, <code class="command">rsh</code>, <code class="command">telnet</code> ed <code class="command">vsftpd</code>.
+ </div><div class="para">
+ Tutti i programmi shell e di accesso remoto (<code class="command">rlogin</code>, <code class="command">rsh</code>, e <code class="command">telnet</code>) dovrebbero essere evitati a favore di SSH. Fare riferimento alla <a class="xref" href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">Sezione 3.1.7, «Strumenti di comunicazione che aumentano la sicurezza»</a>, per maggiori informazioni su <code class="command">sshd</code>.
+ </div><div class="para">
+ FTP non è così inerentemente rischioso come le shell remote, tuttavia richiede configurazioni e controlli molto scrupolosi. Vedere la <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_FTP">Sezione 3.2.6, «Proteggere FTP»</a>, per maggiori informazioni sui server FTP.
+ </div><div class="para">
+ I servizi che andrebbero attentamente configurati e protetti da firewall, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">finger</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">authd</code> (denominato <code class="command">identd</code> in precedenti versioni di Fedora)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump-server</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">nfs</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rwhod</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">smb</code> (Samba)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">yppasswdd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypserv</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypxfrd</code>
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni su come rendere sicuri i servizi di rete, consultare la <a class="xref" href="#sect-Security_Guide-Server_Security">Sezione 3.2, «Server Security»</a>.
+ </div><div class="para">
+ Il paragrafo successivo illustra gli strumenti disponibili per impostare un semplice firewall.
+ </div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Firewall personali</h3></div></div></div><div class="para">
+ Dopo aver configurato i <span class="emphasis"><em>necessari</em></span> servizi di rete, è importante implementare un firewall.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ La configurazione dei servizi e l'implementazione di un firewall, sono operazioni da fare <span class="emphasis"><em>prima</em></span> di connettersi ad Internet o altra rete non fidata.
+ </div></div></div><div class="para">
+ Il firewall, impedisce ai pacchetti di accedere all'interfaccia di rete del sistema. Se una porta è bloccata dal firewall, ogni richiesta diretta alla porta viene ignorata. Se un servizio è in ascolto su una porta bloccata, il servizio non riceverà alcun pacchetto e di fatto risulta disabilitato. Per questo motivo, occorre prestare particolare attenzione alla configurazione di un firewall, bloccando le porte non utilizzate e sbloccando le porte dei servizi usati.
+ </div><div class="para">
+ Per la maggior parte degli utenti, il miglior strumento per configurare un semplice firewall rimane l'interfaccia grafica distribuita in Fedora: <span class="application"><strong>Amministrazione Firewall</strong></span> (<code class="command">system-config-firewall</code>). Questo strumento crea regole <code class="command">iptables</code> per un firewall generico, usando una GUI.
+ </div><div class="para">
+ Per maggiori informazioni sull'uso di questa applicazione e sulle opzioni disponibili, per creare un firewall di base, vedere la <a class="xref" href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">Sezione 3.8.2, «Configurazione di un firewall di base»</a>.
+ </div><div class="para">
+ Per gli utenti avanzati e gli amministratori di server, la configurazione manuale di un firewall con <code class="command">iptables</code> è probabilmente una scelta migliore. Fare riferimento alla <a class="xref" href="#sect-Security_Guide-Firewalls">Sezione 3.8, «Firewall»</a>, per maggiori informazioni. Per una guida omnicomprensiva sul comando <code class="command">iptables</code>, vedere la <a class="xref" href="#sect-Security_Guide-IPTables">Sezione 3.9, «IPTables»</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Strumenti di comunicazione che aumentano la sicurezza</h3></div></div></div><div class="para">
+ Man mano che è aumentata la dimensione e la popolarità di Internet, è aumentata anche la minaccia delle intercettazioni. Di conseguenza, nel corso degli anni, sono stati sviluppati diversi strumenti per cifrare le comunicazioni.
+ </div><div class="para">
+ Fedora, per proteggere le informazioni, distribuisce due strumenti che usano algoritmi di cifratura di alto livello e che si basano su sistemi di criptazione a chiave pubblica.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>OpenSSH</em></span> — Una implementazione free del protocollo di comunicazione cifrata, SSH.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gnu Privacy Guard (GPG)</em></span> — Una implementazione free dell'applicazione di cifratura PGP (Pretty Good Privacy).
+ </div></li></ul></div><div class="para">
+ OpenSSH, sostituendo vecchi servizi privi di cifratura come <code class="command">telnet</code> e <code class="command">rsh</code>, offre accessi più sicuri verso macchine remote. OpenSSH include un servizio di rete denominato <code class="command">sshd</code> e tre applicazioni client da terminale:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — Una console per accesso remoto.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">scp</code> — Un comando per copiare da/verso remoto
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sftp</code> — Un client pseudo-ftp sicuro, per il trasferimento di file.
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni su OpenSSH, fare riferimento alla <a class="xref" href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">Sezione 4.2.2, «Secure Shell»</a>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Sebbene il servizio <code class="command">sshd</code> sia inerentemente sicuro, il servizio <span class="emphasis"><em>deve</em></span> essere tenuto aggiornato. Per maggiori informazioni, vedere la <a class="xref" href="#sect-Security_Guide-Security_Updates">Sezione 1.5, «Aggiornamenti di sicurezza»</a>.
+ </div></div></div><div class="para">
+ GPG è un sistema usato anche per cifrare le e-mail. Può essere usato sia per trasmettere e-mail contenenti dati sensibili sia per cifrare i dati sensibili nei dischi.
+ </div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Server_Security" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Server_Security">3.2. Server Security</h2></div></div></div><div class="para">
+ Quando un sistema è impiegato come un server su una rete pubblica, esso diventa un potenziale obbiettivo degli attaccanti. Consolidare il sistema e bloccare i servizi non necessari sono le operazioni che ogni buon amministratore deve effettuare.
+ </div><div class="para">
+ Di seguito si riassumono alcuni utili suggerimenti di validità generale:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Mantenere tutti i servizi aggiornati
+ </div></li><li class="listitem"><div class="para">
+ Usare protocolli sicuri (per quanto possibile)
+ </div></li><li class="listitem"><div class="para">
+ Offrire soltanto un tipo di servizio per macchina (per quanto possibile)
+ </div></li><li class="listitem"><div class="para">
+ Controllare attentamente tutti i servizi alla ricerca di attività sospette
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Proteggere i servizi con TCP Wrapper e xinetd</h3></div></div></div><div class="para">
+ <em class="firstterm">TCP Wrapper</em> offrono controllo d'accesso ad una varietà di servizi. La maggior parte dei servizi di rete come SSH, Telent ed FTP usano TCP Wrapper che si interpongono a guardia tra una richiesta di servizio e il servizio stesso.
+ </div><div class="para">
+ I vantaggi offerti dai TCP Wrapper aumentano se usati in congiunzione con <code class="command">xinetd</code>, un super server che garantisce ulteriore controllo su accessi, logging, binding, redirection e utilizzo delle risorse.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ E' una buona idea usare anche regole di firewall, iptable, per creare ridondanza nell'ambito dei controlli d'accesso. Per maggiori informazioni sull'implementazione di firewall con i comandi iptable, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Firewalls">Sezione 3.8, «Firewall»</a>.
+ </div></div></div><div class="para">
+ Di seguito si illustrano alcune opzioni di sicurezza di base.
+ </div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">3.2.1.1. Aumentare la sicurezza con TCP Wrapper</h4></div></div></div><div class="para">
+ TCP Wrapper non solo negano l'accesso ai servizi. Questa sezione mostra come usare i TCP Wrapper per trasmettere connection banner, avvisi d'attacco da parte di host e migliorare le funzionalità di log. Per maggiori informazioni sui TCP Wrappers ed il corrispondente linguaggio, fare riferimento alle pagine man relative a <code class="filename">hosts_options</code>.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">3.2.1.1.1. TCP Wrapper e Connection Banner</h5></div></div></div><div class="para">
+ La visualizzazione di un banner durante la connessione ad un servizio, può rivelarsi un buon deterrente nei confronti di potenziali attaccanti, in quanto segnala la vigilanza dell'amministratore. Si possono anche selezionare le informazioni di sistema da pubblicare. Per implementare un banner TCP Wrapper per un servizio, usare l'opzione <code class="option">banner</code>.
+ </div><div class="para">
+ L'esempio implementa un banner per il servizio <code class="command">vsftpd</code>. Iniziare, creando un file banner. Esso può essere salvato in una directory qualunque, l'importante è che abbia lo stesso nome del servizio. Per l'esempio, il file è <code class="filename">/etc/banners/vsftpd</code> con il seguente contenuto:
+ </div><pre class="screen">220-Hello, %c
+220-All activity on ftp.example.com is logged.
+220-Inappropriate use will result in your access privileges being removed.</pre><div class="para">
+ Il token <code class="command">%c</code> presenta una varietà di informazioni sul client, come il nome utente e l'hostname o il nome utente e l'indirizzo IP, per rendere la connessione abbastanza intimidatoria.
+ </div><div class="para">
+ Per visualizzare il banner sulle richieste in corso, aggiungere la seguente riga al file <code class="filename">/etc/hosts.allow</code>:
+ </div><pre class="screen"><code class="command"> vsftpd : ALL : banners /etc/banners/ </code></pre></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings">3.2.1.1.2. TCP Wrapper e avvisi di attacco</h5></div></div></div><div class="para">
+ Nel caso si siano scoperti uno o più host condurre un attacco contro il server, i TCP Wrapper possono essere configurati in modo da avvisare l'amministratore in caso di attacchi successivi, usando la direttiva <code class="command">spawn</code>.
+ </div><div class="para">
+ Di seguito si assume che un cracker dalla rete 206.182.68.0/24 stia tentando un attacco. Per impedire ogni connessione dalla rete incriminata e salvare i log dei tentativi di attacco in un file speciale, inserire la riga seguente nel file <code class="filename">/etc/hosts.deny</code>:
+ </div><pre class="screen"><code class="command"> ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert </code></pre><div class="para">
+ Il token <code class="command">%d</code> indica il nome del servizio obbiettivo dell'attacco.
+ </div><div class="para">
+ Per consentire la connessione, inserire la direttiva <code class="command">spawn</code> nel file <code class="filename">/etc/hosts.allow</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Poichè la direttiva <code class="command">spawn</code> esegue anche comandi di shell, è una buona regola creare un particolare script che avvisi l'amministratore o che esegua una serie di comandi, ogniqualvolta un particolare client tenta di connettersi al server.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">3.2.1.1.3. TCP Wrapper e messaggi di log </h5></div></div></div><div class="para">
+ Se occorre tenere traccia di certe particolari connessioni, il livello di log del servizio corrispondente può essere elevato usando l'opzione <code class="command">severity</code>.
+ </div><div class="para">
+ In questo esempio si assume che chiunque tenti di connettersi alla porta 23 (la porta Telnet) di un server FTP, debba essere considerato un potenziale cracker. Per questa situazione, sostituire il flag <code class="command">info</code> con <code class="command">emerg</code> nel file di log, e vietare la connessione.
+ </div><div class="para">
+ Inserire quindi la seguente linea nel file <code class="filename">/etc/hosts.deny</code>:
+ </div><pre class="screen"><code class="command"> in.telnetd : ALL : severity emerg </code></pre><div class="para">
+ In questo caso si usa la SyslogFacility <code class="command">authpriv</code>, elevando la priorità dal valore predefinito <code class="command">info</code> a <code class="command">emerg</code>, che invia i messaggi di log direttamente alla console.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd">3.2.1.2. Aumentare la sicurezza con xinetd</h4></div></div></div><div class="para">
+ Questa sezione spiega come usare <code class="command">xinetd</code> per impostare un <span class="emphasis"><em>trap service</em></span> e per controllare i livelli di risorse disponibili per un servizio. Limitare le risorse ai servizi può contribuire a contrastare gli attacchi <acronym class="acronym">DoS</acronym> (<em class="firstterm">Denial of Service</em>). Fare riferimento alle pagine di man relative a <code class="command">xinetd</code> e <code class="filename">xinetd.conf</code>, per una lista di opzioni disponibili.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap">3.2.1.2.1. Impostare un Trap</h5></div></div></div><div class="para">
+ Una caratteristica importante di <code class="command">xinetd</code> è la possibilità di inserire gli host, cui si vuole negare l'accesso ai servizi, in una lista <code class="filename">nera</code>. Agli host della lista è vietato, per un certo periodo di tempo o fino al successivo riavvio di <code class="command">xinetd</code>, di accedere ai servizi gestiti da <code class="command">xinetd</code>. Per fare ciò, occorre usare l'attributo <code class="command">SENSOR</code>. Si tratta di un modo semplice per bloccare gli host che scansionano le porte del server.
+ </div><div class="para">
+ Il primo passo da fare per impostare un <code class="command">SENSOR</code>, è scegliere un servizio che si presume non venga utilizzato. Per questo esempio si fa riferimento a Telnet.
+ </div><div class="para">
+ Nel file <code class="filename">/etc/xinetd.d/telnet</code> modificare la riga <code class="option">flags</code> come indicato di seguito:
+ </div><pre class="screen">flags = SENSOR</pre><div class="para">
+ Aggiungere la seguente riga:
+ </div><pre class="screen">deny_time = 30</pre><div class="para">
+ L'impostazione vieta ogni tentativo di connessione verso la porta, per trenta minuti. Altri possibili valori per l'attributo <code class="command">deny_time</code> sono FOREVER e NEVER. Il primo mantiene il divieto fino al successivo riavvio di <code class="command">xinetd</code>; il secondo permette la connessione senza alcun divieto.
+ </div><div class="para">
+ Infine, l'ultima riga:
+ </div><pre class="screen">disable = no</pre><div class="para">
+ L'impostazione abilita il trap.
+ </div><div class="para">
+ Anche se l'utilizzo di <code class="option">SENSOR</code> è un buon metodo per rilevare e bloccare le connessioni da host indesiderati, esso presenta due svantaggi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Esso non funziona nel caso di scansioni nascoste.
+ </div></li><li class="listitem"><div class="para">
+ Un attaccante che scopra un <code class="option">SENSOR</code> in esecuzione, potrebbe avviare un attacco DoS contro altri host fidati e, falsificando i loro indirizzi IP, connettersi alla porta.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources">3.2.1.2.2. Controllare le risorse server</h5></div></div></div><div class="para">
+ Un'altra importante caratteristica di <code class="command">xinetd</code> è la sua capacità di limitare le risorse dei servizi controllati.
+ </div><div class="para">
+ Per fare ciò usare le seguenti direttive:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">cps = <number_of_connections> <wait_period></code> — Limita il tasso di connessioni, specificando:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><number_of_connections></code> — Il numero di connessioni per secondo da gestire. Se il tasso di connessioni supera questo valore, il servizio viene temporaneamente disabilitato. Il valore predefinito è 50.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><wait_period></code> — Dopo una disabilitazione, il tempo di attesa, in secondi, prima di ri-abilitare il servizio. Il valore predefinito è 10.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">instances = <number_of_connections></code> — Specifica il numero totale di connessioni consentite ad un servizio. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">per_source = <number_of_connections></code> — Specifica per ciascun host, il numero di connessioni consentite ad un servizio. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_as = <number[K|M]></code> — Specifica la quantità di memoria che il servizio può occupare in KB o MB. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_cpu = <number_of_seconds></code> — Specifica il periodo in secondi, dedicato al servizio dalla CPU. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li></ul></div><div class="para">
+ Attraverso queste direttive si può prevenire che un singolo servizio, controllato da <code class="command">xinetd</code>, possa sovraccaricare il sistema, causando un DoS.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Portmap"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Proteggere Portmap</h3></div></div></div><div class="para">
+ Il servizio <code class="command">portmap</code> è un demone di assegnamento dinamico di porte per servizi RPC, come NIS e NFS. Può assegnare un esteso range di porte, ma presenta un meccanismo di autenticazione piuttosto debole e perciò è piuttosto difficile da rendere sicuro.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ L'implementazione di una policy di sicurezza in <code class="command">portmap</code> è indispensabile solo con le versioni v2 e v3 di NFS, giacchè la versione v4 non fa più uso di <code class="command">portmap</code>. Se si ha intenzione di implementare un server NFSv2 o NFSv3, allora occorre usare <code class="command">portmap</code> e seguire le seguenti indicazioni.
+ </div></div></div><div class="para">
+ Se si eseguono servizi RPC, seguire le seguenti regole di base.
+ </div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers">3.2.2.1. Proteggere portmap con TCP Wrapper</h4></div></div></div><div class="para">
+ Data la sua mancanza di una forma di autenticazione integrata, per limitare l'accesso di reti ed host al servizio <code class="command">portmap</code>, è importante usare TCP Wrapper.
+ </div><div class="para">
+ Inoltre, per limitare l'accesso al servizio, usare <span class="emphasis"><em>soltanto</em></span> indirizzi IP. Evitare di usare hostname, giacchè essi possono venir contraffatti da DNS fasulli e da altri metodi.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">3.2.2.2. Proteggere portmap con iptables</h4></div></div></div><div class="para">
+ Per ulteriormente restringere l'accesso al servizio <code class="command">portmap</code>, è una buona idea aggiungere regole iptables al server e restringere l'accesso a reti specifiche.
+ </div><div class="para">
+ Di seguito si riportano due comandi iptables. Il primo consente connessioni TCP dalla rete 192.168.0.0/24 alla porta 111 (usata dal servizio <code class="command">portmap</code>). Il secondo consente connessioni TCP da localhost (necessario al servizio <code class="command">sgi_fam</code> usato da <span class="application"><strong>Nautilus</strong></span>), alla stessa porta. Tutti gli altri pacchetti vengono scartati.
+ </div><pre class="screen">iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
+iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT</pre><div class="para">
+ Analogamente, per limitare il traffico UDP, usare il comando:
+ </div><pre class="screen">iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per maggiori informazioni sull'implementazione di firewall con comandi iptables, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Firewalls">Sezione 3.8, «Firewall»</a>.
+ </div></div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_NIS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Proteggere NIS</h3></div></div></div><div class="para">
+ <em class="firstterm">NIS</em> o <acronym class="acronym">Network Information Service</acronym>, è un servizio RPC denominato <code class="command">ypserv</code>, usato insieme a <code class="command">portmap</code> e ad altri servizi per distribuire username, password ed altre informazioni sensibili agli host registrati nel dominio.
+ </div><div class="para">
+ Un server NIS è costituito da varie applicazioni. Esse sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.yppasswdd</code> — Denominato servizio <code class="command">yppasswdd</code>, questo demone permette agli utenti di modificare la propria passowrd NIS.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.ypxfrd</code> — Denominato servizio <code class="command">ypxfrd</code>, questo demone è responsabile del trasferimento delle informazioni sensibili NIS nella rete.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/yppush</code> — Questa applicazione propaga le modifiche apportate nei database NIS ai server NIS.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/ypserv</code> — E' il demone del server NIS.
+ </div></li></ul></div><div class="para">
+ Secondo gli attuali standard di sicurezza, NIS è sostanzialmente poco sicuro. Esso non presenta alcun meccanismo di autenticazione degli host, trasmettendo tutte le informazioni senza alcuna cifratura, incluse le password hash. Di conseguenza, si richiede estrema attenzione alla configurazione di una rete che usi NIS. Come se non bastasse, ciò è ulteriormente complicato da una configurazione predefinita di NIS inerentemente poco sicura.
+ </div><div class="para">
+ Si raccomanda quindi, a chiunque voglia implementare un server NIS, di rendere prima di tutto sicuro il servizio <code class="command">portmap</code>, come indicato nella <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_Portmap">Sezione 3.2.2, «Proteggere Portmap»</a>, e successivamente risolvere al meglio i seguenti problemi, come la pianificazione della rete.
+ </div><div class="section" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network">3.2.3.1. Pianificare attentamente la rete</h4></div></div></div><div class="para">
+ Poichè NIS trasmette informazioni sensibili senza usare alcuna cifratura, è importante che il servizio esegua dietro un firewall e su una rete segmentata e fidata. Se tali informazioni si trovano a transitare su una rete non fidata, essi sono a rischio di intercettazione. Una progettazione attenta della rete può aiutare a prevenire falle irrimediabili di sicurezza.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">3.2.3.2. Usare una Password come Nome Dominio e Hostname</h4></div></div></div><div class="para">
+ Se l'utente conosce il nome di dominio e il nome di DNS del server NIS, ogni macchina del dominio NIS può ottenere, con opportuni comandi, informazioni dal server senza bisogno di autenticazione.
+ </div><div class="para">
+ Per esempio, se un utente connette un portatile alla rete o riesce ad accedere alla rete dall'esterno (ed a manomettere (spoof) un indirizzo IP interno), con il seguente comando potrebbe rivelare il contenuto del file <code class="command">/etc/passwd</code>:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> passwd</pre><div class="para">
+ Se l'attaccante è in grado di accedere come root, potrebbe ottenere il file <code class="command">/etc/shadow</code> con il comando:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> shadow</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se si usa Kerberos, il file <code class="command">/etc/shadow</code> non è salvato in un NIS.
+ </div></div></div><div class="para">
+ Per rendere più arduo ad un attaccante, l'accesso alle informazioni NIS, creare una stringa random per l'hostnome del DNS, come <code class="filename">o7hfawtgmhwg.domain.com</code> ed analogamente per il nome di dominio NIS, usando una stringa differente.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">3.2.3.3. Modificare il file <code class="filename">/var/yp/securenets</code></h4></div></div></div><div class="para">
+ Se il file <code class="filename">/var/yp/securenets</code> è vuoto o non esiste (come capita dopo una installazione predefinita), NIS è in ascolto su tutte le reti. Quindi, una delle prime operazioni da fare è di inserire nel file, coppie di netmask/network, in modo che <code class="command">ypserv</code> risponda solo alle richieste provenienti dalle reti specificate.
+ </div><div class="para">
+ Di seguito si riporta un esempio da un file <code class="filename">/var/yp/securenets</code>:
+ </div><pre class="screen">255.255.255.0 192.168.0.0</pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Non avviare mai un server NIS senza prima aver creato un file <code class="filename">/var/yp/securenets</code> adeguato.
+ </div></div></div><div class="para">
+ Questa tecnica, tuttavia, non offre protezione da un attacco di tipo IP spoofing, ma serve a limitare le reti servite da NIS.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">3.2.3.4. Assegnare porte statiche ed usare regole iptables</h4></div></div></div><div class="para">
+ A tutti i servizi NIS si possono assegnare porte specifiche, ad eccezione di <code class="command">rpc.yppasswdd</code> — il demone che permette agli utenti di modificare le password di accesso. Assegnando porte ai due demoni NIS, <code class="command">rpc.ypxfrd</code> e <code class="command">ypserv</code>, si possono creare regole di firewall, per proteggere ulteriormente i demoni NIS da potenziali intrusori.
+ </div><div class="para">
+ Per fare ciò, aggiungere la seguenti righe al file <code class="filename">/etc/sysconfig/network</code>:
+ </div><pre class="screen">YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"</pre><div class="para">
+ Per rinforzare la sicurezza, si possono poi essere usate le seguenti regole di iptables, che specificano le porte e la rete su cui il server resta in ascolto:
+ </div><pre class="screen">iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROP
+iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP</pre><div class="para">
+ Con queste impostazioni, il server, a prescindere dal protocollo, accetta connessioni sulle porte 834 e 835 solo dalla rete 192.168.0.0/24.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per maggiori informazioni sull'implementazione di firewall con comandi iptables, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Firewalls">Sezione 3.8, «Firewall»</a>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">3.2.3.5. Usare autenticazioni Kerberos</h4></div></div></div><div class="para">
+ La cosa importante da considerare quando si usa NIS per autenticazione, è che ogni volta che un utente accede ad una macchina, la password hash dal file <code class="filename">/etc/shadow</code> è trasmessa in chiaro sulla rete. Se un intrusore riesce ad intrufolarsi nel dominio NIS e ad intercettare il traffico di rete, egli potrebbe carpire username e password hash. In un tempo ragionevole, un programma di crack di password potrebbe indovinare password deboli e l'attaccante ottenere un valido account d'accesso.
+ </div><div class="para">
+ Poichè Kerberos usa chiavi cifrate, le password hash non sono mai trasmesse sulla rete, rendendo il sistema molto più sicuro. Per maggiori informazioni su Kerberos, vedere la <a class="xref" href="#sect-Security_Guide-Kerberos">Sezione 3.7, «Kerberos»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_NFS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Proteggere NFS</h3></div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ La versione NFSv4 inclusa in Fedora, non richiede più il servizio <code class="command">portmap</code>, come illustrato nella <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_Portmap">Sezione 3.2.2, «Proteggere Portmap»</a>. In tutte le versioni di NFS, il traffico viene trasmesso usando TCP e non più UDP. Inoltre NFSv4 ora include autenticazioni utente e di gruppo basati su Kerberos, parte integrante del modulo <code class="filename">RPCSEC_GSS</code> del kernel. Si includono informazioni anche su <code class="command">portmap</code>, giacchè Fedora supporta sia NFSv2 sia NFSv3 che utilizzano <code class="command">portmap</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">3.2.4.1. Pianificare attentamente la rete</h4></div></div></div><div class="para">
+ Ora che NFSv4 usa Keberos per trasmettere le informazioni (cifrate), è importante che il servizio venga correttamente configurato dietro un firewall o su una porzione di rete. NFSv2 ed NFSv3 continuano a trasmettre i dati in chiaro e di ciò va tenuto conto. Una accurata progettazione di rete, che tenga conto di ciò, aiuta a prevenire falle di sicurezza.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">3.2.4.2. Attenzione agli errori sintattici</h4></div></div></div><div class="para">
+ Il server NFS determina i file system da esportare e verso quali host, consultando il file <code class="filename">/etc/exports</code>. Prestare molta attenzione a non aggiungere spazi durante la modifica del file.
+ </div><div class="para">
+ Per esempio, la seguente riga nel file <code class="filename">/etc/exports</code>, condivide la directory <code class="command">/tmp/nfs/</code> con l'host <code class="command">bob.example.com</code> con permessi read/write.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com(rw)</pre><div class="para">
+ Invece a causa dello spazio dopo l'hostname, la seguente riga nel file <code class="filename">/etc/exports</code>, condivide la directory con l'host <code class="computeroutput">bob.example.com</code> in sola lettura, e la condivide con <span class="emphasis"><em>tutti gli altri</em></span> in lettura/scrittura.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com (rw)</pre><div class="para">
+ E' una buona norma verificare ogni condivisione NFS configurata, usando il comando <code class="command">showmount</code>:
+ </div><pre class="screen">showmount -e <em class="replaceable"><code><hostname></code></em></pre></div><div class="section" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">3.2.4.3. Non usare l'opzione <code class="command">no_root_squash</code></h4></div></div></div><div class="para">
+ Per impostazione, le condivisioni NFS modificano l'utente root nell'utente <code class="command">nfsnobody</code>, un account utente senza privilegi. Il risultato è che il proprietario di tutti i file creati da root diventa <code class="command">nfsnobody</code>, impedendo l'avvio di programmi setuid.
+ </div><div class="para">
+ Se si usa l'opzione <code class="command">no_root_squash</code>, un utente root remoto può modificare ogni file nel sistema condiviso e lasciare applicazioni malevoli, come trojan, che potrebbero essere inavvertitamente eseguiti da ignari utenti.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">3.2.4.4. Configurazione di firewall in NFS</h4></div></div></div><div class="para">
+ Le porte usate da NFS sono assegnate dinamicamente da rcpbind, che potrebbe causare problemi durante la creazione delle regole di firewall. Per semplificare il processo, usare il file <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> per specificare le porte da usare:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">MOUNTD_PORT</code> — Porta TCP e UDP per mountd (rpc.mountd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">STATD_PORT</code> — Porta TCP e UDP per lo stato (rpc.statd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_TCPPORT</code> — Porta TCP per nlockmgr (rpc.lockd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_UDPPORT</code> — Porta UDP per nlockmgr (rpc.lockd)
+ </div></li></ul></div><div class="para">
+ I numeri di porta specificati non devono essere usati da altri servizi. Configurare il firewall per autorizzare le porte specificate, insieme alla porte UDP e TCP 2049 (NFS).
+ </div><div class="para">
+ Usare il comando <code class="command">rpcinfo -p</code> sul server NFS per vedere le porte e i programmi RPC usati.
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Proteggere HTTP Apache</h3></div></div></div><div class="para">
+ Il server HTTP Apache è uno dei servizi più stabili e sicuri distribuiti con Fedora. Un gran numero di opzioni e tecniche sono disponibili per rendere sicuro il server HTTP Apache — troppe per essere analizzate tutte quì con la necessaria dovizia. La seguente sezione spiega brevemente, buone pratiche di utilizzo del server HTTP Apache.
+ </div><div class="para">
+ Verificare sempre che gli script in esecuzione sul sistema funzionino correttamente, <span class="emphasis"><em>prima </em></span> di renderli effettivi in sistemi di produzione. Inoltre, assicurarsi che soltanto l'utente root abbia permessi di scrittura nelle directory contenente script o CGI. Per fare ciò eseguire i seguenti comandi, come root:
+ </div><div class="orderedlist"><ol><li class="listitem"><pre class="screen">chown root <em class="replaceable"><code><directory_name></code></em></pre></li><li class="listitem"><pre class="screen">chmod 755 <em class="replaceable"><code><directory_name></code></em></pre></li></ol></div><div class="para">
+ Gli amministratori di sistema dovrebbero prestare la massima attenzione nell'uso delle seguenti direttive, configurabili in <code class="filename">/etc/httpd/conf/httpd.conf</code>:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><code class="option">FollowSymLinks</code></span></dt><dd><div class="para">
+ La direttiva è abilitata per impostazione; prestare la dovuta attenzione a non creare link simbolici al root document del server web. Per esempio, sarebbe una pessima idea creare un link simbolico a <code class="filename">/</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">Indexes</code></span></dt><dd><div class="para">
+ La direttiva è abilitata per impostazione, ma potrebbe non essere desiderabile. Per impedire ai visitatori di sfogliare i file sul server, disabilitare questa direttiva.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">UserDir</code></span></dt><dd><div class="para">
+ La direttiva <code class="option">UserDir</code>, è disabilitata per impostazione perchè può confermare la presenza di un account nel sistema. Per consentire la visualizzazione della directory di un utente, usare le seguenti direttive:
+ </div><pre class="screen">UserDir enabled
+UserDir disabled root</pre><div class="para">
+ Queste direttive consentono la navigazione nelle directory degli utenti, esclusa la directory <code class="filename">/root/</code>. Per aggiungere altre directory da disabilitare, aggiungere gli account utenti, separati da spazio, alla riga <code class="option">UserDir disabled</code>.
+ </div></dd></dl></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Non rimuovere la direttiva <code class="option">IncludesNoExec</code>. Per impostazione, il modulo <em class="firstterm">SSI</em> (<abbr class="abbrev">Server-Side Includes</abbr>) non può eseguire comandi. Si raccomanda di non cambiare questa impostazione a meno che non sia strettamente necessario, poichè potrebbe abilitare un attaccante ad eseguire comandi.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_FTP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Proteggere FTP</h3></div></div></div><div class="para">
+ <em class="firstterm">FTP</em> (<abbr class="abbrev">File Transfer Protocol</abbr>) è un vetusto protocollo TCP progettato per il trasferimento di file. Poichè tutte le transazioni con il server, inclusa l'autenticazione, sono in chiaro, FTP è considerato un protocollo non sicuro e perciò richiede opportune configurazioni.
+ </div><div class="para">
+ Fedora offre tre server FTP
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">gssftpd</code> — Un demone FTP che non trasmette informazioni di autenticazioni, basato su <code class="command">xinetd</code> e controllato da Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <span class="application"><strong>Red Hat Content Accelerator</strong></span> (<code class="command">tux</code>) — Un server web dello spazio kernel con capacità FTP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">vsftpd</code> — Un servizio FTP a sè stante orientato alla sicurezza.
+ </div></li></ul></div><div class="para">
+ Di seguito si indicano le linee guida per impostare un servizio FTP, <code class="command">vsftpd</code>.
+ </div><div class="section" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner">3.2.6.1. Greeting Banner FTP</h4></div></div></div><div class="para">
+ Prima di inviare le proprie credenziali di accesso (username e password), gli utenti vengono salutati con un banner di benvenuto. Per impostazione, il banner include informazioni sulla versione usata, che potrebbero essere maliziosamente usate da un cracker, note le vulnerabilità di sistema.
+ </div><div class="para">
+ Per modificare le impostazioni del banner, aggiungere la seguente direttiva al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">ftpd_banner=<em class="replaceable"><code><insert_greeting_here></code></em></pre><div class="para">
+ Sostituire <em class="replaceable"><code><insert_greeting_here></code></em> nella direttiva precedente con il messaggio di benvenuto.
+ </div><div class="para">
+ Per banner su più righe, conviene usare un file banner. Per semplificare la gestione di banner multipli, posizionare tutti i banner in una directory denominata <code class="filename">/etc/banners/</code>. In questo esempio, il file banner per connessioni FTP è <code class="filename">/etc/banners/ftp.msg</code>. Ecco un esempio di file banner:
+ </div><pre class="screen">######### # Hello, all activity on ftp.example.com is logged. #########</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Come specificato nella <a class="xref" href="#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Sezione 3.2.1.1.1, «TCP Wrapper e Connection Banner»</a>, non occorre iniziare ogni riga del file con <code class="command">220</code>.
+ </div></div></div><div class="para">
+ Per fare riferimento a questo file banner, aggiungere la seguente direttiva al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">banner_file=/etc/banners/ftp.msg</pre><div class="para">
+ Usando i TCP Wrapper, come descritto nella <a class="xref" href="#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Sezione 3.2.1.1.1, «TCP Wrapper e Connection Banner»</a>, è possibile inviare ulteriori banner alle connessioni in entrata.
+ </div></div><div class="section" id="sect-Security_Guide-Securing_FTP-Anonymous_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">3.2.6.2. Accesso anonimo</h4></div></div></div><div class="para">
+ La directory <code class="filename">/var/ftp/</code> attiva l'account anonimo.
+ </div><div class="para">
+ Il modo più semplice per creare la directory è di installare il pacchetto <code class="filename">vsftpd</code>. Il pacchetto crea una directory per utenti anonimi e configura in sola lettura la directory.
+ </div><div class="para">
+ Per impostazione, gli utenti anonimi non possono scrivere in nessuna directory.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si abilita l'accesso anonimo al server FTP, prestare attenzione a dove sono salvati i dati sensibili.
+ </div></div></div><div class="section" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">3.2.6.2.1. Upload anonimo</h5></div></div></div><div class="para">
+ Per consentire ad utenti anonimi di inviare file sul server, si raccomanda di creare una directory in sola scrittura in <code class="filename">/var/ftp/pub/</code>.
+ </div><div class="para">
+ Ecco la procedura; digitare il comando:
+ </div><pre class="screen">mkdir /var/ftp/pub/upload</pre><div class="para">
+ Poi, modificare i permessi in modo che gli utenti anonimi non possano vedere (o sfogliare) il contenuto della directory:
+ </div><pre class="screen">chmod 730 /var/ftp/pub/upload</pre><div class="para">
+ Un listato <span class="emphasis"><em>long format</em></span> della directory apparirebbe così:
+ </div><pre class="screen">drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload</pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Gli amministratori che permettono ad utenti anonimi di leggere e scrivere in directory, spesso scoprono che i loro server diventano repository di software pirata.
+ </div></div></div><div class="para">
+ Poi, aggiungere la seguente riga al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">anon_upload_enable=YES</pre></div></div><div class="section" id="sect-Security_Guide-Securing_FTP-User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">3.2.6.3. Account utenti</h4></div></div></div><div class="para">
+ Poichè FTP trasmette username e password in chiaro, è una buona norma vietare agli utenti l'accesso al server, con i loro account.
+ </div><div class="para">
+ Per disabilitare tutti gli account, aggiungere la seguente direttiva al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">local_enable=NO</pre><div class="section" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts">3.2.6.3.1. Restringere gli account utenti</h5></div></div></div><div class="para">
+ Per disabilitare gli accessi FTP ad utenti o gruppi specifici, come l'utente root e quelli con privilegi <code class="command">sudo</code>, si può usare un file di autenticazione PAM, come descritto nella <a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Sezione 3.1.4.2.4, «Disabilitare l'account root usando PAM»</a>. Il file di configurazione PAM relativo a <code class="command">vsftpd</code> è <code class="filename">/etc/pam.d/vsftpd</code>.
+ </div><div class="para">
+ E' anche possibile disabilitare gli account direttamente all'interno di ciascun servizio.
+ </div><div class="para">
+ Per disabilitare un account specifico, aggiungere lo username nel fie <code class="filename">/etc/vsftpd.ftpusers</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">3.2.6.4. Usare TCP Wrapper per il controllo degli accessi</h4></div></div></div><div class="para">
+ Consultare la <a class="xref" href="#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">Sezione 3.2.1.1, «Aumentare la sicurezza con TCP Wrapper»</a>, per controllare gli accessi al servizio FTP usando TCP Wrapper.
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Proteggere Sendmail</h3></div></div></div><div class="para">
+ Sendmail è un MTA (Mail Transfer Agent) che usa SMTP (Simple Mail Transfer Protocol) per trasferire posta elettronica tra altri MTA ed ai client di posta. Sebbene molti MTA siano capaci di cifrare le comunicazioni, la maggior parte di essi non lo sono, perciò spedire posta elettronica su una rete pubblica è considerato una forma di comunicazione inerentemente non sicura.
+ </div><div class="para">
+ A chiunque sia desideroso di implemetare un server Sendmail, si raccomanda di seguire le seguenti indicazioni.
+ </div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">3.2.7.1. Limitare un attacco tipo DoS</h4></div></div></div><div class="para">
+ Data la natura dei messaggi di posta elettronica, un attaccante potrebbe molto facilmente sovraccaricare il server inondandolo con flussi ininterrotti di messaggi (fllooding), causando un Denial of Service (DoS). Impostando i limiti alle seguenti direttive, presenti nel file <code class="filename">/etc/mail/sendmail.mc</code>, si limita il rischio legato a tali attacchi.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">confCONNECTION_RATE_THROTTLE</code> — Il numero di connessioni al secondo accettate dal server. Per impostazione, Sendmail non presenta un limite al numero di connessioni. Se viene impostato un limite ed esso viene superato, le future connessioni vengono ritardate.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_DAEMON_CHILDREN</code> — Il numero massimo di processi (child) generati dal processo server (parent). Per impostazione, Sendmail non assegna alcun limite al numero di processi child. Se viene impostato un limite e superato, le future connessioni vengono ritardate.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMIN_FREE_BLOCKS</code> — Il numero minimo di blocchi che devono rimanere liberi perchè il server continui a ricevere mail. Il valore predefinito è 100.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_HEADERS_LENGTH</code> — La dimensione massima, in byte, per l'intestazione (header) del messaggio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_MESSAGE_SIZE</code> — La dimensione massima, in byte, per un singolo messaggio.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">3.2.7.2. NFS e Sendamil</h4></div></div></div><div class="para">
+ Non porre mai la directory di coda delle mail, <code class="filename">/var/spool/mail/</code> su un volume condiviso NFS.
+ </div><div class="para">
+ Poichè NFSv2 ed NFSv3 non usano alcun controllo sugli ID degli utenti e dei gruppi, due o più utenti potrebbero risultare con lo stesso ID, e ricevere e leggere le mail reciproche.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Con NFSv4 che usa Kerberos, questo non è il caso, in quanto il modulo <code class="filename">SECRPC_GSS</code> del kernel, non fa uso di autenticazioni basate su ID. Comunque rimane valida la considerazione di <span class="emphasis"><em>non</em></span> porre la directory di coda delle mail su volumi condivisi NFS.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">3.2.7.3. Utenti di sola posta elettronica</h4></div></div></div><div class="para">
+ Per impedire che utenti locali possano attaccare il server Sendmail, sarebbe meglio limitare l'accesso al server solo tramite un programma di posta. Gli account di shell sul mail server non dovrebbero essere permessi e tutte le shell degli utenti, nel file <code class="filename">/etc/passwd</code>, dovrebbero essere impostate su <code class="command">/sbin/nologin</code> (con la possibile eccezione dell'utente root).
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Controllare le porte in ascolto</h3></div></div></div><div class="para">
+ Dopo aver configurato i servizi di rete, diventa di primaria importanza prestare la dovuta attenzione alle porte effettivamente in ascolto sulle interfacce di rete. Ogni porta aperta è un rischio di intrusione.
+ </div><div class="para">
+ Esistono due approcci di base per elencare le porte in ascolto. Quello meno affidabile è interrogare lo stack di rete usando comandi come <code class="command">netstat -an</code> o <code class="command">lsof -i</code>. Il metodo è poco affidabile, in quanto questi programmi non si connettono alla macchina dalla rete, ma controllano i servizi in esecuzione sul sistema. Per questo motivo, queste applicazioni sono frequenti obbiettivi degli attaccanti. I cracker, in genere, nascondono le tracce dei loro interventi sulle porte che sono riusciti ad aprire, sostituendo <code class="command">netstat</code> e <code class="command">lsof</code> con proprie versioni modificate.
+ </div><div class="para">
+ Un metodo più affidabile per controllare le porte aperte, è usare uno scanner come <code class="command">nmap</code>.
+ </div><div class="para">
+ Il seguente comando digitato in un terminale, determina le porte in ascolto su connessioni TCP:
+ </div><pre class="screen">nmap -sT -O localhost</pre><div class="para">
+ L'uscita del comando assomiglia a:
+ </div><pre class="screen">Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-08 19:00 CEST
+Nmap scan report for localhost (127.0.0.1)
+Host is up (0.00016s latency).
+Not shown: 1711 closed ports
+PORT STATE SERVICE
+22/tcp open ssh
+25/tcp open smtp
+111/tcp open rpcbind
+113/tcp open auth
+631/tcp open ipp
+834/tcp open unknown
+2601/tcp open zebra
+32774/tcp open sometimes-rpc11
+Device type: general purpose
+Running: Linux 2.6.X
+OS details: Linux 2.6.32.14-127.fc12.i686.PAE
+Network Distance: 0 hops
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 16.44 seconds</pre><div class="para">
+ L'output mostra i servizi in esecuzione. Nell'esempio, un sospetto potrebbe venire sul servizio <span class="emphasis"><em>unknown</em></span> in esecuzione sulla porta TCP 834. Per controllare se le porta è associata alla lista ufficiale dei servizi noti, si lancia il comando:
+ </div><pre class="screen">cat /etc/services | grep 834</pre><div class="para">
+ Nel caso dell'esempio non si ha alcun output. Quindi, nonostante la porta faccia parte di un range di porte riservate (0 - 1023), e la sua apertura richiederebbe il permesso di root, essa non è associata ad alcun servizio noto.
+ </div><div class="para">
+ Allora, si prova ad ottenere alcune informazioni sulla porta, usando il comando <code class="command">netstat</code> o <code class="command">lsof</code>. Per controllare la porta 834 con <code class="command">netstat</code>, si digita:
+ </div><pre class="screen">netstat -anp | grep 834</pre><div class="para">
+ Il comando restituisce il seguente output:
+ </div><pre class="screen">tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind</pre><div class="para">
+ La scoperta fatta con <code class="command">netstat</code> che la porta è aperta, è abbastanza rassicurante, poichè un cracker che apra furtivamente una porta non ne permetterebbe la rivelazione con questo comando. Inoltre, l'opzione <code class="option">[p]</code> rivela l'ID del processo (PID) che ha aperto la porta. In questo caso la porta appartiene a <code class="command">ypbind</code> (<abbr class="abbrev">NIS</abbr>) che è un servizio <abbr class="abbrev">RPC</abbr> gestito insieme al servizio <code class="command">portmap</code>.
+ </div><div class="para">
+ L'uscita del comando <code class="command">lsof</code> sarebbe molto simile al precedente, giacchè anch'esso è in grado di collegare le porte aperte ai servizi:
+ </div><pre class="screen">lsof -i | grep 834</pre><div class="para">
+ La porzione di output rilevante per il nostro esempio è:
+ </div><pre class="screen">ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)</pre><div class="para">
+ Questi strumenti rivelano una grande quantità di informazioni sullo stato dei servizi in esecuzione. Essi sono flessibili ed offrono una varietà di informazioni sui servizi e la configurazione di rete. Per maggiori informazioni vedere le pagine di man relative a <code class="command">lsof</code>, <code class="command">netstat</code>, <code class="command">nmap</code>, e <code class="filename">services</code>.
+ </div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Single_Sign_on_SSO" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduzione</h3></div></div></div><div class="para">
+ La funzionalità SSO di Fedora serve a ridurre il numero di autenticazioni richieste agli utenti Fedora. La maggior parte delle applicazioni sfruttano gli stessi meccanismi di autenticazione ed autorizzazione, cosicchè una volta loggati in Fedora, gli utenti non devono reinserire la loro password. Queste applicazioni sono illustrate più avanti.
+ </div><div class="para">
+ Inoltre, gli utenti possono accedere alle loro macchine anche in assenza di una connessione di rete (<em class="firstterm">modalità offline</em>), oppure in condizioni di connessioni inaffidabili, per esempio in accessi wireless. In quest'ultimo caso, il livello dei servizi risulterà leggermente degradato.
+ </div><div class="section" id="sect-Security_Guide-Introduction-Supported_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Applications">3.3.1.1. Applicazioni supportate</h4></div></div></div><div class="para">
+ Di seguito si elencano le applicazioni che attualmente supportano lo schema di accesso unificato in Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Login
+ </div></li><li class="listitem"><div class="para">
+ Salvaschermo
+ </div></li><li class="listitem"><div class="para">
+ Firefox e Thunderbird
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">3.3.1.2. Meccanismi di autenticazione supportati</h4></div></div></div><div class="para">
+ Fedora correntemente supporta i seguenti meccanismi di autenticazione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Login via nome/password Kerberos
+ </div></li><li class="listitem"><div class="para">
+ Login via Smart Card
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Smart_Cards"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Smart_Cards">3.3.1.3. Smart Card supportate</h4></div></div></div><div class="para">
+ Fedora è stato testato con il lettore e le smart-card Cyberflex, ma anche altre smart-card conformi alle specifiche Java card 2.1.1 e Global Platform 2.0.1 dovrebbero operare correttamente, come ogni lettore che sia supportato dalla piattaforma PCSC.
+ </div><div class="para">
+ Fedora è stato testato anche con lo standard Common Access Cards (CAC) (n.d.t. impiegato principalmente negli U.S.A. dal DoD). Il lettore supportato per CAC è l'SCM SCR 331 USB.
+ </div><div class="para">
+ Fedora supporta anche smart card Gemalto Cyberflex Access 64k v2, conformi con gli standard DER SHA-1 configurati come in PKCSI v2.1. Queste smart card ora usano lettori che si conformano alle norme CCID (Chip/Smart Card Interface Devices).
+ </div></div><div class="section" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">3.3.1.4. Vantaggi di Single Sign-on di Fedora</h4></div></div></div><div class="para">
+ Oggigiorno, esistono numerosi meccanismi di sicurezza che utilizzano una varietà di protocolli e di <span class="emphasis"><em>credential store</em></span>. Tra questi si ricordano SSL, SSH, IPsec e Kerberos. L'SSO di Fedora si propone di unificare questi schemi. Ciò non vuol dire sostituire Keberos con certificazioni X.509v3, quanto unificarli in modo da ridurre il carico di gestione sia agli utenti che agli amministratori.
+ </div><div class="para">
+ Per raggiungere questo obbiettivo Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Presenta, in ogni sistema operativo, una singola istanza condivisa delle librerie di criptazione NSS.
+ </div></li><li class="listitem"><div class="para">
+ Include il Sistema di Certficazione ESC (Enterprise Security Client), con il sistema operativo base. L'applicazione ESC intercetta gli eventi relativi all'inserzione delle samrt card. Se una smart card, conforme al Sistema di Certificazione usato in Fedora viene inserita nel sistema, ESC visualizza una interfaccia grafica istruendo l'utente su come registrare la smart card.
+ </div></li><li class="listitem"><div class="para">
+ Unifica Kerberos e NSS in modo che gli utenti che accedono al sistema usando una smart card, possano ottenere anche una credenziale Kerberos (in modo da poter accedere a file server ed altri servizi).
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Primo utilizzo di una nuova Smart Card</h3></div></div></div><div class="para">
+ Prima di poter usare la smart card sul proprio sistema e avvantaggiarsi delle possibilità di sicurezza offerte da questa tecnologia, occorre effettuare alcune installazioni e configurazioni, come descritto di seguito.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Questo paragrafo offre una descrizione generale su come iniziare ad usare la propria smart card. Per informazioni più dettagliate consultare "Red Hat Certificate System Enterprise Security Client Guide".
+ </div></div></div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Accedere con le proprie credenziali (nome/password) Kerberos.
+ </div></li><li class="step"><div class="para">
+ Assicurarsi che sia installato il pacchetto <code class="filename">nss-tools</code>.
+ </div></li><li class="step"><div class="para">
+ Scaricare ed installare i propri certificati. Usare il seguente comando per installare il root CA certificate:
+ </div><pre class="screen">certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i ./ca_cert_in_base64_format.crt</pre></li><li class="step"><div class="para">
+ Verificare che siano installati i seguenti pacchetti: esc, pam_pkcs11, coolkey, ifd-egate, ccid, gdm, authconfig, ed authconfig-gtk.
+ </div></li><li class="step"><div class="para">
+ Abilitare l'accesso via Smart Card
+ </div><ol class="a"><li class="step"><div class="para">
+ Nel menu di GNOME, selezionare Sistema->Amministrazione->Autenticazione.
+ </div></li><li class="step"><div class="para">
+ Inserire, quando richiesto, la password di root.
+ </div></li><li class="step"><div class="para">
+ Nella finestra di Configurazione dell'Autenticazione, selezionare la scheda <span class="guilabel"><strong>Autenticazione</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Spuntare la checkbox <span class="guilabel"><strong>Abilitare il supporto per Smart Card</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Cliccare sul bottone <span class="guibutton"><strong>Configura Smart Card...</strong></span> per modificare le impostazioni di Smartcard:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Richiedere smart card, per accedere</strong></span> — Disabilitare la checkbox. Una volta effettuato l'accesso con la smart card, si può abilitare questa opzione per impedire l'accesso senza una smart card.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>In caso di rimozione</strong></span> — Una volta effettuato l'accesso, questa opzione imposta alcuni eventi legati alla rimozione della smart card. Le opzioni possibili sono:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Blocca</strong></span> — La rimozione della smart card provoca il blocco dello schermo.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Ignora</strong></span> — La rimozione della smart card non provoca alcun effetto.
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </div></li></ol></li><li class="step"><div class="para">
+ Se occorre abilitare <abbr class="abbrev">OCSP</abbr> (Online Certificate Status Protocol), aprire il file <code class="filename">/etc/pam_pkcs11/pam_pkcs11.conf</code> e individuare la riga contenente la seguente opzione:
+ </div><div class="para">
+ <code class="command">enable_ocsp = false;</code>
+ </div><div class="para">
+ Modificare come indicato di seguito:
+ </div><div class="para">
+ <code class="command">enable_ocsp = true;</code>
+ </div></li><li class="step"><div class="para">
+ Registrare la smart card
+ </div></li><li class="step"><div class="para">
+ Se si usa una card CAC, occorre completare i seguenti passaggi:
+ </div><ol class="a"><li class="step"><div class="para">
+ Come utente root, creare un file denominato <code class="filename">/etc/pam_pkcs11/cn_map</code>.
+ </div></li><li class="step"><div class="para">
+ Al file <code class="filename">cn_map</code> appena creato, aggiungere la riga seguente:
+ </div><div class="para">
+ <em class="replaceable"><code>MY.CAC_CN.123454</code></em> -> <em class="replaceable"><code>myloginid</code></em>
+ </div><div class="para">
+ dove, <em class="replaceable"><code>MY.CAC_CN.123454</code></em> è il Common Name sulla propria card CAC e <em class="replaceable"><code>myloginid</code></em> è il proprio UID di accesso.
+ </div></li></ol></li><li class="step"><div class="para">
+ Logout
+ </div></li></ol></div><div class="section" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting">3.3.2.1. Risoluzione problemi</h4></div></div></div><div class="para">
+ In caso di problemi con la smart card, per localizzare la causa del problema provare ad usare il seguente comando (smart card registrata ed inserita nel lettore):
+ </div><pre class="screen">pklogin_finder debug</pre><div class="para">
+ Il comando <code class="command">pklogin_finder</code> in modalità debug, cerca di recuperare la validità dei certificati e di verificare se uno UID sia associato ad uno dei certificati presenti nella card.
+ </div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. Come funziona la registrazione di una Smart Card</h3></div></div></div><div class="para">
+ Le smart card vengono <em class="firstterm">registrate</em> nel momento in cui ricevono un certificato firmato da un <abbr class="abbrev">CA</abbr> (Autorità di Certificazione). Il processo involve diversi passaggi, descritti di seguito:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ L'utente inserisce la propria smart card in un lettore nei pressi della macchina. Questo evento è intercettato da <abbr class="abbrev">ESC</abbr> (Enterprise Security Client).
+ </div></li><li class="listitem"><div class="para">
+ Sul desktop dell'utente viene visualizzata la pagina di registrazione. L'utente inserisce le necessarie informazioni, dopodichè il sistema contatta il <abbr class="abbrev">TPS</abbr> (Token Processing System) e il <abbr class="abbrev">CA</abbr>.
+ </div></li><li class="listitem"><div class="para">
+ Il <abbr class="abbrev">TPS</abbr> registra la smart card usando un certificato firmato dal <abbr class="abbrev">CA</abbr>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Enrollment_Works-How_Smart_Card_Enrollment_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLoginEnrollment.png" width="444" alt="Come funziona la registrazione di una Smart Card" /><div class="longdesc"><div class="para">
+ Funzionamento della registrazione di una Smart Card.
+ </div></div></div></div><h6>Figura 3.4. Come funziona la registrazione di una Smart Card</h6></div><br class="figure-break" /></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. Come funziona l'accesso via Smart Card</h3></div></div></div><div class="para">
+ Questo paragrafo offre una breve panoramica sul processo di accesso usando smart card.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Quando l'utente inserisce la propria smart card nel lettore, l'evento è intercettato da PAM che chiede di inserire il PIN utente.
+ </div></li><li class="listitem"><div class="para">
+ Quindi, il sistema controlla i certificati attuali dell'utente e verifica la loro validità. Il certificato è successivamente associato all'UID dell'utente.
+ </div></li><li class="listitem"><div class="para">
+ Infine il KDC conferma e autorizza l'accesso.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Login_Works-How_Smart_Card_Login_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLogin.png" width="444" alt="Come funziona l'accesso via Smart Card" /><div class="longdesc"><div class="para">
+ Funzionamento dell'accesso via Smart Card
+ </div></div></div></div><h6>Figura 3.5. Come funziona l'accesso via Smart Card</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Non è possibile accedere al sistema con una card non registrata anche se formattata: per accedere al sistema, occorre possedere una card che sia formattata e registrata.
+ </div></div></div><div class="para">
+ Vedere la <a class="xref" href="#sect-Security_Guide-Kerberos">Sezione 3.7, «Kerberos»</a> e la <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>, per maggiori informazioni su Kerberos e <acronym class="acronym">PAM</acronym>.
+ </div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configurare Firefox ad usare Kerberos con SSO</h3></div></div></div><div class="para">
+ E' possibile configurare Firefox ad usare Kerberos con SSO. Perchè questa funzionalità operi correttamente, occorre configurare il browser in modo da inviare le credenziali Kerberos al <abbr class="abbrev">KDC</abbr> appropriato. Il seguente paragrafo descriverà i passi necessari per una corretta configurazione.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Per visualizzare le attuali opzioni di configurazione, nella barra degli indirizzi di Firefox digitare <strong class="userinput"><code>about:config</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Nel campo <span class="guilabel"><strong>Filter</strong></span>, digitare <strong class="userinput"><code>negotiate</code></strong> per restringere la lista delle opzioni.
+ </div></li><li class="listitem"><div class="para">
+ Fare doppio click sull'opzione <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span>, per visualizzare la finestra di dialogo <span class="emphasis"><em>Inserimento stringa</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ Inserire il nome del dominio entro cui si richiede di essere autenticati, per esempio <em class="replaceable"><code>example.com</code></em>.
+ </div></li><li class="listitem"><div class="para">
+ Ripetere i passi precedenti con il campo <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span>, usando lo stesso nome di dominio.
+ </div><div class="para">
+ <div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Si può lasciare vuoto questo campo, giacchè autorizza il passaggio dei ticket Kerberos, che non è richiesto.
+ </div><div class="para">
+ Se queste due opzioni di configurazione non sono elencate, si sta usando una versione di Firefox troppo vecchia, per cui si consiglia di effettuare un up-grade.
+ </div></div></div>
+
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Configuring_Firefox_for_SSO_with_Kerberos"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firefox_kerberos_SSO.png" width="444" alt="Configurazione di Firefox per SSO con Kerberos" /><div class="longdesc"><div class="para">
+ Configurazione di Firefox per SSO con Kerberos
+ </div></div></div></div><h6>Figura 3.6. Configurazione di Firefox per SSO con Kerberos</h6></div><br class="figure-break" /><div class="para">
+ A questo punto occorre assicurarsi di avere i ticket Kerberos. In un terminale, digitare <code class="command">kinit</code> per recuparare i ticket. Per visualizzare la lista dei ticket disponibili, digitare <code class="command">klist</code>. Di seguito si mostra un esempio di utilizzo di questi comandi:
+ </div><pre class="screen">[user at host ~] $ kinit
+Password for user at EXAMPLE.COM:
+
+[user at host ~] $ klist
+Ticket cache: FILE:/tmp/krb5cc_10920
+Default principal: user at EXAMPLE.COM
+
+Valid starting Expires Service principal
+10/26/06 23:47:54 10/27/06 09:47:54 krbtgt/USER.COM at USER.COM
+ renew until 10/26/06 23:47:54
+
+Kerberos 4 ticket cache: /tmp/tkt10920
+klist: You have no tickets cached</pre><div class="section" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting">3.3.5.1. Risoluzione problemi</h4></div></div></div><div class="para">
+ Se si sono seguiti i passaggi di configurazione indicati ma il processo di autenticazione non funziona, è possibile attivare in modalità verbosa, i messaggi del processo di autenticazione. In tal modo è possibile individuare la causa del problema. Per abilitare la modalità verbosa, seguire i seguenti passaggi:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Chiudere tutte le istanze di Firefox.
+ </div></li><li class="listitem"><div class="para">
+ Aprire un terminale e digitare i seguenti comandi:
+ </div><pre class="screen">export NSPR_LOG_MODULES=negotiateauth:5
+export NSPR_LOG_FILE=/tmp/moz.log</pre></li><li class="listitem"><div class="para">
+ Riavviare Firefox <span class="emphasis"><em>dal terminale</em></span> e visitare il sito che precedentemente dava problemi di autenticazione. I vari messaggi saranno registrati in <code class="filename">/tmp/moz.log</code>, dove una loro analisi potrà fornire una soluzione al problema. Per esempio:
+ </div><pre class="screen">-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
+-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
+No credentials cache found</pre><div class="para">
+ Nel caso sovraindicato non si hanno i ticket Kerberos, per cui occorre eseguire <code class="command">kinit</code>.
+ </div></li></ol></div><div class="para">
+ Se <code class="command">kinit</code> esegue con successo sulla propria macchina, ma l'autenticazione non riesce, allora nel file di log comparirà qualcosa del genere:
+ </div><pre class="screen">-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
+-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
+Server not found in Kerberos database</pre><div class="para">
+ Generalmente ciò indica un problema di configurazione di Kerberos. Assicurarsi che, siano esatte, le impostazioni nella sezione [domain_realm] del file <code class="filename">/etc/krb5.conf</code>. Per esempio:
+ </div><pre class="screen">.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ Se il file di log è vuoto, probabilmente si è dietro un proxy, il quale elimina le intestazioni HTTP necessarie per il processo di autenticazione. Un modo per raggirare il problema, consiste nel connettersi al server usando HTTPS, che permette alla richiesta di passare senza modificazioni. Quindi procedere alla fase di debug, ricorrendo come suggerito al file di log.
+ </div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Yubikey" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Yubikey">3.4. Yubikey</h2></div></div></div><div class="para">
+ Yubikey è un token di autenticazione hardware che utilizza software open source per operare. Questo token è un semplice dispositivo USB che compare come una tastiera sul computer. Il singolo tasto sul token fornisce una password usa e getta (OTP) che ad ogni pressione può essere usata per autenticare un utente. Attualmente sono presenti molte implementazioni di questa soluzione che saranno descritte in seguito.
+ </div><div class="section" id="sect-Security_Guide-Yubikey-Centralized_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Utilizzo di Yubikey con un server centralizzato</h3></div></div></div><div class="para">
+ Un modulo PAM è già presente nei repository di Fedora che consente l'autenticazione dei computer che possono contattare un server di autenticazione. Il server può essere sia impostato a livello dominio, oppure si può usare il server Yubico. Questo metodo di autenticazione è una grande soluzione aziendale dove più utenti possono richiedere l'accesso a molti computer sul dominio. I seguenti passaggi descrivono il setup.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Installare <span class="package">pam_yubico</span>
+ </div></li><li class="step"><div class="para">
+ Per due fattori di autenticazione aprire <code class="filename">/etc/pam.d/gdm-password</code> e trovare la seguente linea:
+ </div><div class="para">
+ <code class="command">auth substack password-auth </code>
+ </div><div class="para">
+ Su una nuova linea dopo la precedente aggiungere:
+ </div><div class="para">
+ <code class="command">auth sufficient pam_yubico.so id=16</code>
+ </div></li><li class="step"><div class="para">
+ Per usare in modo semplice il token yubikey senza la password rimuovere la prima linea dal precedente passaggio e sostituirla con la seconda.
+ </div></li><li class="step"><div class="para">
+ Trovare il token yubikey dal primo yubikey che si vuole aggiungere. Questa operazione può essere fatta guardando ai primi 12 caratteri di qualsiasi OTP oppure visitare <a href="http://radius.yubico.com/demo/Modhex_Calculator.php"><em class="citetitle">http://radius.yubico.com/demo/Modhex_Calculator.php</em></a> e copiare la stringa Modhex codificata dopo aver inserito un OTP nel box di testo della pagina.
+ </div></li><li class="step"><div class="para">
+ Aggiungere il yubikey dell'utente al file di configurazione. Ciò può essere fatto sia globalmente in <code class="filename">/etc/yubikey_mapping</code> oppure da utenti individuali in <code class="filename">~/.yubico/authorized_yubikeys</code>. Con la seguente sintassi:
+ </div><div class="para">
+ <code class="command">username:yubikey_token:another_yubikey_token</code>
+ </div></li><li class="step"><div class="para">
+ Eseguire il logout, quando si tenta di riaccedere si dovrebbe richiedere o la password oppure l'OTP yubikey o entrambi a seconda di come è stato configurato il sistema.
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Viene richiesta una connessione al server di autenticazione oppure non si verifica una corretta autenticazione. Ciò potrebbe essere dannoso in un sistema che non possiede una connessione ad internet costante.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Yubikey-Web_Sites"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Autenticazione ai siti web con la Yubikey</h3></div></div></div><div class="para">
+ Al di fuori dello scopo di questa guida Yubikey consente di autenticarsi sui siti web supportando questo metodo di autenticazione. Questi siti web normalmente supportano i server di autenticazione Yubico, ma alcuni potrebbero essere impostati in modo simile al sistema centralizzato di autenticazione. Yubico fornisce anche servizi OpenID che possono essere utilizzati con alcuni siti web.
+ </div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</h2></div></div></div><div class="para">
+ I programmi che autorizzano l'accesso ad un sistema, usano l'<em class="firstterm">autenticazione</em> per verificare l'identità degli utenti (autenticazione, vuol dire, stabilire che un utente è chi dice di essere).
+ </div><div class="para">
+ Nel passato, ogni programmi aveva un proprio modo per autenticare gli utenti. Con Fedora molti programmi sono stati configurati per usare un meccanismo di autenticazione centralizzato, denominato <acronym class="acronym">PAM</acronym> (Pluggable Authentication Modules).
+ </div><div class="para">
+ PAM presenta un architettura modulare, offrendo all'amministratore un alto grado di flessibilità per impostare le policy di autenticazione nel sistema.
+ </div><div class="para">
+ Nella maggior parte dei casi, il file di configurazione predefinito risulta pressochè sufficiente per una applicazione che usa PAM. Altre volte, risulta invece necessario editare un file PAM di configurazione. Poichè errori di configurazione possono compromettere la sicurezza del sistema, è importante capire la strutture di questi file prima di apportare qualsiasi modifica. Per maggiori informazioni, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">Sezione 3.5.3, «Formato del file di configurazione di PAM»</a>.
+ </div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Vantaggi di PAM</h3></div></div></div><div class="para">
+ PAM presenta i seguenti vantaggi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ uno schema di autenticazione comune che può essere usato in un'ampia varietà di applicazioni.
+ </div></li><li class="listitem"><div class="para">
+ significativa flessibilità e controllo sull'autenticazione, sia per gli amministratori sia per gli sviluppatori di applicazioni.
+ </div></li><li class="listitem"><div class="para">
+ una singola libreria completamente documentata, che permette agli sviluppatori di scrivere programmi senza bisogno di creare i propri schemi di autenticazione.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. File di configurazione di PAM</h3></div></div></div><div class="para">
+ La directory <code class="filename">/etc/pam.d/</code> contiene i file di configurazione di PAM di ciascuna applicazione che usa PAM. Nelle precedenti versioni di PAM veniva usato il file <code class="filename">/etc/pam.conf</code>, ora deprecato ed usato unicamente su sistemi che non hanno la directory <code class="filename">/etc/pam.d/</code>.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">3.5.2.1. File PAM del servizio</h4></div></div></div><div class="para">
+ Ogni applicazione o <em class="firstterm">servizio</em> che usi PAM, possiede un file nella directory <code class="filename">/etc/pam.d/</code>. Ciascun file di questa directory ha lo stesso nome del servizio di cui controlla l'accesso.
+ </div><div class="para">
+ Un programma che usa PAM è responsabile di definire il nome del servizio e di installare il proprio file di configurazione PAM nella directory <code class="filename">/etc/pam.d/</code>. Per esempio il programma <code class="command">login</code> definisce il suo nome di servizio come <code class="command">login</code> e installa il proprio file di configurazione PAM <code class="filename">/etc/pam.d/login</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. Formato del file di configurazione di PAM</h3></div></div></div><div class="para">
+ Ogni file di configurazione PAM contiene un gruppo di direttive strutturate come segue:
+ </div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em></pre><div class="para">
+ Ciascuno di questi elementi è spiegato nelle seguenti sezioni.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface">3.5.3.1. Module Interface</h4></div></div></div><div class="para">
+ Attaualmente sono disponibili quattro tipi di interfacce di moduli PAM. Ciascuna di esse corrisponde a un differente aspetto del processo di autenticazione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">auth</code> — Questa interfaccia autentica l'uso. Per esempio richiede e verifica la validità di una password. I moduli con questa interfaccia possono anche impostare credenziali, come l'appartenenza ad un gruppo o i ticket Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account</code> — Questa interfaccia verifica il permesso di accesso. Per esempio controlla la scadenza di un account o controlla il permesso di accesso in una data ora del giorno.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password</code> — Questa interfaccia è usata per modificare la password degli utenti.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">session</code> — Questa interfaccia configura e gestisce le sessioni. I moduli con questa interfaccia possono anche effettuare ulteriori operazioni necessarie in un accesso, come montare la home directory di un utente o rendere disponibile la casella di posta di un utente.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Un singolo modulo può presentare una o più interfacce. Per esempio <code class="filename">pam_unix.so</code> presenta tutte e quattro le interfacce.
+ </div></div></div><div class="para">
+ In un file di configurazione di PAM, l'interfaccia è il primo campo definito. Per esempio, una tipica riga in un file di configurazione è simile a questa:
+ </div><pre class="screen">auth required pam_unix.so</pre><div class="para">
+ Questa direttiva stabilisce di usare l'interfaccia <code class="command">auth</code> del modulo <code class="filename">pam_unix.so</code>.
+ </div><div class="section" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces">3.5.3.1.1. Impilare Module Interface</h5></div></div></div><div class="para">
+ Le direttive di interfaccia possono essere <span class="emphasis"><em>impilate</em></span>, ossia disposte una sull'altra, cosicchè più moduli possano essere usati per realizzare una certa finalità. Se il flag di controllo di un modulo ha il valore "sufficient" o "requisite" (sul significato di questi flag di controllo, fare riferimento alla <a class="xref" href="#sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">Sezione 3.5.3.2, «Control Flag»</a>), allora ai fini del processo di autenticazione è importante l'ordine in cui i moduli sono disposti nella lista.
+ </div><div class="para">
+ La disposizione in pila permette ad un amministratore di specificare le condizioni necessarie da soddisfare, prima di avviare il processo di autenticazione. Per esempio il comando <code class="command">reboot</code>, generalmente usa diversi moduli impilati, come si può vedere nel suo file di configurazione PAM:
+ </div><pre class="screen">[root at MyServer ~]# cat /etc/pam.d/reboot
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_console.so
+#auth include system-auth
+account required pam_permit.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ La prima riga è un commento e non viene presa in considerazione.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth sufficient pam_rootok.so</code> — Questa riga usa il modulo <code class="filename">pam_rootok.so</code> che verifica se l'utente corrente è l'utente root, controllando che il suo UID sia 0. Se il test ha successo, gli altri moduli non vengono presi in considerazione e il comando eseguito. Se il test fallisce, viene preso in considerazione il modulo successivo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_console.so</code> — Questa riga usa il modulo <code class="filename">pam_console.so</code> che tenta di autenticare l'utente. Se l'utente è gia loggato in un terminale, <code class="filename">pam_console.so</code> controlla se nella directory <code class="filename">/etc/security/console.apps/</code> esiste un file con lo stesso nome del servizio (reboot). Se il file esiste, l'autenticazione ha successo ed il controllo passa al modulo successivo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">#auth include system-auth</code> — Questa riga è un commento e perciò non processata.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_permit.so</code> — Questa riga usa il modulo <code class="filename">pam_permit.so</code> che consente all'utente root o ad altro utente loggato in un terminale di riavviare il sistema.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">3.5.3.2. Control Flag</h4></div></div></div><div class="para">
+ Tutti i moduli PAM quando vengono chiamati, danno un esito positivo o negativo. I flag di controllo, in base all'esito della chiamata, indicano a PAM cosa fare. I moduli possono essere impilati in un ordine particolare ed i flag determinano quanto sia rilevante un successo o fallimento di un dato modulo, nel processo di autenticazione dell'utente.
+ </div><div class="para">
+ Ci sono quattro flag di controllo predefiniti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">required</code> — Il risultato sul modulo deve essere positivo perchè l'autenticazione continui. Se il test fallisce in questo punto, l'utente non riceve alcuna notifica finchè non vengono completati tutti i test dei moduli che fanno riferimento all'interfaccia.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">requisite</code> — Il risultato sul modulo deve essere positivo perchè l'autenticazione continui. Comunque, se un test fallisce in questo punto, l'utente è immediatamente notificato con un messaggio che indica il primo test di modulo <code class="command">required</code> <span class="emphasis"><em>o</em></span> <code class="command">requisite</code> fallito.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sufficient</code> — Il risultato sul modulo viene ignorato in caso di fallimento. Inoltre, se il test di un modulo contrassegnato <code class="command">sufficient</code> ha successo <span class="emphasis"><em>e</em></span> nessun modulo precedente contrassegnato <code class="command">required</code> è fallito, allora non è richiesto nessun'altro test e l'utente è autenticato per il servizio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">optional</code> — Il risultato sul modulo viene ignorato. Un modulo contrassegnato con <code class="command">optional</code> non è rilevante per l'autenticazione, se esiste un'altra interfaccia che fa riferimento all'interfaccia stessa.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Non è critico l'ordine di chiamata dei moduli <code class="command">required</code>. Soltanto i flag <code class="command">sufficient</code> e <code class="command">requisite</code> fanno diventare importante l'ordine.
+ </div></div></div><div class="para">
+ Correntemente, è disponibile una nuova sintassi per i flag di controllo che consente un controllo più preciso su PAM.
+ </div><div class="para">
+ Le pagine di man su <code class="command">pam.d</code> e la documentazione su PAM nella directory <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code>, in cui <em class="replaceable"><code><version-number></code></em> è la versione di PAM sul proprio sistema, descrivono questa nuova sintassi in tutti i dettagli.
+ </div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">3.5.3.3. Module Name</h4></div></div></div><div class="para">
+ Il nome di un modulo consente a PAM di fare riferimento al modulo contenente la specifica interfaccia. Nelle precedenti versioni di Fedora, si usava indicare il percorso completo del modulo, nel file di configurazione di PAM. Inoltre, con la comparsa dei sistemi <em class="firstterm">multilib</em>, che utilizzano moduli PAM a 64 bit di <code class="filename">/lib64/security/</code>, il nome della directory viene omesso perchè l'applicazione è collegata alla versione <code class="filename">libpam</code> appropriata, in grado di localizzare la corretta versione del modulo.
+ </div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">3.5.3.4. Module Arguments</h4></div></div></div><div class="para">
+ Durante la fase di autenticazione, PAM usa <em class="firstterm">argomenti</em> per passare informazioni ad un modulo.
+ </div><div class="para">
+ Per esempio il modulo <code class="filename">pam_userdb.so</code>, usa le informazioni contenute in un file di database Berkley DB, per autenticare l'utente. Il Berkley DB è un database open source incluso in molte applicazioni. Il modulo accetta un argomento <code class="filename">db</code> che specifica il database da usare.
+ </div><div class="para">
+ Di seguito si riporta una riga tipica relativa a un modulo <code class="filename">pam_userdb.so</code> in un file di configurazione di PAM. Il <em class="replaceable"><code><path-to-file></code></em> rappresenta il percorso completo al file di database Berkley DB:
+ </div><pre class="screen">auth required pam_userdb.so db=<em class="replaceable"><code><path-to-file></code></em></pre><div class="para">
+ Il passaggio di argomenti non validi, <span class="emphasis"><em>generalmente</em></span> non altera il successo o fallimento della chiamata del modulo PAM. Comunque in caso di fallimento, gli errori sono riportati nel file <code class="filename">/var/log/secure</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Un esempio di file di configurazione di PAM</h3></div></div></div><div class="para">
+ Di seguito si riporta un esempio di file di configurazione di PAM:
+ </div><pre class="screen">#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_unix.so nullok
+auth required pam_nologin.so
+account required pam_unix.so
+password required pam_cracklib.so retry=3
+password required pam_unix.so shadow nullok use_authtok
+session required pam_unix.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ La prima riga è un commento, contrasseganta dal carattere "cancelletto" (<code class="command">#</code>) posto all'inizio della riga.
+ </div></li><li class="listitem"><div class="para">
+ Le righe comprese tra la seconda e la quarta impilano tre moduli per autenticare l'accesso.
+ </div><div class="para">
+ <code class="command">auth required pam_securetty.so</code> — Questo modulo controlla che il tty su cui l'utente si sta loggando sia presente nel file <code class="filename">/etc/securetty</code>, <span class="emphasis"><em>se</em></span> l'utente tenta di accedere come root.
+ </div><div class="para">
+ Se il tty non è presente, ogni tentativo di accedere come root fallisce con un messaggio <code class="computeroutput">Login errato</code>.
+ </div><div class="para">
+ <code class="command">auth required pam_unix.so nullok</code> — Questo modulo richiede all'utente una password e poi confronta la password usando le informazioni presenti nel file <code class="filename">/etc/passwd</code> e se esiste, nel file <code class="filename">/etc/shadow</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'argomento <code class="command">nullok</code> indica al modulo <code class="filename">pam_unix.so</code> di permettere l'uso di pasword vuote.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_nologin.so</code> — Questo modulo controlla se esiste il file <code class="filename">/etc/nologin</code>. Se il file esiste e l'utente non è l'utente root, l'autenticazione fallisce.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ In questo esempio, vengono controllati tutti e tre i moduli <code class="command">auth</code>, anche in caso di fallimento nel primo modulo. In tale situazione l'utente non sa a quale stadio sia fallita l'autenticazione, ed anche per un attaccante diventa più gravoso capire come crackare il sistema.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_unix.so</code> — Questo modulo verifica l'account. Per esempio verifica se è abilitata l'illegibilità delle password e l'interfaccia account del modulo <code class="filename">pam_unix.so</code> controlla la scedenza dell'account o se l'utente ha modificato la password nel periodo indicato.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_cracklib.so retry=3</code> — Se una password è scaduta, il componente relativo al modulo <code class="filename">pam_cracklib.so</code> richiede di inserire una nuova password. E poi verifica che la nuova password sia abbastanza robusta.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'argomento <code class="command">retry=3</code> specifica che se la verifica fallisce una prima volta, l'utente ha altre due possbilità per creare una password robusta.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_unix.so shadow nullok use_authtok</code> — Questa riga indica che per cambiare la password utente, occorre usare l'interfaccia <code class="command">password</code> del modulo <code class="filename">pam_unix.so</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'argomento <code class="command">shadow</code> indica che il modulo crea password illegibili durante l'aggiornamento di una password.
+ </div></li><li class="listitem"><div class="para">
+ L'argomento <code class="command">nullok</code> indica che il modulo permette all'utente di cambiare la propria password da una <span class="emphasis"><em>vuota</em></span> (una password vuota indica un account bloccato).
+ </div></li><li class="listitem"><div class="para">
+ L'ultimo argomento su questa riga, <code class="command">use_authtok</code>, è un esempio dell'importanza dell'ordinamento in una pila di moduli PAM. Questo argomento indica di non richiedere di inserire una nuova password. Infatti, si accetta qualsiasi password accettata da un modulo precedente. In questo caso tutte le nuove password devono superare la verifica del modulo <code class="filename">pam_cracklib.so</code> che garantisce password sicure.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">session required pam_unix.so</code> — La riga finale indica all'interfaccia della sessione del modulo <code class="filename">pam_unix.so</code> di gestire la sessione. Questo modulo registra nel file <code class="filename">/var/log/secure</code> il nome utente e il tipo di servizio, all'inizio ed alla fine di ogni sessione. Questo modulo può essere integrato con altri moduli di sessione per ulteriori funzionalità.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creare moduli PAM</h3></div></div></div><div class="para">
+ E' possibile creare o aggiungere in ogni momento, nuovi moduli PAM alle applicazioni che usano PAM.
+ </div><div class="para">
+ Per esempio, uno sviluppatore potrebbe sviluppare un metodo per generare password "usa e getta" e realizzare un modulo PAM di supporto. Poi, i programmi che usano PAM possono immediatamente usare il nuovo modulo ed il nuovo programma di generazione password, senza bisogno di ricompilazioni o di altre modifiche.
+ </div><div class="para">
+ Questo consente agli sviluppatori ed agli amministratori di mescolare insieme, come pure testare metodi di autenticazione su differenti programmi, senza bisogno di ricompilazione.
+ </div><div class="para">
+ La documentazione relativa alla realizzazione di moduli è inclusa nella directory <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code>, dove <em class="replaceable"><code><version-number></code></em> è la versione di PAM in uso nel sistema.
+ </div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. Caching delle credenziali PAM ed Amministrative</h3></div></div></div><div class="para">
+ In Fedora, un numero di strumenti amministrativi permette agli utenti di ottenere elevati privilegi per un periodo di cinque minuti, tramite il modulo <code class="filename">pam_timestamp.so</code>. E' importante capire il funzionamento di questo meccanismo, perchè un utente che si allontani da un terminale mentre <code class="filename">pam_timestamp.so</code> è ancora in vita, lascia la macchina aperta a manipolazioni da parte di chiunque possa fisicamente accedere al terminale incustodito.
+ </div><div class="para">
+ Nello schema di temporizzazione di PAM, l'applicazione di amministrazione grafica richiede all'utente di inserire la password di root. Ad autenticazione avvenuta, il modulo <code class="filename">pam_timestamp.so</code> crea un file a marca temporale. Per impostazione, il file viene creato nella directory <code class="filename">/var/run/sudo/</code>. Se il file esiste già, l'interfaccia non richiede la password. Infatti il modulo <code class="filename">pam_timestamp.so</code> sovrascrive il file a marca temporale esistente, riservando altri cinque minuti di accesso amministrativo all'utente.
+ </div><div class="para">
+ Si può controllare l'attuale stato del file a marca temporale, ispezionando il file <code class="filename">/var/run/sudo/<user></code>. Nell'uso desktop, il file rilevante è <code class="filename">unknown:root</code>. Se è presente e la sua marca temporale è inferiore a cinque minuti, le credenziali sono ancora valide.
+ </div><div class="para">
+ L'esistenza del file a marca temporale, è confermata da un'icona di autenticazione che appare nell'area di notifica del pannello.
+ </div><div class="figure" id="figu-Security_Guide-PAM_and_Administrative_Credential_Caching-The_Authentication_Icon"><div class="figure-contents"><div class="mediaobject"><img src="images/authicon.png" alt="L'Icona di Autenticazione" /><div class="longdesc"><div class="para">
+ Icona di Autenticazione
+ </div></div></div></div><h6>Figura 3.7. L'Icona di Autenticazione</h6></div><br class="figure-break" /><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File">3.5.6.1. Rimuovere il file a marca temporale</h4></div></div></div><div class="para">
+ Prima di lasciare incustodita una macchina in cui sia attiva una temporizzazione di PAM, si raccomanda di distruggere il file contenente la marca temporale. Per fare questo in un ambiente grafico, cliccare l'icona di autenticazione nel <span class="emphasis"><em>system tray</em></span>.
+ </div><div class="figure" id="figu-Security_Guide-Removing_the_Timestamp_File-Dismiss_Authentication_Dialog"><div class="figure-contents"><div class="mediaobject"><img src="images/auth-panel.png" width="444" alt="Rimuovere l'Autenticazione" /><div class="longdesc"><div class="para">
+ Rimuovere l'Autenticazione.
+ </div></div></div></div><h6>Figura 3.8. Rimuovere l'Autenticazione</h6></div><br class="figure-break" /><div class="para">
+ Occorre prestare attenzione ai seguenti aspetti del file a marca temporale di PAM:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Se l'accesso avviene da remoto usando <code class="command">ssh</code>, usare il comando <code class="command">/sbin/pam_timestamp_check -k root</code> per eliminare il file a marca temporale
+ </div></li><li class="listitem"><div class="para">
+ Occorre lanciare il comando <code class="command">/sbin/pam_timestamp_check -k root</code> dallo stesso terminale da cui è stata avviata l'applicazione privilegiata.
+ </div></li><li class="listitem"><div class="para">
+ Occorre essere loggati con l'account dell'utente che ha originariamente invocato il modulo <code class="filename">pam_timestamp.so</code>, per poter usare il comando <code class="command">/sbin/pam_timestamp_check -k</code>. Non accedere come utente root per eseguire questo comando.
+ </div></li><li class="listitem"><div class="para">
+ Se si vuole eliminare le credenziali sul desktop (senza usare l'cona <span class="guibutton"><strong>Dimentica Autorizzazione</strong></span>), usare il seguente comando:
+ </div><pre class="screen">/sbin/pam_timestamp_check -k root </dev/null >/dev/null 2>/dev/null</pre><div class="para">
+ Eventuali fallimenti del comando rimuovono soltanto le credenziali (se presenti) dal tty da cui è stato eseguito il comando.
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni sull'uso del comando <code class="command">pam_timestamp_check</code>, per eliminare il file a marca temporale, fare riferimento alle pagine di man relative a <code class="filename">pam_timestamp_check</code>.
+ </div></div><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">3.5.6.2. Comuni direttive di pam_timestamp</h4></div></div></div><div class="para">
+ Il modulo <code class="filename">pam_timestamp.so</code> accetta diverse direttive. Le seguenti sono le due opzioni più comunemente usate:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">timestamp_timeout</code> — Specifica il periodo di validità del file a marca temporale (in secondi). Il valore predefinito è 300 (5 minuti).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">timestampdir</code> — Specifica la directory in cui è salvato il file a marca temporale. Il valore predefinito è <code class="command">/var/run/sudo/</code>.
+ </div></li></ul></div><div class="para">
+ Vedere la <a class="xref" href="#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Sezione 3.8.9.1, «Documentazione installata riguardante i firewall»</a>, per maggiori informazioni su come gestire il modulo <code class="filename">pam_timestamp.so</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. Proprietario di PAM e di Dispositivo</h3></div></div></div><div class="para">
+ In Fedora, il primo utente che accede al terminale della macchina, può manipolare certi dispositivi ed effettuare certe operazioni normalmente pertinenti all'utente root. Tale controllo avviene tramite un modulo di PAM, denominato <code class="filename">pam_console.so</code>.
+ </div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">3.5.7.1. Il proprietario di Dispositivo</h4></div></div></div><div class="para">
+ Quando un utente accede ad un sistema Fedora, il modulo <code class="filename">pam_console.so</code> è chiamato da <code class="command">login</code> o dal programma d'accesso grafico usato, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span> o <span class="application"><strong>xdm</strong></span>. Se l'utente è il primo ad accedere ad una console fisica — riferito anche come <em class="firstterm">console user</em> — il modulo attribuisce all'utente il diritto di proprietà su una verietà di dispositivi normalmente attrbuiti all'utente root. Il <em class="firstterm">console user</em> rimane il proprietario di questi dispositivi fino al termine della sua ultima sessione locale. Una volta uscito, l'utente root torna ad essere il proprietario.
+ </div><div class="para">
+ I dispositivi interessati includono, ma non solo, schede audio, drive di dischetti e drive CD.
+ </div><div class="para">
+ Questa possibilità permette ad un utente locale di manipolare questi dispositivi, senza bisogno di accedere come utente root, semplificando così comuni compiti al <em class="firstterm">console user</em>.
+ </div><div class="para">
+ E' possibile modificare la lista dei dispositivi controllati dal modulo <code class="filename">pam_console.so</code>, modificando i seguenti file:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms.d/50-default.perms</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Nei file indicati, si possono cambiare i permessi anche a dispositivi che non fanno parte della lista oppure si possono modificare le impostazioni predefinite. Piuttosto che modificare direttamente il file <code class="filename">50-default.perms</code>, si consiglia di creare un nuovo file (per esempio <code class="filename"><em class="replaceable"><code>xx</code></em>-name.perms</code>), in cui inserire le modifiche richieste. Il nome del nuovo file predefinito, deve iniziare con un numero maggiore di 50 (per esempio, <code class="filename">51-default.perms</code>). In questo modo il sistema PAM non terrà conto del file predefinito <code class="filename">50-default.perms</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se il file di configurazione del gestore dello schermo, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span> o <span class="application"><strong>xdm</strong></span> è stato modificato per consentire l'accesso da remoto <span class="emphasis"><em>e</em></span> l'host è configurato per eseguire al runlevel 5, allora si raccomanda di modificare le direttive <code class="command"><console></code> e <code class="command"><xconsole></code>, nel file <code class="filename">/etc/security/console.perms</code> con i seguenti valori:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0
+<xconsole>=:0\.[0-9] :0</pre><div class="para">
+ Ciò serve ad impedire ad utenti remoti di accedere ai dispositivi ed alle applicazioni riservate della macchina.
+ </div><div class="para">
+ Se il file di configurazione del gestore dello schermo, è stato modificato per permettere l'accesso da remoto <span class="emphasis"><em>e</em></span> l'host è stato configurato per eseguire ad un qualsiaisi runlevel multi-utente diverso da 5, si raccomanda di rimuovere completamente la direttiva <code class="command"><xconsole></code> e di modificare la direttiva <code class="command"><console></code> con il seguente valore:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]*</pre></div></div></div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">3.5.7.2. Accesso alle Applicazioni</h4></div></div></div><div class="para">
+ Il <em class="firstterm">console user</em> ha anche accesso a certi programmi i cui utilizzi sono configurati nella directory <code class="filename">/etc/security/console.apps/</code>
+ </div><div class="para">
+ Questa directory contiene i file di configurazione che abilitano il <em class="firstterm">console user</em> ad eseguire certe applicazioni presenti nelle directory <code class="filename">/sbin</code> e <code class="filename">/usr/sbin</code>.
+ </div><div class="para">
+ Questi file di configurazione hanno lo stesso nome delle applicazioni di cui conservano le impostazioni.
+ </div><div class="para">
+ Un gruppo importante di applicazioni a cui ha accesso il <em class="firstterm">console user</em>, è costituito da quelle applicazioni che consento di spegnere o riavviare il sistema:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/halt</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/reboot</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/poweroff</code>
+ </div></li></ul></div><div class="para">
+ Poichè queste applicazioni sono supportate da PAM, il loro utilizzo richiede che sia chiamato il modulo <code class="filename">pam_console.so</code>.
+ </div><div class="para">
+ Per maggiori informazioni, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Sezione 3.8.9.1, «Documentazione installata riguardante i firewall»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Ulteriori risorse</h3></div></div></div><div class="para">
+ Le seguenti risorse spiegano ulteriormente i metodi da usare per configurare PAM. In aggiunta a queste, si consiglia di investigare i file di configurazione presenti nel sistema per meglio comprendere la loro struttura.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">3.5.8.1. Documentazione su PAM installata</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Pagine man relative a PAM — Sono disponibili diverse pagine di man sulle varie applicazioni e sui file di configurazione riguardanti PAM. Di seguito si riporta un elenco delle più importanti pagine di man:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">File di configurazione</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">pam</code> — Una buona introduzione a PAM con una spiegazione della struttura e degli impieghi dei file di configurazione di PAM.
+ </div><div class="para">
+ Notare che questa pagina di man, descrive sia il file <code class="filename">/etc/pam.conf</code> sia i singoli file di configurazione nella directory <code class="filename">/etc/pam.d/</code>. Per impostazione, Fedora usa file di configurazione individuali, in <code class="filename">/etc/pam.d/</code>, ignorando completamente <code class="filename">/etc/pam.conf</code> (anche se presente).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_console</code> — Descrive lo scopo del modulo <code class="filename">pam_console.so</code>. Descrive anche la sintassi appropriata per ogni direttiva nel file di configurazione di PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.apps</code> — Descrive il formato e le opzioni disponibili nel file di configurazione <code class="filename">/etc/security/console.apps</code>, che specifica le applicazioni accessibili al <em class="firstterm">console user</em> assegnate da PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.perms</code> — Descrive il formato e le opzioni disponibili nel file di configurazione <code class="filename">/etc/security/console.perms</code>, che specifica i permessi assegnati da PAM al <em class="firstterm">console user</em>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_timestamp</code> — Descrive il modulo <code class="filename">pam_timestamp.so</code>.
+ </div></li></ul></div></dd></dl></div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em></code> — Contiene <em class="citetitle">System Administrators's Guide</em>, <em class="citetitle">Module Writers' Manual</em> e <em class="citetitle">Application Developers' Manual</em>, come pure una copia dello standard PAM, DCE-RFC 86.0, in cui <em class="replaceable"><code><version-number></code></em> è la versione di PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/txts/README.pam_timestamp</code> — Contiene informazioni sul modulo <code class="filename">pam_timestamp.so</code>, in cui <em class="replaceable"><code><version-number></code></em> è la versione di PAM.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">3.5.8.2. Siti web utili su PAM</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — Il sito web principale del progetto Linux-PAM, con informazioni sui vari moduli di PAM, una FAQ e documenti.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ La documentazione presente nel sito sopra citato, riguarda la versione di PAM più recente e potrebbe non essere conforme al 100% alla versione inclusa in Fedora.
+ </div></div></div></li></ul></div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrapper e xinetd</h2></div></div></div><div class="para">
+ Controllare l'accesso ai servizi di rete, è una delle operazioni di sicurezza più importanti che un amministratore di server deve fronteggiare. E Fedora offre diversi strumenti al riguardo. Per esempio, un firewall basato su regole <code class="command">iptables</code> che filtra i pacchetti indesiderati, nell'ambito dello stack di rete del kernel; <em class="firstterm">TCP Wrapper</em> che aggiungono un ulteriore livello di protezione definendo gli host autorizzati/non autorizzati a connettersi ai servizi di rete, "<span class="emphasis"><em>wrapped</em></span>". Un esempio di servizio <span class="emphasis"><em>wrapped</em></span> (avvolto, coperto), è il <span class="emphasis"><em>super server</em></span> <code class="systemitem">xinetd</code>. Il servizio è detto <span class="emphasis"><em>super server</em></span> perchè controlla le connessioni in un insieme ristretto di servizi, raffinando ulteriormente il controllo d'accesso.
+ </div><div class="para">
+ La <a class="xref" href="#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services">Figura 3.9, «Controllo d'accesso ai servizi di rete»</a> schematizza il funzionamento complessivo degli strumenti a protezione dei servizi di rete.
+ </div><div class="figure" id="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"><div class="figure-contents"><div class="mediaobject"><img src="images/tcp_wrap_diagram.png" alt="Controllo d'accesso ai servizi di rete" /><div class="longdesc"><div class="para">
+ Exhibit A: Flowchart di Access Control ai Network Services
+ </div></div></div></div><h6>Figura 3.9. Controllo d'accesso ai servizi di rete</h6></div><br class="figure-break" /><div class="para">
+ Questo capitolo si concentra sul ruolo dei TCP Wrapper e di <code class="systemitem">xinetd</code> nel controllare l'accesso ai servizi di rete e mostra come impiegare questi strumenti per migliorare sia i messaggi di log sia la gestione dei servizi controllati. Per informazioni sull'uso di firewall, con regole <code class="command">iptables</code>, fare riferimento alla <a class="xref" href="#sect-Security_Guide-IPTables">Sezione 3.9, «IPTables»</a>.
+ </div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrapper</h3></div></div></div><div class="para">
+ Il pacchetto TCP Wrapper (<code class="filename">tcp_wrappers</code>) viene installato automaticamente in ogni sistema Fedora e fornisce controlli d'accesso basati su host. Il componente principale del pacchetto è costituito dalla libreria <code class="filename">libwrap.a</code>. In termini generali, un servizio TCP-Wrapped è un servizio compilato usando la libreria <code class="filename">libwrap.a</code>
+ </div><div class="para">
+ Quando si effettua una connessione ad un servizio TCP-Wrapped, il servizio dapprima fa riferimento ai file d'accesso degli host (<code class="filename">/etc/hosts.allow</code> e <code class="filename">/etc/hosts.deny</code>), verificando se il client è autorizzato a connettersi. Poi, nella maggior parte dei casi, usa il demone syslog (<code class="systemitem">syslogd</code>) per registrare il nome del client ed il servizio richiesto nel file <code class="filename">/var/log/secure</code> o <code class="filename">/var/log/messages</code>.
+ </div><div class="para">
+ Se il client è autorizzato, TCP Wrapper rilascia il controllo della connessione al servizio, senza alcuna ulteriore interposizione nella comunicazione tra client e server.
+ </div><div class="para">
+ Oltre al controllo d'accesso e al logging, TCP Wrapper durante la fase di connessione, ossia prima di negare o passare il controllo al servizio, può eseguire comandi d'interazione con il client.
+ </div><div class="para">
+ Poichè i TCP Wrapper sono un valore aggiunto per l'arsenale di strumenti a disposizione di ogni amministratore, i principali servizi di rete in Fedora sono linkati alla libreria <code class="filename">libwrap.a</code>. Tra di essi figurano <code class="systemitem">/usr/sbin/sshd</code>, <code class="command">/usr/sbin/sendmail</code> e <code class="systemitem">/usr/sbin/xinetd</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per verificare se un servizio è linkato alla libreria <code class="filename">libwrap.a</code>, come utente root digitare il comando:
+ </div><pre class="screen">ldd <binary-name> | grep libwrap</pre><div class="para">
+ Sostituire <em class="replaceable"><code><binary-name></code></em> con il nome del servizio di rete.
+ </div><div class="para">
+ Se il comando restituisce un output vuoto, allora il servizio <span class="emphasis"><em>non</em></span> è linkato.
+ </div><div class="para">
+ Di seguito si riporta l'output di un servizio (<code class="systemitem">/usr/sbin/sshd</code>) linkato:
+ </div><pre class="screen">[root at myServer ~]# ldd /usr/sbin/sshd | grep libwrap
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
+[root at myServer ~]#</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">3.6.1.1. Vantaggi dei TCP Wrapper</h4></div></div></div><div class="para">
+ Un TCP Wrapper fornisce i seguenti vantaggi rispetto ad altre tecniche di controllo dei servizi di rete:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transparenza nei confronti sia del client sia del servizio di rete wrapped</em></span> — Sia il client sia il servizio wrapped sono inconsapevoli dell'impiego di TCP wrapper. Gli utenti legittimati vengono connessi al servizio, mentre quelli non legittimati vengono bloccati.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gestione centralizzata di protocolli multipli</em></span> — I TCP Wrapper operano in maniera indipendente dai servizi e consentono, a molte applicazioni server, di condividere un insieme comune di file di configurazione di controllo d'accesso, semplificando la gestione.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. File di configurazione di TCP Wrapper</h3></div></div></div><div class="para">
+ Per determinare se un client può connettersi ad un servizio, i TCP Wrapper fanno riferimento ai seguenti due file, comunemente denominati file degli <em class="firstterm">host access</em>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.allow</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.deny</code>
+ </div></li></ul></div><div class="para">
+ Quando un servizio TCP-Wrapped riceve una richiesta da un client, il sistema effettua i seguenti passaggi:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Fa referimento a <code class="filename">/etc/hosts.allow</code>.</em></span> — Il servizio TCP-wrapped scorre in sequenza il file <code class="filename">/etc/hosts.allow</code>, applicando la prima regola definita per il servizio. Se esiste una regola compatibile, la connessione viene autorizzata; altrimenti continua con il passaggio successivo.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Fa referimento a <code class="filename">/etc/hosts.deny</code>.</em></span> — Il servizio TCP-wrapped scorre in sequenza il file <code class="filename">/etc/hosts.deny</code>. Se esiste una regola compatibile, la connessione viene negata; altrimenti autorizza l'accesso al servizio.
+ </div></li></ol></div><div class="para">
+ Di seguito si riportano alcune importanti considerazioni sull'utilizzo dei TCP Wrapper :
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Poichè le regole di accesso elencate in <code class="filename">hosts.allow</code> sono applicate per prima, esse hanno la precedenza sulle regole specificate in <code class="filename">hosts.deny</code>. Quindi, se l'accesso ad un servizio è permesso secondo <code class="filename">hosts.allow</code>, una eventuale regola di divieto presente in <code class="filename">hosts.deny</code> viene ignorata.
+ </div></li><li class="listitem"><div class="para">
+ Le regole in ciascun file sono lette dalla cima verso il basso, e la prima regola trovata è l'unica che viene applicata. Quindi è rilevante l'ordine d'inserimento.
+ </div></li><li class="listitem"><div class="para">
+ L'accesso al servizio è garantito, se i file non esistono o se in entrambi i file non esiste alcuna regola per il servizio.
+ </div></li><li class="listitem"><div class="para">
+ I servizi TCP-wrapped non caricano in memoria (in cache) le regole dei file d'accesso, perciò ogni modifica apportata ai file <code class="filename">hosts.allow</code> o <code class="filename">hosts.deny</code> ha effetto immediato, senza bisogno di riavviare i servizi.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se l'ultima riga di un file d'accesso non termina con un carattere di ritorno a capo (newline, ossia premendo il tasto <span class="keycap"><strong>Invio</strong></span>), l'ultima regola nel file fallisce restituendo un messaggio di errore in <code class="filename">/var/log/messages</code> e <code class="filename">/var/log/secure</code>. Lo stesso accade per una regola suddivisa su più righe che non terminano con il carattere backslash (\). Il seguente esempio illustra una porzione di un messaggio di log relativo ad una regola che fallisce a causa delle circostanze citate:
+ </div><pre class="screen">warning: /etc/hosts.allow, line 20: missing newline or line too long</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules">3.6.2.1. Formattare le Regole di Accesso</h4></div></div></div><div class="para">
+ Il formato è identico per entrambi i file <code class="filename">/etc/hosts.allow</code> e <code class="filename">/etc/hosts.deny</code>. Ogni regola deve trovarsi sulla propria linea. Le linee vuote o che iniziano con il carattere diesis o cancelletto (#) vengono ignorate.
+ </div><div class="para">
+ Ogni regola usa il seguente formato base per controllare l'accesso ai servizi di rete:
+ </div><pre class="screen"><em class="replaceable"><code><daemon list></code></em>: <em class="replaceable"><code><client list></code></em> [: <em class="replaceable"><code><option></code></em>: <em class="replaceable"><code><option></code></em>: ...]</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="replaceable"><code><daemon list></code></em> — Un elenco di nomi di processo (<span class="emphasis"><em>non</em></span> nomi di servizio), separati da virgole o il termine riservato <code class="option">ALL</code>. L'elenco accetta anche operatori, garantendo una grande flessibilità d'utilizzo (<a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Operators">Sezione 3.6.2.1.4, «Operatori»</a>).
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><client list></code></em> — Un elenco di hostname, indirizzi IP, pattern speciali o termini riservati, separati da virgole, che identificano gli host interessati dalla regola. L'elenco accetta anche operatori (<a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Operators">Sezione 3.6.2.1.4, «Operatori»</a>).
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><option></code></em> — Un'azione opzionale o un elenco di azioni da eseguire, separate da virgole, all'intercettazione di una regola. Il campo option supporta espansioni, comandi di shell, permette/autorizza l'accesso e permette di modificare il comportamento dei messaggi di log.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Maggiori informazioni sui termini indicati, si trovano in altre sezioni di questa Guida:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Wildcards">Sezione 3.6.2.1.1, «Wildcards»</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Patterns">Sezione 3.6.2.1.2, «Pattern»</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Option_Fields-Expansions">Sezione 3.6.2.2.4, «Espansioni»</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">Sezione 3.6.2.2, «Campi Opzioni»</a>
+ </div></li></ul></div></div></div><div class="para">
+ Di seguito si riporta un esempio di una semplice regola d'accesso:
+ </div><pre class="screen">vsftpd : .example.com</pre><div class="para">
+ Questa regola indica di controllare le connessioni provenienti dagli host del dominio <code class="systemitem">example.com</code> e dirette verso il demone FTP (<code class="systemitem">vsftpd</code>). Se la regola si trova nel file <code class="filename">hosts.allow</code>, la connessione viene accettata. Se invece si trova in <code class="filename">hosts.deny</code>, la connessione viene rifiutata.
+ </div><div class="para">
+ L'esempio successivo è leggermente più complesso, accettando due opzioni:
+ </div><pre class="screen">sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny</pre><div class="para">
+ Notare la presenza del carattere backslash (\) davanti ad ogni opzione. L'uso del backslash evita che una regola fallisca, a causa della sua lunghezza per un errore sintattico.
+ </div><div class="para">
+ Questa regola stabilisce di intercettare ogni host del dominio <code class="systemitem">example.com</code> che tenti una connessione con il demone SSH (<code class="systemitem">sshd</code>), nel qual caso, il comando <code class="command">echo</code> trascrive ora e data del tentativo nel file di log specificato e la connessione viene impedita. Poichè si usa la direttiva opzionale <code class="command">deny</code>, questa regola vieta l'acceso anche se si trova nel file <code class="filename">hosts.allow</code>. Per un analisi più dettagliata sulle opzioni disponibili, vedere la <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">Sezione 3.6.2.2, «Campi Opzioni»</a>.
+ </div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards">3.6.2.1.1. Wildcards</h5></div></div></div><div class="para">
+ I termini riservati o wildcard, permettono ai TCP Wrapper di intercettare più facilmente gruppi di demoni o host. Essi sono impiegati frequentemente nel campo della lista dei client di una regola.
+ </div><div class="para">
+ I termini riservati sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ALL</code> — Intercetta tutto. Può essere usato sia nelle lista dei demoni sia in quella dei client.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">LOCAL</code> — Intercetta tutti gli host il cui hostname non contiene un punto (.), come localhost.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">KNOWN</code> — Intercetta tutti gli host di cui si conosce l'hostname e l'indirizzo o l'utente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">UNKNOWN</code> — Intercetta tutti gli host di cui si non conosce l'hostname o l'indirizzo o l'utente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PARANOID</code> — Intercetta tutti gli host il cui hostname non corrisponde all'indirizzo host.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ I termini <code class="option">KNOWN</code>, <code class="option">UNKNOWN</code> e <code class="option">PARANOID</code> dovrebbero essere impiegati con attenzione, poichè il loro corretto funzionamento si basa su server DNS. Ogni fallimento nella risoluzione di un nome impedisce ad utenti legittimati di ottenere l'accesso al servizio richiesto.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Patterns"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Patterns">3.6.2.1.2. Pattern</h5></div></div></div><div class="para">
+ I pattern possono essere usati nel campo della lista dei client, per specificare gruppi di client.
+ </div><div class="para">
+ Di seguito si riporta una elenco di pattern comuni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Hostname che iniziano con un punto (.)</em></span> — Ponendo un punto davanti ad un hostname, si intercettano tutti gli host che condividono le stesse componenti del nome. Il seguente esempio si applica ad ogni host del dominio <code class="systemitem">example.com</code>:
+ </div><pre class="screen">ALL : .example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Indirizzo IP con un punto (.) finale </em></span> — Inserendo un punto finale ad un indirizzo IP si intercettano tutti gli host che condividono lo stesso gruppo numerico iniziale dell'indirizzo IP. Il seguente esempio si applica a tutti gli host della rete <code class="systemitem">192.168.x.x</code>:
+ </div><pre class="screen">ALL : 192.168.</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Coppia indirizzo-IP/netmask</em></span> — Le netmask possono essere usate come pattern per controllare gli accessi di un particolare gruppo di indirizzi IP. Per esempio la riga seguente si applica ad ogni host che rientri nel range di indirizzi <code class="systemitem">192.168.0.0</code> - <code class="systemitem">192.168.1.255</code>:
+ </div><pre class="screen">ALL : 192.168.0.0/255.255.254.0</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Se si opera nello spazio di indirizzamento IPv4, non si può usare la coppia indirizzo/lunghezza-del-prefisso (<em class="firstterm">prefixlen</em>) (in notazione <abbr class="abbrev">CIDR</abbr>). Soltanto le regole IPv6 possono avvalersi di questo formato.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Coppia [IPv6 address]/prefixlen</em></span> — Le coppie [net]/prefixlen possono essere usate come pattern per controllare l'accesso di un particolare gruppo di indirizzi IPv6. Il seguente esempio si applica ad ogni host, con un indirizzo compreso tra <code class="systemitem">3ffe:505:2:1::</code> e <code class="systemitem">3ffe:505:2:1:ffff:ffff:ffff:ffff</code>:
+ </div><pre class="screen">ALL : [3ffe:505:2:1::]/64</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>L'asterisco (*)</em></span> — I caratteri asterisco possono essere usati per intercettare interi gruppi di hostname o indirizzi IP, purchè non siano mescolati in una lista di client, contenenti altri tipi di pattern. Il seguente esempio si applica ad ogni host del dominio <code class="systemitem">example.com</code>:
+ </div><pre class="screen">ALL : *.example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Lo slash (/)</em></span> — Se una lista di client inizia con uno slash, esso viene trattato come un nome di file. Ciò è molto utile quando occorre specificare un gran numero di host. Il seguente esempio riguarda il file <code class="filename">/etc/telnet.hosts</code>:
+ </div><pre class="screen">in.telnetd : /etc/telnet.hosts</pre></li></ul></div><div class="para">
+ Esistono anche altri pattern, di uso meno frequente. Per maggiori informazioni, fare riferimento alle pagine di man 5, relative a <code class="filename">hosts_access</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Prestare molta attenzione a quando si usano hostname e nomi di dominio. Gli attaccanti possono usare una varietà di trucchi per ingannare il server DNS. Inoltre, l'errato funzionamento del DNS impedisce anche agli utenti autorizzati di usare i servizi di rete. Si raccomanda quindi di usare, quando possibile, indirizzi IP.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers">3.6.2.1.3. Portmap e TCP Wrapper</h5></div></div></div><div class="para">
+ L'implementazione di TCP Wrapper per <code class="command">portmap</code> non supporta l'host look-up (risoluzione di un IP da un hostname), perciò <code class="command">portmap</code> non può usare l'hostname per identificare l'host. Di conseguenza, le regole di controllo di portmap nei file <code class="filename">hosts.allow</code> o <code class="filename">hosts.deny</code> devono usare indirizzi IP o il termine riservato <code class="option">ALL</code>, per specificare gli host.
+ </div><div class="para">
+ Inoltre, le modifiche alle regole di controllo in <code class="command">portmap</code> non hanno effetto immediato, ma occorre riavviare il servizio <code class="command">portmap</code> perchè le modifiche abbiano effetto.
+ </div><div class="para">
+ Servizi ampiamente usati come NIS ed NFS, dipendono da <code class="command">portmap</code> per poter funzionare: si tenga conto di queste limitazioni.
+ </div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Operators"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Operators">3.6.2.1.4. Operatori</h5></div></div></div><div class="para">
+ Attualmente, le regole di controllo accettano un solo operatore, <code class="option">EXCEPT</code>. Può essere usato sia nell'elenco dei demoni di una regola sia in quello dei client.
+ </div><div class="para">
+ L'operatore <code class="option">EXCEPT</code> permette di includere nell'ambito di una regola specifiche eccezioni, estendendo/restringendo il suo campo d'azione.
+ </div><div class="para">
+ Nel seguente esempio, gli host del dominio <code class="systemitem">example.com</code> escluso <code class="systemitem">cracker.example.com</code>, possono connettersi a tutti i servizi:
+ </div><pre class="screen">ALL: .example.com EXCEPT cracker.example.com</pre><div class="para">
+ In quest'altro esempio, estratto da un file <code class="filename">hosts.allow</code>, i client della rete <code class="systemitem">192.168.0.<em class="replaceable"><code>x</code></em></code> possono usare tutti i servizi, escluso FTP:
+ </div><pre class="screen">ALL EXCEPT vsftpd: 192.168.0.</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per questioni pratiche, si consiglia un uso moderato dell'operatore <code class="option">EXCEPT</code>, onde evitare agli amministratori (colleghi) di ricercare <span class="emphasis"><em>anche</em></span> gli host esclusi dall'operatore <code class="option">EXCEPT</code>, tra quelli autorizzati e quelli non autorizzati.
+ </div></div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">3.6.2.2. Campi Opzioni</h4></div></div></div><div class="para">
+ L'implementazione in Fedora dei TCP Wrapper, oltre alle regole di base per specificare permessi o divieti d'accesso, supporta estensioni al linguaggio di controllo usando <em class="firstterm">option fields</em>. Usando questi campi, si può modificare il livello dei messaggi di log, consolidare il controllo ed avviare comandi di shell.
+ </div><div class="section" id="sect-Security_Guide-Option_Fields-Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">3.6.2.2.1. Logging</h5></div></div></div><div class="para">
+ I campi opzione permettono di modificare il comportamento e il livello di priorità dei messaggi di log di una regola, usando la direttiva <code class="option">severity</code>.
+ </div><div class="para">
+ Nel seguente esempio, i messaggi di log per le connessioni dal dominio <code class="systemitem">example.com</code> e dirette verso il demone SSH, sono registrate nella facility predefinita <code class="option">authpriv</code> (non essendo specificato un valore per la facility), di <code class="option">syslog</code> con priorità <code class="option">emerg</code>:
+ </div><pre class="screen">sshd : .example.com : severity emerg</pre><div class="para">
+ E' anche possibile specificare una facility usando l'opzione <code class="option">severity</code>. Il seguente esempio registra i messaggi di log di ogni connessione SSH dal dominio <code class="systemitem">example.com</code> nella facility <code class="option">local0</code> con priorità <code class="option">alert</code>:
+ </div><pre class="screen">sshd : .example.com : severity local0.alert</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Perchè l'esempio funzioni, occorre che il demone <code class="systemitem">syslogd</code> sia configurato per registare i messaggi di log nella facility <code class="command">local0</code>. Per maggiori informazioni sulla configurazione di messaggi di log non predefiniti, vedere le pagine di man su <code class="filename">syslog.conf</code>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Option_Fields-Access_Control"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">3.6.2.2.2. Controllo d'Accesso</h5></div></div></div><div class="para">
+ I campi opzione con la direttiva <code class="option">allow</code> o <code class="option">deny</code> posta alla fine di una regola, consentono esplicitamente di autorizzare o vietare host.
+ </div><div class="para">
+ Per esempio le seguenti due regole, autorizzano le connessioni SSH da <code class="systemitem">client-1.example.com</code>, mentre negano le identiche connessioni da <code class="systemitem">client-2.example.com</code>:
+ </div><pre class="screen">sshd : client-1.example.com : allow
+sshd : client-2.example.com : deny</pre><div class="para">
+ Quindi partendo da una regola base, il campo opzione consente di consolidare tutte le regole d'accesso in un singolo file: nel file <code class="filename">hosts.allow</code> o nel <code class="filename">hosts.deny</code>. Per alcuni amministratori tale metodo è una maniera semplice di organizzare le regole d'accesso.
+ </div></div><div class="section" id="sect-Security_Guide-Option_Fields-Shell_Commands"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">3.6.2.2.3. Comandi di shell</h5></div></div></div><div class="para">
+ I campi opzione, attraverso le seguenti due direttive, permettono di avviare comandi di shell:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">spawn</code> — Avvia un comando di shell come un processo figlio. Questa direttiva può essere usata, per esempio, con il comando <code class="command">/usr/sbin/safe_finger</code> per ottenere maggiori informazioni sul client o per creare speciali file di log, usando il comando <code class="command">echo</code>.
+ </div><div class="para">
+ Nel seguente esempio, si registrano in un speciale file di log, i client del dominio <code class="systemitem">example.com</code> che tentano di accedere al servizio Telnet:
+ </div><pre class="screen">in.telnetd : .example.com \
+ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
+ : allow</pre></li><li class="listitem"><div class="para">
+ <code class="command">twist</code> — Sostituisce il servizio richiesto con il comando specificato. Questa direttiva è spesso usata per impostare trappole per intrusori (anche dette "honey pots"). Può essere usata anche per inviare messaggi ai client. La direttiva <code class="command">twist</code> deve essere inserita alla fine della regola.
+ </div><div class="para">
+ Nel seguente esempio, i client del dominio <code class="systemitem">example.com</code> che tentano di accedere al servizio FTP sono avvisati con un messaggio, usando il comando <code class="command">echo</code>:
+ </div><pre class="screen">vsftpd : .example.com \
+ : twist /bin/echo "421 This domain has been black-listed. Access denied!"</pre></li></ul></div><div class="para">
+ Per maggiori informazioni sulle opzioni dei comandi di shell, fare riferimento alle pagine di man relative a <code class="filename">hosts_options</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Option_Fields-Expansions"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">3.6.2.2.4. Espansioni</h5></div></div></div><div class="para">
+ Le espansioni quando usate insieme alle direttive <code class="command">spawn</code> e <code class="command">twist</code>, forniscono informazioni su client, server e processi coinvolti.
+ </div><div class="para">
+ Di seguito si riporta un elenco di espansioni supportate:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">%a</code> — Restituisce l'indirizzo IP del client
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%A</code> — Restituisce l'indirizzo IP del server
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%c</code> — Restituisce varie informazioni sul client, come username e hostname, o username e indirizzo IP
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%d</code> — Restituisce il nome del processo
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%h</code> — Restituisce l'hostname (o l'IP, se l'hostname non è disponibile), del client
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%H</code> — Restituisce l'hostname (o l'IP, se l'hostname non è disponibile), del server
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%n</code> — Restituisce l'hostname del client. Se non è disponibile, viene restituito <code class="computeroutput">unknown</code>. Se l'hostname e l'indirizzo non coincidono, viene restituito <code class="computeroutput">paranoid</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%N</code> — Restituisce l'hostname del server. Se non è disponibile, viene restituito <code class="computeroutput">unknown</code>. Se l'hostname e l'indirizzo non coincidono, viene restituito <code class="computeroutput">paranoid</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%p</code> — Restituisce l'ID del processo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%s</code> — Restituisce varie informazioni sul server, come il processo demone e l'hostname o l'IP del server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%u</code> — Restituisce lo username del client. Se non è disponibile, viene restituito <code class="computeroutput">unknown</code>.
+ </div></li></ul></div><div class="para">
+ Nel seguente esempio, si usa una espansione con il comando <code class="command">spawn</code>, per identificare l'host del client che viene registrato in un file di log speciale.
+ </div><div class="para">
+ Ogni tentativo di connessione al servizio SSH (<code class="systemitem">sshd</code>), da un host del dominio <code class="systemitem">example.com</code>, lancia il comando <code class="command">echo</code> che registra il tentativo, con l'hostname del client (usando l'espansione <code class="option">%h</code>), in un file speciale:
+ </div><pre class="screen">sshd : .example.com \
+ : spawn /bin/echo `/bin/date` access denied to %h>>/var/log/sshd.log \
+ : deny</pre><div class="para">
+ In modo analogo, le espansioni possono essere usate per personalizzare i messaggi inviati al client. Nel seguente esempio, i client che tentano di accedere ai servizi FTP dal dominio <code class="systemitem">example.com</code>, vengono informati di essere stati bloccati (banned) dal server:
+ </div><pre class="screen">vsftpd : .example.com \
+: twist /bin/echo "421 %h has been banned from this server!"</pre><div class="para">
+ Per una completa spiegazione delle espansioni, come pure sulle ulteriori opzioni di controllo d'accesso, fare riferimento alle pagine di man 5, relative a <code class="filename">hosts_access</code> (<code class="command">man 5 hosts_access</code>) ed alle pagine di man su <code class="filename">hosts_options</code>.
+ </div><div class="para">
+ Per maggiori informazioni sui TCP Wrapper, fare riferimento alla <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">Sezione 3.6.5, «Ulteriori risorse»</a>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</h3></div></div></div><div class="para">
+ Il demone <code class="systemitem">xinetd</code> è un <em class="firstterm">super servizio</em> TCP-wrapped, che controlla gli accessi in un sotto-gruppo di servizi di uso comune come FTP, IMAP e Telnet. Fornisce anche, per servizi specifici, opzioni di configurazione per controllo d'accesso, messaggi di log, binding, redirection e per l'utilizzo delle risorse.
+ </div><div class="para">
+ Quando un client tenta di connettersi ad un servizio di rete controllato da <code class="systemitem">xinetd</code>, il super servizio prende la richiesta e controlla le regole imposte dal TCP Wrapper.
+ </div><div class="para">
+ Se l'accesso è consentito, successivamente <code class="systemitem">xinetd</code> controlla che la connessione sia permessa dalle proprie regole d'accesso. Inoltre controlla se il servizio possa allocare più risorse di quelle consentite e se infranga una qualche regola.
+ </div><div class="para">
+ Se sono soddisfatte tutte queste condizioni (ossia, è consentito l'accesso; il servizio non supera le risorse allocabili; ed il servizio di rete non infrange nessuna regola), allora <code class="systemitem">xinetd</code> avvia una istanza del servizio di rete, passando il controllo della connessione al servizio di rete. Una volta stabilita la connessione, <code class="systemitem">xinetd</code> termina la propria partecipazione alla comunicazione tra client e server.
+ </div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. File di configuratione di xinetd</h3></div></div></div><div class="para">
+ I file di configurazione di <code class="systemitem">xinetd</code> sono i seguenti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> — Il file di configurazione globale di <code class="systemitem">xinetd</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> — La directory con tutti i file di servizio specifici.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File">3.6.4.1. Il file /etc/xinetd.conf</h4></div></div></div><div class="para">
+ Il file <code class="filename">/etc/xinetd.conf</code> contiene le impostazioni di configurazione generale dei serivizi controllati da <code class="systemitem">xinetd</code>. Esso viene letto al primo avvio di <code class="systemitem">xinetd</code>, perciò ogni variazione alla configurazione richiede il riavvio di <code class="systemitem">xinetd</code>. Di seguito si riporta un estratto di un file <code class="filename">/etc/xinetd.conf</code>:
+ </div><pre class="screen">defaults
+{
+ instances = 60
+ log_type = SYSLOG authpriv
+ log_on_success = HOST PID
+ log_on_failure = HOST
+ cps = 25 30
+}
+includedir /etc/xinetd.d</pre><div class="para">
+ Le righe controllano i seguenti aspetti di <code class="systemitem">xinetd</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">instances</code> — Specifica il numero massimo di richieste simultanee processate da <code class="systemitem">xinetd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_type</code> — Specifica di usare la facility di log <code class="command">authpriv</code> che invia i messaggi di log nel file <code class="filename">/var/log/secure</code>. Aggiungendo una direttiva del tipo <code class="option">FILE /var/log/xinetdlog</code>, <code class="systemitem">xinetd</code> crea un file di log specifico di nome <code class="filename">xinetdlog</code> nella directory <code class="filename">/var/log/</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_success</code> — Specifica di registrare tutte le connessioni riuscite. Per impostazione, sono registrati l'indirizzo IP dell'host remoto e l'ID di processo del servizio richiesto.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Specifica di registrare le connessioni non riuscite o negate.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Specifica di accettare al massimo 25 connessioni al secondo per servizio. Superato il limite, il servizio viene fermato per 30 secondi.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">includedir</code> <code class="filename">/etc/xinetd.d/</code> — Specifica di includere le opzioni dichiarate nei file di configurazione dei servizi, contenuti nella directory <code class="filename">/etc/xinetd.d/</code>. (Vedere la <a class="xref" href="#sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">Sezione 3.6.4.2, «La directory /etc/xinetd.d/»</a>).
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Spesso, le impostazioni <code class="option">log_on_success</code> e <code class="option">log_on_failure</code>, nel file <code class="filename">/etc/xinetd.conf</code>, vengono influenzate dai file di configurazione dei servizi specifici. Quindi, un file di log di un dato servizio può risultare molto più ricco di informazioni di quanto richiesto dalle sole impostazioni di <code class="filename">/etc/xinetd.conf</code>. Per maggiori informazioni, vedere la <a class="xref" href="#sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">Sezione 3.6.4.3.1, «Opzioni di log»</a>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">3.6.4.2. La directory /etc/xinetd.d/</h4></div></div></div><div class="para">
+ La directory <code class="filename">/etc/xinetd.d/</code> contiene i file di configurazione di tutti i servizi gestiti da <code class="systemitem">xinetd</code>. Analogamente a <code class="filename">xinetd.conf</code>, questa directory è letta al primo avvio di <code class="systemitem">xinetd</code>. Ogni modifica ai file di configurazione richiede il riavvio di <code class="systemitem">xinetd</code>.
+ </div><div class="para">
+ Il formato dei file in <code class="filename">/etc/xinetd.d/</code> usa le stesse convenzioni del file <code class="filename">/etc/xinetd.conf</code>. Il motivo principale che porta ad avere file di configurazione distinti per servizio è di rendere i servizi meno soggetti ad influenze reciproche e di facilitare la loro configurazione.
+ </div><div class="para">
+ Per meglio comprendere la struttura interna di questi file, si consideri il file <code class="filename">/etc/xinetd.d/krb5-telnet</code>:
+ </div><pre class="screen">service telnet
+{
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ disable = yes
+}</pre><div class="para">
+ Le linee controllano vari aspetti del servizio <code class="command">telnet</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">service</code> — Specifica il nome del servizio, generalmente uno dei servizi presenti nel file <code class="filename">/etc/services</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">flags</code> — Imopsta un attributo sulla connessione. Per esempio l'attributo <code class="option">REUSE</code> specifica di riusare il socket per una connessione Telnet.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ L'uso del flag <code class="option">REUSE</code> è deprecato. Tutti i servizi ora usano implicitamente il flag <code class="option">REUSE</code>.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">socket_type</code> — Imposta il tipo di socket, in questo caso <code class="option">stream</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">wait</code> — Specifica se il servizio è single-thread (<code class="option">yes</code>) o multi-thread (<code class="option">no</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">user</code> — Specifica l'ID utente che ha avviato il processo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">server</code> — Specifica l'eseguibile da avviare.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Specifica i parametri dei messaggi di log di <code class="option">log_on_failure</code>, integrando quelli già definiti in <code class="filename">xinetd.conf</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">disable</code> — Specifica se il servizio è disabilitato (<code class="option">yes</code>) o abilitato (<code class="option">no</code>).
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni sulle opzioni disponibili, consultare le pagine di man relative a <code class="filename">xinetd.conf</code>.
+ </div></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">3.6.4.3. Modificare i file di configurazione di xinetd</h4></div></div></div><div class="para">
+ I servizi protetti da <code class="systemitem">xinetd</code> dispongono di una serie di direttive. Questa sezione illustra quelle maggiormente usate.
+ </div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">3.6.4.3.1. Opzioni di log</h5></div></div></div><div class="para">
+ Le seguenti opzioni di log sono impiegabili sia in <code class="filename">/etc/xinetd.conf</code> sia nei file di configurazione della directory <code class="filename">/etc/xinetd.d/</code> per i particolari servizi.
+ </div><div class="para">
+ Le opzioni di logging più comunemente usate sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ATTEMPT</code> — Registra un tentativo di connessione fallito (<code class="option">log_on_failure</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DURATION</code> — Registra per quanto tempo è stato usato il servizio (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">EXIT</code> — Registra lo stato d'uscita o il segnale di interruzione del servizio (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">HOST</code> — Registra l'indirizzo IP dell'host remoto (<code class="option">log_on_failure</code> e <code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PID</code> — Registra l'ID del processo server (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">USERID</code> — Registra l'utente remoto secondo il metodo definito in RFC 1413 per i servizi stream multi-thread (<code class="option">log_on_failure</code> e <code class="option">log_on_success</code>).
+ </div></li></ul></div><div class="para">
+ Per l'elenco completo delle opzioni di log, fare riferimento alle pagine di man relative a <code class="filename">xinetd.conf</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">3.6.4.3.2. Opzioni per il controllo d'accesso</h5></div></div></div><div class="para">
+ Gli utenti dei servizi di <code class="systemitem">xinetd</code> possono scegliere di usare regole d'accesso basate su TCP Wrapper, sui file di configurazione di <code class="systemitem">xinetd</code> o su una combinazione di entrambi. Per maggiori informazioni sui file di controllo d'accesso basati su TCP Wrapper, fare riferimento alla <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">Sezione 3.6.2, «File di configurazione di TCP Wrapper»</a>.
+ </div><div class="para">
+ Questa sezione spiega l'uso di <code class="systemitem">xinetd</code> per controllare l'accesso ai servizi.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Diversamente dai TCP Wrapper, le modifiche al controllo d'accesso hanno effetto solo dopo il riavvio del servizio <code class="systemitem">xinetd</code>.
+ </div><div class="para">
+ Inoltre, diversamente dai TCP Wrapper, il controllo d'accesso basato su <code class="systemitem">xinetd</code>, influenza solo i servizi controllati da <code class="systemitem">xinetd</code>.
+ </div></div></div><div class="para">
+ Il controllo d'accesso di <code class="systemitem">xinetd</code> differisce dal metodo usato dai TCP Wrapper. Mentre per i TCP Wrapper le configurazioni di controllo d'accesso si trovano nei due file <code class="filename">/etc/hosts.allow</code> e <code class="filename">/etc/hosts.deny</code>, per <code class="systemitem">xinetd</code> le configurazioni si trovano in file distinti, uno per ciascun servizio, nella directory <code class="filename">/etc/xinetd.d/</code>.
+ </div><div class="para">
+ <code class="systemitem">xinetd</code> supporta le seguenti opzioni d'accesso:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">only_from</code> — Specifica gli host autorizzati ad usare il servizio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">no_access</code> — Specifica gli host non autorizzati ad usare il servizio
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">access_times</code> — Specifica il periodo in cui il servizio è disponibile, secondo il formato HH:MM-HH:MM, dove HH = 00, 01 ... 24.
+ </div></li></ul></div><div class="para">
+ Le opzioni <code class="option">only_from</code> e <code class="option">no_access</code> possono specificare un elenco di indirizzi IP o hostname, o anche specificare una rete. Analogamente ai TCP Wrapper, combinando controlli d'accesso di <code class="systemitem">xinetd</code> con opportune configurazioni dei messaggi di log, ripettivamente per bloccare le richieste da host indesiderati e registrare i vari tentativi di accesso, contribuisce a garantire una maggiore sicurezza al sistema.
+ </div><div class="para">
+ Per esempio, il seguente file <code class="filename">/etc/xinetd.d/telnet</code> può essere usato per bloccare le connessioni Telnet da una particolare rete e limitare il periodo di connessione agli utenti autorizzati:
+ </div><pre class="screen">service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ no_access = 172.16.45.0/24
+ log_on_success += PID HOST EXIT
+ access_times = 09:45-16:15
+}</pre><div class="para">
+ Nell'esempio, quando un client, con indirizzo <code class="systemitem">172.16.45.2</code>, tenta di accedere dalla rete <code class="systemitem">172.16.45.0/24</code> al servizio Telnet, egli riceve il seguente messaggio:
+ </div><pre class="screen">Connection closed by foreign host.</pre><div class="para">
+ Inoltre, i suoi tentativi d'accesso vengono registrati nel file <code class="filename">/var/log/messages</code> come segue:
+ </div><pre class="screen">Sep 7 14:58:33 localhost xinetd[5285]: FAIL: telnet address from=172.16.45.2
+Sep 7 14:58:33 localhost xinetd[5283]: START: telnet pid=5285 from=172.16.45.2
+Sep 7 14:58:33 localhost xinetd[5283]: EXIT: telnet status=0 pid=5285 duration=0(sec)</pre><div class="para">
+ Quando si usano TCP Wrapper insieme ai controlli d'accesso di <code class="systemitem">xinetd</code>, è importante capire il legame tra i due meccanismi di controllo d'accesso.
+ </div><div class="para">
+ Di seguito si mostra la sequenza di eventi attivati da <code class="systemitem">xinetd</code> quando un client richiede di effettuare una connessione:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Il demone <code class="systemitem">xinetd</code> analizza le regole d'accesso basate su TCP Wrapper, caricando la libreria <code class="filename">libwrap.a</code>. Se una regola vieta l'accesso, la connessione viene scartata. Se una regola consente l'accesso, il controllo passa a <code class="systemitem">xinetd</code>.
+ </div></li><li class="listitem"><div class="para">
+ Il demone <code class="systemitem">xinetd</code> controlla le proprie regole d'accesso sia per il servizio di <code class="systemitem">xinetd</code> sia per il servizio richiesto. Se esiste una regola di divieto, la connessione viene scartata. Altrimenti, <code class="systemitem">xinetd</code> avvia una istanza del servizio e passa il controllo della connessione al servizio.
+ </div></li></ol></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Occorre prestare una certa attenzione ad utilizzare controlli d'accesso di TCP Wrapper in combinazione con i controlli di <code class="systemitem">xinetd</code>. Effetti indesiderati possono verificarsi in caso di errate configurazioni.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">3.6.4.3.3. Opzioni di Binding e di Redirection</h5></div></div></div><div class="para">
+ I file di configurazione dei servizi di <code class="systemitem">xinetd</code>, supportano il collegamento del servizio con un indirizzo IP e la redirezione verso altri indirizzi IP, hostname o porte.
+ </div><div class="para">
+ Il collegamento è controllato con l'opzione <code class="option">bind</code> nei file di configurazione dei servizi e serve a collegare il servizio ad un indirizzo IP nel sistema. Con tale opzione, solo gli host con richieste dirette all'IP specificato possono accedere al servizio. Si può usare questo metodo per collegare p.e. diversi servizi su differenti schede di rete.
+ </div><div class="para">
+ Ciò si rivela particolarmente vantaggioso nei sistemi con schede di rete mulltiple o con indirizzi IP multipli. In tali sistemi, servizi non sicuri come Telnet, possono essere configurati (p.e.) per ricevere connessioni soltanto dalla scheda connessa ad una rete privata e non dalla scheda connessa ad Internet.
+ </div><div class="para">
+ L'opzione <code class="option">redirect</code> accetta un indirizzo IP o hostname seguito da un numero di porta. Tale opzione consente di dirottare ogni richiesta di un servizio verso un host e una porta specifica. Questa caratteristica può essere usata per puntare ad un'altra porta del sistema, per redirezionare la richiesta verso un IP differente sulla stessa macchina, per trasferire la richiesta su un sistema completamente diverso oppure può essere usata combinando alcune di queste possibilità. Un utente che si connette al servizio, in maniera trasparente, viene trasferito su un altro sistema senza alcuna interruzione.
+ </div><div class="para">
+ Il demone <code class="systemitem">xinetd</code> effettua questa redirezione generando un processo, per il trasferimento dei dati tra i due sistemi, che dura quanto la connessione tra la macchina client richiedente e l'host del servizio.
+ </div><div class="para">
+ I vantaggi forniti dalle opzioni <code class="option">bind</code> e <code class="option">redirect</code>, diventano ancora più evidenti quando le opzioni vengono impiegate insieme. Collegando un servizio ad un particolare indirizzo IP di un sistema e poi reindirizzando le richieste verso una seconda macchina che solo la prima può vedere, un sistema interno può essere usato per fornire servizi ad una rete completamente diversa. Alternativamente, queste opzioni possono essere usate per limitare l'esposizione di un servizio su una macchina multi-homed, ad un indirizzo IP noto, oppure per reindirizzare le richieste verso un'altra macchina, appositamente configurata.
+ </div><div class="para">
+ Per esempio, si consideri un sistema usato come firewall con questa impostazione per Telnet:
+ </div><pre class="screen">service telnet
+{
+ socket_type = stream
+ wait = no
+ server = /usr/kerberos/sbin/telnetd
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ bind = 123.123.123.123
+ redirect = 10.0.1.13 23
+}</pre><div class="para">
+ Le opzioni <code class="option">bind</code> e <code class="option">redirect</code> assicurano che il servizio Telnet sulla macchina sia collegato all'indirizzo IP esterno <code class="systemitem">123.123.123.123</code>, verso Internet. Inoltre, ogni richiesta di servizio Telnet inviata all'indirizzo <code class="systemitem">123.123.123.123</code>, viene rediretta, attraverso una seconda scheda di rete, all'indirizzo IP interno <code class="systemitem">10.0.1.13</code> a cui possono accedere soltanto il firewall e i sistemi interni. Il firewall quindi gestisce la comunicazione tra i due sistemi, e cosa importante, in maniera trasparente al sistema richiedente che ritiene di comunicare con <code class="systemitem">123.123.123.123</code>, quando in realtà è connesso con una macchina differente.
+ </div><div class="para">
+ Questa caratteristica è particolarmente utile per quegli utenti con connessioni a banda larga e con un solo indirizzo IP. Quando si usa NAT (Network Address Translation), i sistemi dietro al gateway che usano solo indirizzi IP interni, non sono disponibili dall'esterno. Comunque, se certi servizi controllati da <code class="systemitem">xinetd</code> vengono configurati con le opzioni <code class="option">bind</code> e <code class="option">redirect</code>, il gateway può agire da proxy tra i sistemi esterni ed una macchina interna configurata per fornire un servizio. Inoltre, le varie opzioni di log e di controllo d'accesso di <code class="systemitem">xinetd</code> sono disponibili per fornire ulteriore protezione al sistema.
+ </div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">3.6.4.3.4. Opzioni per gestire le risorse</h5></div></div></div><div class="para">
+ Il demone <code class="systemitem">xinetd</code> può creare una protezione di base contro attacchi tipo DoS (Denial of Service). Di seguito si riporta un elenco di direttive che aiutano a limitare i rischi di tali attacchi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">per_source</code> — Definisce il numero massimo di istanze di un servizio, per indirizzo IP ricevente. Accetta solo interi e si può usare sia nel file <code class="filename">xinetd.conf</code> sia nei file di configurazione dei servizi, nella cartella <code class="filename">xinetd.d/</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Definisce il numero massimo di connessioni per secondo. La direttiva prende due argomenti di tipo intero, separati da spazio. Il primo argomento rappresenta il numero massimo di connessioni al secondo, per un servizio. L'altro argomento è il numero di secondi di interruzione di <code class="systemitem">xinetd</code>, prima di riabilitare il servizio. Accetta solo interi e si può usare sia nel file <code class="filename">xinetd.conf</code> sia nei file di configurazione dei servizi, nella cartella <code class="filename">xinetd.d/</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">max_load</code> — Definisce il carico medio da assegnare alla CPU per un servizio. Accetta come argomento un numero decimale (in virgola mobile).
+ </div><div class="para">
+ Il carico medio è una misura (grossolana) del numero dei processi attivi in un dato momento. Per maggiori informazioni sul carico medio di una CPU, vedere le pagine man relative ai comandi <code class="command">uptime</code>, <code class="command">who</code> e <code class="command">procinfo</code>.
+ </div></li></ul></div><div class="para">
+ Esistono anche altre opzioni per la gestione delle risorse. Per maggiori informazioni, fare riferimento alle pagine di man relative a <code class="filename">xinetd.conf</code>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Ulteriori risorse</h3></div></div></div><div class="para">
+ Maggiori informazioni sui TCP Wrapper e <code class="systemitem">xinetd</code> sono disponibili nella documentazione installata nel sistema e su Internet.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">3.6.5.1. Documentazione su TCP Wrapper installata</h4></div></div></div><div class="para">
+ La documentazione installata nel proprio sistema, è un buon punto da cui ottenere informazioni su ulteriori opzioni di configurazione per TCP Wrapper, <code class="systemitem">xinetd</code> e controllo d'accesso.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/tcp_wrappers-<em class="replaceable"><code><version></code></em>/</code> — Questa directory contiene un file <code class="filename">README</code> che spiega il funzionamento dei TCP Wrapper e i vari rischi relativi alla manomissione (spoofing) degli hostname e degli indirizzi IP degli host.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/xinetd-<em class="replaceable"><code><version></code></em>/</code> — Questa directory contiene un file <code class="filename">README</code> che spiega vari aspetti del controllo d'accesso e un file <code class="filename">sample.conf</code> con vari spunti per modificare i file di configurazione dei servizi, nella directory <code class="filename">/etc/xinetd.d/</code>.
+ </div></li><li class="listitem"><div class="para">
+ Pagine di man su TCP Wrapper e <code class="systemitem">xinetd</code> — Esistono un certo numero di pagine di man, dedicate alle varie applicazioni e ai vari file di configurazione rigurdanti TCP Wrapper e <code class="systemitem">xinetd</code>. Di seguito si riportano le più importanti:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applicazioni server</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man xinetd</code> — Le pagine di man su <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">File di configurazione</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man 5 hosts_access</code> — Le pagine di man sui file di controllo d'accesso di TCP Wrapper.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man hosts_options</code> — Le pagine di man su option field di TCP Wrapper.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man xinetd.conf</code> — Le pagine man con l'elenco delle opzioni di configurazione di <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">3.6.5.2. Utili siti su TCP Wrapper</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.xinetd.org"><code class="systemitem">xinetd</code></a> — La home page del progetto, con esempi di file di configurazione, un elenco completo di caratteristiche ed una FAQ informativa.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial">An-Unofficial-Xinetd-Tutorial</a> — Un tutorial che discute diverse modalità per ottimizzare i file di configurazione di <code class="systemitem">xinetd</code> predefiniti, per specifici obbiettivi di sicurezza.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Books"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">3.6.5.3. Libri</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Hacking Linux Exposed</em>, by Brian Hatch, James Lee, and George Kurtz (Osbourne/McGraw-Hill) — E' una eccellente risorsa sulla sicurezza con informazioni su TCP Wrapper e <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Kerberos" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Kerberos">3.7. Kerberos</h2></div></div></div><div class="para">
+ In un sistema di rete, le operazioni necessarie per garantire un livello di sicurezza e di integrità accettabile possono risultare piuttosto impegnative. Anche solo un'analisi per sapere quali servizi siano in esecuzione e in che modo siano utilizzati, può richiedere gli sforzi di alcuni amministratori.
+ </div><div class="para">
+ Inoltre, l'autenticazione degli utenti ai servizi di rete può essere rischiosa quando il metodo usato dal protocollo è intrinsecamente insicuro, come nel caso dei protocolli Telnet e FTP che inviano le password in rete senza cifratura.
+ </div><div class="para">
+ Kerberos è la maniera di soddisfare il bisogno di autenticazione dei protocolli che usano metodi spesso insicuri, contribuendo così ad aumentare la sicurezza globale della rete.
+ </div><div class="section" id="sect-Security_Guide-Kerberos-What_is_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Cos'è Kerberos?</h3></div></div></div><div class="para">
+ Kerberos è un protocollo di autenticazione di rete creato dal MIT e che utilizza un sistema di crittografia a chiave simmetrica<sup>[<a id="idm96021968" href="#ftn.idm96021968" class="footnote">14</a>]</sup>, senza richiedere alcun trasferimento di password.
+ </div><div class="para">
+ Di conseguenza, quando gli utenti si autenticano ai servizi che usano Kerberos, viene di fatto impedito ogni possibilità di intercettazione delle password da parte di attaccanti.
+ </div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">3.7.1.1. Vantaggi di Kerberos</h4></div></div></div><div class="para">
+ I principali servizi di rete usano schemi di autenticazione basati su password, in cui generalmente all'utente viene richiesto di farsi riconoscere con un nome utente e una password. Sfortunatamente, la trasmissione di queste informazioni di autenticazione, per molti servizi avviene in chiaro. Quindi perchè un tale schema sia sicuro, occorre che la rete sia inaccessibile dall'esterno e che tutti gli utenti ed i computer interni siano fidati.
+ </div><div class="para">
+ Ma anche nel caso di una rete interna fidata, nel momento in cui viene connessa ad Internet essa non può più considerarsi sicura: un attaccante che riesca ad accedere alla rete, potrebbe usare un semplice analizzatore di pacchetti o packet sniffer, per intercettare nome utente e password, compromettendo gli account utenti e l'integrità della intera rete.
+ </div><div class="para">
+ Il principale obbiettivo progettuale di Kerberos è eliminare la trasmissione in chiaro di password; quindi se correttamente configurato, Kerberos effettivamente elimina la minaccia dei packet sniffer.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos">3.7.1.2. Svantaggi di Kerberos</h4></div></div></div><div class="para">
+ Anche se Kerberos aiuta a rimuovere comnuni e gravi minacce alla sicurezza, la sua implementazione, per una varietà di ragioni, può risultare complessa:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Migrare le password utenti da un database di password UNIX (standard), come <code class="filename">/etc/passwd</code> o <code class="filename">/etc/shadow</code> in un database di password Kerberos, può essere un'operazione tediosa, perchè al momento non esiste un meccanismo automatizzato. Fare riferimento alla Question 2.23 della Kerberos FAQ, al seguente link:
+ </div><div class="para">
+ <a href="http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html"> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a>
+ </div></li><li class="listitem"><div class="para">
+ Kerberos presenta solo una parziale compatibilità con il sistema PAM (Pluggable Authentication Modules), usato nei principali server Fedora. Per maggiori informazioni, vedere la <a class="xref" href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">Sezione 3.7.4, «Kerberos e PAM»</a>.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos assume che ogni utente sia fidato, in un ambiente in cui generalmente l'utente e la rete non lo sono. Il suo obbiettivo principale è impedire il trasferimento in chiaro di password. Se un utente qualunque non autorizzato, riesce ad accedere ad uno degli host che distribuisce ticket, usati per l'autenticazione — denominato <em class="firstterm">KDC</em> (<em class="firstterm">Key Distribution Center</em>) — l'intero sistema di autenticazione Kerberos viene messo a rischio.
+ </div></li><li class="listitem"><div class="para">
+ Se si vuole che un'applicazione usi Kerberos, il codice sorgente dell'applicazione deve essere opportunamente modificato in modo da poter chiamare le librerie di Kerberos. Le applicazioni così adattate sono dette <em class="firstterm">Kerberos-aware</em> o <em class="firstterm">kerberizzate</em>. Per alcune applicazioni, ciò può essere problematico per motivi progettuali e dimensionali. Per altre applicazioni incompatibili, le modifiche devono essere fatte tenendo conto delle modalità di comunicazione tra server e client. Di nuovo, ciò potrebbe richiedere notevoli modifiche al codice originario. Le applicazioni closed-source che non supportano Kerberos per impostazione, sono spesso quelle più problematiche.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos è una soluzione determinante/decisiva. Se usato in una rete, ogni password trasferita in chiaro ad un servizio non <em class="firstterm">kerberizzato</em>, diventa un rischio per la sicurezza. In tal caso, la rete non trae alcun vantaggio dall'uso di Kerberos. Quindi per rendere sicura una rete con Kerberos, <span class="emphasis"><em>tutte</em></span> le applicazioni client/server che trasmettono password in chiaro, devono essere <em class="firstterm">kerberizzate</em>.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_Terminology"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Terminologia Kerberos</h3></div></div></div><div class="para">
+ Kerberos ha la propria terminologia per specificare i vari aspetti del servizio. Per capire il funzionamento di Kerberos, è importante conoscere il significato dei seguenti termini.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Authentication Server (AS)</span></dt><dd><div class="para">
+ Un server di distribuzione di ticket che vengono rilasciati al client, per accedere ad un determinato servizio. Un AS risponde alle richieste dei client che non hanno o non hanno trasmesso le credenziali con una richiesta. Di solito è usato per accedere al server TGS (Ticket Granting Server), rilasciando un ticket TGT (Ticket Granting Ticket). Un server AS generalmente si trova sullo stesso host del KDC (Key Distribution Center).
+ </div></dd><dt class="varlistentry"><span class="term">testo cifrato</span></dt><dd><div class="para">
+ Dati crittati o non in chiaro
+ </div></dd><dt class="varlistentry"><span class="term">client</span></dt><dd><div class="para">
+ Una entità sulla rete (un utente, un host o una applicazione), che può ottenere un ticket da Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">credenziali</span></dt><dd><div class="para">
+ Un insieme di credenziali temporanee, che verificano l'identità di un client per un particolare servizio. Viene anche detto <span class="emphasis"><em>ticket</em></span>.
+ </div></dd><dt class="varlistentry"><span class="term">credential cache o file dei ticket</span></dt><dd><div class="para">
+ Un file contenente le chiavi per cifrare le comunicazioni tra l'utente ed i vari servizi. Kerberos 5 supporta una piattaforma per altri tipi di memorizzazione, come la memoria condivisa, ma i file sono maggiormente supportati.
+ </div></dd><dt class="varlistentry"><span class="term">funzione hash di cifratura</span></dt><dd><div class="para">
+ Una funzione hash usata per trasformare dati. I dati così manipolati, sono più sicuri rispetto ai dati originali, ma restano abbastanza semplici da decifrare da parte di un cracker esperto.
+ </div></dd><dt class="varlistentry"><span class="term">GSS-API</span></dt><dd><div class="para">
+ La GSS-API o Generic Security Service Application Program Interface (pubblicata da The Internet Engineering Task Force in RFC-2743), è un insieme di funzioni che offrono servizi di sicurezza. Questa API, mascherando il meccanismo sottostante, è usata da client e servizi per autenticazione reciproca. Se un servizio come cyrus-IMAP, usa GSS-API, allora esso può autenticarsi via Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">hash</span></dt><dd><div class="para">
+ Anche detto <em class="firstterm">valore hash</em>. E' un valore ottenuto passando una stringa ad una <em class="firstterm">funzione hash</em>. Questi valori sono tipicamente usati per essere sicuri che i dati trasmessi non siano stati manomessi.
+ </div></dd><dt class="varlistentry"><span class="term">funzione hash</span></dt><dd><div class="para">
+ Un modo per generare un "fingerprint" o firma su dei dati d'ingresso. Queste funzioni eseguono delle trasformazioni o alterazioni sui dati, producendo un <em class="firstterm">valore hash</em>.
+ </div></dd><dt class="varlistentry"><span class="term">chiave</span></dt><dd><div class="para">
+ I dati usati per cifrare o decifrare altri dati. I dati cifrati non possono essere decifrati senza la chiave appropriata o senza una straordinaria fortuna da parte del cracker.
+ </div></dd><dt class="varlistentry"><span class="term">Key Distribution Center (KDC)</span></dt><dd><div class="para">
+ Un servizio che invia ticket Kerberos e generalmente esegue sullo stesso host del TGS (Ticket Granting Server).
+ </div></dd><dt class="varlistentry"><span class="term">keytab (o tabella delle chiavi)</span></dt><dd><div class="para">
+ Un file contenente una lista in chiaro di <em class="firstterm">principal</em> e delle loro chiavi. Un server ottiene le chiavi necessarie dal file keytab invece di usare <code class="command">kinit</code>. Il file keytab predefinto è <code class="filename">/etc/krb5.keytab</code>. Il server d'amministrazione KDC, <code class="command">/usr/kerberos/sbin/kadmind</code>, è l'unico servizio che usa un altro file (esso usa <code class="filename">/var/kerberos/krb5kdc/kadm5.keytab</code>).
+ </div></dd><dt class="varlistentry"><span class="term">kinit</span></dt><dd><div class="para">
+ Il comando <code class="command">kinit</code> consente ad un principal già loggato di ottenere e memorizzare il TGT (Ticket Granting Ticket) iniziale. Per maggiori informazioni su <code class="command">kinit</code>, consultare le pagine di man relative.
+ </div></dd><dt class="varlistentry"><span class="term">principal (o nome del principal)</span></dt><dd><div class="para">
+ Il principal è il nome unico di un utente o servizio, abilitato ad autenticarsi presso Kerberos. Un principal segue la forma di <code class="computeroutput">root[/instance]@REALM</code>. Per un utente tipico, <code class="computeroutput">root</code> coincide con l'ID associato all'account utente. Il termine <code class="computeroutput">instance</code> è opzionale. Se il principal ha un <code class="computeroutput">instance</code>, esso viene separato dal <code class="computeroutput">root</code>, usando un carattere "forward slash" ("/"). Una stringa vuota ("") è considerata un <code class="computeroutput">instance</code> valido (differente dall'instance predefinito, <code class="computeroutput">NULL</code>), tuttavia il suo utilizzo può essere fonte di confusione. Tutti i principal di un realm hanno la propria chiave, derivata da una password se si tratta di utenti o impostata casualmente se si tratta di servizi.
+ </div></dd><dt class="varlistentry"><span class="term">realm</span></dt><dd><div class="para">
+ Una rete che usa Kerberos, composta da uno o più server KDC e un numero potenzialmente grande di client.
+ </div></dd><dt class="varlistentry"><span class="term">servizio</span></dt><dd><div class="para">
+ Un programma accessibile dalla rete.
+ </div></dd><dt class="varlistentry"><span class="term">ticket</span></dt><dd><div class="para">
+ Un insieme di credenziali temporanee che verificano l'identità di un client per un particolare servizio. Viene anche detto credenziali.
+ </div></dd><dt class="varlistentry"><span class="term">Ticket Granting Server (TGS)</span></dt><dd><div class="para">
+ Un server che distribuisce ticket per un servizio, girati agli utenti per accedere al servizio. Generalmente un TGS esegue sullo stesso host che ospita il KDC.
+ </div></dd><dt class="varlistentry"><span class="term">Ticket Granting Ticket (TGT)</span></dt><dd><div class="para">
+ Un ticket speciale che consente al client di ottenere ulteriori ticket senza dover inoltrare le richieste al KDC.
+ </div></dd><dt class="varlistentry"><span class="term">password non cifrata</span></dt><dd><div class="para">
+ Una password in chiaro o leggibile.
+ </div></dd></dl></div></div><div class="section" id="sect-Security_Guide-Kerberos-How_Kerberos_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Come funziona Kerberos</h3></div></div></div><div class="para">
+ Kerberos differisce dai tradizionali metodi di autenticazione basati su nome-utente/password. Infatti, invece di autenticare l'utente per ogni servizio, Kerberos usa un sistema di crittografia simmetrica e un terzo fidato (un KDC) per autenticare gli utenti ai vari servizi di rete. Quando un utente si autentica presso il KDC, il KDC restituisce, alla macchina dell'utente, un ticket specifico valido per la sessione ed ogni servizio kerberizzato cerca il ticket sulla macchina del client, invece di richiedere all'utente di autenticarsi con una password.
+ </div><div class="para">
+ Quando l'utente avvia una sessione su una workstation in una rete controllata da Kerberos, il suo principal viene trasmesso al KDC per una richiesta di TGT, da parte dell'Authentication Server. Questa richiesta può venir trasmessa dal programma di log-in o venir trasmessa dal programma <code class="command">kinit</code>, ad accesso avvenuto.
+ </div><div class="para">
+ A questo punto il KDC controlla il principal nel proprio database. Se il principal esiste, il KDC crea un TGT, che viene cifrato con la chiave dell'utente e restituito all'utente.
+ </div><div class="para">
+ Poi il programma di log-in o <code class="command">kinit</code>, decifra il TGT usando la chiave dell'utente, ottenuta dalla password dell'utente. Quindi la chiave dell'utente è usata soltanto sulla macchina del client e <span class="emphasis"><em>non</em></span> viene trasmessa nella rete.
+ </div><div class="para">
+ Sul TGT viene imposta una scadenza (usualmente tra dieci e ventiquattro ore), dopodichè viene conservato nella credential cache della macchina del client. La scadenza serve a limitare il periodo a disposizione di un eventuale attaccante, che sia entrato in possesso di un TGT compromesso. Una volta ottenuto il TGT, l'utente non deve re-inserire la propria password fino alla scadenza del TGT, a meno che non esca e rientri in una nuova sessione.
+ </div><div class="para">
+ Ogni volta che l'utente accede ad un servizio, il client usa il TGT per richiedere al TGS un nuovo ticket per quel determinato servizio. Il ticket è poi usato per autenticare l'utente al servizio.
+ </div><div class="warning"><div class="admonition_header"><h2>Avviso</h2></div><div class="admonition"><div class="para">
+ Il sistema Kerberos può essere compromesso se un utente si autentica presso un servizio non kerberizzato, trasmettendo una password in chiaro. L'utilizzo di un servizio non kerberizzato è fortemente scoraggiato. Tali servizi includono Telent ed FTP. L'utilizzo di altri protocolli cifrati, come i servizi sicuri SSH o SSL, comunque sono da preferirsi, sebbene non ideali.
+ </div></div></div><div class="para">
+ Quanto finora esposto, è soltanto una breve panoramica su come funziona l'autenticazione di Kerberos. Per maggiori informazioni fare riferimento ai link nella <a class="xref" href="#sect-Security_Guide-Kerberos-Additional_Resources">Sezione 3.7.10, «Ulteriori risorse»</a>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per poter funzionare correttamente, Kerberos necessita dei seguenti servizi di rete:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Sincronizzazione approssimata del clock tra le macchine di rete.
+ </div><div class="para">
+ Nella rete dovrebbe essere configurato un programma di sincronizzazione del clock, come <code class="command">ntpd</code>. Per maggiori dettagli su come configurare un server Network Time Protocol, fare riferimento al file <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code>, dove <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="filename">ntp</code> installato.
+ </div></li><li class="listitem"><div class="para">
+ DNS (Domain Name Service)
+ </div><div class="para">
+ Assicurarsi che il DNS e gli host sulla rete siano correttamente configurati. Per maggiori informazioni, consultare <em class="citetitle">Kerberos V5 System Administrator's Guide</em> nella cartella <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em></code>, dove <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="filename">krb5-server</code> installato.
+ </div></li></ul></div>
+
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos e PAM</h3></div></div></div><div class="para">
+ I servizi kerberizzati, in realtà, non fanno uso di PAM (Pluggable Authentication Modules) — questi servizi by-passano del tutto PAM. Comunque, installando il modulo <code class="filename">pam_krb5</code> (fornito con il pacchetto <code class="filename">pam_krb5</code>), le applicazioni che usano PAM possono far uso di Kerberos per l'autenticazione. Il pacchetto <code class="filename">pam_krb5</code> contiene alcuni file campione da cui è possibile configurare servizi come <code class="command">login</code> e <code class="command">gdm</code>, per autenticare gli utenti e per ottenere le credenziali iniziali da password. Se l'accesso ai server di rete avviene sempre tramite servizi kerberizzati o servizi che usano GSS-API, come IMAP, allora la rete può considerarsi ragionevolmente sicura.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Gli amministratori dovrebbero vietare agli utenti di usare le password di Kerberos, per autenticarsi ai servizi di rete. Molti protocolli usati da questi servizi, non cifrano le password, vanificando i benefici del sistema Kerberos. Per esempio, non si dovrebbe consentire di accedere ai servizi Telnet, con la stessa password usata per autenticarsi presso Kerberos.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configurare un server Kerberos 5</h3></div></div></div><div class="para">
+ Quando si imposta Kerberos, installare dapprima il KDC. Se occorre impostare alcuni server slave, installare prima il master.
+ </div><div class="para">
+ Per configurare il primo KDC Kerberos, seguire i seguenti passaggi:
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Prima di configurare Kerberos, assicurarsi che il servizio di sincronizzazione del clock e il DNS, funzionino correttamente su tutti i client e server. Prestare particolare attenzione alla sincronizzazione dell'ora tra il server Kerberos e i suoi client. Se il server ed i client sono sfasati per più di cinque minuti, i client non possono autenticarsi presso il server. Questa sincronizzazione è necessaria in quanto impedisce ad un attaccante, che utilizzi un vecchio ticket, di mascherarsi come un utente fidato.
+ </div><div class="para">
+ Si consiglia di impostare un NTP (Network Time Protocol) anche se non si usa Kerberos. In Fedora è incluso nel pacchetto <code class="filename">ntp</code>. Per i dettagli su come impostare un server Network Time Protocol, fare riferimento al file <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code>, dove <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="filename">ntp</code> installato nel proprio sistema, o visitare il sito del progetto <a href="http://www.ntp.org">http://www.ntp.org</a>.
+ </div></li><li class="step"><div class="para">
+ Installare i pacchetti <code class="filename">krb5-libs</code>, <code class="filename">krb5-server</code> e <code class="filename">krb5-workstation</code>, sulla macchina che ospiterà il KDC. Questa macchina deve risultare molto sicura — se possibile, si dovrebbe eseguire esclusivamente il servizio KDC.
+ </div></li><li class="step"><div class="para">
+ Modificare il nome del realm e le associazioni tra domini e realm, nei file di configurazione <code class="filename">/etc/krb5.conf</code> e <code class="filename">/var/kerberos/krb5kdc/kdc.conf</code>. Per creare un semplice realm, sostituire le istanze di <em class="replaceable"><code>EXAMPLE.COM</code></em> e <em class="replaceable"><code>example.com</code></em> con il nome corretto del dominio — tenendo conto che il nome è "case sensitive" — e sostituire <em class="replaceable"><code>kerberos.example.com</code></em> con il nome del server KDC. Per convenzione, tutti i realm sono espressi con lettere maiuscole e tutti gli hostname e i domini in lettere minuscole. Per maggiori dettagli sui formati di questi file di configurazione, fare riferimento alle rispettive pagine di man.
+ </div></li><li class="step"><div class="para">
+ Creare il database usando l'utility da terminale, <code class="command">kdb5_util</code>:
+ </div><pre class="screen">/usr/kerberos/sbin/kdb5_util create -s</pre><div class="para">
+ Il comando <code class="command">create</code>, genera il database con le chiavi per il realm Kerberos. Lo switch <code class="command">-s</code>, invece, crea un file <em class="firstterm">stash</em> in cui è salvata la chiave del server master. Se il file <em class="firstterm">stash</em> non viene creato, il server Kerberos (<code class="command">krb5kdc</code>) richiede all'utente di inserire la password per il server master (usata per rigenerare la chiave), ad ogni suo avvio.
+ </div></li><li class="step"><div class="para">
+ Modificare il file <code class="filename">/var/kerberos/krb5kdc/kadm5.acl</code>. Questo file, usato dal comando <code class="command">kadmind</code>, determina i principal che hanno accesso amministrativo, con i relativi livelli, al database di Kerberos. Generalmente basta una semplice riga:
+ </div><pre class="screen">*/admin at EXAMPLE.COM *</pre><div class="para">
+ Gli utenti, generalmente, sono rappresentati nel database da un unico principal (con instanza <span class="emphasis"><em>NULL</em></span>, o vuota come <span class="emphasis"><em>joe at EXAMPLE.COM</em></span>). Con questa configurazione, gli utenti con un secondo principal con instanza <span class="emphasis"><em>admin</em></span> (per esempio, <span class="emphasis"><em>joe/admin at EXAMPLE.COM</em></span>) possono avere pieno controllo sul database Kerberos del realm.
+ </div><div class="para">
+ Dopo aver avviato il server, con il comando <code class="command">kadmind</code>, ogni utente può accedere ai suoi servizi eseguendo il comando <code class="command">kadmin</code> su un client o su un server del realm. Comunque, solo gli utenti elencati nel file <code class="filename">kadm5.acl</code>, possono modificare il contenuto del database, ad eccezione delle password.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ L'utility <code class="command">kadmin</code> comunica con il server <code class="command">kadmind</code>, ed usa Kerberos per l'autenticazione. Poichè, occorre il primo principal per effettuare una connessione con il server da amministrare, creare il principal con il comando <code class="command">kadmin.local</code>, specificatamente progettato per essere impiegato sullo stesso host del KDC e che non usa Kerberos per autenticazione.
+ </div></div></div><div class="para">
+ Per creare il primo principal, nel KDC, digitare il comando <code class="command">kadmin.local</code>:
+ </div><pre class="screen">/usr/kerberos/sbin/kadmin.local -q "addprinc <em class="replaceable"><code>username</code></em>/admin"</pre></li><li class="step"><div class="para">
+ Avviare Kerberos usando i seguenti comandi:
+ </div><pre class="screen">/sbin/service krb5kdc start
+/sbin/service kadmin start
+/sbin/service krb524 start</pre></li><li class="step"><div class="para">
+ Aggiungere i principal degli utenti, usando il comando <code class="command">addprinc</code> (dall'interfaccia di <code class="command">kadmin</code>). I comandi <code class="command">kadmin</code> e <code class="command">kadmin.local</code>, sono comandi da terminale che si interfaccano con il KDC. Una volta avviato il programma <code class="command">kadmin</code>, sono disponibili molti altri comandi simili ad <code class="command">addprinc</code>. Per maggiori informazioni su <code class="command">kadmin</code>, fare riferimento alla relative pagine di man.
+ </div></li><li class="step"><div class="para">
+ Verificare che il KDC emetta ticket. Per prima cosa, lanciare <code class="command">kinit</code> per ottenere un ticket e conservarlo in un credential cache. Poi, usare il comando <code class="command">klist</code> per visualizzare la lista delle credenziali in cache, e <code class="command">kdestroy</code> per rimuovere la lista e la credential cache.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione, <code class="command">kinit</code> tenta l'autenticazione usando lo stesso nome-utente dell'account di sistema (non del server Kerberos). Se il nome-utente non corrisponde ad un principal del database di Kerberos, <code class="command">kinit</code> segnala un messaggio d'errore. Per ovviare a questo problema, aggiungere a <code class="command">kinit</code> come argomento, il nome esatto del principal (<code class="command">kinit <em class="replaceable"><code><principal></code></em></code>).
+ </div></div></div></li></ol></div><div class="para">
+ Una volta completati questi passaggi, il server Kerberos dovrebbe essere attivo e funzionante.
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configurare un client Kerberos 5</h3></div></div></div><div class="para">
+ Impostare un client Kerberos 5 è meno complicato rispetto all'impostazione di un server. Come minimo, installare i pacchetti del client e fornire ogni client di un file di configurazione <code class="filename">krb5.conf</code>, valido. Sebbene <code class="command">ssh</code> e <code class="command">slogin</code> siano i metodi migliori per accedere da remoto ai client, nel caso esistessere ancora versioni kerberizzate di <code class="command">rsh</code> ed <code class="command">rlogin</code>, il loro utilizzo richiederebbe di apportare ulteriori modifiche ai file di configurazione.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Assicurarsi che il servizio di sincronizzazione del clock, tra il client Kerberos ed il KDC, funzioni correttamente. (Vedere la <a class="xref" href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">Sezione 3.7.5, «Configurare un server Kerberos 5»</a>.) Inoltre prima di ogni configurazione, verificare che funzioni il DNS sul client Kerberos.
+ </div></li><li class="step"><div class="para">
+ Installare i pacchetti <code class="filename">krb5-libs</code> e <code class="filename">krb5-workstation</code> su tutte le macchine client. Fornire ogni macchina di un valido file <code class="filename">/etc/krb5.conf</code> (normalmente si può usare lo stesso file <code class="filename">krb5.conf</code> del KDC).
+ </div></li><li class="step"><div class="para">
+ Prima che una workstation del realm possa usare Kerberos, per autenticare gli utenti ai servizi <code class="command">ssh</code> o a versioni kerberizzate di <code class="command">rsh</code> o <code class="command">rlogin</code>, essa deve possedere il principal del proprio host, nel database di Kerberos. I server <code class="command">sshd</code>, <code class="command">kshd</code> e <code class="command">klogind</code> necessitano tutti di accedere alle chiavi del principal del servizio <span class="emphasis"><em>host</em></span>. Inoltre, per usare i servizi <code class="command">rsh</code> ed <code class="command">rlogin</code> kerberizzati, la workstation deve avere installato il pacchetto <code class="filename">xinetd</code>.
+ </div><div class="para">
+ Usando <code class="command">kadmin</code>, aggiungere sul KDC, un principal host per la workstation. In questo caso, l'istanza è l'hostname della workstation. Passare l'opzione <code class="command">-randkey</code> insieme al comando <code class="command">addprinc</code>, per creare il principal ed assegnarli una chiave casuale:
+ </div><pre class="screen">addprinc -randkey host/<em class="replaceable"><code>blah.example.com</code></em></pre><div class="para">
+ Una volta creato il principal, le chiavi possono essere estratte, eseguendo il comando <code class="command">kadmin</code> <span class="emphasis"><em>sulla workstation stessa</em></span>, seguito dal comando <code class="command">ktadd</code>:
+ </div><pre class="screen">ktadd -k /etc/krb5.keytab host/<em class="replaceable"><code>blah.example.com</code></em></pre></li><li class="step"><div class="para">
+ Per usare altri servizi kerberizzati, occorre dapprima avviarli. Di seguito si riporta una lista di alcuni comuni servizi kerberizzati e le istruzioni per abilitarli:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — OpenSSH usa GSS-API per autenticare gli utenti ai servizi, se client e server sono entrambi configurati con l'opzione <code class="option">GSSAPIAuthentication</code> abilitata. Se il client è configurato anche con l'opzione <code class="option">GSSAPIDelegateCredentials</code> abilitata, le credenziali utente vengono rese disponibili al sistema remoto.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rsh</code> e <code class="command">rlogin</code> — Per usare le versioni kerberizzate di <code class="command">rsh</code> ed <code class="command">rlogin</code>, abilitare <code class="command">klogin</code>, <code class="command">eklogin</code> e <code class="command">kshell</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">Telnet</code> — Per usare la versione kerberizzata di Telnet, abilitare <code class="command">krb5-telnet</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">FTP</code> — Per fornire accesso FTP, creare ed estrarre una chiave per il principal, impostando il root per il principal su <code class="computeroutput">ftp</code>. Assicurarsi di impostare l'instance con l'hostname completo del server FTP e poi abilitare <code class="command">gssftp</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IMAP</code> — Per usare un server IMAP kerberizzato v.5, occorre installare i pacchetti <code class="filename">cyrus-imap</code> e <code class="filename">cyrus-sasl-gssapi</code>. Quest'ultimo contiene i componenti Cyrus SASL che supportano l'autenticazione tramite GSS-API. Cyrus IMAP dovrebbe funzionare correttamente con Kerberos se l'utente <code class="command">cyrus</code> è in grado di trovare la chiave appropriata nel file <code class="filename">/etc/krb5.keytab</code>, ed il root per il principal è impostato su <code class="command">imap</code> (creato con <code class="command">kadmin</code>).
+ </div><div class="para">
+ Un'alternativa a <code class="filename">cyrus-imap</code> è data dal pacchetto <code class="filename">dovecot</code>, incluso anche in Fedora. Questo pacchetto contiene un server IMAP, ma per il momento senza alcun supporto per GSS-API e Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">CVS</code> — Per usare un server CVS kerberizzato, <code class="command">gserver</code> usa un principal con root impostato su <code class="computeroutput">cvs</code>; il resto è identico a <code class="command">pserver</code> di CVS.
+ </div></li></ul></div></li></ol></div></div><div class="section" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Associazione tra Dominio e Realm</h3></div></div></div><div class="para">
+ Quando un client tenta di accedere ad un servizio di rete, esso conosce il nome del servizio (<span class="emphasis"><em>host</em></span>) ed il nome del server (<span class="emphasis"><em>foo.example.com</em></span>), ma poichè nella rete può esserci più di un realm, il client deve innanzittutto individuare il nome del realm in cui si trova il servizio.
+ </div><div class="para">
+ Per impostazione, il nome del realm coincide con il nome, in lettere maiuscole, del dominio DNS del server.
+ </div><div class="literallayout"><p>foo.example.org → EXAMPLE.ORG<br />
+ foo.example.com → EXAMPLE.COM<br />
+ foo.hq.example.com → HQ.EXAMPLE.COM<br />
+</p></div><div class="para">
+ In alcune configurazioni, ciò è sufficiente, ma in altre, il nome del realm derivato coincide con il nome di un realm inesistente. In queste situazioni, l'associazione tra il nome del dominio del server con il nome del suo realm, deve essere specificato nella sezione <span class="emphasis"><em>domain_realm</em></span> del file <code class="filename">krb5.conf</code>, nel sistema del client. Per esempio:
+ </div><pre class="screen">[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ La configurazione precedente specifica due associazioni. La prima specifica che ogni sistema nel dominio "example.com" appartiene al realm <span class="emphasis"><em>EXAMPLE.COM</em></span>. La seconda specifica che un sistema con il nome coincidente con "example.com" si trova nello stesso realm. (La distinzione tra un dominio e uno specifico host, è contrassegnata dalla presenza o assenza di un "." iniziale.) L'associazione può essere salvata anche direttamente nel server DNS.
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Impostare KDC secondari</h3></div></div></div><div class="para">
+ Per diverse ragioni, si potrebbe decidere di eseguire più KDC in un dato realm. In questo scenario, un KDC (il <span class="emphasis"><em>master KDC</em></span>) conserva una copia modificabile del database del realm ed esegue <code class="command">kadmind</code> (in qualità di <span class="emphasis"><em>admin server</em></span> del realm), ed uno o più KDC (<span class="emphasis"><em>slave KDC</em></span>) conservano copie locali in sola lettura del database, ed eseguono <code class="command">kpropd</code>.
+ </div><div class="para">
+ La procedura di propagazione master-slave assegna al master KDC il compito di replicare il suo database in un file temporaneo, per poi trasmetterlo a ciascuno dei suoi slave, i quali aggiornano in tal modo il contenuto della loro copia in sola lettura, ricevuta in precedenza, con il contenuto modificabile del master.
+ </div><div class="para">
+ Prima di procedere con l'impostazione di uno slave KDC, assicurarsi di copiare su ogni slave KDC i file <code class="filename">krb5.conf</code> e <code class="filename">kdc.conf</code> del master KDC.
+ </div><div class="para">
+ Avviare <code class="command">kadmin.local</code> da una shell di root, sul master KDC, ed usare il comando <code class="command">add_principal</code> per creare una nuova istanza del servizio <span class="emphasis"><em>host</em></span> sul master KDC, e poi usare il comando <code class="command">ktadd</code> per impostare simultaneamente una chiave casuale per il servizio e salvare la chiave nel file keytab predefinito, sul master. Questa chiave è usata dal comando <code class="command">kprop</code> per autenticazioni presso i server slave. Questa operazione va effettuata soltanto una volta, a prescindere dal numero di slave da installare.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin.local -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal root/admin at EXAMPLE.COM with password.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/masterkdc.example.com</code></strong>
+
+Principal "host/host/masterkdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/masterkdc.example.com</code></strong>
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ Avviare <code class="command">kadmin</code> da una shell di root sullo slave KDC, ed usare il comando <code class="command">add_principal</code> per creare una nuova istanza del servizio <span class="emphasis"><em>host</em></span> sullo slave KDC, e poi usare il comando <code class="command">ktadd</code> per impostare simultaneamente una chiave casuale per il servizio e salvare la chiave nel file keytab predefinito sullo slave. Questa chiave è usata dal servizio <code class="command">kpropd</code> per autenticare i client.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -p jimbo/admin at EXAMPLE.COM -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal jimbo/admin at EXAMPLE.COM with password.
+
+<code class="prompt">Password for jimbo/admin at EXAMPLE.COM: </code>
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/slavekdc.example.com</code></strong>
+
+Principal "host/slavekdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/slavekdc.example.com at EXAMPLE.COM</code></strong>
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ Con il suo servizio chiavi, lo slave KDC potrebbe autenticare ogni client che vorrebbe connettersi. E, con un nuovo database di realm, non a tutti i client dovrebbe essere permesso di usufruire del servizio <code class="command">kprop</code> dello slave. Quindi, per limitare l'accesso, il servizio <code class="command">kprop</code> sullo slave KDC, accetta aggiornamenti solo per quei client i cui principal sono elencati nel file <code class="filename">/var/kerberos/krb5kdc/kpropd.acl</code>. Aggiungere a questo file, il nome del servizio host sul master KDC.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>echo host/masterkdc.example.com at EXAMPLE.COM > /var/kerberos/krb5kdc/kpropd.acl</code></strong></code></p></div><div class="para">
+ Una volta ricevuta una copia del database, lo slave KDC ha bisogno di conoscere la chiave, usata dal master, per cifrarlo. Se la chiave è conservata in un file <span class="emphasis"><em>stash</em></span> sul master KDC (tipicamente nel file <code class="filename">/var/kerberos/krb5kdc/.k5.REALM</code>), copiarlo sullo slave KDC usando un metodo sicuro, oppure creare un database fasullo e un identico file stash sullo slave KDC, usando il comando <code class="command">kdb5_util create -s</code> (il database fasullo verrà sovrascritto alla prima propagazione) e impiegando la stessa password.
+ </div><div class="para">
+ Assicurarsi che il firewall dello slave KDC permetta al master KDC di contattare lo slave sulla porta TCP 754 (<span class="emphasis"><em>krb5_prop</em></span>), ed avviare il servizio <code class="command">kprop</code>. Poi, verificare attentamente che il servizio <code class="command">kadmin</code> sia <span class="emphasis"><em>disabilitato</em></span>.
+ </div><div class="para">
+ A questo punto, effettuare un test manuale di propagazione del database, effettundo un <span class="emphasis"><em>dump</em></span> del database del realm sul KDC master, nel file predefinito <code class="filename">/var/kerberos/krb5kdc/slave_datatrans</code>, letto dal comando <code class="command">kprop</code>, e poi usare lo stesso comando per trasmettere il suo contenuto sullo slave KDC.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>/usr/kerberos/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans</code></strong><code class="prompt">#</code> <strong class="userinput"><code>kprop slavekdc.example.com</code></strong></code></p></div><div class="para">
+ Con <code class="command">kinit</code>, verificare che un client, il cui file di configurazione <code class="filename">krb5.conf</code> nella lista dei KDC del realm, contiene soltanto il KDC slave, sia in grado di ricevere le credenziali iniziali dallo slave.
+ </div><div class="para">
+ Fatto ciò, creare uno script che effettui un <span class="emphasis"><em>dump</em></span> del database del realm ed esegua il comando <code class="command">kprop</code>, trasmettendo regolarmente il database ad ogni slave KDC; infine configurare il servizio <code class="command">cron</code> per la periodica esecuzione dello script.
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Impostare autenticazioni cross realm</h3></div></div></div><div class="para">
+ Con autenticazione <span class="emphasis"><em>cross realm</em></span>, si indica la situazione in cui i client (tipicamente utenti), di un realm usano Kerberos per autenticarsi ai servizi appartenenti ad un diverso realm (tipicamente i servizi sono processi server in esecuzione su un particolare sistema).
+ </div><div class="para">
+ Nel caso più semplice, se un client di un realm di nome <code class="literal">A.EXAMPLE.COM</code>, vuole accedere ad un servizio del realm <code class="literal">B.EXAMPLE.COM</code>, entrambi i realm devono condividere una chiave per un principal di nome <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code>, ed entrame le chiavi devono possedere lo stesso <code class="literal">kvno</code> (key version number).
+ </div><div class="para">
+ Per fare questo, selezionare una password o passphrase molto robusta, e con il comando kadmin, creare un'istanza per il principal in entrambi i realm.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong></p></div><div class="para">
+ Usare il comando <code class="command">get_principal</code>, per verificare che entrambe le istanze abbiano identici <code class="literal">kvno</code>) e stesso tipo di cifratura.
+ </div><div class="important"><div class="admonition_header"><h2>Con il dump del Database, non funziona!</h2></div><div class="admonition"><div class="para">
+ Amministratori attenti alla sicurezza, potrebbero essere tentati di usare l'opzione <code class="literal">-randkey</code> del comando <code class="command">add_principal</code>, per assegnare una chiave casuale invece di usare una password; e poi effettuare un dump della nuova istanza, dal database del primo realm ed importarlo nel secondo. Ciò non funziona, a meno che non siano identiche le chiavi master nei database dei realm, poichè le chiavi contenute in un dump del database sono a loro volta cifrate con la chiave master.
+ </div></div></div><div class="para">
+ I client nel realm <code class="literal">A.EXAMPLE.COM</code> possono ora autenticarsi presso i servizi del realm <code class="literal">B.EXAMPLE.COM</code>. In altri termini, il realm <code class="literal">B.EXAMPLE.COM</code> si fida del realm <code class="literal">A.EXAMPLE.COM</code>, o più semplicemente <code class="literal">B.EXAMPLE.COM</code> si fida di <code class="literal">A.EXAMPLE.COM</code>.
+ </div><div class="para">
+ Ciò consente una conclusione importante: la fiducia cross-realm è per impostazione, unidirezionale. Il KDC del realm <code class="literal">B.EXAMPLE.COM</code> si fida dei client di <code class="literal">A.EXAMPLE.COM</code> autenticandoli ai servizi nel realm <code class="literal">B.EXAMPLE.COM</code>, ma questo fatto non dice nulla se i client nel realm <code class="literal">B.EXAMPLE.COM</code> siano fidati per autenticarsi ai servizi nel realm <code class="literal">A.EXAMPLE.COM</code>. Per stabilire la fiducia nell'altra direzione, entrambi i realm dovrebbero condividere una chiave per il servizio <code class="literal">krbtgt/A.EXAMPLE.COM at B.EXAMPLE.COM</code> (notare l'inversione dei due realm, rispetto all'esempio precedente).
+ </div><div class="para">
+ Se le relazioni di fiducia dirette, fossero l'unico metodo disponibile per fornire la fiducia fra realm, le reti contenenti realm multipli sarebbero molto difficili da impostare. Fortunatamente, la fiducia cross-realm è transitiva. Se i client di <code class="literal">A.EXAMPLE.COM</code> possono autenticarsi ai servizi di <code class="literal">B.EXAMPLE.COM</code> ed i client di <code class="literal">B.EXAMPLE.COM</code> possono autenticarsi ai servizi di <code class="literal">C.EXAMPLE.COM</code>, allora anche i client di <code class="literal">A.EXAMPLE.COM</code> possono autenticarsi ai servizi di <code class="literal">C.EXAMPLE.COM</code>, anche senza la fiducia diretta tra <code class="literal">C.EXAMPLE.COM</code> ed <code class="literal">A.EXAMPLE.COM</code>. Quindi, in una rete con realm multipli cui occorre dare fiducia reciproca, fare delle buone scelte iniziali sulle relazioni di fiducia da accordare, può contribuire a ridurre le complicazioni di configurazio
ne.
+ </div><div class="para">
+ Ora occorre affrontare il problema più comune: il sistema del client deve essere configurato in modo da poter dedurre il realm cui appartiene un servizio, e deve essere in grado di determinare, come ottenere le credenziali per i servizi nel realm.
+ </div><div class="para">
+ Innazitutto: il nome del principal, per un servizio offerto da un server in un realm, tipicamente ha la seguente struttura:
+ </div><div class="literallayout"><p>service/server.example.com at EXAMPLE.COM</p></div><div class="para">
+ In questo esempio, <span class="emphasis"><em>service</em></span> generalmente rappresenta il nome del protocollo (valori comuni possono essere <span class="emphasis"><em>ldap</em></span>, <span class="emphasis"><em>imap</em></span>, <span class="emphasis"><em>cvs</em></span> ed <span class="emphasis"><em>HTTP</em></span>), o l'<span class="emphasis"><em>host</em></span>; <span class="emphasis"><em>server.example.com</em></span> è il nome di dominio o FQDN del sistema su cui funziona il servizio, ed <code class="literal">EXAMPLE.COM</code> è il nome del realm.
+ </div><div class="para">
+ Per dedurre il realm a cui appartiene il servizio, i client molto spesso consultano il DNS o la sezione <code class="literal">domain_realm</code> nel file <code class="filename">/etc/krb5.conf</code>, associando un hostname (<span class="emphasis"><em>server.example.com</em></span>) o un nome di dominio (<span class="emphasis"><em>.example.com</em></span>) al nome del realm (<span class="emphasis"><em>EXAMPLE.COM</em></span>).
+ </div><div class="para">
+ Dopo aver individuato il realm cui appartiene un servizio, per ottenere le credenziali da usare per autenticarsi al servizio, il client deve determinare l'insieme dei realm da contattare e sapere in quale ordine contattarli.
+ </div><div class="para">
+ Ciò può avvenire in due modi.
+ </div><div class="para">
+ Il metodo predefinito, che non richiede esplicita configurazione, è di assegnare ai realm, i nomi di una gerarchia condivisa. Per esempio, si considerino i seguenti realm di nome <code class="literal">A.EXAMPLE.COM</code>, <code class="literal">B.EXAMPLE.COM</code> ed <code class="literal">EXAMPLE.COM</code>. Quando un client del realm <code class="literal">A.EXAMPLE.COM</code> tenta di autenticarsi presso un servizio di <code class="literal">B.EXAMPLE.COM</code>, per impostazione, tenta dapprima di ottenere le credenziali per il realm <code class="literal">EXAMPLE.COM</code>, e poi usando queste credenziali, di ottenere le credenziali per il realm <code class="literal">B.EXAMPLE.COM</code>.
+ </div><div class="para">
+ Il client, in questo scenario, tratta il nome del realm come un nome di DNS. In altre parole, il client rimuove ripetutamente i componenti dal proprio nome di realm, creando i nomi dei realm che si trovano in "cima" alla gerarchia, finchè non raggiunge un punto che si trova in "cima" al realm del servizio. A questo punto incomincia ad anteporre i componenti del nome del servizio, fino ad ottenere il realm del servizio. Ogni realm coinvolto nel processo è un altro "hop" (o salto).
+ </div><div class="para">
+ Per esempio, usando le credenziali in <code class="literal">A.EXAMPLE.COM</code>, un client vuole autenticarsi ad un servizio in <code class="literal">B.EXAMPLE.COM</code><code class="literal">A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> e <code class="literal">EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.COM at A.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> e <code class="literal">B.EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/B.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Un altro esempio: usando le credenziali in <code class="literal">SITE1.SALES.EXAMPLE.COM</code>, un client vuole autenticarsi ad un servizio in <code class="literal">EVERYWHERE.EXAMPLE.COM</code><code class="literal">SITE1.SALES.EXAMPLE.COM → SALES.EXAMPLE.COM → EXAMPLE.COM → EVERYWHERE.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">SITE1.SALES.EXAMPLE.COM</code> e <code class="literal">SALES.EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/SALES.EXAMPLE.COM at SITE1.SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">SALES.EXAMPLE.COM</code> e <code class="literal">EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.COM at SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> e <code class="literal">EVERYWHERE.EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EVERYWHERE.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Un altro esempio, questa volta usando nomi di realm i cui nomi non hanno suffissi in comune (<code class="literal">DEVEL.EXAMPLE.COM</code> e <code class="literal">PROD.EXAMPLE.ORG</code><code class="literal">) DEVEL.EXAMPLE.COM → EXAMPLE.COM → COM → ORG → EXAMPLE.ORG → PROD.EXAMPLE.ORG </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">DEVEL.EXAMPLE.COM</code> e <code class="literal">EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.COM at DEVEL.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> e <code class="literal">COM</code> condividono una chiave per <code class="literal">krbtgt/COM at EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">COM</code> e <code class="literal">ORG</code> condividono una chiave per <code class="literal">krbtgt/ORG at COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">ORG</code> e <code class="literal">EXAMPLE.ORG</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.ORG at ORG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.ORG</code> e <code class="literal">PROD.EXAMPLE.ORG</code> condividono una chiave per <code class="literal">krbtgt/PROD.EXAMPLE.ORG at EXAMPLE.ORG</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Il metodo più complicato ma anche più flessibile, comporta la configurazione della sezione <code class="literal">capaths</code> nel file <code class="filename">/etc/krb5.conf</code>, permettendo ai client che hanno le credenziali per un realm di trovare il realm successivo nella catena, che eventualmente li autenticherà al server.
+ </div><div class="para">
+ L'interpretazione della sezione <code class="literal">capaths</code> è relativamente immediato: la voce iniziale nella sezione è il nome del realm in cui si trova il client. All'interno della sezione, si trovano elencati i realm intermedi, da cui il client deve ottenere le credenziali. Se non ci sono realm intermedi, si usa il valore ".".
+ </div><div class="para">
+ Ecco un esempio:
+ </div><div class="literallayout"><p> [capaths]<br />
+ A.EXAMPLE.COM = {<br />
+ B.EXAMPLE.COM = .<br />
+ C.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = C.EXAMPLE.COM<br />
+ }<br />
+<br />
+</p></div><div class="para">
+ Nell'esempio, i client nel realm <code class="literal">A.EXAMPLE.COM</code> possono ottenere le credenziali cross-realm per <code class="literal">B.EXAMPLE.COM</code>, direttamente dal KDC del realm <code class="literal">A.EXAMPLE.COM</code>.
+ </div><div class="para">
+ Se quei client vogliono contattare un servizio del realm <code class="literal">C.EXAMPLE.COM</code>, essi devono prima ottenere le credenziali dal realm <code class="literal">B.EXAMPLE.COM</code> (occorre che esista <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code>), e poi usare <code class="literal">queste</code> credenziali, per ottenere le credenzialli da usare nel realm <code class="literal">C.EXAMPLE.COM</code> (usando <code class="literal">krbtgt/C.EXAMPLE.COM at B.EXAMPLE.COM</code>).
+ </div><div class="para">
+ Se quei client vogliono contattare un servizio del realm <code class="literal">D.EXAMPLE.COM</code>, essi devono prima ottenere le credenziali dal realm <code class="literal">B.EXAMPLE.COM</code>, e poi quelle dal realm <code class="literal">C.EXAMPLE.COM</code>, prima di ottenere finalmente le credenziali da usare con il realm <code class="literal">D.EXAMPLE.COM</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Senza una sezione capath che indichi il contrario, Kerberos assume che la relazione di fiducia cross-realm, sia di tipo gerarchico.
+ </div><div class="para">
+ I client nel realm <code class="literal">A.EXAMPLE.COM</code> possono ottenere credenziali cross-realm, direttamente dal realm <code class="literal">B.EXAMPLE.COM</code>. Senza l'indicazione del ".", il client avrebbe provato ad usare una ricerca di tipo gerarchico; in questo caso:
+ </div><div class="literallayout"><p> A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM<br />
+<br />
+</p></div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Ulteriori risorse</h3></div></div></div><div class="para">
+ Per maggiori informazioni su Kerberos, fare riferimento alle seguenti risorse.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">3.7.10.1. Documentazione locale su Kerberos</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Kerberos V5 Installation Guide</em> e <em class="citetitle">Kerberos V5 System Administrator's Guide</em>, in formato PostScript ed HTML. Le guide si trovano nella directory <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code>, dove <em class="replaceable"><code><version-number></code></em> è la version del pacchetto <code class="command">krb5-server</code> installato.
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Kerberos V5 UNIX User's Guide</em>, in formato PostScript ed HTML. La guida si trova nella directory <code class="filename">/usr/share/doc/krb5-workstation-<em class="replaceable"><code><version-number></code></em>/</code>, in cui <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="command">krb5-workstation</code> installato.
+ </div></li><li class="listitem"><div class="para">
+ Pagine di man relative a Kerberos — Ci sono un buon numero di pagine man, che descrivono le varie applicazioni e i file di configurazione riguardanti una implementazione di Kerberos. Di seguito, si riporta un elenco delle più importanti pagine di man.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applicazioni Client</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kerberos</code> — Una introduzione al sistema Kerberos, in cui viene descritto come funzionano le credenziali, oltre a utili raccomandazioni su come ottenere e distruggere i ticket emessi da Kerberos. La parte finale della pagina di man, contiene i riferimenti ad ulteriori pagine.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kinit</code> — Descrive come usare questo comando per ottenere e memorizzare i ticket.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdestroy</code> — Descrive come usare questo comando per distruggere le credenziali Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man klist</code> — Descrive come usare questo comando per visualizzare le credenziali Kerberos memorizzate.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Applicazioni Amministrative</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kadmin</code> — Descrive come usare questo comando per amministrare il database Kerberos V5.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdb5_util</code> — Descrive come usare questo comando per creare ed effettuare operazioni amministrative di basso livello, sul database Kerberos V5.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Applicazioni Server</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5kdc</code> — Descrive le opzioni disponibili da riga di comando per il KDC Kerberos V5.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kadmind</code> — Descrive le opzioni disponibili da riga di comando per l'AS Kerberos V5.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">File di Configurazione</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5.conf</code> — Descrive il formato e le opzioni disponibili, nel file di configurazione, per la libreria Kerberos V5.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdc.conf</code> — Descrive il formato e le opzioni disponibili, nel file di configurazione, per l'AS e il KDC Kerberos V5.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">3.7.10.2. Siti utili su Kerberos</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/">Kerberos: The Network Authentication Protocol</a> — sul sito del MIT.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">The Kerberos Frequently Asked Questions </a> — Utili Domande/Risposte su Kerberos
+ </div></li><li class="listitem"><div class="para">
+ <a href="ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS">Kerberos: An Authentication Service for Open Network Systems</a> — E' la versione PostScript del documento originario su Kerberos, scritto da Jennifer G. Steiner, Clifford Neuman, e Jeffrey I. Schiller.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/dialogue.html">Designing an Authentication System: a Dialogue in Four Scenes</a> — Questo documento, scritto originariamente da Bill Bryant nel 1988, e modificato da Theodore Ts'o nel 1997, è una conversazione tra due sviluppatori che riflettono sul progetto di un sistema di autenticazione in stile Kerberos. Lo stile colloquiale della discussione, lo rende un buon punto di partenza per coloro che sono completamente all'oscuro di Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.ornl.gov/~jar/HowToKerb.html">How to Kerberize your site</a> — E' un buon riferimento per kerberizzare una rete.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.networkcomputing.com/netdesign/kerb1.html">Kerberos Network Design Manual</a> — Fornisce una panoramica sul sistema Kerberos.
+ </div></li></ul></div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Firewalls" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Firewalls">3.8. Firewall</h2></div></div></div><div class="para">
+ La sicurezza nell'informazione comunemente è visto come un processo e non come un prodotto. Le implementazioni volte a garantire una sicurezza standard, solitamente impiegano dei meccanismi per il controllo degli accessi e per limitare le risorse di rete solo agli utenti autorizzati, identificabili e tracciabili. Fedora include molti strumenti per amministratori e ingegneri addetti alla sicurezza, utili per controllare gli accessi in ambito di rete.
+ </div><div class="para">
+ I firewall, figurano tra i componenti di base per una implementazione di rete sicura. Molti produttori di firewall commerciali, forniscono soluzioni per ogni livello di necessità: dai firewall per proteggere i PC di utenti domestici a quelli dedicati ai centri di elaborazioni dati. I firewall possono essere hardware a sè stanti, come i dispositivi realizzati da Cisco, Nokia e Sonicwall, oppure soluzioni software, come i firewall sviluppati da Checkpoint, McAfee e Symantec, per il mercato casalingo e aziendale.
+ </div><div class="para">
+ Oltre alla differenza fra firewall hardware e software, i firewall si distinguono anche nel loro modo di funzionare. La <a class="xref" href="#tabl-Security_Guide-Firewalls-Firewall_Types">Tabella 3.2, «Tipi di firewall»</a> illustra tre tipi comuni di firewall e il loro funzionamento:
+ </div><div class="table" id="tabl-Security_Guide-Firewalls-Firewall_Types"><h6>Tabella 3.2. Tipi di firewall</h6><div class="table-contents"><table summary="Tipi di firewall" border="1"><colgroup><col width="10%" class="method" /><col width="30%" class="description" /><col width="30%" class="advantages" /><col width="30%" class="disadvantages" /></colgroup><thead><tr><th>
+ Metodo
+ </th><th>
+ Descrizione
+ </th><th>
+ Vantaggi
+ </th><th>
+ Svantaggi
+ </th></tr></thead><tbody><tr><td>
+ NAT
+ </td><td>
+ <em class="firstterm">NAT</em> (Network Address Translation), posiziona le sottoreti private dietro unico indirizzo IP pubblico o un limitato gruppo di indirizzi IP pubblici, mascherando tutte le richieste verso un'unica destinazione. Il kernel Linux presenta funzionalità NAT integrate tramite il sottosistema Netfilter.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Può essere configurato in modo trasparente alle macchine sulla LAN</td></tr><tr><td>· La protezione di macchine e servizi dietro uno o più indirizzi IP (esterni) semplifica i compiti di amministrazione</td></tr><tr><td>· Gli accessi in ingresso e in uscita dalla LAN possono essere configurati aprendo e chiudendo le porte sul firewall/gateway NAT</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Impossibile prevenire attività maliziose da parte di connessioni esterne al firewall</td></tr></table>
+
+ </td></tr><tr><td>
+ Filtro dei pacchetti
+ </td><td>
+ Un firewall di filtraggio dei pacchetti analizza tutti i pacchetti che passano attraverso la LAN. Può leggere e analizzare i pacchetti in base alle informazioni di intestazione, e filtrare i pacchetti secondo un insieme di regole programmabili implementate dall'amministratore. Il kernel Linux presenta funzionalità di filtraggio in modo nativo attraverso il sottosistema Netfilter.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Configurabile attraverso l'utlity <code class="command">iptables</code></td></tr><tr><td>· Non richiede nessuna configurazione sul lato client, poichè tutta l'attività di rete viene filtrata a livello router e non a livello applicazione</td></tr><tr><td>· Poichè i pacchetti non vengono trasmessi attraverso un proxy, le prestazioni di rete risultano più elevate grazie alla connessione diretta tra client ed host remoto</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Impossibile filtrare i pacchetti per contenuto come avviene con un firewall proxy</td></tr><tr><td>· L'analisi dei pacchetti è a livello protocollo di trasmissione e non a livello applicazione</td></tr><tr><td>· Architetture di rete complesse possono rendere ardua la stesura delle regole di filtraggio, specialmente se combinate con <em class="firstterm">mascheramento IP</em> o sottoreti locali e con reti DMZ</td></tr></table>
+
+ </td></tr><tr><td>
+ Proxy
+ </td><td>
+ I firewall proxy filtrano tutte le richieste di un certo protocollo o tipo, dai client LAN ad una macchina proxy, che a nome del client le trasmette su Internet. Una macchina proxy agisce come un buffer fra utenti remoti maliziosi e i client della rete interna.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· E' possibile controllare le applicazione e i protocolli in funzione all'esterno della LAN</td></tr><tr><td>· Alcuni server proxy mantengono una copia locale dei dati richiesti frequentemente invece di richiederli ogni volta su Internet. Ciò aiuta a ridurre il consumo di banda</td></tr><tr><td>· I servizi proxy possono registrare su file la loro attività (logging), permettendo un monitoraggio/controllo maggiore sull'utilizzo delle risorse di rete</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· I proxy spesso sono implementati per applicazioni specifiche (HTTP, Telnet, ecc.), oppure limitati ad un protocollo (la maggior parte dei proxy funziona solo con servizi TCP)</td></tr><tr><td>· Le applicazioni server non funzionano con i proxy, quindi per queste occorre usare una diversa forma di sicurezza</td></tr><tr><td>· I proxy possono diventare dei colli di bottiglia, in quanto tutto il traffico deve passare attraverso un intermediario</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter e IPTables</h3></div></div></div><div class="para">
+ Il kernel Linux fornisce un potente sottosistema di rete chiamato <em class="firstterm">Netfilter</em>. Netfilter è in grado di fornire filtraggio stateful o stateless, servizi NAT e mascheramento degli indirizzi IP. Inoltre può <em class="firstterm">alterare</em> le informazioni di intestazione dei pacchetti IP per il routing avanzato e gestire lo stato della connessione. Netfilter è controllato con lo strumento <code class="command">iptables</code>.
+ </div><div class="section" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview">3.8.1.1. Panoramica su IPTables</h4></div></div></div><div class="para">
+ La forza e la flessibilità di Netfilter si avvale di <code class="command">iptables</code>, uno strumento da terminale simile nella sintassi, al suo predecessore, <code class="command">ipchains</code>, sostituito da Netfilter/iptables a partire dal kernel 2.4.
+ </div><div class="para">
+ <code class="command">iptables</code> usa Netfilter per migliorare la connessione, l'ispezione e l'analisi della rete. Le caratteristiche di <code class="command">iptables</code> includono in una unica interfaccia da linea di comando logging avanzato, azioni <span class="emphasis"><em>pre- e post-routing</em></span>, <span class="emphasis"><em>network address translation</em></span> e <span class="emphasis"><em>port forwarding</em></span>.
+ </div><div class="para">
+ Questa sezione ha dato solo una breve descrizione di <code class="command">iptables</code>. Per informazioni più dettagliate, fare riferimento alla <a class="xref" href="#sect-Security_Guide-IPTables">Sezione 3.9, «IPTables»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Configurazione di un firewall di base</h3></div></div></div><div class="para">
+ Così come in una costruzione medioevale il muro tagliafuoco tenta di prevenire la propagazione del fuoco, il firewall di un computer tenta di impedire che software maliziosi si propaghino nel computer. Un firewall serve anche ad impedire che utenti non autorizzati possano accedere al computer.
+ </div><div class="para">
+ In una installazione predefinita di Fedora esiste un firewall tra il proprio computer (o la rete locale), e una qualsiasi rete non sicura come ad esempio Internet. Esso imposta i servizi ai quali possono accedere gli utenti remoti. Un firewall correttamente configurato, può incrementare notevolmente la sicurezza del sistema. Si raccomanda di configurare un firewall su tutti i sistemi Fedora con una connessione ad internet.
+ </div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">3.8.2.1. <span class="application"><strong>Srtumento di Amministrazione Firewall</strong></span></h4></div></div></div><div class="para">
+ Durante l'installazione di Fedora, nella schermata <span class="guilabel"><strong>Configurazione Firewall</strong></span> si può abilitare un firewall di base come pure autorizzare su particolari schede di rete, servizi di ingresso e porte.
+ </div><div class="para">
+ Dopo l'installazione, è possibile cambiare queste preferenze utilizzando lo strumento <span class="application"><strong>Amministrazione Firewall</strong></span>.
+ </div><div class="para">
+ Per avviare l'applicazione, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # system-config-firewall</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewall_config.png" width="444" alt="Srtumento di Amministrazione Firewall" /><div class="longdesc"><div class="para">
+ Configurazione del livello di sicurezza
+ </div></div></div></div><h6>Figura 3.10. <span class="application">Srtumento di Amministrazione Firewall</span></h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ <span class="application"><strong>Amministrazione Firewall</strong></span> configura solo un firewall di base. Se il sistema necessita di regole più complesse, fare riferimento alla <a class="xref" href="#sect-Security_Guide-IPTables">Sezione 3.9, «IPTables»</a> contenente i dettagli sulla configurazione di regole <code class="command">iptables</code>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">3.8.2.2. Abilitare e disabilitare il firewall</h4></div></div></div><div class="para">
+ Selezionare una delle seguenti opzioni per il firewall:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Disabilitato</strong></span> — Questa opzione consente il completo accesso al sistema, privando il sistema di ogni controllo di sicurezza. Usare questa impostazione soltanto se il sistema si trova in una rete sicura (senza connessione ad Internet), o se si configura un firewall personalizzato, utilizzando lo strumento da linea di comando <code class="command">iptables</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Avviso</h2></div><div class="admonition"><div class="para">
+ Le configurazioni e le regole personalizzate del firewall sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code>. Se si seleziona <span class="guilabel"><strong>Disabilitato</strong></span> e si preme <span class="guibutton"><strong>OK</strong></span> le attuali configurazioni e regole di firewall vengono azzerate.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Abilitato</strong></span> — Questa opzione configura il sistema a rifiutare le richieste di connessioni in ingresso, ossia tutte quelle connessioni provenienti dall'esterno che non corrispondono a richieste effettuate dal sistema, come repliche DNS o richieste DHCP. Se occorre autorizzare l'accesso a servizi in esecuzione sulla macchina, essi possono essere impostati nel firewall.
+ </div><div class="para">
+ Se il sistema è collegato ad Internet ma non esegue alcun server, questa opzione è la scelta più sicura.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">3.8.2.3. Servizi fidati</h4></div></div></div><div class="para">
+ Abilitando le opzioni nella lista <span class="guilabel"><strong>Servizi fidati</strong></span>, si autorizza il servizio a passare attraverso (bypass) il firewall.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
+ Il protocollo HTTP è usato da Apache (e da altri server web) per servire pagine web. Se si intende rendere pubblico il proprio server web, abilitare la check-box relativa. Non occorre abilitare questa opzione per visualizzare pagine web sul server locale o per lo sviluppo di pagine web. Questo servizio richiede che sia installato il pacchetto <code class="filename">httpd</code>.
+ </div><div class="para">
+ L'abilitazione di <span class="guilabel"><strong>WWW (HTTP)</strong></span> non apre una porta per il servizio HTTPS, la versione SSL di HTTP. Se è necessario questo servizio, abilitare la check-box relativa al server <span class="guilabel"><strong>Secure WWW (HTTPS)</strong></span>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>FTP</strong></span></span></dt><dd><div class="para">
+ Il protocollo FTP è usato per trasferire file fra computer. Se si intende creare un server FTP disponibile pubblicamente, abilitare la check-box relativa. Questo servizio richiede che sia installato il pacchetto <code class="filename">vsftpd</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>SSH</strong></span></span></dt><dd><div class="para">
+ SSH (Secure Shell) è una raccolta di strumenti per accedere ed eseguire comandi su una macchina remota. Per autorizzare l'accesso remoto alla macchina via ssh, abilitare la check-box relativa. Questo servizio richiede che sia installato il pacchetto <code class="filename">openssh-server</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Telnet</strong></span></span></dt><dd><div class="para">
+ Telnet è un protocollo per accedere a macchine remote. Le comunicazioni Telnet non sono cifrate e non offrono nessuna protezione contro le intercettazioni. Consentire l'accesso Telnet in ingresso non è raccomandato. Per autorizzare l'accesso alla macchina via Telnet, abilitare la check-box relativa. Questo servizio richiede che sia installato il pacchetto <code class="filename">telnet-server</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Mail (SMTP)</strong></span></span></dt><dd><div class="para">
+ SMTP è un protocollo che consente ad host remoti di connettersi direttammente ad una macchina per l'invio di mail. Non si deve abilitare questo servizio se si riceve la posta dal proprio ISP, via POP3 o IMAP oppure se si utilizza uno strumento come <code class="command">fetchmail</code>. Per consentire la consegna di posta dalla macchina remota abilitare questa check-box. Notare che un server SMTP configurato in modo scorretto, potrebbe consentire a macchine remote di usare il server per l'invio di spam.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>NFS4</strong></span></span></dt><dd><div class="para">
+ NFS (Network File System) è un protocollo di condivisione file usato comunemente sui sistemi *NIX. La versione 4 di questo protocollo è più sicuro dei suoi predecessori. Se si desidera condividere i propri file o cartelle con altri utenti della rete, abilitare questa check-box.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Samba</strong></span></span></dt><dd><div class="para">
+ Samba è una implementazione del protocollo di rete proprietario, SMB. Se si desidera condividere file, cartelle o stampanti locali con macchine microsoft windows, abilitare questa check-box.
+ </div></dd></dl></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">3.8.2.4. Altre porte</h4></div></div></div><div class="para">
+ Lo strumento di <span class="application"><strong>Amministrazione Firewall</strong></span> include una sezione <span class="guilabel"><strong>Altre porte</strong></span> per impostare in <code class="command">iptables</code> i numeri delle porte IP fidate. Per esempio, per permettere ad IRC ed IPP (Internet Printing Protocol) di superare le regole del firewall, aggiungere quanto segue alla sezione <span class="guilabel"><strong>Altre porte</strong></span>:
+ </div><div class="para">
+ <code class="computeroutput">194:tcp,631:tcp</code>
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">3.8.2.5. Salvare le impostazioni</h4></div></div></div><div class="para">
+ Premere il pulsante <span class="guibutton"><strong>OK</strong></span> per salvare i cambiamenti apportati al firewall. Se è stato selezionato <span class="guilabel"><strong>Abilita firewall</strong></span>, le opzioni selezionate verranno tradotte in comandi <code class="command">iptables</code> e salvate nel file <code class="filename">/etc/sysconfig/iptables</code>. Immediatamente dopo il salvataggio, viene ri-avviato automaticamente il servizio <code class="command">iptables</code> in modo da rendere immediate le modifiche apportate al firewall. Se invece è stato selezionato <span class="guilabel"><strong>Disabilita firewall</strong></span>, il file <code class="filename">/etc/sysconfig/iptables</code> viene eliminato ed il servizio <code class="command">iptables</code> immediatamente interrotto.
+ </div><div class="para">
+ Comunque, le varie impostazioni vengono salvate anche nel file <code class="filename">/etc/sysconfig/system-config-firewall</code>, usato dal sistema al successivo riavvio dell'applicazione per il regolare ripristino delle impostazioni. Si raccomanda di non modificare direttamente questo file.
+ </div><div class="para">
+ Anche se il filrewall viene avviato immediatamente, il servizio <code class="command">iptables</code> non è configurato per avviarsi automaticamente al boot. Per maggiori informazioni, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">Sezione 3.8.2.6, «Attivare il servizio IPTables»</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">3.8.2.6. Attivare il servizio IPTables</h4></div></div></div><div class="para">
+ Le regole del firewall sono attive solo se <code class="command">iptables</code> è in esecuzione. Per avviare manualmente il servizio, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # service iptables restart</pre><div class="para">
+ Per far sì che <code class="command">iptables</code> si avvii al boot, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre></div></div><div class="section" id="sect-Security_Guide-Firewalls-Using_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Usare IPTables</h3></div></div></div><div class="para">
+ Il primo passo da fare per utilizzare <code class="command">iptables</code>, è avviare il servizio <code class="command">iptables</code>. Usare il seguente comando per avviare il servizio <code class="command">iptables</code>:
+ </div><pre class="screen">[root at myServer ~] # service iptables start</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Il servizio <code class="command">ip6tables</code> può essere disabilitato se si usa solo il servizio <code class="command">iptables</code>. Se si disattiva il servizio <code class="command">ip6tables</code>, ricordarsi di disattivare anche la rete IPv6. Non lasciare mai attivo un dispositivo di rete, senza il firewall corrispondente.
+ </div></div></div><div class="para">
+ Per avviare <code class="command">iptables</code> al boot di sistema, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre><div class="para">
+ In tal caso, <code class="command">iptables</code> si avvia automaticamente nei runlevel 3, 4 o 5.
+ </div><div class="section" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax">3.8.3.1. Sintassi del comando iptables</h4></div></div></div><div class="para">
+ Il seguente esempio, illustra la sintassi di base del comando <code class="command">iptables</code>:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A <em class="replaceable"><code><chain></code></em> -j <em class="replaceable"><code><target></code></em></pre><div class="para">
+ L'opzione <code class="option">-A</code> specifica che la regola deve essere aggiunta alla <em class="firstterm"><chain></em> (catena). Ogni catena è costituita da una o più <em class="firstterm">rules</em> (regole) ed è perciò meglio nota come una <em class="firstterm">ruleset</em> (insieme di regole).
+ </div><div class="para">
+ Le tre catene preesistenti sono INPUT, OUTPUT e FORWARD. Queste catene sono permanenti e non possono essere eliminate. La catena specifica il punto in cui il pacchetto viene manipolato.
+ </div><div class="para">
+ L'opzione <code class="option">-j <em class="replaceable"><code><target></code></em></code> (obbiettivo), specifica un'azione ossia cosa fare se il pacchetto corrisponde alla regola. Esempi di target predefiniti sono ACCEPT, DROP e REJECT.
+ </div><div class="para">
+ Per maggiori informazioni su catene, opzioni e target disponibili, fare riferimento alle pagine di man su <code class="command">iptables</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">3.8.3.2. Policy di base</h4></div></div></div><div class="para">
+ Stabilire una policy per il firewall di base serve da fondamenta su cui costruire delle regole più dettagliate.
+ </div><div class="para">
+ Ogni catena di <code class="command">iptables</code> è costituita da una policy predefinita e da zero o più regole che complessivamente definiscono le regole per il firewall.
+ </div><div class="para">
+ La policy predefinita di una catena può essere DROP o ACCEPT. Gli amministratori accorti di solito implementano una policy predefinita di DROP e autorizzano solo particolari pacchetti, sulla base di un'analisi caso-per-caso. Per esempio, le seguenti policy bloccano tutti i pacchetti in ingresso e in uscita da un gateway:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P INPUT DROP
+[root at myServer ~ ] # iptables -P OUTPUT DROP</pre><div class="para">
+ Si raccomanda inoltre di vietare qualsiasi <em class="firstterm">forward</em> di pacchetti (cioè traffico di rete che deve essere re-indirizzato dal firewall al nodo di destinazione), per limitare l'esposizione involontaria ad Internet dei client interni. Per fare ciò, usare la seguente regola:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P FORWARD DROP</pre><div class="para">
+ Una volta impostate le policy predefinite per una catena, si possono creare e salvare ulteriori regole, secondo i propri requisiti di rete e di sicurezza.
+ </div><div class="para">
+ Le seguenti sezioni descrivono come salvare le regole iptables e illustrano come implementare le regole per la costruzione del proprio firewall.
+ </div></div><div class="section" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">3.8.3.3. Salvare e ripristinare le regole IPTables</h4></div></div></div><div class="para">
+ I cambiamenti a <code class="command">iptables</code> se non vengono opportunamente salvati, restano transitori: se si riavvia il sistema o se il servizio <code class="command">iptables</code> viene riavviato, le regole appena create/modificate vengono automaticamente scaricate e resettate. Per salvare le regole in modo permanente, occorre usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # service iptables save</pre><div class="para">
+ Le regole sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e vengono applicate all'avvio del servizio o al riavvio della macchina.
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Filtraggi IPTables comuni</h3></div></div></div><div class="para">
+ Uno degli aspetti più importanti della sicurezza di rete è impedire l'accesso alla LAN da parte di attaccanti. L'integrità della LAN può essere garantita impostando stringenti regole di firewall.
+ </div><div class="para">
+ Tuttavia, una policy impostata per bloccare tutti i pacchetti in ingresso, uscita e re-instradati, renderebbe del tutto impossibile a firewall/gateway e agli utenti interni alla LAN la comunicazione fra loro e con le risorse esterne.
+ </div><div class="para">
+ Quindi gli amministratori, per consentire ai propri utenti di usufruire delle funzioni e delle applicazioni di rete, devono necessariamente aprire determinate porte alla comunicazione.
+ </div><div class="para">
+ Per esempio, per consentire l'accesso alla porta numero 80 <span class="emphasis"><em>sul firewall</em></span>, aggiungere la seguente regola:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</pre><div class="para">
+ Ciò permette agli utenti di esplorare i siti Internet che comunicano sulla porta standard numero 80. Per consentire l'accesso a siti web sicuri (per esempio, https://www.example.com/), occorre abilitare l'accesso anche attraverso la porta numero 443, come di seguito riportato:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Quando si crea un insieme di regole di <code class="command">iptables</code>, l'ordine è importante.
+ </div><div class="para">
+ Se una regola specifica di scartare qualsiasi pacchetto proveniente dalla sottorete 192.168.100.1/24, e questa è seguita da una regola che specifica di accettare i pacchetti provenienti dall'indirizzo 192.168.100.13 (che si trova all'interno della sottorete), allora la seconda regola viene ignorata.
+ </div><div class="para">
+ Per accettare i pacchetti provenienti da 192.168.100.13, la regola relativa deve precedere la regola che scarta i pacchetti prevenienti dalla sottorete.
+ </div><div class="para">
+ Per inserire una regola in una specifica posizione di una catena esistente, usare l'opzione <code class="option">-I</code>. Per esempio:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT</pre><div class="para">
+ Questa è la prima regola nella catena INPUT ed autorizza il traffico di loopback sul dispositivo.
+ </div></div></div><div class="para">
+ Per accedere ai servizi remoti di una LAN si possono usare servizi sicuri come SSH che impiegano connessioni cifrate.
+ </div><div class="para">
+ Nel caso di risorse basate su PPP (come modem o router ISP), si usano accessi dial-up per circuire le barriere del firewall. Trattandosi di connessioni dirette, le connessioni via modem tipicamente si trovano dietro un firewall/gateway.
+ </div><div class="para">
+ Per utenti con connessioni a banda larga, comunque, si presentano dei casi particolari. Si può configurare <code class="command">iptables</code> in modo da accettare connessioni via SSH. Per esempio, le seguenti regole consentono l'accesso remoto via SSH:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+[root at myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT</pre><div class="para">
+ Queste due regole autorizzano l'accesso in entrata e in uscita da un nodo, quale può essere un PC connesso direttamente ad Internet o un firewall/gateway, ma impediscono l'accesso al servizio ai nodi dietro al firewall/gateway. Per consentire a tutta la LAN di accedere a questo servizio, si potrebbe usare un <acronym class="acronym">NAT</acronym> (<em class="firstterm">Network Address Translation</em>) insieme a regole di filtraggio, <code class="command">iptables</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. Regole di <code class="computeroutput">FORWARD</code> e <acronym class="acronym">NAT</acronym></h3></div></div></div><div class="para">
+ La maggior parte dei provider ISP offrono, ai propri clienti, solo un numero limitato di indirizzi pubblici IP.
+ </div><div class="para">
+ Per questo motivo, gli amministratori devono disporre di un metodo che senza far uso di indirizzi IP pubblici, consenta ai nodi della LAN di accedere ai servizi Internet ed il metodo più comune consiste nell'usare indirizzi IP privati.
+ </div><div class="para">
+ I router di soglia (come i firewall) ricevono da Internet le trasmissioni in ingresso e re-indirizzano i pacchetti al nodo LAN interessato. Allo stesso modo, i firewall/gateway possono anche re-indirizzare le richieste in uscita, da un nodo LAN al servizio Internet remoto.
+ </div><div class="para">
+ Questo re-indirizzamento del traffico di rete, a volte, potrebbe diventare una minaccia, specialmente con l'alta disponibilità dei moderni strumenti di cracking, in grado di <span class="emphasis"><em>imitare</em></span> gli indirizzi IP <span class="emphasis"><em>interni</em></span>, mascherando la macchina remota dell'attaccante come un nodo della LAN.
+ </div><div class="para">
+ Per impedire tutto ciò, <code class="command">iptables</code> fornisce policy di routing e di forwarding (instradamento e re-indirizzamento), che se adeguatamente implementate impediscono un uso anormale delle risorse di rete.
+ </div><div class="para">
+ La catena <code class="computeroutput">FORWARD</code> consente ad un amministratore di controllare il routing dei pacchetti all'interno della LAN. Per esempio, per consentire il re-indirizzamento sull'intera LAN (assumendo che al firewall/gateway sia assegnato un indirizzo IP interno, associato alla scheda eth1), si possono usare le seguenti regole:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
+[root at myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT</pre><div class="para">
+ Queste regole stabiliscono che i sistemi dietro al firewall/gateway possono accedere alla intera rete interna. Ossia il gateway trasferisce i pacchetti da un nodo della LAN al nodo di destinazione, passando tutti i pacchetti attraverso la scheda <code class="filename">eth1</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione, la policy IPv4 nei kernel Fedora disabilita il supporto al forwarding IP e ciò impedisce a sistemi Fedora di funzionare come router di soglia dedicati. Per abilitare il forwarding IP, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</pre><div class="para">
+ Questa modifica di configurazione, dura solo per la sessione corrente: non persiste dopo un riavvio della macchina o un riavvio dei servizi di rete. Per impostare permanentemente il forwarding IP, modificare il file <code class="filename">/etc/sysctl.conf</code> come indicato di seguito:
+ </div><div class="para">
+ Individuare la seguente riga:
+ </div><pre class="screen">net.ipv4.ip_forward = 0</pre><div class="para">
+ Modificarla come segue:
+ </div><pre class="screen">net.ipv4.ip_forward = 1</pre><div class="para">
+ Usare il seguente comando per abilitare le modifiche al file <code class="filename">sysctl.conf</code>:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -p /etc/sysctl.conf</pre></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading">3.8.5.1. Postrouting e mascheramento IP</h4></div></div></div><div class="para">
+ Per ora, l'impostazione del forwarding dei pacchetti via la scheda interna del firewall, consente ai nodi delle LAN di comunicare tra di loro ma essi non possono ancora comunicare esternamente, verso Internet.
+ </div><div class="para">
+ Per consentire ai nodi, con indirizzi IP privati, di comunicare con reti pubbliche esterne occorre configurare il firewall per il <em class="firstterm">mascheramento IP</em>, ossia mascherare le richieste provenienti dai nodi della LAN, con l'indirizzo IP della scheda di rete esterna del firewall (in questo caso, eth0):
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre><div class="para">
+ Questa regola usa la tabella di corrispondenza dei pacchetti, NAT (<code class="option">-t nat</code>) e specifica sulla scheda di rete esterna (<code class="option">-o eth0</code>), la catena POSTROUTING (<code class="option">-A POSTROUTING</code>).
+ </div><div class="para">
+ Quindi la regola POSTROUTING permette l'alterazione dell'indirizzo IP dei pacchetti mentre questi lasciano la scheda di rete esterna del firewall.
+ </div><div class="para">
+ Il target <code class="option">-j MASQUERADE</code> specifica di mascherare gli indirizzi IP privati con l'indirizzo IP esterno del firewall/gateway.
+ </div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">3.8.5.2. Prerouting</h4></div></div></div><div class="para">
+ Per rendere pubblico un server delle rete interna, si può usare l'opzione <code class="option">-j DNAT</code> della catena PREROUTING specificando un indirizzo IP di destinazione e un numero di porta a cui indirizzare i pacchetti in ingresso richiedenti il servizio.
+ </div><div class="para">
+ Per esempio, per re-indirizzare le richieste HTTP al proprio server HTTP Apache, localizzato all'indirizzo 172.31.0.23, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80</pre><div class="para">
+ Questa regola specifica che la tabella <acronym class="acronym">NAT</acronym> usa la catena PREROUTING, re-indirizzando le richieste HTTP in ingresso, esclusivamente all'indirizzo IP 172.31.0.23.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se nella catena FORWARD è presente una policy predefinita di DROP, perchè il mascheramento IP sia possibile, occorre inserire in coda una regola di forward che re-indirizzi tutte le richieste HTTP. Per fare ciò, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT</pre><div class="para">
+ Questa regola re-indirizza tutte le richieste HTTP dal firewall al server HTTP Apache, dietro il firewall.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">3.8.5.3. DMZ e IPTables</h4></div></div></div><div class="para">
+ Si possono creare regole <code class="command">iptables</code> che re-indirizzino il traffico verso macchine dedicate, come server HTTP o FTP in una rete <acronym class="acronym">DMZ</acronym> (<em class="firstterm">demilitarized zone</em>). Una <acronym class="acronym">DMZ</acronym> è una speciale sottorete locale, dedicata quasi esclusivamente a fornire servizi verso reti pubbliche come Internet.
+ </div><div class="para">
+ Per esempio, per impostare una regola di re-indirizzamento, che instradi le richieste HTTP in ingresso verso un server HTTP dedicato su 10.0.4.2 (fuori dal range della LAN 192.168.1.0/24), si potrebbe usare la seguente regola di <code class="computeroutput">PREROUTING</code>:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.4.2:80</pre><div class="para">
+ Con questo comando, tutte le connessioni HTTP diretta alla porta 80 vengono instradate verso il server HTTP della sottorete DMZ. Questo tipo di segmentazione della rete si dimostra molto più sicuro, rispetto a connessioni HTTP dirette ad una macchina nella rete LAN interna.
+ </div><div class="para">
+ Se il server HTTP è configurato per accettare connessioni sicure, allora si dovrà re-instradare anche la porta 443.
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Software maliziosi e indirizzi IP spoofed</h3></div></div></div><div class="para">
+ Con <code class="command">iptables</code> si possono creare regole anche più elaborate per controllare l'accesso a specifiche sottoreti o anche a particolari nodi della LAN. E si può anche impedire che applicazioni o programmi sospetti, come trojan, worm e altri virus client/server contattino i loro server.
+ </div><div class="para">
+ Per esempio, alcuni trojan scansionano la rete alla ricerca di servizi attivi nel range di porte tra 31337 e 31340 (chiamate porte <span class="emphasis"><em>elite</em></span> nel gergo cracker).
+ </div><div class="para">
+ Dato che non esistono servizi legittimati che comunicano su queste porte non standard, bloccarle serve a ridurre la possibilità che nodi potenzialmente infetti sulla LAN, possano comunicare autonomamente, con i loro server remoti.
+ </div><div class="para">
+ Le seguenti regole, scartano tutto il traffico TCP che tenti di usare la porta 31337:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
+[root at myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP</pre><div class="para">
+ Si possono bloccare anche le connessioni esterne, che maliziosamente tentano di "imitare" (spoof) il range di indirizzi IP privati per intrufolarsi nella LAN.
+ </div><div class="para">
+ Per esempio, se la LAN usa il range 192.168.1.0/24, è possibile impostare una regola sulla scheda di rete esterna (connessa ad Internet, per esempio eth0), che scarti tutti i pacchetti con indirizzi IP nel range della LAN.
+ </div><div class="para">
+ Poichè per policy predefinita, si raccomanda di scartare i pacchetti re-indirizzati, qualsiasi indirizzo IP <span class="emphasis"><em>spoofed</em></span> proveniente dal dispositivo di rete esterno (eth0), viene a maggior ragione respinto.
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Esiste una differenza tra <code class="computeroutput">DROP</code> e <code class="computeroutput">REJECT</code> quando si tratta di regole <span class="emphasis"><em>aggiunte</em></span> in coda.
+ </div><div class="para">
+ <code class="computeroutput">REJECT</code> rifiuta l'accesso e ritorna un messaggio di <code class="computeroutput">connessione rifiutata</code> agli utenti che tentano di connettersi al servizio. Il comando <code class="computeroutput">DROP</code>, come lascia intendere il nome, scarta i pacchetti senza nessun messaggio.
+ </div><div class="para">
+ Gli amministratori possono scegliere a propria discrezione quando usare le due opzioni. Comunque, per evitare confusione e ripetuti tentavi di connessione da parte di utenti, si raccomanda di usare l'opzione <code class="computeroutput">REJECT</code>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables e Connection Tracking</h3></div></div></div><div class="para">
+ E' possibile ispezionare e restringere l'accesso ai servizi, anche in base al loro <em class="firstterm">stato di connessione</em>. Un modulo all'interno di <code class="command">iptables</code> usa un metodo denominato <em class="firstterm">connection tracking</em> (tracciamento delle connessioni), per immagazzinare informazioni sulle connessioni in ingresso. Si può consentire o rifiutare l'accesso in base ai seguenti stati di connessione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — Un pacchetto che richiede una nuova connessione, come una richiesta HTTP
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — Un pacchetto che fa parte di una connessione esistente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — Un pacchetto che richiede una nuova connessione, ma che appartiene ad una connessione esistente. Per esempio, FTP usa la porta numero 21 per stabilire una connessione, ma i dati vengono trasmessi su una porta differente (tipicamente la porta 20).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — Un pacchetto che non fa parte di nessuna connessione della connection tracking.
+ </div></li></ul></div><div class="para">
+ Le funzioni di stato di <span class="emphasis"><em>connection tracking</em></span>, possono essere usate con qualsiasi protocollo di rete, anche con protocolli privi di stato (come UDP). Il seguente esempio mostra una regola che usa <span class="emphasis"><em>connection tracking</em></span>, trasferendo solo i pacchetti appartenenti ad una connessione <span class="emphasis"><em>ESTABLISHED e RELATED</em></span>:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</pre></div><div class="section" id="sect-Security_Guide-Firewalls-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</h3></div></div></div><div class="para">
+ L'introduzione del nuovo Internet Protocol di futura generazione, l'IPv6, espande la limitazione degli indirizzi a 32bit di IPv4 (o IP). IPv6, infatti, supporta indirizzi a 128bit, e le reti compatibili con IPv6, presentano perciò una maggiore capacità di indirizzamento.
+ </div><div class="para">
+ Fedora supporta regole di firewall IPv6 usando Netfilter 6 e il comando <code class="command">ip6tables</code>. In Fedora 14, sia IPv4 sia IPv6, sono abilitati in modo predefinito
+ </div><div class="para">
+ La sintassi del comando <code class="command">ip6tables</code> è identica a <code class="command">iptables</code>, a parte il fatto che supporta indirizzi a 128bit. Per esempio, usare il seguente comando per abilitare connessioni SSH su un server di rete IPv6:
+ </div><pre class="screen">[root at myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT</pre><div class="para">
+ Per maggiori informazioni sulle reti IPv6, fare riferimento alla pagina web <a href="http://www.ipv6.org/">Welcome to the IPv6 Information Page! </a>.
+ </div></div><div class="section" id="sect-Security_Guide-Firewalls-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Ulteriori risorse</h3></div></div></div><div class="para">
+ Molti aspetti su firewall e Netfilter non sono stati adeguatamente esposti ed approfonditi in questo capitolo, che vuole essere una introduzione ed uno stimolo per ulteriori letture. Per chi volesse approfondire l'argomento, di seguito si riportano alcune interessanti risorse.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">3.8.9.1. Documentazione installata riguardante i firewall</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Per informazioni sul comando <code class="command">iptables</code> e le opzioni disponibili, vedere la <a class="xref" href="#sect-Security_Guide-IPTables">Sezione 3.9, «IPTables»</a>.
+ </div></li><li class="listitem"><div class="para">
+ La pagina di man su <code class="command">iptables</code> contiene una spiegazione delle varie opzioni.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">3.8.9.2. Siti utili sui firewall</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">Netfilter</a> — Il sito ufficiale dei progetti Netfilter e <code class="command">iptables</code>.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.tldp.org/">tldp.org</a> — The Linux Documentation Project, contiene molte guide utili, relative alla creazione e all'amministrazione di un firewall.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.iana.org/assignments/port-numbers">Internet Assigned Numbers Authority</a> — La lista ufficiale dei numeri di porta assegnati ai servizi, così come stabilito dall'IANA (Internet Assigned Numbers Authority).
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">3.8.9.3. Documentazione relativa</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Red Hat Linux Firewalls</em> di Bill McCarty (Red Hat Press) — Un manuale su come costruire firewall server e di rete, usando tecnologie open source, come Netfilter e <code class="command">iptables</code>, per operazioni di filtraggio dei pacchetti. Include anche argomenti correlati, come l'analisi dei messaggi di firewall, sviluppo di regole di firewall e la progettazione di un firewall personale, usando vari strumenti grafici.
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Linux Firewalls</em> di Robert Ziegler (New Riders Press) — Un manuale con informazioni su come creare firewall, usando sia <code class="command">ipchains</code> del kernel, sia Netfilter e <code class="command">iptables</code>. Vengono trattati anche diversi argomenti sulla sicurezza, come le questioni riguardanti l'accesso remoto e i sistemi anti-intrusione.
+ </div></li></ul></div></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-IPTables" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-IPTables">3.9. IPTables</h2></div></div></div><div class="para">
+ In Fedora sono inclusi avanzati strumenti di <em class="firstterm">packet filtering</em> (filtraggio dei pacchetti) — il processo che controlla il flusso dei pacchetti nello stack di rete del kernel a partire dal loro ingresso e fino al trasferimeto al nodo di destinazione. Le versioni del kernel precedenti alla 2.4, usavano regole <code class="command">ipchains</code> per filltrare i pacchetti suddividendo il filtraggio in passaggi successivi. Il kernel 2.4 ha introdotto <code class="command">iptables</code> (chiamato anche <em class="firstterm">netfilter</em>) che è simile a <code class="command">ipchains</code> ma che espande notevolmente l'analisi e il controllo sul filtraggio.
+ </div><div class="para">
+ Questo capitolo deliena le basi del filtraggio dei pacchetti spiegando le varie opzioni disponibili in <code class="command">iptables</code> e come preservare le regole impostate.
+ </div><div class="para">
+ Per istruzioni su come creare regole con <code class="command">iptables</code> e su come impostare un firewall basato su tali regole, fare riferimento alla <a class="xref" href="#sect-Security_Guide-IPTables-Additional_Resources">Sezione 3.9.6, «Ulteriori risorse»</a>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Il firewall predefinito nel kernel 2.4 e successivi, si basa su <code class="command">iptables</code> che non può essere usato in concomitanza con <code class="command">ipchains</code>. Quindi se <code class="command">ipchains</code> è attivo all'avvio del sistema, il kernel restituirà un errore indicando l'impossibilità di avviare <code class="command">iptables</code>.
+ </div><div class="para">
+ Le funzionalità di <code class="command">ipchains</code> non vengono influenzate da questo errore.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables-Packet_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Filtraggio pacchetti</h3></div></div></div><div class="para">
+ Il kernel Linux usa <span class="application"><strong>Netfilter</strong></span> per filtrare i pacchetti, autorizzando o meno il passaggio dei pacchetti nel sistema. Questa capacità è integrata nel kernel Linux e si basa su tre <em class="firstterm">tabelle</em> o <em class="firstterm">liste di regole</em>; esse sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">filter</code> — La tabella predefinita per gestire i pacchetti.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">nat</code> — La tabella usata per alterare i pacchetti che creano una nuova connessione e usata da <em class="firstterm">NAT</em> (<em class="firstterm">Network Address Translation</em>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">mangle</code> — La tabella usata per tipi specifici di alterazioni sui pacchetti.
+ </div></li></ul></div><div class="para">
+ Ogni tabella ha un gruppo di <em class="firstterm">catene</em> predefinite che corrispondono alle azioni eseguite da <code class="command">netfilter</code> sul pacchetto.
+ </div><div class="para">
+ Le catene predefinite della tabella <code class="option">filter</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Si applica ai pacchetti diretti all'host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Si applica ai pacchetti generati localmente.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Si applica ai pacchetti instradati attraverso l'host.
+ </div></li></ul></div><div class="para">
+ Le catene predefinite della tabella <code class="option">nat</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Altera i pacchetti in arrivo.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Altera i pacchetti generati localmente prima di inviarli all'esterno.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Altera i pacchetti prima di inviarli all'esterno.
+ </div></li></ul></div><div class="para">
+ Le catene predefinite della tabella <code class="option">mangle</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Altera i pacchetti diretti all'host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Altera i pacchetti generati localmente prima di inviarli all'esterno.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Altera i pacchetti instradati attraverso l'host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Altera i pacchetti in arrivo prima di instradarli.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Altera i pacchetti prima di inviarli all'esterno.
+ </div></li></ul></div><div class="para">
+ Ogni pacchetto ricevuto o inviato da un sistema Linux è controllato da almeno una tabella ed un pacchetto, prima di emergere dalla fine della catena, viene controllato dalle regole presenti nella tabella. Ogni regola ha il proprio formato e scopo, ma generalmente tutte con l'obiettivo di identificare il pacchetto e il particolare protocollo o servizio di rete e la sua provenienza o destinazione.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione, le regole di firewall sono salvate nei file <code class="filename">/etc/sysconfig/iptables</code> o <code class="filename">/etc/sysconfig/ip6tables</code>.
+ </div><div class="para">
+ Al boot di un sistema Linux, il servizio <code class="command">iptables</code> viene avviato prima di ogni servizio di DNS. Ciò significa che le regole di firewall possono riferirsi solo a indirizzi IP numerici (per esempio 192.168.0.1). Quindi eventuali nomi di dominio come host.example.com sono destinati inevitabilmente a sollevare errori.
+ </div></div></div><div class="para">
+ Quando un pacchetto viene intercettato o corrisponde ad una regola di una tabella, il sistema di packet filtering applica al pacchetto un <em class="firstterm">target</em> o azione. Se la regola specifica un target (azione) <code class="command">ACCEPT</code>, il pacchetto salta il resto dei controlli ed è autorizzato a proseguire verso la sua destinazione. Se la regola specifica un target (azione) <code class="command">DROP</code>, il pacchetto viene scartato senza inviare alcuna risposta all'host mittente. Se la regola specifica un'azione <code class="command">QUEUE</code>, il pacchetto è trasferito nello spazio utente. Se una regola specifica l'azione (opzionale) <code class="command">REJECT</code>, il pacchetto viene scartato e all'host mittente viene risposto con un messaggio di errore.
+ </div><div class="para">
+ Ogni catena ha una policy predefinita per i target (azioni) <code class="command">ACCEPT</code>, <code class="command">DROP</code>, <code class="command">REJECT</code> e <code class="command">QUEUE</code>. Se in una catena non esiste nessuna regola che si può applicare ad un pacchetto allora il pacchetto è soggetto alla policy predefinita.
+ </div><div class="para">
+ Il comando <code class="command">iptables</code> serve a configurare queste tabelle e all'occorrenza ad impostarne di nuove.
+ </div></div><div class="section" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Opzioni di comando di IPTables</h3></div></div></div><div class="para">
+ Le regole di filtraggio dei pacchetti si creano con il comando <code class="command">iptables</code>. I seguenti aspetti di ogni pacchetto sono spesso usati come criterio:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Type</em></span> — Specifica il tipo di pacchetti da filtrare.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Source/Destination</em></span> — Specifica i pacchetti da filtrare in base alla loro sorgente o destinazione.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Target</em></span> — Specifica il target (azione) da prendere sui pacchetti corrispondenti al criterio precedente.
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni su questi criteri, vedere la <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">Sezione 3.9.2.4, «Match Option»</a> e la <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Target_Options">Sezione 3.9.2.5, «Opzioni target»</a>.
+ </div><div class="para">
+ Le opzioni usate con le regole di <code class="command">iptables</code> devono essere raggruppate in modo logico, in base allo scopo e alle condizioni della regola complessiva. Il resto di questa sezione spiega le opzioni più comuni usate con il comando <code class="command">iptables</code>.
+ </div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options">3.9.2.1. Struttura dei comandi iptabes</h4></div></div></div><div class="para">
+ Molti comandi <code class="command">iptables</code> hanno la seguente struttura:
+ </div><pre class="screen"><code class="computeroutput"> iptables [-t <em class="replaceable"><code><table-name></code></em>] <em class="replaceable"><code><command></code></em> <em class="replaceable"><code><chain-name></code></em> \ <em class="replaceable"><code><parameter-1></code></em> <em class="replaceable"><code><option-1></code></em> \ <em class="replaceable"><code><parameter-n></code></em> <em class="replaceable"><code><option-n></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><table-name></code></em> — Specifica la tabella a cui applicare la regola. Se non specificata si usa la tabella <code class="option">filter</code>.
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — Specifica l'azione da eseguire, come concatenare o eliminare una regola.
+ </div><div class="para">
+ <em class="replaceable"><code><chain-name></code></em> — Specifica la catena da modificare, creare o eliminare.
+ </div><div class="para">
+ <em class="replaceable"><code><parameter>-<option></code></em> — Parametri e relative opzioni che specificano come processare un pacchetto.
+ </div><div class="para">
+ La lunghezza e la complessità di un comando <code class="command">iptables</code> possono variare notevolmente, a seconda della situazione.
+ </div><div class="para">
+ Per esempio, un comando per rimuovere una regola da una catena può essere molto corto:
+ </div><div class="para">
+ <code class="command">iptables -D <em class="replaceable"><code><chain-name> <line-number></code></em></code>
+ </div><div class="para">
+ Al contrario, un comando che aggiunge una regola con una varietà di parametri e opzioni per filtrare i pacchetti di una sottorete, può risultare piuttosto lungo. Quando si costruiscono comandi <code class="command">iptables</code> è importante ricordare che alcuni parametri e opzioni possono richiedere ulteriori parametri e opzioni. Ciò produce un tipico effetto cascata: parametri che richiedono ulteriori parametri. Quindi perchè la regola costruita sia valida, occorre che ogni parametro e opzione della catena sia interamente soddisfatto.
+ </div><div class="para">
+ Digitare <code class="command">iptables -h</code> per visualizzare un elenco completo delle strutture dei comandi <code class="command">iptables</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">3.9.2.2. Opzioni di Comando</h4></div></div></div><div class="para">
+ Le opzioni di comando indicano ad <code class="command">iptables</code> di eseguire un'azione. In un comando <code class="command">iptables</code> è permesso specificare solo una opzione di comando e, ad eccezione di help, deve essere espressa in caratteri maiuscoli.
+ </div><div class="para">
+ Le opzioni di comando di <code class="command">iptables</code>, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-A</code> — Appende la regola alla fine della catena. Diversamente dall'opzione <code class="option">-I</code> (descritta più avanti), non accetta alcun numero intero ma appende la regola sempre alla fine della catena.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-C</code> — Controlla una regola prima di aggiungerla alla catena. Questo comando serve a costruire regole <code class="command">iptables</code> complesse, richiedendo interattivamente l'inserimento di parametri e opzioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-D <integer> | <rule></code> — Elimina una regola da una catena usando un numero (p.e. <code class="option">5</code> sta per la quinta regola nella catena) o specificando la regola. Quest'ultima deve corrispondere esattamente con una regola esistente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-E</code> — Rinomina una catena definita dall'utente, ossia una catena non predefinita. (Fare riferimento all'opzione <code class="option">-N</code> per maggiori informazioni sulle catene definite dall'utente). Si tratta di una variazione estetica senza effetti sulla struttura della tabella.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se si tenta di rinominare una catena predefinita, il sistema restituisce l'errore <code class="computeroutput">Match not found</code> (Corrispondenza non trovata): non si possono rinominare le catene predefinite.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-F</code> — Scarica la catena selezionata eliminando di conseguenza tutte le regole nella catena. Se non si specifica nessuna catena, questo comando scarica tutte le regole da tutte le catene.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-h</code> — Fornisce un elenco delle strutture dei comandi di <code class="command">iptables</code> insieme ad un breve sommario dei parametri e delle opzioni disponibili.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-I [<integer>]</code> — Inserisce la regola nel punto specifico della catena definito dal numero. Se non viene specificato nessun numero, la regola viene inserita in cima alla catena.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Come già notato, l'ordinamento delle regole in una catena determina le regole da applicare ai pacchetti e cio è da tener presente quando si aggiunge una regola con l'opzione <code class="option">-A</code> o con l'opzione <code class="option">-I</code>.
+ </div><div class="para">
+ Con l'opzione <code class="option">-I</code> specificando il numero di un posto esistente, <code class="command">iptables</code> inserisce la nuova regola <span class="emphasis"><em>prima</em></span> della regola esistente.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-L</code> — Elenca tutte le regole della catena. Per elencare le regole in tutte le catene della tabella predefinita <code class="option">filter</code>, non specificare alcuna catena o tabella. Invece, per elencare le regole in una catena specifica di una particolare tabella, usare la seguente sintassi:
+ </div><pre class="screen"><code class="computeroutput"> iptables -L <em class="replaceable"><code><chain-name></code></em> -t <em class="replaceable"><code><table-name></code></em></code></pre><div class="para">
+ Per maggiori informazioni sull'opzione di comando <code class="option">-L</code> (in grado di visualizzare numeri di regola e descrizioni più dettagliate sulle regole), fare riferimento alla <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">Sezione 3.9.2.6, «Elencare le opzioni»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-N</code> — Crea una nuova catena. Il nome della catena deve essere unico altrimenti si ha un messaggio di errore.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-P</code> — Imposta la policy predefinita sulla catena, ossia applica il <span class="emphasis"><em>target</em></span> (azione) specificato, per esempio ACCEPT o DROP ai pacchetti per i quali non esiste una regola corrispondente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-R</code> — Sostituisce una regola nella catena. Il numero di regola deve essere specificato dopo il nome della catena. La prima regola in una catena corrisponde alla regola numero uno.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-X</code> — Elimina una catena precedentemente creata. Non è possibile eliminare le catene predefinite.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-Z</code>·— Imposta a zero, in tutte le catene di una tabella, i contatori di byte e di pacchetti.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">3.9.2.3. Opzioni di Parametro</h4></div></div></div><div class="para">
+ Per costruire una regola, alcuni comandi <code class="command">iptables</code> inclusi quelli usati per aggiungere, appendere, eliminare, inserire o sostituire le regole in una catena, richiedono vari parametri.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-c</code> — Resetta i contatori di una regola. Questo parametro accetta le opzioni <code class="option">PKTS</code> e <code class="option">BYTES</code> per specificare il contatore da resettare.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-d</code> — Imposta l'hostname, l'indirizzo IP o la rete di destinazione di un pacchetto intercettato dalla regola. Nel caso di reti sono supportati i seguenti formati di indirizzo (IP/netmask) :
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M.M.M.M</code></em></code> — Dove <em class="replaceable"><code>N.N.N.N</code></em> è il range di indirizzi IP e <em class="replaceable"><code>M.M.M.M</code></em> è la netmask.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M</code></em></code> — Dove <em class="replaceable"><code>N.N.N.N</code></em> è il range di indirizzi IP e <em class="replaceable"><code>M</code></em> è la bitmask.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">-f</code> — Applica la regola solo ai pacchetti frammentati.
+ </div><div class="para">
+ Per applicare la regola solo ai pacchetti non frammentati (n.d.t. i complementari), si può usare il carattere punto esclamativo (<code class="option">!</code>) dopo il parametro.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ La tecnica della frammentazione dei pacchetti è uno standard minore del protocollo IP.
+ </div><div class="para">
+ Originariamente progettato per consentire ai pacchetti IP di attraversare le reti in frame di diverse lunghezze, oggigiorno la frammentazione è usata molto spesso per generare attacchi DoS. Inoltre è importante notare che IPv6 non consente affatto la frammentazione.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-i</code> — Imposta la scheda di rete di ingresso (p.e. <code class="option">eth0</code> o <code class="option">ppp0</code>). Con la tabella <code class="option">filter</code> questo parametro può essere usato solo con le catene INPUT e FORWARD; con le tabelle <code class="option">nat</code> e <code class="option">mangle</code> solo con la catena PREROUTING.
+ </div><div class="para">
+ Supporta anche le seguenti opzioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Punto esclamativo (<code class="option">!</code>) — Inverte la direttiva escludendo dalla regola le interfacce specificate.
+ </div></li><li class="listitem"><div class="para">
+ Somma (<code class="option">+</code>) — Un carattere "jolly" usato per individuare tutte le interfacce che coincidono con la stringa specificata. Per esempio, il parametro <code class="option">-i eth+</code> applicherà la regola a tutte le schede Ethernet escludendo le altre, come <code class="option">ppp0</code>.
+ </div></li></ul></div><div class="para">
+ Se l'opzione <code class="option">-i</code> non ha argomento allora la regola si applica a tutte le interfacce presenti.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-j</code> — Salta al target (azione) specificato se il pacchetto è intercettato dalla regola.
+ </div><div class="para">
+ I target standard sono <code class="option">ACCEPT</code>, <code class="option">DROP</code>, <code class="option">QUEUE</code>, e <code class="option">RETURN</code>.
+ </div><div class="para">
+ Nei moduli di <code class="command">iptables</code> caricati per default, sono disponibili anche opzioni Target Extension. Tra questi sono inclusi <code class="option">LOG</code>, <code class="option">MARK</code> e <code class="option">REJECT</code>, tra gli altri. Per maggiori informazioni su questi e altri target fare riferimento alle pagine di man di <code class="command">iptables</code>.
+ </div><div class="para">
+ Questa opzione può essere usata anche per dirigere un pacchetto intercettato verso un'altra catena esterna differente, contenente altre regole da applicare al pacchetto.
+ </div><div class="para">
+ Se non è specificato alcun target, il pacchetto avanza senza subire alcuna azione ed il contatore di questa regola viene incrementato di uno.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-o</code> — Imposta la scheda di rete di uscita. Questa opzione si applica solo alle catene OUTPUT e FORWARD della tabella <code class="option">filter</code> e alla catena POSTROUTING delle tabelle <code class="option">nat</code> e <code class="option">mangle</code>. L'opzione accetta gli stessi parametri dell'opzione <code class="option">-i</code> (che specifica la scheda di ingresso).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-p <protocol></code> — Imposta il protocollo IP. Alcuni valori possibili sono <code class="option">icmp</code>, <code class="option">tcp</code>, <code class="option">udp</code> o <code class="option">all</code> oppure un valore numerico corrispondente. Più in generale si può usare un qualsiasi protocollo elencato nel file <code class="filename">/etc/protocols</code>.
+ </div><div class="para">
+ Il valore "<code class="option">all</code>" applica la regola a tutti i protocolli supportati ed è il valore predefinito, se una regola non specifica alcun protocollo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-s</code> — Imposta il mittente su un pacchetto usando la stessa sintassi dell'opzione destinazione (<code class="option">-d</code>).
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">3.9.2.4. Match Option</h4></div></div></div><div class="para">
+ Per vari protocolli di rete esistono delle match option (o opzioni di corrispondenza), configurabili per creare regole per protocolli specifici. Per usare queste opzioni occorre specificare il tipo di protocollo nel comando <code class="command">iptables</code>. Per esempio, <code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> applica le opzioni al protocollo specificato. Notare che è possibile usare anche l'ID di protocollo. Per esempio, le due regole seguenti hanno lo stesso significato:
+ </div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code></pre><pre class="screen"><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code></pre><div class="para">
+ Le definizioni dei vari servizi si trovano nel file <code class="filename">/etc/services</code>. Per ragioni di leggibilità, si raccomanda di usare il nome invece del numero di porta del servizio corripondente.
+ </div><div class="warning"><div class="admonition_header"><h2>Avviso</h2></div><div class="admonition"><div class="para">
+ Proteggere il file <code class="filename">/etc/services</code> da modifche non autorizzate. Se il file è modificabile, i cracker possono usare il file per abilitare le porte. Per proteggere il file, digitare come root i seguenti comandi:
+ </div><pre class="screen">
+[root at myServer ~]# chown root.root /etc/services
+[root at myServer ~]# chmod 0644 /etc/services
+[root at myServer ~]# chattr +i /etc/services</pre><div class="para">
+ Ciò impedisce di rinominare, eliminare o di creare collegamenti al file.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol">3.9.2.4.1. Protocollo TCP</h5></div></div></div><div class="para">
+ Queste sono le opzioni disponibili per il protocollo TCP (<code class="option">-p tcp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Specifica il numero di porta di destinazione.
+ </div><div class="para">
+ Per configurare questa opzione, usare un nome (come www o smtp), un numero o un range di numeri di porta.
+ </div><div class="para">
+ Per specificare un range di numeri, separare i due numeri con il carattere "due punti" (<code class="option">:</code>). Per esempio: <code class="option">-p tcp --dport 3000:3200</code>. Il range di valori massimo è <code class="option">0:65535</code>.
+ </div><div class="para">
+ Usare il carattere "punto esclamativo" (<code class="option">!</code>) dopo l'opzione <code class="option">--dport</code> per indicare i pacchetti che <span class="emphasis"><em>non</em></span> usano quel servizio di rete o numero di porta.
+ </div><div class="para">
+ Per conoscere i nomi e gli aliases dei servizi di rete con i numeri di porta usati, vedere il file <code class="filename">/etc/services</code>.
+ </div><div class="para">
+ L'opzione <code class="option">--destination-port</code> è la versione estesa di <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Specifica la porta mittente usando le stesse opzioni di <code class="option">--dport</code>. L'opzione <code class="option">--source-port</code> è la versione estesa di <code class="option">--sport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--syn</code> — Applica la regola a tutti i pacchetti TCP designati ad iniziare la comunicazione, generalmente detti <em class="firstterm">SYN packet</em>. I pacchetti che trasportano dati (data payload) non ne sono influenzati.
+ </div><div class="para">
+ Usare il carattere "punto esclamativo" (<code class="option">!</code>) dopo l'opzione <code class="option">--syn</code> per indicare i pacchetti <span class="emphasis"><em>non-SYN</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-flags <tested flag list> <set flag list></code> — Si applica ai pacchetti TCP che hanno impostati particolari bit (flag).
+ </div><div class="para">
+ L'opzione <code class="option">--tcp-flags</code> accetta due parametri. Il primo è la maschera, una lista di flag separati da virgole da esaminare nel pacchetto. Il secondo parametro è una lista di flag separati da virgole che devono risultare settati.
+ </div><div class="para">
+ I flag possibili sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ACK</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">FIN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PSH</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RST</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SYN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">URG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ALL</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NONE</code>
+ </div></li></ul></div><div class="para">
+ Per esempio, la seguente regola si applica ai pacchetti TCP che hanno il flag SYN settato e i flag ACK e FIN non settato:
+ </div><div class="para">
+ <code class="command">--tcp-flags ACK,FIN,SYN SYN</code>
+ </div><div class="para">
+ Usare il carattere punto esclamativo (<code class="option">!</code>) dopo l'opzione<code class="option">--tcp-flags</code> per invertire l'effetto della regola.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-option</code> — Applica la regola se è impostata l'opzione tcp. La regola può anche essere invertita usando il punto esclamativo (<code class="option">!</code>).
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">3.9.2.4.2. Protocollo UDP</h5></div></div></div><div class="para">
+ Queste sono le match option disponibili per il protocollo UDP (<code class="option">-p udp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Specifica la porta di destinazione usando il nome del servizio, il numero o un range di numeri di porta. L'opzione <code class="option">--destination-port</code> è la versione estesa di <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Specifica la porta mittente usando il nome del servizio, il numero o un range di numeri di porta. L'opzione <code class="option">--source-port</code> è la versione estesa di <code class="option">--sport</code>.
+ </div></li></ul></div><div class="para">
+ Usando <code class="option">--dport</code> e <code class="option">--sport</code> per specificare un range di numeri, separare i due numeri con il carattere "due punti" (<code class="option">:</code>). Per esempio: <code class="option">-p udp --dport 3000:3200</code>. Il range di valori massimo è <code class="option">0:65535</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">3.9.2.4.3. Protocollo ICMP</h5></div></div></div><div class="para">
+ Per il protocollo ICMP (Internet Control Message Protocol) (<code class="option">-p icmp</code>) sono disponbili le seguenti match option:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--icmp-type</code> — Specifica il nome o il numero del tipo di ICMP. Per la lista dei nomi di ICMP validi usare il comando <code class="command">iptables -p icmp -h</code>.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">3.9.2.4.4. Ulteriori moduli Match Option</h5></div></div></div><div class="para">
+ Altre match option sono disponibili nei moduli caricati dal comando <code class="command">iptables</code>.
+ </div><div class="para">
+ Per usare un modulo, caricare il modulo per nome usando l'opzione <code class="option">-m <em class="replaceable"><code><nome-del-modulo></code></em></code>.
+ </div><div class="para">
+ Per impostazione sono disponibili molti moduli. Si possono anche creare moduli personalizzati per aggiungere ulteriori funzionalità.
+ </div><div class="para">
+ Di seguito si riporta un elenco (parziale) dei moduli maggiormente usati:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ modulo <code class="option">limit</code> — Specifica quante volte applicare la regola.
+ </div><div class="para">
+ Assieme al "target" <code class="command">LOG</code>, il modulo <code class="option">limit</code> serve ad impedire che un flusso consistente di pacchetti possa riempire il file di log con messaggi ripetitivi o ad impedire di sovraccaricare il sistema.
+ </div><div class="para">
+ Per maggiori informazioni sul target <code class="command">LOG</code>, fare riferimento alla <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Target_Options">Sezione 3.9.2.5, «Opzioni target»</a>.
+ </div><div class="para">
+ Il modulo <code class="option">limit</code> presenta le seguenti opzioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--limit</code> — Imposta il numero massimo di corrispondenze per periodo, usando la coppia <code class="option"><em class="replaceable"><code><value>/<period></code></em></code>. Per esempio, specificando <code class="option">--limit 5/hour</code> si permettono cinque corrispondenze all'ora.
+ </div><div class="para">
+ Gli intervalli possono essere espressi in secondi, minuti, ore o giorni.
+ </div><div class="para">
+ Se non è specificato un numero o una stringa temporale si assume il valore predefinito <code class="option">3/hour</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--limit-burst</code> — Imposta il limite sul numero di pacchetti contemporanei gestiti dalla regola.
+ </div><div class="para">
+ Questa opzione è specificata con un intero e dovrebbe essere usata insieme all'opzione <code class="option">--limit</code>.
+ </div><div class="para">
+ Se non è specificato nessun valore, il valore predefinito è cinque (5).
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ modulo <code class="option">state</code> — Identifica lo stato di un pacchetto.
+ </div><div class="para">
+ Il modulo <code class="option">state</code> presenta le seguenti opzioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--state</code> — Identifica un pacchetto con uno dei seguenti stati di connessione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — Il pacchetto fa parte di una connessione già instaurata. Questo stato è indispensabile per il mantenimento della connessione tra client e server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — Il pacchetto non fa parte di una connessione nota.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — Il pacchetto tenta di creare una nuova connessione o fa parte di una connessione bidirezionale non ancora vista. Questo stato è indispensabile per creare connessioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — Il pacchetto tenta di avviare una nuova connessione, legata in qualche mdo ad una connessione già esistente. Un esempio è il protocollo FTP che usa una connessione sulla porta 21 per il controllo del traffico ed una connessione separata sulla porta 20 per il trasferimento dei dati.
+ </div></li></ul></div><div class="para">
+ Questi stati di connessione possono essere usati in combinazione, separandoli con virgole come in <code class="option">-m state --state INVALID,NEW</code>.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ modulo <code class="option">mac</code> — Identifica l'indirizzo hardware MAC.
+ </div><div class="para">
+ Il modulo <code class="option">mac</code> presenta la seguente opzione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--mac-source</code> — Identifica i pacchetti spediti dall'indirizzo MAC della scheda di rete. Per escludere un indirizzo da una regola, usare il carattere punto esclamativo (<code class="option">!</code>) dopo l'opzione <code class="option">--mac-source</code>.
+ </div></li></ul></div></li></ul></div><div class="para">
+ Per altre opzioni disponibili con i moduli, fare riferimento alle pagine di man di <code class="command">iptables</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">3.9.2.5. Opzioni target</h4></div></div></div><div class="para">
+ Quando un pacchetto viene intercettato da una regola, il pacchetto può essere inviato a vari "target" che intraprendono l'azione appropriata. Ogni catena hanno un target predefinito che entra in azione se nessuna regola nella catena è in grado di intercettare il pacchetto o se la regola corrispondente è priva di un target specifico.
+ </div><div class="para">
+ Di seguito si riportano i target standard:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code><user-defined-chain></code></em></code> — Una catena definita dall'utente. In nomi della catene devono essere unici. Il target passa il pacchetto alla catena specificata.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ACCEPT</code> — Invia il pacchetto alla sua destinazione o ad un'altra catena.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DROP</code> — Scarta il pacchetto senza rispondere. Il sistema che ha spedito il pacchetto non viene avvisato dell'insuccesso.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">QUEUE</code> — Il pacchetto è messo in coda per essere gestito dall'applicazione dello spazio utente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RETURN</code> — Interrompe il controllo delle regole sul pacchetto. Se il pacchetto viene intercettato in una catena interna alla principale, il pacchetto è restituito alla catena principale da cui vengono riavviate le verifiche rimaste in sospeso. Se il target <code class="option">RETURN</code> viene usato in una catena predefinita e il pacchetto non può ritornare alla catena precedente, per la catena corrente si usa il target predefinito.
+ </div></li></ul></div><div class="para">
+ In aggiunta sono disponibili estensioni con cui definire altri target, detti moduli "target" o moduli "match option", tuttavia la maggior parte si applicano soltanto a particolari tabelle e situazioni. Per maggiori informazioni sui moduli "match option", fare riferimento alla <a class="xref" href="#sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">Sezione 3.9.2.4.4, «Ulteriori moduli Match Option»</a>.
+ </div><div class="para">
+ Esistono molti moduli target, la maggior parte dei quali si applicano a tabelle e situazioni specifiche. Alcuni dei moduli più comuni inclusi per impostazione in Fedora, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">LOG</code> — Registra nel file di log tutti i pacchetti intercettati dalla regola. Poichè i pacchetti sono individuati dal kernel, è il file <code class="filename">/etc/syslog.conf</code> che determina in quale file registrare questi avvisi (logs). Per impostazione, i logs si trovano nel file <code class="filename">/var/log/messages</code>.
+ </div><div class="para">
+ Le opzioni che si possono usare con il target <code class="option">LOG</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--log-level</code> — Imposta il livello di priorità degli eventi di log. Per una lista dei livelli di priorità, fare riferimento alle pagine di man di <code class="filename">syslog.conf</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-ip-options</code> — Registra tutte le opzioni impostate nell'header di un pacchetto IP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-prefix</code> — Antepone una stringa di caratteri (max. 29) davanti ad ogni riga di log. Ciò può essere molto utile in fase di analisi dei pacchetti per realizzare filtri di syslog.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ A causa di un problema potrebbe essere necessario inserire uno spazio davanti al valore del parametro <em class="replaceable"><code>log-prefix</code></em>.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-options</code> — Registra tutte le opzioni impostate nell'header di un pacchetto TCP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-sequence</code> — Registra la sequenza numerica TCP del pacchetto.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">REJECT</code> — Scarta il pacchetto e restituisce al sistema remoto un pacchetto d'errore.
+ </div><div class="para">
+ Il target <code class="option">REJECT</code> accetta l'opzione <code class="option">--reject-with <em class="replaceable"><code><type></code></em></code> (in cui <em class="replaceable"><code><type></code></em> è il tipo di rifiuto), permettendo di restituire insieme al pacchetto d'errore informazioni più dettagliate. Il messaggio <code class="computeroutput">port-unreachable</code> è il tipo predefinito di errore. Per la lista completa di opzioni <code class="option"><em class="replaceable"><code><type></code></em></code>, fare riferimento alle pagine di man di <code class="command">iptables</code>.
+ </div></li></ul></div><div class="para">
+ Altri moduli target, tra cui alcuni molto utili per il mascheramento IP con la tabella <code class="option">nat</code> o per l'alterazione dei pacchetti con la tabella <code class="option">mangle</code>, possono trovarsi nelle pagine di man di <code class="command">iptables</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">3.9.2.6. Elencare le opzioni</h4></div></div></div><div class="para">
+ Il comando predefinito <code class="command">iptables -L [<chain-name>]</code>, mostra le attuali catene nella tabella predefinita. Altre opzioni forniscono maggiori informazioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-v</code> — Visualizza un output più prolisso, per esempio il numero di pacchetti e byte analizzati da ogni catena, il numero di pacchetti e byte individuati da ogni regola e le schede di rete interessate da una particolare regola.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-x</code> — Espande i numeri al loro valore esatto. Il numero di pacchetti e bytes analizzati da una catena o regola risultano abbreviati in <code class="computeroutput">Kilobytes</code>, <code class="computeroutput">Megabytes</code> o <code class="computeroutput">Gigabytes</code>. Questa opzione visualizza il valore esatto di pacchetti e byte.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-n</code> — Visualizza gli indirizzi IP e i numeri di porta in formato numerico, invece del formato predefinito basato su hostname e nome del servizio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--line-numbers</code> — Elenca il numero d'ordine delle regole nella catena. Questa opzione risulta molto utile quando si vuole rimuovere una regola o per localizzare la posizione nelle catena in cui inserire una regola.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-t <table-name></code> — Specifica un nome di tabella. Se omesso si fa riferiemento alla tabella predefinita.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Salvataggio delle regole IPTables</h3></div></div></div><div class="para">
+ Le regole create con il comando <code class="command">iptables</code> sono conservate in memoria. Se il sistema viene riavviato, prima del loro salvataggio, le regole <code class="command">iptables</code> vengono perse. Per rendere persistenti al riavvio del sistema, le regole di filtraggio dei pacchetti (netfilter) esse devono essere salvate: come root, lanciare il comando:
+ </div><pre class="screen"><code class="command">/usr/libexec/iptables.init save </code></pre><div class="para">
+ Il comando esegue lo script di init di <code class="command">iptables</code> che a sua volta esegue il programma <code class="command">/sbin/iptables-save</code>, scrivendo la configurazione di <code class="command">iptables</code> corrente nel file <code class="filename">/etc/sysconfig/iptables</code>. Il file <code class="filename">/etc/sysconfig/iptables</code> esistente è salvato come <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Al successivo riavvio del sistema, lo script di init di <code class="command">iptables</code> ri-applica le regole salvate in <code class="filename">/etc/sysconfig/iptables</code> usando il comando <code class="command">/sbin/iptables-restore</code>.
+ </div><div class="para">
+ Normalmente, è sempre una buona norma testare una nuova regola di <code class="command">iptables</code> prima di trasferirla nel file <code class="filename">/etc/sysconfig/iptables</code>; inoltre è possibile copiare le regole di <code class="command">iptables</code> da un file di un altro sistema. Ciò permette una rapida distribuzione delle regole di <code class="command">iptables</code> su più macchine.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Se si distribuisce il file <code class="filename">/etc/sysconfig/iptables</code> su altre macchine, per renderle effettive, riavviare il servizio iptables digitando il comando <code class="command">/sbin/service iptables restart</code>.
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Notare la differenza tra il comando <code class="command">iptables</code> <span class="emphasis"><em>command</em></span> (<code class="command">/sbin/iptables</code>), usato per manipolare tabelle e le relative catene, ed il comando <code class="command">iptables</code> <span class="emphasis"><em>service</em></span> (<code class="command">/sbin/iptables service</code>), usato per abilitare e disabilitare il servizio <code class="command">iptables</code> stesso.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. Script di controllo IPTables</h3></div></div></div><div class="para">
+ In Fedora, esistono due metodi di base per controllare <code class="command">iptables</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="application"><strong>Firewall Administration Tool</strong></span> (<code class="command">system-config-firewall</code>) — Interfaccia grafica per creare, attivare e salvare regole basilari per il firewall. Far riferimento a <a class="xref" href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">Sezione 3.8.2, «Configurazione di un firewall di base»</a> per maggiori informazioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/service iptables <em class="replaceable"><code><option></code></em></code> — Usato per manipolare varie funzionalità di <code class="command">iptables</code> tramite i suoi script di init. Le opzioni disponibili sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">start</code> — Se è stato configurato un firewall (ossia, esiste il file <code class="filename">/etc/sysconfig/iptables</code>), tutte le istanze di <code class="command">iptables</code> in esecuzione vengono arrestate e successivamente riavviate con il comando <code class="command">/sbin/iptables-restore</code>. Questa opzione funziona solo se non è caricato il modulo del kernel, <code class="command">ipchains</code>. Per verificare se il modulo è caricato, digitare come root il seguente comando:
+ </div><pre class="screen"><code class="command"> [root at MyServer ~]# lsmod | grep ipchains </code></pre><div class="para">
+ Se il comando non restituisce nessun output, vuol dire che il modulo non è stato caricato. In caso contrario usare il comando <code class="command">/sbin/rmmod</code> per rimuovere il modulo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">stop</code> — Se è in esecuzione un firewall, le regole di firewall in memoria sono scaricate insieme a tutti i moduli e ai componenti di iptables.
+ </div><div class="para">
+ Se nel file di configurazione <code class="filename">/etc/sysconfig/iptables-config</code> è stato modificato il valore della direttiva <code class="command">IPTABLES_SAVE_ON_STOP</code> dal valore predefinito (no) al valore <code class="command">yes</code>, le attuali regole sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le precedenti regole vengono salvate nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Per maggiori informazioni, vedere la <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Sezione 3.9.4.1, «File di configurazione degli script di controllo»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">restart</code> — Se è in esecuzione un firewall, le regole di firewall in memoria sono scaricate e il firewall è riavviato con le configurazioni presenti in <code class="filename">/etc/sysconfig/iptables</code>. Questa opzione funziona solo se il modulo del kernel <code class="command">ipchains</code> non è caricato.
+ </div><div class="para">
+ Se nel file di configurazione <code class="filename">/etc/sysconfig/iptables-config</code> è stato modificato il valore della direttiva <code class="command">IPTABLES_SAVE_ON_RESTART</code>, dal valore predefinito (no) al valore <code class="command">yes</code>, le attuali regole sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le precedenti regole vengono salvate nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Per maggiori informazioni, vedere la <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Sezione 3.9.4.1, «File di configurazione degli script di controllo»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">status</code> — Visualizza lo stato del firewall ed elenca tutte le regole attive.
+ </div><div class="para">
+ La configurazione predefinita per questa opzione è visualizzare gli indirizzi IP in formato numerico. Per la visualizzazione in formato nome dominio ed hostname, impostare nel file <code class="filename">/etc/sysconfig/iptables-config</code> il valore della direttiva <code class="command">IPTABLES_STATUS_NUMERIC</code> con il valore <code class="command">no</code>. Per maggiori informazioni sul file di configurazione <code class="filename">iptables-config</code>, vedere la <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Sezione 3.9.4.1, «File di configurazione degli script di controllo»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">panic</code> — Scarica tutte le regole di firewall. La policy di tutte le tabellle configurate viene impostata a <code class="command">DROP</code>.
+ </div><div class="para">
+ Questa opzione potrebbe essere utile quando si scopre che un server è compromesso. Piuttosto che spegnere o fisicamente diconnettere il sistema dalla rete si può usare questa opzione per fermare ogni traffico da/verso la rete, portando la macchina in uno stato ideale per analisi o altre investigazioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">save</code> — Salva le regole di firewall nel file <code class="filename">/etc/sysconfig/iptables</code> con il comando <code class="command">iptables-save</code>. Per maggiori informazioni, vedere la <a class="xref" href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">Sezione 3.9.3, «Salvataggio delle regole IPTables»</a>.
+ </div></li></ul></div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ In IPv6 il controllo di netfilter avviene allo stesso modo come fin quì indicato, basta sostituire <code class="command">ip6tables</code> con <code class="command">iptables</code> nei comandi di <code class="command">/sbin/service</code>. Per maggiori informazioni su IPv6 e netfilter, vedere <a class="xref" href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">Sezione 3.9.5, «IPTables ed IPv6»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">3.9.4.1. File di configurazione degli script di controllo</h4></div></div></div><div class="para">
+ Il comportamento degli init-script di <code class="command">iptables</code> è controllato dal file di configurazione <code class="filename">/etc/sysconfig/iptables-config</code>. Di seguto si riporta un elenco delle direttive contenute in questo file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES</code> — All'avvio del firewall specifica una lista di moduli di <code class="command">iptables</code> da caricare. Questi possono includere componenti NAT e tracciatori di connessione.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES_UNLOAD</code> — Al riavvio o all'arresto del firewall tutti i moduli vengono scaricati. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Il valore predefinito. Usare questo valore al fine di garantire un corretto stato dopo un riavvio o arresto del firewall.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Usare questo valore soltanto se ci sono problemi nello scaricare i moduli.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_STOP</code> — All'arresto del firewall le regole correnti del firewall sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code>. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — All'arresto del firewall le regole esistenti sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le regole precedenti sono spostate nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Il valore predefinito. All'arresto del firewall le regole esistenti vengono perse.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_RESTART</code> — Al riavvio del firewall le regole correnti vengono salvate. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Al riavvio del firewall le regole esistenti sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le regole precedenti vengono salvare nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Il valore predefinito. Al riavvio del firewall le regole esistenti vengono perse.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_COUNTER</code> — Salva e ripristina i contatori di pacchetti e byte nelle regole di tutte le catene. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Salva i valori dei contatori.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Valore predefinito. I valori dei contatori vengono azzerati.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_STATUS_NUMERIC</code> — Visualizza gli indirizzi IP in formato numerico invece del formato basato su nomi (dominio ed hostname). Questa direttiva accetta due valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Il valore predefinito. Restituisce gli indirizzi IP in formato numerico.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Restituisce gli indirizzi in formato nome dominio ed hostname.
+ </div></li></ul></div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-IPTables-IPTables_and_IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables ed IPv6</h3></div></div></div><div class="para">
+ Il pacchetto <span class="application"><strong>iptables</strong></span> include il supporto per il protocollo Internet IPv6 di prossima generazione. Il comando usato per manipolare il netfilter IPv6 è <code class="command">ip6tables</code>.
+ </div><div class="para">
+ Le principali direttive di questo comando sono identiche a quelle del comando <code class="command">iptables</code>, ad eccezione della tabella <code class="command">nat</code> non ancora supportata. Ciò vuol dire che ad oggi non è possibile effettuare operazioni NAT (Network Address Translation), sugli indirizzi IPv6 come il mascheramento e il forwarding dei servizi.
+ </div><div class="para">
+ Le regole di <code class="command">ip6tables</code> sono salvate nel file <code class="filename">/etc/sysconfig/ip6tables</code> e le regole precedenti vengono salvate nel file <code class="filename">/etc/sysconfig/ip6tables.save</code>.
+ </div><div class="para">
+ Le opzioni di configurazione degli init-script si trovano nel file <code class="filename">/etc/sysconfig/ip6tables-config</code> e i nomi delle varie direttive variano di poco rispetto alle analoghe di <code class="command">iptables</code>.
+ </div><div class="para">
+ Per esempio, la direttiva <code class="command">IPTABLES_MODULES</code> del file <code class="filename">iptables-config</code> è equivalente alla direttiva <code class="command">IP6TABLES_MODULES</code> del file <code class="filename">ip6tables-config</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPTables-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Ulteriori risorse</h3></div></div></div><div class="para">
+ Per altre informazioni sul filtraggio dei pacchetti con <code class="command">iptables</code> fare riferimneto alle seguenti risorse.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Firewalls">Sezione 3.8, «Firewall»</a> — E' un capitolo dedicato al ruolo dei firewall nell'ambito di una strategia di sicurezza globale con strategie per costruire regole di firewall.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation">3.9.6.1. Documentazione installata </h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man iptables</code> — Contiene una descrizione di <code class="command">iptables</code> con l'elenco completo dei targets, delle options e delle match extensions.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">3.9.6.2. Utili siti web su IPTables</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">netfilter.org</a> — Il sito web del progetto netfilter/iptables. Contiene informazioni assortite su <code class="command">iptables</code>, inclusa una FAQ con soluzioni per problemi specifici e varie guide scritte da Rusty Russell, il manutentore del firewall IP di Linux. Gli HOWTO, coprono vari argomenti come concetti di rete, filtraggio dei pacchetti nel kernel e configurazioni NAT.
+ </div></li></ul></div></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm106839184" href="#idm106839184" class="para">11</a>] </sup>
+ Il numero e il tipo di protezione supportata dipende dai produttori
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm92948160" href="#idm92948160" class="para">12</a>] </sup>
+ GRUB accetta anche password in chiaro, tuttavia per aumentare il livello di sicurezza si raccomanda di aggiungere un hash MD5
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm101302608" href="#idm101302608" class="para">13</a>] </sup>
+ Questo accesso è ancora soggetto alle restrizioni imposte da SELinux, se abilitato
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm96021968" href="#idm96021968" class="para">14</a>] </sup>
+ Un sistema in cui sia il client sia il server condividono una chiave comune usata per cifrare/decifrare la comunicazione.
+ </div></div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Encryption" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 4. Cifratura</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Dati a Riposo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Completa cifratura del disco</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. Cifratura basata su file</a></span></dt></dl></dd><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">4.2. Dati in Movimento</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPN)</a></span></dt><dt><span class="section"><a href="#Secu
rity_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. Cifratura disco con LUKS</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. Archivi 7-Zip cifrati</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">4.2.5. Usare GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></div><div class="para">
+ Esistono due principali tipi di dati che devono essere protetti: i dati a riposo e i dati in movimento. Questi differenti tipi di dati sono protetti in modo simile, usando tecnologie simili ma le implementazioni possono essere completamente differenti. Nessuna implementazione, per quanto sicura, può sentirsi tale contro tutti i possibili metodi di compromissione, proprio perchè l'informazione può essere a riposo e in movimento in differenti istanti di tempo.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Data_at_Rest"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">4.1. Dati a Riposo</h2></div></div></div><div class="para">
+ I dati a riposo sono i dati immagazzinati su disco fisso, nastro, CD, DVD o altro supporto. La principale minaccia contro questo tipo di dati è rappesentata dal furto. I portatili negli aereoporti, i CD spediti per posta e i nastri di backup che vengono lasciati nei posti sbagliati sono tutti esempi di eventi in cui i dati possono essere compromessi da un furto. Se i dati sono stati cifrati allora non c'è da preoccuparsi così tanto della loro compromissione.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Completa cifratura del disco</h3></div></div></div><div class="para">
+ La completa cifratura del disco o di una sua partizione, rappresenta uno dei metodi migliori per proteggere i dati. Non solo è protetto ogni file ma anche la memoria temporanea contenente parti di questi file. La completa cifratura del disco è in grado di proteggere tutti i file, evitando all'utente la preoccupazione di quali file proteggere ed eventuali sue dimenticanze.
+ </div><div class="para">
+ Fedora 14 (e le versioni precedenti fino a Fedora 9), supporta in modo nativo la cifratura LUKS. LUKS cifra le partizioni del disco fisso proteggendo i dati quando il computer è inattivo. Inoltre protegge il computer anche da attaccanti che in modalità <span class="emphasis"><em>single user</em></span> o in altro modo riescono ad accedere al computer.
+ </div><div class="para">
+ Soluzioni di cifratura del disco come LUKS, proteggono i dati solo quando il computer è spento. Una volta attivo e decifrato da LUKS, i file sul disco diventano disponibili a chiunque abbia accesso alla macchina. Per proteggere i file quando il computer è acceso, usare la cifratura del disco in combinazione con un'altra soluzione, come la cifratura basata su file. Ricordare inoltre che è buona norma bloccare il computer, ogni qualvolta ci si allontana dalla propria postazione. Impostare un salvaschermo protetto da frase d'accesso che si attivi dopo qualche minuto di inattività, è un buon modo per mantenere lontani eventuali intrusi.
+ </div></div><div class="section" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. Cifratura basata su file</h3></div></div></div><div class="para">
+ GnuPG (GPG) è una versione open source di PGP che consente di firmare e/o cifrare un file o un messaggio email. Ciò serve a garantire l'integrità del messaggio o del file ed inoltre protegge la confidenzialità delle informazioni contenute. Nel caso delle mail GPG fornisce una doppia protezione. Non solo fornisce la protezione dei Dati a Riposo ma anche dei Dati in Movimento.
+ </div><div class="para">
+ La cifratura basata su file serve a proteggere il file dopo che esso ha lasciato il computer, come quando si spedisce un CD per posta. Alcune soluzioni lasciano dei residui del file cifrato, che un attaccante con accesso fisico al computer, in determinate circostanze, può usare per ripristinare il file cifrato. Per proteggere i contenuti di questi file da utenti maliziosi, usare la cifratura basata su file in combinazione con altre soluzioni, come la completa cifratura del disco.
+ </div></div></div><div class="section" id="Security_Guide-Encryption-Data_in_Motion"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">4.2. Dati in Movimento</h2></div></div></div><div class="para">
+ I dati in movimento sono dati che vengono trasmessi nella rete. Le principali minacce contro i dati in movimento sono l'intercettazione e l'alterazione. Password e Nome Utente non dovrebbero essere mai trasmessi nella rete senza protezione, poichè potrebbero essere intercettate e usate da qualcun'altro per impersonare l'utente e/o per guadagnare l'accesso ad informazioni sensibili. Anche altre informazioni private, come quelle relative ai conti bancari, dovrebbero essere protette quando vengono trasmesse in una rete. Se la sessione di rete è stata cifrata allora non si corre alcun rischio: i dati non possono venir compromessi durante la trasmissione.
+ </div><div class="para">
+ I dati in movimento sono particolarmente vulnerabili agli attaccanti, in quanto questi non devono trovarsi nei pressi della postazione del computer, dove sono salvati i dati, ma possono trovarsi ovunque lungo il percorso seguito dai dati. Tunnel di cifratura possono proteggere i dati lungo il percorso di comunicazione.
+ </div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPN)</h3></div></div></div><div class="para">
+ Le organizzazioni con uffici dislocati in diverse località, per motivi di efficenza e proteggere i dati sensibili, spesso sono connessi tramite linee dedicate. Per esempio, molte attività commerciali usano linee frame relay o <em class="firstterm">ATM</em> (<acronym class="acronym">Asynchronous Transfer Mode</acronym>), come soluzioni di rete end-to-end per il collegamento degli uffici. Tuttavia per le piccole e medie imprese (n.d.t.: e l'Italia fonda il suo PIL sull'attività di circa l'80% di tali imprese!) che desiderano espandersi, investire in tale soluzioni, richiede alti costi di investimento in circuiti di rete digitali, molte volte ben al di là dei propri bilanci aziendali.
+ </div><div class="para">
+ Le reti <em class="firstterm">VPN</em> (<abbr class="abbrev">Virtual Private Networks</abbr>) sono state progettate proprio per venire incontro a queste esigenze aziendali. Seguendo gli stessi principi funzionali dei circuiti dedicati, le reti <abbr class="abbrev">VPN</abbr> consentono comunicazioni digitali sicure tra due partecipanti (o reti), creando una <em class="firstterm">WAN</em> (<acronym class="acronym">Wide Area Network</acronym>) a partire da <em class="firstterm">LAN</em> (<acronym class="acronym">Local Area Network</acronym>) esistenti. La differenza rispetto a linee frame relay o ATM è il mezzo di trasporto. Le reti <abbr class="abbrev">VPN</abbr> trasportano i dati sul layer IP, usando pacchetti, attraverso un canale sicuro che attraverso Internet giunge alla rete di destinazione. Le principali implementazioni free di <abbr class="abbrev">VPN</abbr>, incorporano metodi di cifratura standard ed aperti, per ulteriormente mascherare i dati in transito.
+ </div><div class="para">
+ Alcune organizzazioni impiegano soluzioni <abbr class="abbrev">VPN</abbr> hardware per aumentare la sicurezza, altre usano implementazioni software o basate su protocollo. Esistono diversi produttori di soluzioni <abbr class="abbrev">VPN</abbr> hardware, come Cisco, Nortel, IBM e Checkpoint. Esiste una soluzione<abbr class="abbrev">VPN</abbr> basata su software free anche per Linux, denominata FreeS/Wan, che utilizza una implementazione standardizzata di <abbr class="abbrev">IPsec</abbr> (<em class="firstterm">Internet Protocol Security</em>). Le soluzioni <abbr class="abbrev">VPN</abbr> sia hardware sia software, si comportano come router specializzati tra le connessioni IP dei vari uffici.
+ </div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">4.2.1.1. Come funziona una rete VPN?</h4></div></div></div><div class="para">
+ Quando un pacchetto viene trasmesso da un client, esso passa attraverso il router o gateway del <abbr class="abbrev">VPN</abbr>, che aggiunge un <abbr class="abbrev">AH</abbr> (<em class="firstterm">Authentication Header</em>) usato per routing ed autenticazione. Successivamente i dati vengono cifrati e poi racchiusi in un <abbr class="abbrev">ESP</abbr> (<em class="firstterm">Encapsulating Security Payload</em>). All'interno di quest'ultimo si trovano le istruzioni per gestire e decifrare il pacchetto.
+ </div><div class="para">
+ Il router del <abbr class="abbrev">VPN</abbr> ricevente, estrae le informazioni dall'intestazione, decifra i dati e invia i dati alla sua destinazione (una workstation o un altro nodo della rete). In una connessione network-to-network, il nodo ricevente sulla rete locale, riceve i pacchetti già decifrati e pronti per l'uso. Il processo di cifratura/decifratura in una connessione <abbr class="abbrev">VPN</abbr> network-to-network, è quindi trasparente al nodo locale.
+ </div><div class="para">
+ Con un tale livello di sicurezza, un attaccante non solo deve intercettare il pacchetto, ma anche decifrarlo. Intrusori che impiegano un attacco tipo man-in-the-middle, devono avere accesso anche ad almeno una chiave segreta per l'autenticazione delle sessioni. Poichè queste usano diversi livelli di autenticazione e di cifratura, le reti <abbr class="abbrev">VPN</abbr> sono un mezzo sicuro ed efficace per collegare multipli nodi remoti, che diventano così una intranet unificata.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">4.2.1.2. Le reti VPN e Fedora</h4></div></div></div><div class="para">
+ Fedora offre varie soluzioni per implementare una connessione sicura ad una <acronym class="acronym">WAN</acronym>. <acronym class="acronym">IPsec</acronym> (<em class="firstterm">Internet Protocol Security</em>) è l'implementazione <abbr class="abbrev">VPN</abbr> supportata in Fedora, in grado di soddisfare adeguatamente i bisogni di usabilità delle organizzazioni con uffici ramificati o utenti remoti.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">4.2.1.3. IPsec</h4></div></div></div><div class="para">
+ Fedora supporta <abbr class="abbrev">IPsec</abbr> per collegare tra loro reti ed host remoti, tramite un tunnel sicuro attraverso una rete pubblica come Internet. <abbr class="abbrev">IPsec</abbr> può essere implementato sia per una configurazione host-to-host (tra due workstation) sia per una configurazione network-to-network (tra due <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym>).
+ </div><div class="para">
+ L'implementazione di <abbr class="abbrev">IPsec</abbr> in Fedora usa <em class="firstterm">IKE</em> (<em class="firstterm">Internet Key Exchange</em>), un protocollo progettato dall'<acronym class="acronym">IETF</acronym> (Internet Engineering Task Force) ed usato per reciproca autenticazione e associazioni sicure tra i sistemi.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">4.2.1.4. Creare una connessione <abbr class="abbrev">IPsec</abbr></h4></div></div></div><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> prevede due fasi logiche. Nella prima fase, un nodo <abbr class="abbrev">IPsec</abbr> inizializza la connessione con la rete o il nodo remoto. La rete o il nodo remoto controlla le credenziali del nodo richiedente, dopodichè entrambi i nodi negoziano il metodo di autenticazione da usare per la connessione.
+ </div><div class="para">
+ Nei sistemi Fedora, una connessione di <abbr class="abbrev">IPsec</abbr> usa il metodo della <em class="firstterm">pre-shared key</em> (o della chiave pre-condivisa) per l'autenticazione dei nodi <abbr class="abbrev">IPsec</abbr>. In una connessione <abbr class="abbrev">IPsec</abbr> con chiave pre-condivisa, entrambi gli host devono usare la stessa chiave per poter passare alla seconda fase della connessione <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ La seconda fase della connessione <abbr class="abbrev">IPsec</abbr>, prevede la creazione di una <acronym class="acronym">SA</acronym> (<em class="firstterm">Security Association</em>) tra i nodi <abbr class="abbrev">IPsec</abbr>. Questa fase genera un database <abbr class="abbrev">SA</abbr> contenente informazioni di configurazioni, come il metodo di cifratura, parametri per lo scambio delle chiavi segrete ed altro. Questa fase gestisce l'effettiva connessione <abbr class="abbrev">IPsec</abbr> tra i nodi remoti o le reti.
+ </div><div class="para">
+ L'implementazione di <abbr class="abbrev">IPsec</abbr> in Fedora, usa IKE per lo scambio, attraverso Internet, delle chiavi tra gli host. Il demone delle chiavi, <code class="command">racoon</code> è addetto alla distribuzione e allo scambio della chiave IKE. Per maggiori informazioni su questo demone, vedere le pagine di man su <code class="command">racoon</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">4.2.1.5. Installazione di IPsec</h4></div></div></div><div class="para">
+ L'implementazione di <abbr class="abbrev">IPsec</abbr> richiede che il pacchetto <code class="filename">ipsec-tools</code> sia installato su tutti gli host <abbr class="abbrev">IPsec</abbr> (nel caso di una configurazione host-to-host) o router (nel caso di una configurazione network-to network). Il pacchetto contiene le librerie, i demoni e i file di configurazione essenziali per impostare una connessione <abbr class="abbrev">IPsec</abbr>, inclusi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/setkey</code> — regola il gestore delle chiavi e gli attributi di sicurezza di <abbr class="abbrev">IPsec</abbr> nel kernel. Questo eseguibile è controllato dal processo <code class="command">racoon</code>, il demone gestore delle chiavi. Per i dettagli, vedere le pagine di man su <code class="command">setkey</code>(8).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/racoon</code> — il demone che gestisce le chiavi IKE, usato per gestire e controllare la sicurezza delle associazioni e lo scambio delle chiavi tra i sistemi IPsec.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> — il file di configurazione del demone <code class="command">racoon</code>, usato per impostare vari aspetti di una connessione <abbr class="abbrev">IPsec</abbr>, inclusi i metodi di autenticazione e gli algoritmi di cifratura da usare nella connessione. Per una lista completa delle direttive disponibili, vedere le pagine di man relative a <code class="filename">racoon.conf</code>(5).
+ </div></li></ul></div><div class="para">
+ Per configurare <abbr class="abbrev">IPsec</abbr> su un sistema Fedora, si può usare l'interfaccia grafica di <span class="application"><strong>Amministrazione della rete</strong></span>, o procedere manualmente modificando i file di configurazione di rete e di <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Per connettere tra loro via IPsec, due host di una rete, vedere <a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">Sezione 4.2.1.6, «Configurazione IPSec Host-to-Host»</a>.
+ </div></li><li class="listitem"><div class="para">
+ Per connettere tra loro via IPsec, due <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym>, vedere <a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Sezione 4.2.1.7, «Configurazione IPsec Network-to-Network»</a>.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">4.2.1.6. Configurazione IPSec Host-to-Host</h4></div></div></div><div class="para">
+ IPsec può essere configurato per collegare tra loro due desktop o workstation (host), usando una connessione host-to host. Questo tipo di connessione usa la rete a cui è connesso ciascun host, per creare un tunnel sicuro tra i due host. Le specifiche richieste per creare una connessione host-to-host sono minime, come risulta la configurazione di <abbr class="abbrev">IPsec</abbr> su ciascun host. Gli host necessitano solo di una connessione alla rete portante (come Internet) e di un sistema Fedora per creare la connessione <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">4.2.1.6.1. Connessione Host-to-Host</h5></div></div></div><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> Host-to-Host, è una connessione cifrata tra due sistemi, in quanto su entrambi gli host, <abbr class="abbrev">IPsec</abbr> usa la stessa chiave di autenticazione. Con la connessione <abbr class="abbrev">IPsec</abbr> attiva, tutto il traffico di rete tra i due host risulta cifrato.
+ </div><div class="para">
+ Per configurare una connessione <abbr class="abbrev">IPsec</abbr> host-to-host, procedere su ciascun host, come indicato:
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Le seguenti procedure dovrebbero essere eseguite direttamente sulla macchina: si raccomanda di evitare configurazioni e connessioni <abbr class="abbrev">IPsec</abbr> da remoto.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In un terminale, digitare <code class="command">system-config-network</code> per avviare l'interfaccia grafica di <span class="application"><strong>Amministrazione della rete</strong></span>, oppure dal menu d'avvio selezionare <span class="guimenuitem"><strong>Sistema > Amministrazione > Amministrazione della rete</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Nella scheda <span class="guilabel"><strong>IPsec</strong></span>, premere sul pulsante <span class="guibutton"><strong>Nuovo</strong></span> per avviare il wizard di configurazione.
+ </div></li><li class="listitem"><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per avviare la configurazione di una connessione <abbr class="abbrev">IPsec</abbr> host-to-host.
+ </div></li><li class="listitem"><div class="para">
+ Inserire un nome unico da assegnare alla connessione, per esempio <strong class="userinput"><code>ipsec0</code></strong>. Se si desidera attivare la connessione automaticamente, all'avvio del computer, spuntare la casella di controllo. Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Selezionare come tipo di connessione, <span class="guilabel"><strong>Crittografia da Host to Host</strong></span> e poi premere <span class="guibutton"><strong>Avanti</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type"><div class="para">
+ Selezionare il tipo di cifratura da usare: manuale o automatica.
+ </div><div class="para">
+ Se si sceglie la cifratura manuale, successivamente occorrerà fornire una chiave di cifratura. Se si seleziona la cifratura automatica, sarà il demone <code class="command">racoon</code> a creare la chiave di cifratura. Se si usa la cifratura automatica, occorre che sia installato il pacchetto <code class="filename">ipsec-tools</code>.
+ </div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Inserire l'indirizzo IP dell'host remoto.
+ </div><div class="para">
+ Per determinare l'IP dell'host remoto, usare il seguente comando, <span class="emphasis"><em>sull'host remoto</em></span>:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifconfig <em class="replaceable"><code><device></code></em></pre><div class="para">
+ dove <em class="replaceable"><code><device></code></em> è la scheda di rete (Ethernet) usata per la connessione <abbr class="abbrev">VPN</abbr>.
+ </div><div class="para">
+ Se è presente una sola scheda di rete nel sistema, il dispositivo tipicamente è denominato eth0. Di seguito si riporta un esempio, con le informazioni rilevanti dell'output di questo comando:
+ </div><pre class="screen">eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
+ inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0</pre><div class="para">
+ L'indirizzo IP è dato dal numero appresso alla stringa <code class="computeroutput">inet addr:</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per connessioni host-to-host, entrambi gli host devono possedere un indirizzo pubblico. Altrimenti, se si trovano sulla stessa LAN, possono avere un indirizzo privato (p.e. indirizzi nel range 10.x.x.x o 192.168.x.x).
+ </div><div class="para">
+ Nel caso i due host si trovino su differenti LAN, oppure se un host ha un indirizzo pubblico e l'altro un indirizzo privato, vedere la <a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Sezione 4.2.1.7, «Configurazione IPsec Network-to-Network»</a>.
+ </div></div></div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys"><div class="para">
+ Se al passo 6, è stata selezionata la cifratura manuale, specificare la chiave di cifratura da usare, oppure premere <span class="guibutton"><strong>Genera</strong></span> per crearne una.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Specificare una chiave di autenticazione o premere <span class="guibutton"><strong>Genera</strong></span> per crearne una. Si può usare una qualsiasi combinazione di lettere e numeri.
+ </div></li><li class="listitem"><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li></ol></div></li><li class="listitem"><div class="para">
+ Nella pagina <span class="guilabel"><strong>IPsec — Sommario</strong></span>, rivedere le informazioni inserite e poi premere <span class="guibutton"><strong>Applica</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Per salvare la configurazione creata, selezionare <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Salva</strong></span>.
+ </div><div class="para">
+ Per rendere effettive le modifiche potrebbe essere necessario riavviare la rete. In tal caso, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~]# service network restart</pre></li><li class="listitem"><div class="para">
+ Dalla lista delle connessioni <abbr class="abbrev">IPsec</abbr>, selezionare la connessione appena creata e premere il pulsante <span class="guibutton"><strong>Attiva</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Ripetere l'intera procedura sull'altro host, prestando particolare attenzione ad usare la stessa chiave usata nel passo 8, sul primo host. Pena il non funzionamento di <abbr class="abbrev">IPsec</abbr>.
+ </div></li></ol></div><div class="para">
+ Dopo aver configurato la connessione <abbr class="abbrev">IPsec</abbr>, essa compare nella scheda di <abbr class="abbrev">IPsec</abbr> come indicato in <a class="xref" href="#figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection">Figura 4.1, «Connessione IPsec»</a>.
+ </div><div class="figure" id="figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_host2host.png" width="444" alt="Connessione IPsec" /><div class="longdesc"><div class="para">
+ Connessione IPsec
+ </div></div></div></div><h6>Figura 4.1. Connessione IPsec</h6></div><br class="figure-break" /><div class="para">
+ Alla fine del processo di creazione della connessione <abbr class="abbrev">IPsec</abbr>, vengono generati i seguenti file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/ifcfg-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/keys-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/<em class="replaceable"><code><remote-ip></code></em>.conf</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/psk.txt</code>
+ </div></li></ul></div><div class="para">
+ Se è stata usata la cifratura automatica, verrà creato anche il file <code class="filename">/etc/racoon/racoon.conf</code>.
+ </div><div class="para">
+ Quando la connessione è attiva, il file <code class="filename">/etc/racoon/racoon.conf</code> viene modificato per includere <code class="filename"><em class="replaceable"><code><remote-ip></code></em>.conf</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">4.2.1.6.2. Configurazione manuale di <abbr class="abbrev">IPsec</abbr> Host-to-Host</h5></div></div></div><div class="para">
+ Prima di procedere, recuperare le informazioni di sistema e di rete di ogni workstation. Per una connessione host-to-host, occorre conoscere:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'indirizzo IP degli host
+ </div></li><li class="listitem"><div class="para">
+ Un nome unico (p.e. <code class="computeroutput">ipsec1</code>), identificativo della connessione <abbr class="abbrev">IPsec</abbr>. Serve ad identificare la connessione <abbr class="abbrev">IPsec</abbr> ed a distinguerla da altre connessioni.
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di cifratura fissata o una generata automaticamente da <code class="command">racoon</code>.
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di autenticazione pre-condivisa, usata durante la fase iniziale della connessione e per lo scambio delle chiavi cifrate durante la sessione.
+ </div></li></ul></div><div class="para">
+ Per esempio, si supponga che la workstation A e la workstation B vogliano connettersi tra loro attraverso un tunnel <abbr class="abbrev">IPsec</abbr>. Essi vogliono connettersi usando un chiave pre-condivisa il cui valore è <code class="computeroutput">Key_Value01</code>, e decidono di usare <code class="command">racoon</code> per generare automaticamente e condividere una chiave per l'autenticazione reciproca. Entrambi gli utenti decidono di chiamare <code class="computeroutput">ipsec1</code> le loro connessioni.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Si consiglia di usare una chiave PSK con una combinazione di lettere maiuscole/minuscole, numeri e caratteri di punteggiatura. Una chiave PSK facile da scoprire costituisce un rischio alla sicurezza.
+ </div><div class="para">
+ Non è necessario usare, sui due host, lo stesso nome per la connessione. Si potrebbe scegliere un nome che sia significativo per la propria installazione.
+ </div></div></div><div class="para">
+ Di seguito si riporta il file di configurazione di <abbr class="abbrev">IPsec</abbr> della prima workstation A per una connessione <abbr class="abbrev">IPsec</abbr> host-to host con la workstation B. L'identificativo della connessione usato nell'esempio è <em class="replaceable"><code>ipsec1</code></em>, per cui il file di configurazione è <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec1</code>:
+ </div><pre class="screen">DST=<em class="replaceable"><code>X.X.X.X</code></em>TYPE=IPSEC
+ONBOOT=no
+IKE_METHOD=PSK</pre><div class="para">
+ Per la workstation A, <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP della workstation B. Per la workstation B, <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP della workstation A. La connessione è configurata in modo da non avviarsi al boot di sistema (<code class="computeroutput">ONBOOT=no</code>) ed usa il metodo di autenticazione della chiave pre-condivisa (<code class="computeroutput">IKE_METHOD=PSK</code>).
+ </div><div class="para">
+ Di seguito si mostra il contenuto del file della chiave pre-condivisa (denominato <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec1</code>), usato da entrambe le workstation per autenticarsi tra loro. Il suo contenuto dovrebbe essere identico nelle due workstation, il cui accesso in lettura/scrittura, dovrebbe essere consentito solo all'utente root.
+ </div><pre class="screen">IKE_PSK=Key_Value01</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Per modificare i permessi al file <code class="filename">keys-ipsec1</code> in modo che solo l'utente root possa leggere o modificare il file, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ Per modificare la chiave di autenticazione, editare il file <code class="filename">keys-ipsec1</code> su entrambe le workstation. <span class="emphasis"><em>Le chiavi di autenticazione devono coincidere perchè la connessione funzioni correttamente.</em></span>
+ </div><div class="para">
+ Il successivo esempio, mostra la configurazione propria alla fase 1 della connessione con l'host remoto. Il file è denominato <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code>, in cui <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP dell'host <abbr class="abbrev">IPsec</abbr> remoto. Notare che questo file è generato automaticamente all'avvio del tunnel <abbr class="abbrev">IPsec</abbr> e non dovrebbe essere eplicitamente modificato.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ Il file di configurazione della fase 1 viene creato durante l'inizializzazione della connessione <abbr class="abbrev">IPsec</abbr> e nell'implementazione di <abbr class="abbrev">IPsec</abbr> di Fedora, contiene le seguenti istruzioni:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">remote <em class="replaceable"><code>X.X.X.X</code></em></span></dt><dd><div class="para">
+ Specifica che le seguenti istruzioni di questo file di configurazione, si applicano solo al nodo remoto identificato dall'indirizzo IP <em class="replaceable"><code>X.X.X.X</code></em>.
+ </div></dd><dt class="varlistentry"><span class="term">exchange_mode aggressive</span></dt><dd><div class="para">
+ La configurazione predefinita di <abbr class="abbrev">IPsec</abbr> in Fedora usa un metodo di autenticazione <span class="emphasis"><em>aggressive</em></span>, che riduce lo scambio di informazioni di connessione per consentire di configurare più connessioni <abbr class="abbrev">IPsec</abbr> con host multipli.
+ </div></dd><dt class="varlistentry"><span class="term">my_identifier address</span></dt><dd><div class="para">
+ Specifica il metodo di identificazione da usare per autenticare i nodi. Fedora usa indirizzi IP per identificare i nodi.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des</span></dt><dd><div class="para">
+ Specifica l'algoritmo di cifratura da usare durante l'autenticazione. Per impostazione, si usa <acronym class="acronym">3DES</acronym> (<em class="firstterm">Triple Data Encryption Standard</em>).
+ </div></dd><dt class="varlistentry"><span class="term">hash_algorithm sha1;</span></dt><dd><div class="para">
+ Specifica l'algoritmo di hash da usare durante la negoziazione della fase 1. Per impostazione, si usa SHA (Secure Hash Algorithm version 1).
+ </div></dd><dt class="varlistentry"><span class="term">authentication_method pre_shared_key</span></dt><dd><div class="para">
+ Specifica il metodo di autenticazione da usare durante la negoziazione tra i nodi. Per impostazione, Fedora usa chiavi pre-condivise per l'autenticazione.
+ </div></dd><dt class="varlistentry"><span class="term">dh_group 2</span></dt><dd><div class="para">
+ Specifica il numero di gruppo di Diffie-Hellman con cui avviare lo scambio delle chiavi. Per impostazione, si usa modp1024 (group 2).
+ </div></dd></dl></div><div class="section" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h6 class="title" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File">4.2.1.6.2.1. Il file di configurazione di racoon</h6></div></div></div><div class="para">
+ Il file <code class="filename">/etc/racoon/racoon.conf</code> dovrebbe essere identico in tutti i nodi <abbr class="abbrev">IPsec</abbr>, con l'<span class="emphasis"><em>eccezione</em></span> dell'istruzione <code class="command">include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</code>. Per la workstation A, <em class="replaceable"><code>X.X.X.X</code></em> nell'istruzione <code class="command">include</code> rappresenta l'indirizzo IP della workstation B; mentre nel file della workstation B, rappresenta l'indirizzo IP della workstation A. Di seguito si riporta un file <code class="filename">racoon.conf</code> tipico, in una connessione <abbr class="abbrev">IPsec</abbr> attiva:
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/X.X.X.X.conf";</pre><div class="para">
+ Il file <code class="filename">racoon.conf</code> predefinito, include i percorsi relativi alla configurazione di <abbr class="abbrev">IPsec</abbr>, ai file della chiave pre-condivisa ed ai certificati d'autenticazione. I campi in <code class="computeroutput">sainfo anonymous</code> descrivono una SA tra i nodi <abbr class="abbrev">IPsec</abbr> della fase 2 — la natura della connessione <abbr class="abbrev">IPsec</abbr>, il tipo di algoritmo di cifratura usato e il metodo di scambio delle chiavi. Di seguito si definiscono i campi della fase 2:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">sainfo anonymous</span></dt><dd><div class="para">
+ Denota che una SA può inizializzarsi in maniera anonima con ogni peer purchè coincidano le credenziali <abbr class="abbrev">IPsec</abbr>.
+ </div></dd><dt class="varlistentry"><span class="term">pfs_group 2</span></dt><dd><div class="para">
+ Definisce il protocollo Diffie-Hellman per lo scambio chiavi, il metodo usato dai nodi <abbr class="abbrev">IPsec</abbr> per stabilire la chiave di comunicazione segreta per la seconda fase della connessione <abbr class="abbrev">IPsec</abbr>. Per impostazione, l'implementazione di <abbr class="abbrev">IPsec</abbr> in Fedora, usa il Group 2 (o <code class="computeroutput">modp1024</code>) di Diffie-Hellman per lo scambio delle chiavi segrete. Group 2 usa chiavi generate in modulo a 1024-bit, per impedire ad attaccante eventualmente in possesso di chiavi compromesse, la decifrazione di precedenti trasmissioni <abbr class="abbrev">IPsec</abbr>.
+ </div></dd><dt class="varlistentry"><span class="term">lifetime time 1 hour</span></dt><dd><div class="para">
+ Questo parametro specifica il tempo di vita medio di una SA e può essere espresso in formato orario o di data. Per impostazione, in Fedora si specifica in ore.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des, blowfish 448, rijndael</span></dt><dd><div class="para">
+ Specifica l'algoritmo di cifratura della fase 2. Fedora supporta gli algoritmi 3DES, 448-bit Blowfish e Rijndael (l'algoritmo usato in <acronym class="acronym">AES</acronym> o <em class="firstterm">Advanced Encryption Standard</em>).
+ </div></dd><dt class="varlistentry"><span class="term">authentication_algorithm hmac_sha1, hmac_md5</span></dt><dd><div class="para">
+ Elenca gli algoritmi di hash supportati per l'autenticazione. Quelli supportati sono HMAC-SHA1 e HMAC-MD5.
+ </div></dd><dt class="varlistentry"><span class="term">compression_algorithm deflate</span></dt><dd><div class="para">
+ Definisce l'algoritmo di compressione Deflate a supporto di IPCOMP (IP Payload Compression), per consentire trasmissioni di datagram IP più veloci, su connessioni lente.
+ </div></dd></dl></div><div class="para">
+ Per avviare la connessione, su ciascun host usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~]# /sbin/ifup <nickname></pre><div class="para">
+ in cui <nickname> è il nome della connessione <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ Per testare la connessione <abbr class="abbrev">IPsec</abbr>, eseguire l'utility <code class="command">tcpdump</code> che visualizza i pacchetti trasferiti tra gli host e verifica se sono cifrati via IPsec. Il pacchetto dovrebbe includere un'intestazione AH ed essere segnato come ESP, ad indicare che si tratta di un pacchetto cifrato. Per esempio:
+ </div><pre class="screen">[root at myServer ~]# tcpdump -n -i eth0 host <targetSystem>
+
+IP 172.16.45.107 > 172.16.44.192: AH(spi=0x0954ccb6,seq=0xbb): ESP(spi=0x0c9f2164,seq=0xbb)</pre></div></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">4.2.1.7. Configurazione IPsec Network-to-Network</h4></div></div></div><div class="para">
+ IPsec può anche essere configurato per connettere una rete (come una <acronym class="acronym">LAN</acronym> o <acronym class="acronym">WAN</acronym>), ad una rete remota usando una connessione network-to-network. Una tale connessione richiede di impostare i router <abbr class="abbrev">IPsec</abbr> sulle due reti in maniera da processare e indirizzare con trasparenza, le informazioni in transito da un nodo della <acronym class="acronym">LAN</acronym> a un nodo della <acronym class="acronym">LAN</acronym>remota. La <a class="xref" href="#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection">Figura 4.2, «Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network»</a> illustra una tipica connessione <abbr class="abbrev">IPsec</abbr> network-to-network.
+ </div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="Una connessione IPsec network-to-network" /><div class="longdesc"><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network
+ </div></div></div></div><h6>Figura 4.2. Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network</h6></div><br class="figure-break" /><div class="para">
+ Lo schema mostra due <acronym class="acronym">LAN</acronym> separate da Internet. Le <acronym class="acronym">LAN</acronym> usano router <abbr class="abbrev">IPsec</abbr> per autenticare e iniziare una connessione, usando un tunnel sicuro attraverso Internet. I pacchetti intercettati da malintenzionati, richiederebbero dei sistemi di decifrazione molto potenti, in quanto dovrebbero verificare iterativamente tutte le combinazioni di chiavi possibili (brute-force decryption). Il processo di comunicazione tra un nodo della rete 192.168.1.0/24 ed un altro della rete 192.168.2.0/24 risulta completamente trasparente agli altri nodi poichè la cifratura/decifratura e il routing dei pacchetti <abbr class="abbrev">IPsec</abbr> sono interamente gestiti dai router <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ Le informazioni richieste per una connessione network-to-network, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Gli indirizzi IP esternamente accessibili dei router <abbr class="abbrev">IPsec</abbr> dedicati.
+ </div></li><li class="listitem"><div class="para">
+ Gli indirizzi di rete delle <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> servite dai router <abbr class="abbrev">IPsec</abbr> (per esempio 192.168.1.0/24 10.0.1.0/24)
+ </div></li><li class="listitem"><div class="para">
+ Gli indirizzi IP dei gateway che indirizzano i pacchetti dai nodi della rete verso Internet.
+ </div></li><li class="listitem"><div class="para">
+ Un nome unico (p.e. <code class="computeroutput">ipsec1</code>), identificativo della connessione <abbr class="abbrev">IPsec</abbr>. Serve ad identificare la connessione <abbr class="abbrev">IPsec</abbr> ed a distinguerla da altre connessioni.
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di cifratura fissata o una generata automaticamente da <code class="command">racoon</code>
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di autenticazione pre-condivisa, usata durante la fase iniziale della connessione e per lo scambio delle chiavi cifrate durante la sessione.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection">4.2.1.7.1. Connessione (<abbr class="abbrev">VPN</abbr>) Network-to-Network</h5></div></div></div><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network usa due router <abbr class="abbrev">IPsec</abbr>, uno per ciascuna rete, attraverso cui passa il traffico diretto alle sotto-reti private.
+ </div><div class="para">
+ Per esempio, come mostrato nella <a class="xref" href="#figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec">Figura 4.3, «IPsec Network-to-Network»</a>, se la rete privata 192.168.1.0/24 invia dei pacchetti alla rete privata 192.168.2.0/24, i pacchetti passano dal gateway0 al nodo ipsec0, poi attraversano Internet e dal nodo ipsec1 al gateway1, arrivano alla rete 192.168.2.0/24.
+ </div><div class="para">
+ I router <abbr class="abbrev">IPsec</abbr> richiedono due indirizzi IP pubblici ed una seconda scheda di rete connessa alla propria rete privata. Il traffico passa attraverso un router <abbr class="abbrev">IPsec</abbr> soltanto se è destinato al router <abbr class="abbrev">IPsec</abbr> con il quale ha una connessione cifrata.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="IPsec Network-to-Network" /><div class="longdesc"><div class="para">
+ IPsec Network-to-Network
+ </div></div></div></div><h6>Figura 4.3. IPsec Network-to-Network</h6></div><br class="figure-break" /><div class="para">
+ Configurazioni alternative possono includere un firewall tra ciascun router IP e Internet, ed un firewall intranet tra ciascun router <abbr class="abbrev">IPsec</abbr> e il gateway della sotto-rete. Il router <abbr class="abbrev">IPsec</abbr> ed il gateway della sottorete possono anche coincidere con un unico sistema con due scede di rete: una con un IP pubblico che agisce da router <abbr class="abbrev">IPsec</abbr>; l'altra con un IP privato che agisce da gateway per la sottorete privata. Ciascun router <abbr class="abbrev">IPsec</abbr> può usare il gateway della propria rete o un gateway pubblico per trasmettere i pacchetti all'altro router <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ Per configurare una connessione network-to-network <abbr class="abbrev">IPsec</abbr>, usare la seguente procedura:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In un terminale, digitare <code class="command">system-config-network</code> per avviare l'interfaccia grafica di <span class="application"><strong>Amministrazione della rete</strong></span>, oppure dal menu d'avvio selezionare <span class="guimenuitem"><strong>Sistema > Amministrazione > Amministrazione della rete</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Nella scheda <span class="guilabel"><strong>IPsec</strong></span>, premere sul pulsante <span class="guibutton"><strong>Nuovo</strong></span> per avviare il wizard di configurazione.
+ </div></li><li class="listitem"><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per avviare la configurazione di una connessione <abbr class="abbrev">IPsec</abbr> network-to-network.
+ </div></li><li class="listitem"><div class="para">
+ Inserire un nome unico con cui indicare la connessione, per esempio <strong class="userinput"><code>ipsec0</code></strong>. Se si desidera attivare automaticamente la connessione all'avvio del computer, attivare la casella di controllo. Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Selezionare <span class="guilabel"><strong>Crittografia da rete a rete (VPN)</strong></span>, per il tipo di connessione e poi premere <span class="guibutton"><strong>Avanti</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n"><div class="para">
+ Selezionare il tipo di cifratura da usare: manuale o automatica.
+ </div><div class="para">
+ Se si sceglie la cifratura manuale, successivamente occorrerà fornire una chiave di cifratura. Se si seleziona la cifratura automatica, sarà il demone <code class="command">racoon</code> a creare la chiave di cifratura. Se si usa la cifratura automatica, occorre che sia installato il pacchetto <code class="filename">ipsec-tools</code>.
+ </div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Nella scheda <span class="guilabel"><strong>Rete Locale</strong></span>, inserire le seguenti informazioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Indirizzo locale</strong></span> — L'indirizzo IP della scheda di rete sul router <abbr class="abbrev">IPsec</abbr> connesso alla rete privata.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Maschera di sottorete locale</strong></span> — La subnet mask dell'indirizzo IP della rete locale
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Gateway della rete locale</strong></span> — L'indirizzo del gateway per la sottorete privata
+ </div></li></ul></div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Local_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_local.png" width="444" alt="Informazioni di rete locale" /><div class="longdesc"><div class="para">
+ Informazioni di rete locale
+ </div></div></div></div><h6>Figura 4.4. Informazioni di rete locale</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ Nella pagina <span class="guilabel"><strong>Rete remota</strong></span>, inserire le seguenti informazioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Indirizzo IP remoto</strong></span> — L'indirizzo IP pubblico del router <abbr class="abbrev">IPsec</abbr> dell'<span class="emphasis"><em>altra</em></span> rete privata. Nel nostro caso, per il router ipssec0, inserire l'IP del router ipsec1.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Indirizzo di rete remota</strong></span> — L'indirizzo della sottorete dietro all'<span class="emphasis"><em>altro</em></span> router <abbr class="abbrev">IPsec</abbr>. Nel nostro esempio, inserire <strong class="userinput"><code>192.168.1.0</code></strong> se si configura ipsec1, e <strong class="userinput"><code>192.168.2.0</code></strong> se si configura ipsec0.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Maschera di sottorete remota</strong></span> — La maschera della sottorete remota.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Gateway della rete remota</strong></span> — L'indirizzo IP del gateway per la rete remota.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys-n"><div class="para">
+ Se nel passo 6 si è scelta la cifratura maunale, specificare la chiave di cifratura da usare o premere <span class="guibutton"><strong>Genera</strong></span> per crearne una.
+ </div><div class="para">
+ Specificare una chiave di autenticazione o premere <span class="guibutton"><strong>Genera</strong></span> per crearne una. Questa chiave può essere una combinazione di numeri, lettere e caratteri di punteggiatura.
+ </div></li></ul></div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Remote_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_remote.png" width="444" alt="Informazioni di rete remota" /><div class="longdesc"><div class="para">
+ Informazioni di rete remota
+ </div></div></div></div><h6>Figura 4.5. Informazioni di rete remota</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ Nella pagina <span class="guilabel"><strong>IPsec — Sommario</strong></span>, rivedere le informazioni inserite e poi premere <span class="guibutton"><strong>Applica</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Per salvare la configurazione, selezionare <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Salva</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Per attivare la connessione, selezionare la connessione <abbr class="abbrev">IPsec</abbr> dalla lista, e poi premere <span class="guibutton"><strong>Attiva</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Abilitare l'IP forwarding:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Modificare il file <code class="filename">/etc/sysctl.conf</code> impostando <code class="computeroutput">net.ipv4.ip_forward</code> su <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Usare il seguente comando per rendere effettiva la modifica:
+ </div><pre class="screen">[root at myServer ~]# /sbin/sysctl -p /etc/sysctl.conf</pre></li></ol></div></li></ol></div><div class="para">
+ Lo script di rete che attiva automaticamente la connessione <abbr class="abbrev">IPsec</abbr>, crea i percorsi di instradamento dei pacchetti, trasmettendoli, se necessario, attraverso il router <abbr class="abbrev">IPsec</abbr>.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">4.2.1.7.2. Configurazione manuale di <abbr class="abbrev">IPsec</abbr> Network-to-Network</h5></div></div></div><div class="para">
+ Si supponga di voler connettere due <acronym class="acronym">LAN</acronym>, A (lana.example.com) e B (lanb.example.com), usando un tunnel <abbr class="abbrev">IPsec</abbr>. La <acronym class="acronym">LAN</acronym> A ha indirizzo 192.168.1.0/24, la <acronym class="acronym">LAN</acronym> B 192.168.2.0/24. Gli indirizzi IP dei gateway sono 192.168.1.254 per la <acronym class="acronym">LAN</acronym> A e 192.168.2.254 per la <acronym class="acronym">LAN</acronym> B. I router <abbr class="abbrev">IPsec</abbr> sono distinti da ciascun gateway e usano due schede di rete: ad eth0 è assegnato un indirizzo IP statico accessibile esternamente, connesso ad Internet, mentre eth1 funge da punto di routing processando e trasmettendo i pacchetti della <acronym class="acronym">LAN</acronym> da un nodo della rete ai suoi nodi remoti.
+ </div><div class="para">
+ La connessione <abbr class="abbrev">IPsec</abbr> tra le due <acronym class="acronym">LAN</acronym>, usa una chiave pre-condivisa di valore <code class="computeroutput">r3dh4tl1nux</code>, e gli amministratori di A e B decidono di usare <code class="command">racoon</code> per generare e condividere una chiave di autenticazione tra i router <abbr class="abbrev">IPsec</abbr>. L'amministratore della <acronym class="acronym">LAN</acronym> A decide di chiamare la propria connessione <code class="computeroutput">ipsec0</code>, mentre l'altro <code class="computeroutput">ipsec1</code>.
+ </div><div class="para">
+ Il seguente esempio, illustra il contenuto del file <code class="filename">ifcfg</code> per una connessione <abbr class="abbrev">IPsec</abbr> network-to-network sulla <acronym class="acronym">LAN</acronym> A. Il nome univoco che identifica la connessione è <abbr class="abbrev">ipsec0</abbr>, cosicchè il file risultante è <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec0</code>.
+ </div><pre class="screen">TYPE=IPSEC
+ONBOOT=yes
+IKE_METHOD=PSK
+SRCGW=192.168.1.254
+DSTGW=192.168.2.254
+SRCNET=192.168.1.0/24
+DSTNET=192.168.2.0/24
+DST=<em class="replaceable"><code>X.X.X.X</code></em></pre><div class="para">
+ I parametri contenuti nel file hanno il seguente significato:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">TYPE=IPSEC</span></dt><dd><div class="para">
+ Specifica il tipo di connessione
+ </div></dd><dt class="varlistentry"><span class="term">ONBOOT=yes</span></dt><dd><div class="para">
+ Specifica se la connessione si avvia al boot del sistema
+ </div></dd><dt class="varlistentry"><span class="term">IKE_METHOD=PSK</span></dt><dd><div class="para">
+ Specifica che la connessione usa il metodo di autenticazione pre-shared key (o chiave pre-condivisa).
+ </div></dd><dt class="varlistentry"><span class="term">SRCGW=192.168.1.254</span></dt><dd><div class="para">
+ L'indirizzo IP del gateway locale. Per la LAN A, è il gateway della LAN A e per la LAN B, è il gateway della LAN B.
+ </div></dd><dt class="varlistentry"><span class="term">DSTGW=192.168.2.254</span></dt><dd><div class="para">
+ L'indirizzo IP del gateway remoto. Per la LAN A, è il gateway della LAN B e per la LAN B è il gateway della LAN A.
+ </div></dd><dt class="varlistentry"><span class="term">SRCNET=192.168.1.0/24</span></dt><dd><div class="para">
+ Specifica l'indirizzo della rete locale, che per questo esempio è l'indirizzo di rete della LAN A.
+ </div></dd><dt class="varlistentry"><span class="term">DSTNET=192.168.2.0/24</span></dt><dd><div class="para">
+ Specifica l'indirizzo della rete remota, che per questo esempio è l'indirizzo di rete della LAN B.
+ </div></dd><dt class="varlistentry"><span class="term">DST=X.X.X.X</span></dt><dd><div class="para">
+ L'indirizzo IP pubblico esternamente accessibile, sulla rete remota (LAN B).
+ </div></dd></dl></div><div class="para">
+ L'esempio seguente riporta il contenuto del file della chiave pre-condivisa, <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec<em class="replaceable"><code>X</code></em></code> (in cui <em class="replaceable"><code>X</code></em> è 0 ed 1, rispettivamente, per le <acronym class="acronym">LAN</acronym> A e B), usato da entrambe le reti per reciproca autenticazione. Il contenuto deve essere identico sulle due reti ed accessibile in lettura/scrittura soltanto all'utente root.
+ </div><pre class="screen">IKE_PSK=r3dh4tl1nux</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Per modificare i permessi al file <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> in modo che solo l'utente root possa leggere o modificare il file, usare il seguente comando:
+ </div><pre class="screen">chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ Per cambiare la chiave di autenticazione, modificare il file <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> su entrambi i router di <abbr class="abbrev">IPsec</abbr>. <span class="emphasis"><em>Le chiavi di autenticazione devono coincidere perchè la connessione funzioni correttamente</em></span>.
+ </div><div class="para">
+ Di seguito si riporta il contenuto del file di configurazione <code class="filename">/etc/racoon/racoon.conf</code> per la connessione <abbr class="abbrev">IPsec</abbr>. Notare che il parametro <code class="computeroutput">include</code> in basso, è inserito automaticamente ed è presente solo quando il tunnel <abbr class="abbrev">IPsec</abbr> è in esecuzione.
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</pre><div class="para">
+ Ciò che segue sono le impostazioni specifiche per la connessione alla rete remota. Il file è denominato <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> (dove <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP del router <abbr class="abbrev">IPsec</abbr> remoto). Notare che questo file è creato automaticamente all'attivazione del tunnel <abbr class="abbrev">IPsec</abbr> e non dovrebbe essere esplicitamente modificato.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ Prima di avviare la connessione <abbr class="abbrev">IPsec</abbr>, si dovrebbe abilitare l'IP forwarding nel kernel. Per abilitare l'IP forwarding, eseguire il seguente comando:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Modificare il file <code class="filename">/etc/sysctl.conf</code> impostando <code class="computeroutput">net.ipv4.ip_forward</code> su <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Usare il seguente comando per rendere effettiva la modifica:
+ </div><pre class="screen">[root at myServer ~] # sysctl -p /etc/sysctl.conf</pre></li></ol></div><div class="para">
+ Per avviare la connessione <abbr class="abbrev">IPsec</abbr>, usare il seguente comando su ciascun router:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup ipsec0</pre><div class="para">
+ A questo punto le connessioni sono attivate ed entrambe le <acronym class="acronym">LAN</acronym> A e B possono comunicare tra loro. L'instradamento dei pacchetti è creato automaticamente dagli script di inizializzazione durante l'esecuzione di <code class="command">ifup</code> sulla connessione <abbr class="abbrev">IPsec</abbr>. Per visualizzare un elenco di percorsi di instradamento, usare il comando:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ip route list</pre><div class="para">
+ Per testare la connessione <abbr class="abbrev">IPsec</abbr>, eseguire l'utility <code class="command">tcpdump</code> sulla scheda di rete rivolta all'esterno (eth0 nel caso dell'esempio), che visualizza i pacchetti trasferiti tra gli host (o reti) e verifica se sono cifrati via IPsec. Per esempio, per verificare la connessione della <acronym class="acronym">LAN</acronym> A, usare il comando:
+ </div><pre class="screen">[root at myServer ~] # tcpdump -n -i eth0 host <em class="replaceable"><code>lana.example.com</code></em></pre><div class="para">
+ Il pacchetto dovrebbe includere un'intestazione AH ed essere segnato come ESP, ad indicare che si tratta di un pacchetto cifrato. Per esempio (le back slash denotano una continuazione di linea):
+ </div><pre class="screen">12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \
+ lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \
+ (ipip-proto-4)</pre></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">4.2.1.8. Avviare ed interrompere una connessione <abbr class="abbrev">IPsec</abbr></h4></div></div></div><div class="para">
+ Se la connessione <abbr class="abbrev">IPsec</abbr>, non è stata configurata per avviarsi al boot del sistema, si può usare un terminale da cui controllare l'avvio o l'interruzione.
+ </div><div class="para">
+ Per avviare la connessione <abbr class="abbrev">IPsec</abbr>, usare il seguente comando su ciascun host per una connessione host-to-host, o router per una connessione network-to-network:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup <em class="replaceable"><code><nickname></code></em></pre><div class="para">
+ dove <em class="replaceable"><code><nickname></code></em> è il nome precedentemente configurato, come <code class="computeroutput">ipsec0</code>.
+ </div><div class="para">
+ Per interrompere la connessione, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifdown <em class="replaceable"><code><nickname></code></em></pre></div></div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</h3></div></div></div><div class="para">
+ SSH (Secure Shell), è un potente protocollo di rete usato per comunicare con altri sistemi attraverso un canale sicuro. Le trasmissioni su SSH sono cifrate e protette da intercettazioni. Può essere usato anche per accessi cifrati offrendo un metodo di autenticazione più robusto, rispetto ai tradizionali metodi basati su nome-utente e password.
+ </div><div class="para">
+ SSH è molto semplice da attivare. Una volta avviato, il servizio sshd inizia ad accettare connessioni ed a permettere l'accesso al sistema solo dopo l'inserimento di un nome utente e password, corretti. Il numero di porta TCP standard del servizio SSH è 22; comunque può essere modificato nel file di configurazione <code class="filename">/etc/ssh/sshd_config</code>. Questo file contiene anche altre opzioni di configurazione di SSH.
+ </div><div class="para">
+ Secure Shell (SSH) fornisce anche tunnel cifrati tra computer ma soltanto su una porta. <a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software">Il port forwarding può essere fatto usando un tunnel SSH</a> ed il traffico può venir cifrato lungo il suo passaggio nel tunnel, tuttavia il port forwarding non è così fluido come con VPN.
+ </div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon">4.2.2.1. Accesso crittografato</h4></div></div></div><div class="para">
+ SSH supporta l'uso di chiavi crittografiche per accedere ad un computer. Questo è molto più sicuro che usare una password e, se configurato correttamente, potrebbe essere considerato come autenticazione a più fattori.
+ </div><div class="para">
+ La modifica della configurazione deve avvenire prima dell'accesso crittografato. Nel file <code class="filename">/etc/ssh/sshd_config</code> decommentare e modificare le seguenti linee così:
+<pre class="screen">PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys</pre>
+ La prima linea dice ad SSH di permettere l'autenticazione della chiave pubblica. La seconda punta al file nella cartella home nel quale è presenta la chiave pubblica autorizzata.
+ </div><div class="para">
+ Il passaggio successivo da fare è di creare la coppia di chiavi ssh nel client da usare per connettersi al sistema. Il comando <code class="command">ssh-keygen</code> genererà un set di chiavi RSA a 2048-bit per il login al sistema. Le chiavi sono conservate, come predefinito, nella cartella <code class="filename">~/.ssh</code>. E' possibile utilizzare l'opzione <code class="command">-b</code> per modificare la robustezza della chiave. Una 2048-bit è già sufficiente ma potrebbe essere migliorata a 8192-bit ed oltre.
+ </div><div class="para">
+ Nella cartella <code class="filename">~/.ssh</code> si dovrebbero vedere le due chiavi create. Se si sono accettate quelle predefinite all'avvio del comando <code class="command">ssh-keygen</code> allora saranno nominate <code class="filename">id_rsa</code> e <code class="filename">id_rsa.pub</code>, privata e pubblica. Dovrebbe essere sempre protetta. La chiave pubblica tuttavia dev'essere trasferita verso il sistema al quale si deve accedere. Una volta avuta sul sistema, il modo più semplice per aggiungere la chiave è da:
+<pre class="screen">$ cat id_rsa.pub >> ~/.ssh/authorized_keys</pre>
+ Questo allegherà la chiave pubblica al file authorized_key. L'applicazione <span class="application"><strong>SSH</strong></span> controllerà il file quando si tenta l'accesso al computer.
+ </div><div class="para">
+ Allo stesso modo delle password o qualsiasi altro metodo di autenticazione, si dovrebbero cambiare regolarmente le chiavi <span class="application"><strong>SSH</strong></span>. Quando se ne è sicuri, eliminare qualsiasi chiave inutilizzata dal file authorized_key.
+ </div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-LUKS_Disk_Encryption" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. Cifratura disco con LUKS</h3></div></div></div><div class="para">
+ Lo standard Linux Unified Key Setup (o LUKS) cifra partizioni di disco di un sistema Linux. Ciò può risultare particolarmente importante nel caso dei portatili e dei supporti rimovibili. Inolltre LUKS consente l'uso di più chiavi utente per la decifrazione di una chiave principale, usata per cifrare la partizione.
+ </div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">4.2.3.1. Implementazione di LUKS in Fedora</h4></div></div></div><div class="para">
+ Fedora 9 e le successive versioni, utilizzano LUKS per cifrare il file system. Per impostazione, l'opzione per cifrare il file system è disabilitata durante l'installazione di Fedora. Se il sistema viene installato con l'opzione di cifratura abilitata, allora ad ogni avvio del sistema verrà richiesto di inserire la frase di accesso (passphrase) per "sbloccare" la chiave di cifratura del disco. Se si decide di modificare la tabella di partizionamento predefinita, nelle impostazioni della tabella è possibile scegliere quali partizioni cifrare.
+ </div><div class="para">
+ In Fedora, l'implementazione predefinita di LUKS si basa su AES 128 con funzione di hash SHA256. Gli algoritmi di cifratura disponibili sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ AES - Advanced Encryption Standard - <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">AES - FIPS PUB 197</a>
+ </div></li><li class="listitem"><div class="para">
+ Twofish (Con blocco di cifratura da 128-bit)
+ </div></li><li class="listitem"><div class="para">
+ Serpent
+ </div></li><li class="listitem"><div class="para">
+ CAST-128 Encryption Algorithm - <a href="http://www.ietf.org/rfc/rfc2144.txt">RFC 2144</a>
+ </div></li><li class="listitem"><div class="para">
+ CAST-256 Encryption Algorithm - <a href="http://www.ietf.org/rfc/rfc2612.txt">RFC 2612</a>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">4.2.3.2. Cifrare manualmente una Directory</h4></div></div></div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Questa procedura comporta la rimozione completa dei dati dalla partizione da cifrare: tutti i dati contenuti nella partizione andranno PERSIi! Prima di procedere, assicurarsi di salvare i dati contenenti informazioni importanti su un supporto esterno!
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Questa procedura usa <span class="package">scrub</span> per distruggere i dati esistenti nella partizione e fornire una base casuale da usare per LUKS. Questa base è importante per prevenire certi attacchi alla crittografia. <span class="package">Scrub</span> non è pre-installato e deve esserlo per poterlo usare. In alternativa si potrebbe usare un altro generatore di numeri casuali per ottenere la stessa cosa.
+ </div></div></div><div class="para">
+ Di seguito, si spiega come cifrare una partizione in una versione di Fedora corrente (e in versioni precedenti fino a Fedora 9); in particolare come cifrare la partizione <code class="filename">/home</code> (con altre partizioni il procedimento rimane lo stesso).
+ </div><div class="para">
+ La seguente procedura cancella tutti i dati esistenti nella partizione: assicurarsi quindi, prima di iniziare, di aver adeguatamente salvato i propri dati importanti. Si richiede anche che sia presente una partizione separata per <code class="filename">/home</code> (p.e. /dev/VG00/LV_home). Inoltre tutti i comandi devono essere eseguiti come utente root. Se un qualche passaggio fallisce, non continuare ma risolvere il problema e riprendere la procedura soltanto a soluzione avvenuta.
+ </div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">4.2.3.3. Istruzioni passo passo</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Accedere al runlevel 1: <code class="code">telinit 1</code>
+ </div></li><li class="listitem"><div class="para">
+ Riempire la partizione con dati casuali: <code class="code">scrub -p random /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Smontare la partizione <code class="filename">/home</code> esistente: <code class="code"> umount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ In caso di falllimento usare il comando <code class="code">fuser</code>, per trovare e terminare i processi che usano <code class="filename">/home</code>: <code class="code">fuser -mvk /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Verificare che la partizione /home sia stata smontata: <code class="code">cat /proc/mounts | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ Inizializzare la partizione: <code class="code">cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home</code>
+ </div></li><li class="listitem"><div class="para">
+ Aprire la partizione appena cifrata: <code class="code">cryptsetup luksOpen /dev/VG00/LV_home home</code>
+ </div></li><li class="listitem"><div class="para">
+ Verificare che esista la partizione: <code class="code">ls -l /dev/mapper | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ Creare un file system: <code class="code">mkfs.ext3 /dev/mapper/home</code>
+ </div></li><li class="listitem"><div class="para">
+ Montare la partizione: <code class="code">mount /dev/mapper/home /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Verificare che la partizione sia visibile: <code class="code">df -h | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ Aggiungere al file /etc/crypttab la seguente riga: <code class="code">home /dev/VG00/LV_home none</code>
+ </div></li><li class="listitem"><div class="para">
+ Modificare il file /etc/fstab eliminando la riga relativa a /home ed aggiungendo la riga <code class="code">/dev/mapper/home /home ext3 defaults 1 2</code>
+ </div></li><li class="listitem"><div class="para">
+ Controllare la correttezza della riga inserita in fstab digitando: <code class="code">mount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Ripristinare i contesti di SELinux predefiniti: <code class="code">/sbin/restorecon -v -R /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Riavviare il sistema: <code class="code">shutdown -r now</code>
+ </div></li><li class="listitem"><div class="para">
+ La riga precedentemente inserita in <code class="filename">/etc/crypttab</code> (al passo 12), richiede di inserire al boot la passphrase di <code class="code">luks</code>.
+ </div></li><li class="listitem"><div class="para">
+ Accedere come root e ripristinare il backup.
+ </div></li></ol></div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">4.2.3.4. Risultato finale</h4></div></div></div><div class="para">
+ Congratulazioni, ora si ha una partizione completamente cifrata che protegge con sicurezza tutti i dati a riposo, ossia a sistema spento.
+ </div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">4.2.3.5. Link di interesse</h4></div></div></div><div class="para">
+ Per ulteriori informazioni su LUKS o sulla cifratura di dischi rigidi in Fedora, fare riferimento ai seguenti link:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="https://code.google.com/p/cryptsetup/">LUKS - Linux Unified Key Setup</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="https://bugzilla.redhat.com/attachment.cgi?id=161912">HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive, pvmove, and a Fedora LiveCD</a>
+ </div></li></ul></div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. Archivi 7-Zip cifrati</h3></div></div></div><div class="para">
+ <a href="http://www.7-zip.org/">7-Zip</a> è uno strumento di compressione file, cross-platform di prossima generazione, usato per proteggere il contenuto degli archivi con un robusto sistema di cifratura (AES-256). Ciò è particolarmente utile per trasferire dati tra computer con sistemi operativi diversi (p.e. Linux a casa, windows in ufficio), essendo una soluzione di archiviazione con sistema di cifratura portabile.
+ </div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">4.2.4.1. Installazione di 7-Zip in Fedora</h4></div></div></div><div class="para">
+ 7-Zip non è un pacchetto base di Fedora ma può essere scaricato dal repository. Una volta installato il pacchetto riceverà gli aggiornamenti come avviene con gli altri pacchetti del sistema, senza richiedere particolare manutenzione.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">4.2.4.2. Instruzioni di installazione passo passo</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Aprire un Terminale: <code class="code">Cliccare Applicationi -> Strumenti di Sistema -> Terminale</code> oppure in GNOME 3: <code class="code">Attività -> Applicationi -> Terminale</code>
+ </div></li><li class="listitem"><div class="para">
+ Installare 7-Zip come utente root: <code class="code">sudo yum install p7zip</code>
+ </div></li><li class="listitem"><div class="para">
+ Chiudere il terminale: <code class="code">Ctrl+D</code>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">4.2.4.3. Istruzioni d'uso passo passo</h4></div></div></div><div class="para">
+ Di seguito si riportano le istruzioni per comprimere e cifrare la propria cartella <code class="filename">Documenti</code>. La cartella <code class="filename">Documenti</code> originaria, rimane inalterata. Questa tecnica si può applicare a tutte le altre cartelle o file del sistema a cui si ha accesso. Si presume di lavorare in ambiente GNOME.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Aprire un Terminale: <code class="code">Cliccare Applicationi -> Strumenti di Sistema -> Terminale</code>
+ </div></li><li class="listitem"><div class="para">
+ Comprimere e Cifrare: (inserire una password quando richiesto) <code class="code">7za a -mhe=on -ms=on -p Documenti.7z Documenti/</code>
+ </div></li></ul></div><div class="para">
+ La cartella <code class="filename">Documenti</code> è ora compressa e cifrata. Successivamente si sposta la cartella archivio da un'altra parte, dove verrà estratta.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Creare una nuova directory: <code class="code">mkdir nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Spostare la cartella archivio nella nuovaDirectory: <code class="code">mv Documenti.7z nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Spostarsi nella nuovaDirectory: <code class="code">cd nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Estrarre i file: (inserire la password, quando richiesto) <code class="code">7za x Documenti.7z</code>
+ </div></li></ul></div><div class="para">
+ I file estratti dall'archivio ora si trovano nella nuovaDirectory. Le seguenti istruzioni ripristinano le condizioni iniziali, rimuovendo tutti i file e directory create.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Spostarsi nella directory superiore: <code class="code">cd ..</code>
+ </div></li><li class="listitem"><div class="para">
+ Eliminare la cartella nuovaDirectory, contenente l'archivio e i file estratti: <code class="code">rm -rf nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Chiudere il terminale: <code class="code">Ctrl+D</code>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI">4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI</h4></div></div></div><div class="para">
+ Gli archivi 7-Zip possono essere estratti come qualsiasi altro archivio via GUI ma la creazione di un archivio 7-Zip sicuro richiede dei passaggi aggiuntivi.
+ </div><div class="para">
+ Di seguito si riportano le istruzioni per comprimere e cifrare la propria cartella <code class="filename">Documenti</code>. La cartella <code class="filename">Documenti</code> originaria, rimane inalterata. Questa tecnica si può applicare a tutte le altre cartelle o file del sistema a cui si ha accesso. Si presume di lavorare in ambiente GNOME.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Aprire il file browser: Cliccare Attività -> File
+ </div></li><li class="listitem"><div class="para">
+ Tasto-destro sulla cartella "Documenti"
+ </div></li><li class="listitem"><div class="para">
+ Selezionare l'opzione "Comprimi"
+ </div></li><li class="listitem"><div class="para">
+ Selezionare ".7z" come estensione del file
+ </div></li><li class="listitem"><div class="para">
+ Espandere la voce "Altre opzioni"
+ </div></li><li class="listitem"><div class="para">
+ Controllare "Criptare anche la lista dei file"
+ </div></li><li class="listitem"><div class="para">
+ Fornire una password nel campo password
+ </div></li><li class="listitem"><div class="para">
+ Cliccare sul pulsante "Crea"
+ </div></li></ul></div><div class="para">
+ Apparirà il file "Documents.7z" nella cartella home. Se si tenta di aprirlo, verrà richiesta la password dell'archivio per poi mostrare il contenuto. Il file verrà aperto e potrà essere manipolato se la password fornita è corretta. Eliminare il file "Documents.7z" per concludere questa prova e tornare allo stato precedente.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">4.2.4.5. 7-Zip e gli altri sistemi operativi</h4></div></div></div><div class="para">
+ 7-Zip, per impostazione, non viene distribuito con microsoft windows o mac os x. Se si vuole usare 7-Zip su queste piattaforme occorre <a href="http://www.7-zip.org/download.html">scaricare</a> le versioni appropriate a questi sistemi operativi.
+ </div></div></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Encryption-Using_GPG" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG">4.2.5. Usare GNU Privacy Guard (GnuPG)</h3></div></div></div><div class="para">
+ <span class="application"><strong>GnuPG</strong></span> (GPG) è usato per identificare gli utenti ed autenticare le comunicazioni, incluse quelle con persone non direttamente note. GPG consente a chi riceve una email firmata GPG di verificare l'autenticità del messaggio. In altre parole, GPG garantisce con ragionevole certezza che le comunicazioni firmate provengono effettivamente da chi ha le ha firmate. GPG è utile perchè impedisce a un terzo (l'intruso) di alterare il messaggio, intercettare conversazioni o corrompere codice.
+ </div><div class="para">
+ GPG può essere usato anche per firmare e/o cifrare i file sul proprio sistema o su un drive di rete. Ciò serve ad aumentare la protezione impedendo che un file venga alterato o letto da persone non autorizzate.
+ </div><div class="para">
+ Per poter usare GPG per autenticare o cifrare email occorre dapprima creare una coppia di chiavi, pubblica e privata. Una volta create, per poterle utilizzare occorre impostare il client di posta.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">4.2.5.1. Generare chiavi GPG in GNOME</h4></div></div></div><div class="para">
+ L'utilità Seahorse rende più facile la gestione della chiave GPG. E' possibile installare <span class="package">Seahorse</span> via riga di comando con <code class="code">su -c "yum install seahorse"</code> o via GUI usando <span class="application"><strong>Aggiungi/Rimuovi Software</strong></span>.
+ </div><div class="para">
+ Per creare una chiave selezionare <span class="application"><strong>Passwords and Keys</strong></span> per avviare l'applicazione <span class="application"><strong>Seahorse</strong></span>. Dal menu <code class="code">File</code> selezionare <code class="code">New</code> poi <code class="code">PGP Key</code> ed ancora <code class="code">Continue</code>. Digitare il proprio nome, indirizzo mail ed un commento opzionale di descrizione (ad esempio: John C. Smith, jsmith at example.com, The Man). Selezionare <code class="code">Create</code>. Nella finestra di dialogo verrà richiesta una password per la chiave. Sceglierne una forte ma anche facile da ricordare. Cliccare su <code class="code">OK</code> per creare la chiave.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si dimentica la passphrase la chiave non può più essere usata e tutti i dati cifrati con la chiave andranno perduti.
+ </div></div></div><div class="para">
+ Per trovare l'ID della chiave controllare alla colonna Key ID. In molti casi se richiesto si dovrebbe anteporre "0x" all'ID come in "0x6789ABCD". Si raccomanda di creare una copia di backup della chiave e di custodirla in un luogo sicuro.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">4.2.5.2. Generare chiavi GPG in KDE</h4></div></div></div><div class="para">
+ Avviare il programma KGpg, selezionando <span class="guimenuitem"><strong>Applications > Utilities > Encryption Tool</strong></span>. Se è la prima volta che si usa KGpg, il programma avvia un wizard da cui creare una coppia di chiavi GPG. Occorre inserire il nome, l'indirizzo di posta ed un commento (opzionale). Si può indicare anche una scadenza per la chiave, come pure il grado di robustezza (numero di bit) e l'algoritmo di cifratura. Nella seconda pagina del wizard si richiede di inserire una passphrase, per poter usare la chiave. Al termine del processo di crezione la chiave compare nella finestra principale di <code class="code">KGpg</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si dimentica la passphrase la chiave non può più essere usata e tutti i dati cifrati con la chiave andranno perduti.
+ </div></div></div><div class="para">
+ Per trovare l'ID della chiave controllare alla colonna Key ID. In molti casi se richiesto si dovrebbe anteporre "0x" all'ID come in "0x6789ABCD". Si raccomanda di creare una copia di backup della chiave e di custodirla in un luogo sicuro.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">4.2.5.3. Generare chiavi GPG con un terminale</h4></div></div></div><div class="para">
+ Usare il seguente comando di shell: <code class="code">gpg --gen-key</code>
+ </div><div class="para">
+ Il comando genera una coppia di chiavi, una pubblica ed una privata. I destinatari usano la chiave pubblica per autenticare e/o decifrare le comunicazioni. Distribuire la chiave pubblica alle persone interessate a ricevere comunicazioni autenticate come le mailing list. Il Fedora Documentation Project, per esempio, richiede ai propri partecipanti di indicare la propria chiave GPG nelle propria pagina personale.
+ </div><div class="para">
+ Una serie di prompt condurrano lungo processo di creazione. Per assegnare valori predefiniti basta premere il tasto <code class="code">Invio</code>. Il primo prompt richiede di selezionare il tipo di chiave:
+ </div><div class="para">
+
+<pre class="screen">Si prega di selezionare il tipo di chiave: ⏎ (1) RSA e RSA (predefinito)⏎ (2) DSA e Elgamal⏎ (3) DSA (solo firma)⏎ (4) RSA (solo firma)⏎ Selezione?</pre>
+ In quasi tutti i casi quella predefinita è la scelta corretta. Una chiave RSA permette non solo di firmare le comunicazioni ma anche di criptare i file.
+ </div><div class="para">
+ Quindi scegliere la dimensione della chiave:
+<pre class="screen">Le chiavi RSA dovrebbero avere una lunghezza compresa tra 1024 e 4096 bit. ⏎ Quale lunghezza si preferisce ? (2048)</pre>
+ Ancora, quella predefinita è sufficiente per quasi tutti gli utenti e rappresenta un buon livello di sicurezza.
+ </div><div class="para">
+ Dopodiché scegliere quando scadrà la chiave. E' una buona idea impostare una data di scadenza invece di usare il valore predefinito che è ''none''. Se per esempio l'indirizzo email coperto dalla chiave non è più valido, una data di scadenza avviserà i destinatari di non usare più quella chiave pubblica.
+ </div><div class="para">
+
+<pre class="screen">Si prega di specificare il tempo di validità della chiave.⏎ 0 = la chave non scade ⏎ d = la chiave scade in n giorni ⏎ w = la chiave scade in n settimane ⏎ m = la chiave scade n mesi ⏎ y = la chiave scade in n anni ⏎ La chiave è valida per ? (0)</pre>
+
+ </div><div class="para">
+ Inserendo per esempio <code class="code">1y</code>, la chiave avrà validità di un anno. (Tenere presente che è possibile modificare la scadenza anche successivamente).
+ </div><div class="para">
+ Prima di richiedere altre informazioni, appare il seguente prompt: <code class="code">Is this correct (y/n)?</code> Inserire <code class="code">y</code>, per terminare il processo.
+ </div><div class="para">
+ Successivamente, inserire il proprio nome ed indirizzo email. Ricordare che il processo di creazione di una chiave pubblica serve ad identificare se stessi come persone reali, inserire perciò il proprio nome reale. Non usare alias o nickname che potrebbero mascherare la propria identità.
+ </div><div class="para">
+ Inserire il proprio indirizzo email reale. Se si inserisce un indirizzo fasullo gli altri potrebbero avere dei problemi a rintracciare la chiave pubblica e potrebbe complicare l'autenticazione delle comunicazioni. Se per esempio la chiave GPG è impiegata per far parte della mailing list del Docs Project, inserire la email usata per accedere alla mailing list.
+ </div><div class="para">
+ Nel campo commento inserire alias o altre informazioni a piacere. (Alcune persone usano chiavi differenti per scopi differenti, identificando ciascuna chiave con un commento, come "Ufficio" o "Fedora Project").
+ </div><div class="para">
+ Al prompt di conferma, se tutte le informazioni sono corrette, digitare O per continuare o usare le altre opzioni per risolvere eventuali problemi. Infine inserire una passphrase per proteggere la propria chiave segreta. Il programma <code class="code">gpg</code> richiede di inserire due volte in successione la stessa passphrase, scongiurando errori di battitura.
+ </div><div class="para">
+ A questo punto, <code class="code">gpg</code> genera dei dati random garantendo una chiave segreta (pressocchè) unica. Per aiutare l'applicazione a migliorare la generazione random dei dati può essere efficace durante questa fase, spostare il mouse, digitare sulla tastiera o fare altre operazioni. Una volta completato questo passaggio, le chiavi sono pronte per l'uso:
+ </div><pre class="screen">
+pub 1024D/1B2AFA1C 2005-03-31 luigi votta (Fedora Docs Project) <lewis41 at fedoraproject.org>
+Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
+sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+</pre><div class="para">
+ Key fingerprint (impronta digitale) è una breve "firma" della propria chiave. Essa permette di confermare ai destinatari di aver ricevuto la chiave senza alcuna manomissione. Non occorre ricordare la propria fingerprint. Per visualizzarla basta usare il comando <code class="code"> gpg --fingerprint lewis41 at fedoraproject.org</code>.
+ </div><div class="para">
+ La "GPG key ID" (ID della chiave GPG) è composta da 8 numeri esadecimali (base 16: 0-F). Nell'esempio precedente l'ID della chiave GPG, è pari a 1B2AFA1C. In molte situazioni quando viene richiesto il proprio ID della chiave GPG, occorre anteporre il simbolo "0x" all'ID, come in "0x1B2AFA1C".
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si dimentica la passphrase la chiave non può più essere usata e tutti i dati cifrati con la chiave andranno perduti.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">4.2.5.4. Usare GPG con Alpine</h4></div></div></div><div class="para">
+ Se si usa il client di posta <span class="application"><strong>Alpine</strong></span> o <span class="application"><strong>Pine</strong></span>, per usare GPG occorre installare il pacchetto <span class="package">ez-pine-gpg</span> scaricabile da <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a>. Una volta installato, occorre modificare il file <code class="filename">~/.pinerc</code>. Ossia:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ il path <code class="filename">/home/username/bin</code> deve essere sostituito con il path del pacchetto installato
+ </div></li><li class="listitem"><div class="para">
+ individuare i due gpg-identifier dopo la stringa _RECIPIENTS_, e sostituirli con l'ID della chiave GPG. In questo modo spedendo un messaggio cifrato a qualcuno, il messaggio viene cifrato anche con la propria chiave; senza questa impostazione non sarebbe possibile leggere il messaggio nella cartella dei messaggi inviati.
+ </div></li></ol></div><div class="para">
+ La modifica dovrebbe assomigliare a qualcosa di simile:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">4.2.5.5. Usare GPG con Evolution</h4></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">4.2.5.5.1. Configurare GPG per l'uso con Evolution</h5></div></div></div><div class="para">
+ Per configurare GPG in <span class="application"><strong>Evolution</strong></span>, dal menu di <span class="application"><strong>Evolution</strong></span> selezionare <span class="guimenu"><strong>Modifica > </strong></span> → <span class="guisubmenu"><strong> > Preferenze</strong></span>. Nella finestra delle <span class="guilabel"><strong>Preferenze di Evolution</strong></span>, selezionare nel pannello di sinistra <span class="guilabel"><strong>Account di posta</strong></span>. Nel pannello di destra selezionare l'account di posta che si vuole autenticare. Poi premere il pulsante <span class="guibutton"><strong>Modifica</strong></span>. Nella finestra delle impostazioni <span class="guilabel"><strong>Editor account</strong></span>, selezionare la scheda <span class="guilabel"><strong>Sicurezza</strong></span>.
+ </div><div class="para">
+ Nel campo di testo etichettato <span class="guilabel"><strong>ID della chiave PGP/GPG</strong></span>, inserire l'ID della chiave GPG corrispondente a questo account di posta. Un metodo per scoprire l'ID della chiave è usare questo comando in un terminale: <code class="command">gpg --fingerprint EMAIL_ADDRESS</code>. L'ID della chiave coincide con gli ultimi otto caratteri (4 byte) del fingerprint della chiave. Può essere una buona idea abilitare anche la casella con l'etichetta <span class="guilabel"><strong>Cifrare sempre per se stessi quando si inviano messaggi cifrati</strong></span>. Si potrebbe anche abilitare la casella <span class="guilabel"><strong>Firmare sempre i messaggi in uscita quando si usa questo account</strong></span>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se le chiavi pubbliche non vengono contrassegnate come fidate non sarà possibie cifrare le email, a meno di non selezionare l'opzione <span class="guilabel"><strong>Dare sempre fiducia nel cifrare alle chiavi nel portachiavi personale</strong></span>. In tal caso si riceve un messaggio in cui si segnala il fallimento della verifica di fiducia.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">4.2.5.5.2. Verificare le email con Evolution</h5></div></div></div><div class="para">
+ Evolution verifica automaticamente la validità di ogni messaggio ricevuto. Se Evolution non riesce a verificare la firma GPG di un messaggio a causa di una chiave pubbilca mancante (o manomessa), nella parte in basso del messaggio compare una banda rossa. Se il messaggio è stato verificato ma la chiave non risulta firmata nè localmente nè globalmente, il banner è di colore giallo. Se il messaggio è stato verificato e la chiave risulta firmata, il banner è verde. Cliccando sull'icona con il sigillo all'interno del banner, Evolution visualizza una finestra con informazioni di sicurezza sulla firma. Per aggiungere una chiave pubblica al proprio porta chiavi personale, usare la funzione di ricerca e l'indirizzo email del proprietario della chiave: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>. Per importare la chiave corretta occorre che l'ID della chiave coincida con le informazioni fornite da Evolution.
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">4.2.5.5.3. Firmare e cifrare email con Evolution</h5></div></div></div><div class="para">
+ Firmare una email consente al destinatario di verficare l'autenticità della email, ossia del mittente. Il Fedora Project incoraggia caldamente i propri utenti a firmare le email, incluse quelle indirizzate alle mailing list dei vari progetti Fedora. Cifrare le email consente di leggere il loro contenuto soltanto ai destinatari, per questo motivo non cifrare le email inviate alle mailing list.
+ </div><div class="para">
+ Nelle impostazioni dell'account selezionare la scheda <span class="guilabel"><strong>Sicurezza</strong></span>. Per firmare le proprie email inserire nella casella di testo con l'etichetta <span class="guilabel"><strong>ID della chiave PGP/GPG</strong></span>, l'ID della propria chiave. Per cifrare le email, abilitare la casella con l'etichetta <span class="guilabel"><strong>Cifrare sempre per stessi quando si inviano messaggi cifrati</strong></span>. Un messaggio cifrato può anche essere firmato ed è una buona regola farlo. Al momento dell'invio di una email firmata Evolution richiede di inserire la passphrase per la chiave GPG (dopo tre tentativi falliti Evolution segnala un messaggio di errore). Se si abilita la casella con l'etichetta <span class="guilabel"><strong>Ricorda la password per il resto della sessione</strong></span>, non occorrere reinserire la passphrase per firmare o decifrare email nelle volte successive, a meno di non chiudere e riavviare una nuova
sessione.
+ </div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">4.2.5.6. Usare GPG con Thunderbird</h4></div></div></div><div class="para">
+ Fedora include Mozilla Thunderbird nel pacchetto <span class="package">thunderbird</span>, ed il pacchetto <span class="package">mozilla-mail</span> contenente l'applicazione di posta di Mozilla. Thunderbird è il client di posta raccomandato di Mozilla. Thunderbird è accessibile da <span class="guimenuitem"><strong>Applicazioni > Internet > Thunderbird Email</strong></span>.
+ </div><div class="para">
+ I prodotti Mozilla supportano varie estensioni, componenti che aggiungono nuove funzionalità alle applicazioni principali. Le estensioni Enigmail offrono supporto GPG ai client di posta di Mozilla. Esistono versioni di Enigmail sia per Mozilla Thunderbird sia per Mozilla Suite (Seamonkey). Il software Netscape di AOL è basato sui prodotti Mozilla e può usare queste estensioni.
+ </div><div class="para">
+ Per installare Enigmail su Fedora seguire le seguenti istruzioni.
+ </div><div class="para">
+ Enigmail usa il termine OpenPGP nei menu e tra le opzioni. GPG è una implementazione di OpenPGP ed entrambe le terminologie possono considerarsi equivalenti.
+ </div><div class="para">
+ Enigmail si può scaricare da <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a>.
+ </div><div class="para">
+ Per screenshot sull'impiego di Enigmail e GPG visitare <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">4.2.5.6.1. Installazione di Enigmail</h5></div></div></div><div class="para">
+ Enigmail è anche disponibile nei repository di Fedora e può essere installato usando il comando <code class="code">yum install thunderbird-enigmail</code> in un terminale. In alternativa si può procedere con l'ausilio grafico del Gestore dei pacchetti, selezionando <span class="guilabel"><strong>Sistema -> Amministrazione -> Aggiungi/Rimuovi Software</strong></span> dal menu principale, e installando il pacchetto denominato <span class="package">thunderbird-enigmail</span>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">4.2.5.7. Sulla crittografia a chive pubblica</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">Wikipedia - Crittografia asimmetrica</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://computer.howstuffworks.com/encryption.htm">How Encryption Works</a>
+ </div></li></ol></div></div></div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-General_Principles_of_Information_Security" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 5. Principi generali di Sicurezza dell'Informazione</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Consigli, guide e strumenti</a></span></dt></dl></div><div class="para">
+ I seguenti principi generali offrono una panoramica sulle buone pratiche di sicurezza:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cifrare i dati trasmessi in rete per ridurre gli attacchi tipo man-in-the-middle e le possibilità di intercettazione. E' particolarmente importante cifrare le informazioni di autenticazione come le password.
+ </div></li><li class="listitem"><div class="para">
+ minimizzare la quantità di software installato e dei servizi in esecuzione.
+ </div></li><li class="listitem"><div class="para">
+ usare software e strumenti che aumentino la sicurezza come Security-Enhanced Linux (SELinux) per controlli MAC (Mandatory Access Control), iptables di Netfilter per il filtraggio di pacchetti (firewall) e GNU Privacy Guard (GnuPG) per cifrare file.
+ </div></li><li class="listitem"><div class="para">
+ eseguire se possibile, ogni servizio di rete su un server differente per minimizzare il rischio che la compromissione di un servizio possa essere usato per compromettere anche altri servizi.
+ </div></li><li class="listitem"><div class="para">
+ mantenere gli account utenti: creare e rinforzare la policy delle password; eliminare gli account utente non usati.
+ </div></li><li class="listitem"><div class="para">
+ controllare regolarmente i log di sistema e delle applicazioni. Per impostazione, gli avvisi (log) di sistema relativi alla sicurezza sono salvati nei file <code class="filename">/var/log/secure</code> e <code class="filename">/var/log/audit/audit.log</code>. Nota: la trasmissione dei log su un server dedicato serve ad impedire che gli attaccanti possano facilmente modificare i log locali eliminando le tracce dei loro tentativi di intrusione.
+ </div></li><li class="listitem"><div class="para">
+ non accedere mai direttamente come root a meno che non sia assolutamente necessario. Gli amministratori dovrebbero usare <code class="command">sudo</code> per eseguire comandi root. Gli account che possono usare <code class="command">sudo</code> sono specificati in <code class="filename">/etc/sudoers</code>. Usare lo strumento <code class="command">visudo</code> per modificare il file <code class="filename">/etc/sudoers</code>.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Consigli, guide e strumenti</h2></div></div></div><div class="para">
+ L'agenzia statunitense <a href="www.nsa.gov">NSA</a> (National Security Agency), fornisce fondamentali guide e consigli per molti sitemi operativi, per aiutare le agenzie governative, le aziende e gli individui a rendere sicuri i propri sistemi da attacchi informatici. Per esempio, le seguenti guide in formato PFD, sono dedicate al sistema Red Hat Enterprise Linux 5:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf">Hardening Tips for the Red Hat Enterprise Linux 5</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf">Guide to the Secure Configuration of Red Hat Enterprise Linux 5</a>
+ </div></li></ul></div><div class="para">
+ L'agenzia <a href="http://www.disa.mil/">DISA</a> (Defense Information Systems Agency), fornisce documenti, checklist e test (<a href="http://iase.disa.mil/index2.html">I.A.S.E.</a> o Information Assurance Support Environment), che aiutano a rendere sicuro il proprio sistema. <a href="http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf">U.S.T.I.G.</a> (pdf) o Unix Security Technical Implementation Guide, è una guida sulla sicurezza in UNIX - una guida per utenti avanzati di UNIX e Linux.
+ </div><div class="para">
+ Il pacchetto <a href="http://iase.disa.mil/stigs/downloads/zip/unclassified_unix_checklist_v5r1-26_20100827.zip">UNIX Security Checklist Version 5, Release 1.26</a> fornito dalla DISA, contiene una raccolta di documenti e checklist che vanno dai permessi da assegnare ai file ai controlli da fare sul sistema.
+ </div><div class="para">
+ Inoltre, la DISA ha reso disponibile degli script <a href="http://iase.disa.mil/stigs/SRR/unix.html">UNIX SPR</a> che permettono agli amministratori di controllare specifiche impostazioni di sistema. Questi script elencano in un rapporto, in formato XML, tutte le vulnerabilità note presenti nel sistema.
+ </div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Secure_Installation" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 6. Installazione sicura</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Partizioni del disco</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilizzo di LUKS</a></span></dt></dl></div><div class="para">
+ La sicurezza inizia nel momento in cui si inserisce il CD o DVD nel lettore per installare Fedora. Configurare il sistema in modo sicuro dall'inizio, semplifica l'implementazione di ulteriori impostazioni di sicurezza successive.
+ </div><div class="section" id="sect-Security_Guide-Secure_Installation-Disk_Partitions"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Partizioni del disco</h2></div></div></div><div class="para">
+ L'NSA raccomanda di creare partizioni separate per /boot, /, /home, /tmp e /var/tmp. Le motivazioni di questa scelta sono le seguenti:
+ </div><div class="para">
+ /boot - Questa partizione è la prima ad essere letta dal sistema durante la fase di avvio del sistema. Il boot loader e le immagini kernel usate per avviare il sistema Fedora, si trovano in questa partizione. La partizione non dovrebbe essere cifrata. Se i dati di questa partizione fossero inclusi in / e quest'ultima venisse cifrata o diventasse inutilizzabile allora il sistema non sarebbe capace di avviarsi.
+ </div><div class="para">
+ /home - Se i dati utente si trovassero in / invece che in una partizione separata, la partizione si riempirebbe a tal punto da portare all'instabilità del sistema operativo. Inoltre, l'up-grade del sistema è molto più semplice se i dati utente si trovano nella proporia partizione di /home, in quanto essi non vengono modificati durante l'aggiornamento di Fedora. Inoltre, se la partizione / si corrompe tutti i dati utente potrebbero, molto probabilmente, andare perduti per sempre. Invece una partizione separata garantisce una migliore protezione contro la perdita dei dati. In tal modo si possono anche programmare backup regolari di questa partizione.
+ </div><div class="para">
+ /tmp e /var/tmp - Sia la directory /tmp sia la directory /var/tmp sono usate per contenere i dati temporanei, cioè che non hanno una lunga durata. Inoltre, se un flusso di dati satura una di queste directory esso potrebbe riempire tutto lo spazio disponibile. In tal caso e se le directory si trovassero in / il sistema diventerebbe presto instabile e ci sarebbe un crash. Per questo motivo è una buona idea realizzare partizioni separate per queste directory.
+ </div></div><div class="section" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilizzo di LUKS</h2></div></div></div><div class="para">
+ A partire da Fedora 9 l'implementazione del sistema di cifratura del disco, <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">LUKS</a> (Linux Unified Key Setup), è diventato più semplice. Durante il processo di installazione l'utente ha la possibilità di cifrare le proprie partizioni. L'utente deve fornire una passphrase che sarà la chiave per sbloccare la chiave di cifratura usata per rendere più sicuri i dati della partizione.
+ </div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Software_Maintenance" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 7. Manutenzione del software</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Installare il software indispensabile</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Pianificare e configurare gli aggiornamenti di sicurezza</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Regolare gli aggiornamenti automatici</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Installare pacchetti firmati da repository fidati<
/a></span></dt></dl></div><div class="para">
+ La manutenzione del software è estremente importante per mantenere sicuro un sistema. E' di vitale importanza applicare patch (correzioni) ai programmi appena si rendono disponibili, in modo da impedire agli attaccanti di sfruttare le falle scoperte per infiltrarsi nel sistema.
+ </div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Installare il software indispensabile</h2></div></div></div><div class="para">
+ E' una buona pratica installare soltanto i pacchetti dei programmi usati, dato che ogni pezzo di codice potrebbe contenere una vulnerabilità. Se si installa da un DVD si ha la possibilità di selezionare esattamente i pacchetti da installare. Poi una volta installato il sistema, se si ha la necessità di altri programmi essi possono sempre essere installati successivamente.
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Pianificare e configurare gli aggiornamenti di sicurezza</h2></div></div></div><div class="para">
+ Il software in generale contiene bug. Spesso, questi bug possono risultare in una vulnerabilità tale da esporre il sistema agli attacchi di utenti maliziosi. I sistemi non aggiornati con patch di sicurezza sono una causa comune di intrusione. Si dovrebbe pianificare di installare, con regolarità, patch di siucrezza per rimuovere tali vulnerabilità.
+ </div><div class="para">
+ Per gli utenti domestici gli aggiornamenti di sicurezza dovrebbero essere installati appena possibile. Configurare l'installazione automatica degli aggiornamenti di sicurezza è un modo per evitare di dimenticarsene, anche se talvolta può comportare il rischio che si possano creare conflitti con la configurazione o altri software nel sistema.
+ </div><div class="para">
+ Per gli utenti business o gli utenti domestici con esperienza, gli aggiornamenti di siucrezza dovrebbero essere testati e programmati. Ulteriori misure a protezione del sistema dovrebbero essere prese durante il periodo tra il rilascio delle patch e la loro installazione. Queste misure dipenderanno dal rischio effettivo della vulnerabilità e potrebbero includere regole di firewall aggiuntive, l'uso di firewall esterni o modifche alle impostazioni software.
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Regolare gli aggiornamenti automatici</h2></div></div></div><div class="para">
+ Fedora è configurata per applicare gli aggiornamenti su base giornaliera. Per modificare questa impostazione occorre aprire la finestra <span class="guimenuitem"><strong>Preferenze di aggiornamento</strong></span>. E' possibile impostare ogni quanto tempo controllare la disponibilità di aggiornamenti, il tipo di aggiornamenti da applicare e se avvisare o meno della disponibilità di aggiornamenti.
+ </div><div class="para">
+ In GNOME, i controlli per gli aggiornamenti si trovano selezionando <code class="code">Sistema -> Preferenze -> Aggiornamento Software</code>. In KDE, si trovano selezionando: <code class="code">Applications -> Settings -> Software Updates</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Installare pacchetti firmati da repository fidati</h2></div></div></div><div class="para">
+ I pacchetti software sono resi pubblici attraverso repository. Tutti i repository fidati supportano la firma dei pacchetti che usa la tecnologia a chiave pubblca per garantire che i pacchetti pubblicati nel repository non abbiano subito manomissioni dal momento della loro firma. Ciò serve a evitare di installare software che potrebbe essere stato maliziosamente alterato in seguito alla sua pubblicazione.
+ </div><div class="para">
+ Usare troppi repository, repository non fidati o repository con pacchetti privi di firma aumenta il rischio di introdurre nel proprio sistema, codice malizioso o vulnerabile. Aggiungere con prudenza i repository al gestore del software <span class="application"><strong>yum</strong></span>.
+ </div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-CVE" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 8. Common Vulnerabilities and Exposures</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin">8.1. Plugin YUM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Usare yum-plugin-security </a></span></dt></dl></div><div class="para">
+ Il sistema CVE o Common Vulnerabilities and Exposures (Vulnerabilità ed Esposizioni Comuni), offre un sistema di riferimento per vulnerabilità e falle di sicurezza note pubblicamente. ITRE Corporation gestisce il sistema con fondi del National Cyber Security Division del Department of Homeland Security degli Stati Uniti d'America.
+ </div><div class="para">
+ MITRE Corporation assegna un identificatore CVE ad ogni vulnerabilità o falla di sicurezza. Il CVE è usato per tracciare la vulnerabilità nei vari pezzi di codice, dato che una singolo CVE può interessare diversi pacchetti software e diversi rivenditori.
+ </div><div class="section" id="sect-Security_Guide-CVE-yum_plugin"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin">8.1. Plugin YUM</h2></div></div></div><div class="para">
+ Il pacchetto <span class="package">yum-plugin-security</span> è una caratteristica di Fedora. Se installato, questo modulo di yum fa in modo di recuperare soltanto gli aggiornamenti di sicurezza. Può essere usato anche per fornire informazioni sull'avviso Red Hat, sul bug nel database di Bugzilla Red Hat o sul numero di CVE dalla directory del MITR, cui fa riferimento l'aggiornamento di un pacchetto.
+ </div><div class="para">
+ Per abilitare questa caratterisitica basta semplicemente installare il plugin con il comando <code class="command">yum install yum-plugin-security</code>.
+ </div></div><div class="section" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Usare yum-plugin-security </h2></div></div></div><div class="para">
+ Il principale comando di questo plugin è <code class="command">yum list-sec</code>. E' molto simile a <code class="command">yum check-update</code> con la differenza che elenca anche l'ID di Red Hat dell'avviso ed il tipo di ciascun aggiornamento come “enhancement” (miglioramento), “bugfix” (risoluzione) o “security” (sicurezza):
+ </div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Se si usa <code class="command">yum list-sec cves</code>, l'ID Red Hat è rimpiazzato dall'ID in CVE dell'avviso cui fa riferimento l'aggiornamento; se si usa <code class="command">yum list-sec bzs</code> l'ID si riferisce a quello in Bugzilla di Red Hat. Se un pacchetto si riferisce a ID multipli in Bugzilla o CVE, il pacchetto potrebbe essere elencato più volte:
+ </div><div class="para">
+ Ecco un tipico esempio d'output di <code class="command">yum list-sec bzs</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>387431 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>345101 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Un esempio d'output di <code class="command">yum list-sec cves</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ L'altro comando disponibile in <span class="package">yum-plugin-security</span> è <code class="command">info-sec</code>. Esso accetta un numero d'avviso come argomento, un ID CVE o Bugzilla e restituisce informazioni dettagliate sull'avviso, inclusa una breve argomentazione sulla natura del problema o dei problemi sollevati dall'avviso.
+ </div><div class="para">
+ Oltre a questi due nuovi comandi sono disponibili anche nuove opzioni nel comando <code class="command">yum update</code>, per selezionare solo aggiornamenti di sicurezza o solo aggiornamenti associati ad un avviso o bug.
+ </div><div class="para">
+ Per applicare solo aggiornamenti di sicurezza, usare:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --security</code></td></tr></table>
+
+ </div><div class="para">
+ Per applicare tutti gli aggiornamenti al Bug #410101 di Bugzilla, eseguire:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --bz 410101</code></td></tr></table>
+
+ </div><div class="para">
+ Per applicare tutti gli aggiornamenti relativi all'avviso di CVE con ID CVE-2007-5707 e gli aggiornamenti relativi all'avviso di Red Hat con ID RHSA-2007:1082-5, eseguire:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5</code></td></tr></table>
+
+ </div><div class="para">
+ Maggiori informazioni su queste nuove capacità sono presenti nelle pagine man(8) del pacchetto <span class="package">yum-plugin-security</span>.
+ </div><div class="para">
+ Per maggiori informazioni sugli aggiornamenti di sicurezza in Fedora, si prega di visitare la pagina Fedora Security al seguente link <a href="https://fedoraproject.org/wiki/Security">https://fedoraproject.org/wiki/Security</a>.
+ </div></div></div><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-References" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 9. Riferimenti</h2></div></div></div><div class="para">
+ I seguenti riferimenti sono collegamenti ad ulteriori informazioni rilevanti in SELinux e Fedora ma che esulano dagli scopi di questa guida. Notare che dato il rapido sviluppo di SELinux, alcuni materiali potrebbero applicarsi solo a specifiche versioni di Fedora.
+ </div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>Libri</h6><dl><dt class="varlistentry"><span class="term">SELinux by Example</span></dt><dd><div class="para">
+ Mayer, MacMillan, and Caplan
+ </div><div class="para">
+ Prentice Hall, 2007
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Tutorials_and_Help"><h6>Tutorial ed aiuto</h6><dl><dt class="varlistentry"><span class="term">Understanding and Customizing the Apache HTTP SELinux Policy</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-apache-fc3/">http://docs.fedoraproject.org/selinux-apache-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Tutorials and talks from Russell Coker</span></dt><dd><div class="para">
+ <a href="http://www.coker.com.au/selinux/talks/ibmtu-2004/">http://www.coker.com.au/selinux/talks/ibmtu-2004/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Generic Writing SELinux policy HOWTO</span></dt><dd><div class="para">
+ <a href="http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html">http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Red Hat Knowledgebase</span></dt><dd><div class="para">
+ <a href="http://kbase.redhat.com/">http://kbase.redhat.com/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-General_Information"><h6>Informazioni generali</h6><dl><dt class="varlistentry"><span class="term">Sito web NSA SELinux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/selinux/</a>
+ </div></dd><dt class="varlistentry"><span class="term">NSA SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/faqs.shtml">http://www.nsa.gov/selinux/info/faq.cfm</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html">http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux NSA's Open Source Security Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.oreilly.com/catalog/selinux/">http://www.oreilly.com/catalog/selinux/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Technology"><h6>Tecnologia</h6><dl><dt class="varlistentry"><span class="term">Una introduzione a Object Classes and Permissions</span></dt><dd><div class="para">
+ <a href="http://www.tresys.com/selinux/obj_perms_help.html">http://www.tresys.com/selinux/obj_perms_help.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Integrating Flexible Support for Security Policies into the Linux Operating System (una retrospettiva sull'implementazione di Flask in Linux)</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf">http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">Implementing SELinux as a Linux Security Module</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">A Security Policy Configuration for the Security-Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml">http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Community"><h6>Community</h6><dl><dt class="varlistentry"><span class="term">Fedora SELinux User Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-user-guide/">http://docs.fedoraproject.org/selinux-user-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux Managing Confined Services Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide/">http://docs.fedoraproject.org/selinux-managing-confined-services-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux community page</span></dt><dd><div class="para">
+ <a href="http://selinux.sourceforge.net">http://selinux.sourceforge.net</a>
+ </div></dd><dt class="varlistentry"><span class="term">IRC</span></dt><dd><div class="para">
+ irc.freenode.net, #selinux, #fedora-selinux, #security
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-History"><h6>Storia</h6><dl><dt class="varlistentry"><span class="term">Quick history of Flask</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Full background on Fluke (Flux µ-kernel Environment)</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
+ </div></dd></dl></div></div><div xml:lang="it-IT" class="appendix" id="chap-Security_Guide-Encryption_Standards" lang="it-IT"><div class="titlepage"><div><div><h1 class="title">Standard di crittografia</h1></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm85255024">A.1. Crittografia sincrona</h2></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm61300624">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ In crittografia, lo standard AES (Advanced Encryption Standard) è un algoritmo di cifratura standard adottato dal governo degli Stati Uniti d'America. Lo standard prevede tre blocchi di cifratura, AES-128, AES-192 e AES-256, adottati da una collezione più larga originariamente nota come Rijndael. Ciascuna blocco di cifratura di 128 bit ha chiavi da 128, 192 e 256 bit, rispettivamente. Le cifrature AES sono state ampiamente analizzate e ora sono usate in tutto il mondo in sostituzione del suo predecessore il DES (Data Encryption Standard).<sup>[<a id="idm3156352" href="#ftn.idm3156352" class="footnote">15</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm101571168">A.1.1.1. Usi dell'AES</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm70443760">A.1.1.2. Storia dell'AES</h4></div></div></div><div class="para">
+ L'AES è stato annunciato dal NIST (National Institute of Standards and Technology), nel U.S. FIPS PUB 197 (FIPS 197) il 26 novembre del 2001, dopo un periodo di standardizzazione durato cinque anni, in cui quindici progetti alternativi sono stati analizzati e studiati, riconoscendo il Rijndael come il più adatto (vedere il processo di sviluppo dell'Advanced Encryption Standard, per maggiori dettagli). L'AES è divenuto uno standard effettivo il 26 maggio 2002. E' disponibile in diversi pacchetti di cifratura. L'AES è il primo algoritmo di cifratura pubblicamente accessibile ed aperto, approvato dall'NSA per proteggere informazioni top secret. <sup>[<a id="idm80751600" href="#ftn.idm80751600" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ L'algoritmo di cifratura Rijndael è stato progettato da due progettisti belgi, Joan Daemen e Vincent Rijmen. Il nome Rijndael è una parola composta da parti di nome dei due inventori.<sup>[<a id="idm77899360" href="#ftn.idm77899360" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm71479952">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ Lo standard DES (Data Encryption Standard), è un cifrario a blocchi, scelto dal National Bureau of Standards degli Stati Uniti d'America, come standard per cifrare le informazioni delle agenzie federali (o FIPS: Federal Information Processing Standard), a partire dal 1976 e poi adottato globalmente da altri Stati. Il DES si basa su un algoritmo di cifratura a chiave simmetrica di 56 bit. L'algoritmo fin dai suoi esordi presentava diverse difficoltà nei suoi elementi progettuali con una chiave relativamente corta e il sospetto di manomissioni da parte dell'NSA (National Security Agency). Conseguentemente il DES divenne oggetto di approfondite anailsi da parte di numerose università che portarono alle attuali conoscenze sugli algoritmi di crittografia e sulle tecniche di crittoanalisi.<sup>[<a id="idm73337168" href="#ftn.idm73337168" class="footnote">18</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm68272928">A.1.2.1. Usi del DES</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm68271488">A.1.2.2. Storia del DES</h4></div></div></div><div class="para">
+ Il DES è ufficialmente riconosciuto come insicuro per molte applicazioni, principlamente a causa della scarsa lunghezza della chiave, 56 bit. Nel gennaio 1999 due agenzie, la Distributed.net e la Electronic Frontier Foundation collaborarono insieme, per forzare pubblicamente una chiave DES in circa 22 ore e 15 minuti. Inoltre esistono diversi studi teorici, di difficile implementazione pratica, che dimostrano la debolezza dell'algoritmo di cifratura. L'algoritmo acquista maggiore sicurezza pratica nella forma di Triple DES, persistendo tuttavia la sua vulnerabilità teorica. In tempi recenti, il DES è stato superato e sostituito dall'AES (Advanced Encryption Standard).<sup>[<a id="idm99683392" href="#ftn.idm99683392" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ In alcuni documenti, DES può indicare lo standard di cifratura o indicare l'algoritmo, detto DEA (the Data Encryption Algorithm).<sup>[<a id="idm96056912" href="#ftn.idm96056912" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm69853616">A.2. Cifratura a chiave pubblica</h2></div></div></div><div class="para">
+ La crittografia a chiave pubblica è un algoritmo di cifratura, la cui caratteristica distintiva è l'uso di algoritmi a chiave asimmetrica in sostituzione o in aggiunta agli algoritmi a chiave simmetrica. Grazie all'uso delle tecniche di crittografia a chiave pubblica, sono diventati disponibili molti metodi pratici per proteggere le comunicazioni o per autenticare i messaggi. Essi non richiedono uno scambio iniziale sicuro di una o più chiavi segrete, come richiesto dagli algoritmi a chive simmetrica. Inoltre questi algoritmi di cifratura possono essere usati per creare firme digitali sicure.<sup>[<a id="idm69851936" href="#ftn.idm69851936" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ La crittografia a chiave pubblica è una tecnologia che si è diffusa in tutto il mondo ed è alla base di standard di comunicazioni e di autenticazioni usati in Internet, come TLS o Transport Layer Security, il successore di SSL, PGP e GPG.<sup>[<a id="idm85317824" href="#ftn.idm85317824" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ La tecnica che contraddistingue la crittografia a chiave pubblica è l'uso degli algoritmi a chiave asimmetrica, in cui la chiave usata per cifrare un messaggio non è la stessa per la sua decifrazione. Ogni utente ha una coppia di chiavi — una pubblica ed una privata. La chiave privata è tenuta segreta mentre l'altra è pubblicamente distribuita. I messaggi sono cifrati con la chiave pubblica e possono essere decifrati soltanto con la chiave privata corrispondente. Le chiavi sono matematicamente correllate tra loro ma la chiave privata non può essere facilmente ricavata, in termini di tempo e risorse dalla pubblica. Grazie alla sua invenzione, a partire dalla metà degli anni '70 del secolo scorso, si è sviluppata la crittografia informatica.<sup>[<a id="idm97632704" href="#ftn.idm97632704" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ In contrasto, gli algoritmi a chiave simmetrica di cui esistono innumerevoli varianti inventate nel corso di centinaia di anni, usano una unica chiave segreta, condivisa, usata sia per cifrare sia per decifrare. In questo schema di cifratura, la chiave segreta deve essere condivisa in anticipo.<sup>[<a id="idm86676752" href="#ftn.idm86676752" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ Poichè gli algoritmi a chiave simmetrica sono meno avidi di risorse di calcolo, è pratica comune scambiare una chiave usando un algoritmo di scambio chiavi, e cifrare i dati usando questa chiave ed un algoritmo a chiave simmetrica. PGP e la famiglia di protocolli SSL/TLS per esempio, usando questo schema e perciò vengono detti sistemi di cifratura ibridi.<sup>[<a id="idm68926672" href="#ftn.idm68926672" class="footnote">25</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm68924496">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Lo scambio di chiavi D-H (Diffie–Hellman) è un protocollo di crittografia, che consente a due interlocutori di scambiarsi tra loro una chiave condivisa segreta, su una rete non sicura. Questa chiave può essere usata per cifrare le successive comunicazioni usando un sistema di cifratura simmetrico. <sup>[<a id="idm103859776" href="#ftn.idm103859776" class="footnote">26</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm69714016">A.2.1.1. Storia del protocollo D-H</h4></div></div></div><div class="para">
+ Lo schema è stato pubblicato la prima volta da Whitfield Diffie e Martin Hellman nel 1976, sebbene si scoprì più tardi fosse già stato inventato alcuni anni prima all'interno del GCHQ (l'agenzia britannica della sicurezza, nonché dello spionaggio e controspionaggio), da parte di Malcolm J. Williamson, ma fino allora tenuto secretato. Nel 2002, Hellmann suggerì di denominare l'algoritmo scambio di chiavi Diffie–Hellman–Merkle, come riconoscimento al contributo apportato da parte di Ralph Merkle, all'invenzione della crittografia a chiave pubblica.<sup>[<a id="idm69712368" href="#ftn.idm69712368" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Sebbene lo scambio di chiavi Diffie-Hellman sia un protocollo di scambio anonimo (non-autenticato), esso fa da base per una varietà di protocolli di autenticazione.<sup>[<a id="idm60810528" href="#ftn.idm60810528" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ Il documento U.S. Patent 4,200,770, descrive l'algoritmo accreditando l'invenzione a Hellman, Diffie, e Merkle..<sup>[<a id="idm88360464" href="#ftn.idm88360464" class="footnote">29</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm64996000">A.2.2. RSA</h3></div></div></div><div class="para">
+ In crittografia, l'RSA (RSA sta per Rivest, Shamir e Adleman che per primi lo descrissero pubblicamente), è un algoritmo di crittografia a chiave pubblica. E' il primo algoritmo noto per essere impiegato sia per autenticare sia per cifrare e la sua invenzione ha segnato il primo vero passo in avanti, nel campo della crittografia. L'RSA è ampiamente impiegato nei protocolli di comunicazione digitali, commerciali ed è considerato abbastanza sicuro con l'impiego di chiavi molto lunghe e con implementazioni moderne.<sup>[<a id="idm84428800" href="#ftn.idm84428800" class="footnote">30</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm107111296">A.2.3. DSA</h3></div></div></div><div class="para">
+ Il DSA (Digital Signature Algorithm) è uno standard di autenticazione digitale del Governo Federale degli Stati Uniti d'America (o FIPS). E' stato proposto dal NIST (National Institute of Standards and Technology), nell' agosto del 1991 per il suo impiego come standard (Digital Signature Standard o DSS) ed adottato nel 1993, specificato come FIPS 186. Una revisione minore compare nel 1996 specificato come FIPS 186-1. Lo standard è stato ulteriormente esteso nel 2000 come FIPS 186-2 e successivamente nel 2009 come FIPS 186-3.<sup>[<a id="idm107109648" href="#ftn.idm107109648" class="footnote">31</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm88919376">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ Il TLS (Transport Layer Security) ed il suo predecessore, l'SSL (Secure Socket Layer), sono due protocolli di crittografia che assicurano la sicurezza delle comunicazioni, su reti non fidate come Internet. TLS ed SSL cifrano i segmenti ai capi delle connessioni, al livello del Transport Layer. Diverse versioni del protocollo sono ampiamente impiegate in applicazioni come browser web, client di posta elettronica, fax via Internet, client di chat e applicazioni VoIP (Voice over IP). TLS è un protocollo standard sostenuto dall'IETF, il cui ultimo aggiornamento si trova nel documento RFC 5246, basato sulle precedenti specifiche di SSL, sviluppate da Netscape Corporation.
+ </div><div class="para">
+ Il protocollo TLS permette alle applicazioni client/server di comunicare attraverso una rete, impedendo le intercettazioni e le manomissioni da parte di terzi. TLS attraverso la crittografia offre autenticazioni e trasmissioni sicure di dati sensibili tra gli endpoint di una rete non fidata, come Internet. TLS permette cifrature RSA sicure con chiavi da 1024 e 2048 bit.
+ </div><div class="para">
+ In un tipico utilizzo di un browser web, l'autenticazione TLS è unilaterale: soltanto il server è autenticato (il client conosce l'identità del server), il client no (il client rimane non autenticato o anonimo).
+ </div><div class="para">
+ Ma TLS supporta anche la più sicura modalità di connessione, bilaterale (tipicamente usata nelle applicazioni enterprise), in cui entrambi gli endpoint della "comunicazione" possono essere sicuri con chi stanno comunicando (a condizione di aver attentamente esaminato le informazioni di identità nel certificato dell'interlocutore). Ciò è nota come mutua autenticazione o 2SSL. La mutua autenticazione richiede che anche il lato client (del TLS) possegga un certificato (con un browser web di solito non si rientra in questo scenario). In alternativa si potrebbero impiegare TLS-PSK, Secure Remote Password (SRP) o altri protocolli in grado di garantire la reciproca autenticazione, in assenza di certificati.
+ </div><div class="para">
+ In genere, le informazioni e i certificati necessari per TLS sono gestiti sotto forma di certificati X.509 che impongono requisiti necessari su dati e sul loro formato.
+ </div><div class="para">
+ Il protocollo SSL opera in maniera modulare. Per impostazione progettuale, risulta estensibile con compatibilità retroattive e future.<sup>[<a id="idm86007696" href="#ftn.idm86007696" class="footnote">32</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm52791664">A.2.5. Il sistema Cramer–Shoup</h3></div></div></div><div class="para">
+ Il sistema Cramer-Shoup è un algoritmo di cifratura a chiave simmetrica che si è dimostrato essere il primo schema efficiente contro attacchi di crittoanalisi basati su assunzioni crittografiche standard. La sua sicurezza deriva dalla intrattabilità computazionale dell'assunzione di Diffie–Hellman. Sviluppato da Ronald Cramer e Victor Shoup nel 1998, esso è una estensione del sistema Elgamal. A differenza di quest'ultimo, estremamente malleabile, Cramer–Shoup aggiunge ulteriori elementi per garantire la non-malleabilità anche contro attacchi molto consistenti. La sua non malleabilità deriva dall'uso di una funzione di hash <span class="emphasis"><em>collision resistance</em></span> e da ulteriore complessità computazionele, risultando in un testo cifrato doppio rispetto a Elgamal. <sup>[<a id="idm94115808" href="#ftn.idm94115808" class="footnote">33</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm76869456">A.2.6. Cifratura ElGamal</h3></div></div></div><div class="para">
+ In crittografia, il sitema ElGamal è un algoritmo di cifratura a chiave pubblica basato sul sistema di scambio di chiavi Diffie-Hellman. E' stato descritto la prima volta da Taher Elgamal nel 1985. La cifratura ElGamal viene usata nel software libero GNU Privacy Guard, in recenti versioni di PGP ed in altri sistemi di crittografia. La cifratura DSA è una variante dello schema di autenticazione ElGamal, da non confondersi con la cifratura ElGamal.<sup>[<a id="idm76867888" href="#ftn.idm76867888" class="footnote">34</a>]</sup>
+ </div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm3156352" href="#idm3156352" class="para">15</a>] </sup>
+ "Advanced Encryption Standard" <span class="emphasis"><em>Wikipedia.</em></span> 28 sett 2010 <a href="http://it.wikipedia.org/wiki/Advanced_Encryption_Standard">http://it.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm80751600" href="#idm80751600" class="para">16</a>] </sup>
+ "Advanced Encryption Standard" <span class="emphasis"><em>Wikipedia.</em></span> 28 sett 2010 <a href="http://it.wikipedia.org/wiki/Advanced_Encryption_Standard">http://it.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm77899360" href="#idm77899360" class="para">17</a>] </sup>
+ "Advanced Encryption Standard" <span class="emphasis"><em>Wikipedia</em></span> 28 sett 2010 <a href="http://it.wikipedia.org/wiki/Advanced_Encryption_Standard">http://it.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm73337168" href="#idm73337168" class="para">18</a>] </sup>
+ "Data Encryption Standard" <span class="emphasis"><em>Wikipedia</em></span> 20 sett 2010 <a href="http://it.wikipedia.org/wiki/Data_Encryption_Standard">http://it.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm99683392" href="#idm99683392" class="para">19</a>] </sup>
+ "Data Encryption Standard" <span class="emphasis"><em>Wikipedia.</em></span> 20 sett 2010 <a href="http://it.wikipedia.org/wiki/Data_Encryption_Standard">http://it.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm96056912" href="#idm96056912" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 20 sett 2010 <a href="http://it.wikipedia.org/wiki/Data_Encryption_Standard">http://it.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm69851936" href="#idm69851936" class="para">21</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm85317824" href="#idm85317824" class="para">22</a>] </sup>
+ "Cifratura a chiave pubblica" <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm97632704" href="#idm97632704" class="para">23</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm86676752" href="#idm86676752" class="para">24</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm68926672" href="#idm68926672" class="para">25</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm103859776" href="#idm103859776" class="para">26</a>] </sup>
+ "Diffie-Hellman" <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm69712368" href="#idm69712368" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm60810528" href="#idm60810528" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm88360464" href="#idm88360464" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm84428800" href="#idm84428800" class="para">30</a>] </sup>
+ "RSA" <span class="emphasis"><em>Wikipedia</em></span> 23 ago 2010 <a href="http://it.wikipedia.org/wiki/RSA">http://it.wikipedia.org/wiki/RSA</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm107109648" href="#idm107109648" class="para">31</a>] </sup>
+ "Digital Signature Algorithm"<span class="emphasis"><em>Wikipedia</em></span> 20 ago 2010 <a href="http://it.wikipedia.org/wiki/Digital_Signature_Algorithm">http://it.wikipedia.org/wiki/Digital_Signature_Algorithm</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm86007696" href="#idm86007696" class="para">32</a>] </sup>
+ "Transport Layer Security" <span class="emphasis"><em>Wikipedia</em></span> 7 ott 2010 <a href="http://it.wikipedia.org/wiki/Transport_Layer_Security">http://it.wikipedia.org/wiki/Transport_Layer_Security</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm94115808" href="#idm94115808" class="para">33</a>] </sup>
+ "Cramer–Shoup cryptosystem" <span class="emphasis"><em>Wikipedia</em></span> 5 October 2010 <a href="http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem">http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm76867888" href="#idm76867888" class="para">34</a>] </sup>
+ "ElGamal encryption" <span class="emphasis"><em>Wikipedia</em></span> 13 October 2010 <a href="http://en.wikipedia.org/wiki/ElGamal_encryption">http://en.wikipedia.org/wiki/ElGamal_encryption</a>
+ </div></div></div></div><div xml:lang="it-IT" class="appendix" id="appe-Publican-Revision_History" lang="it-IT"><div class="titlepage"><div><div><h1 class="title">Cronologia Revisioni</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><strong>Diario delle Revisioni</strong></th></tr><tr><td align="left">Revisione 18.0-1</td><td align="left">Sat October 6 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Sistemato il capitolo Basic Hardening (BZ 841825 e 693620).</td></tr><tr><td>Sistemato il link LUKS (BZ 846299).</td></tr><tr><td>Aggiunta sezione GUI al capitolo 7 Zip (BZ 854781).</td></tr><tr><td>Sistemato capitolo yum-plugin-security (BZ 723282).</td></tr><tr><td>Sistemato GPG CLI command screen (BZ 590493).</td></tr><tr><td>Migliorata sezione Yubikey (BZ 644238).</td></tr><tr><td>Sistemato typos (BZ 863636).</td></tr><tr><td>Rimosso margine wiki in alcuni capitoli.</td></tr><tr><td>Istruzioni Seahorse aggiornate.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 17.0-1</td><td align="left">Tue January 24 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched per Fedora 17.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 16.0-1</td><td align="left">Fri September 09 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiornato per Fedora 16.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.3-1</td><td align="left">Sat Apr 02 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>VPN spostato al capitolo Cifratura e riformattato.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.2-1</td><td align="left">Wed Oct 20 2010</td><td align="left"><span class="author"><span class="firstname">Zach</span> <span class="surname">Oglesby</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto testo per l'utilizzo di Yubikey su Fedora con autenticazione locale. (BZ 644999)</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.2-0</td><td align="left">Fri Oct 6 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Eliminato tutte le variabili nel sorgente del documento.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.1-2</td><td align="left">Fri Oct 1 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretto il link a DISA Unix Checklist ed aggiornato link</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.1-1</td><td align="left">Wed Jul 8 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto il capitolo su CVE</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.0-1</td><td align="left">Fri May 28 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched per Fedora 14</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-7</td><td align="left">Fri May 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rimosso "bug" di testo dal capitolo 7-Zip (bug 591980).</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-6</td><td align="left">Wed Apr 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Completato l'appendice sugli standard di cifratura</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto "Usare GPG in Alpine".</td></tr><tr><td>Aggiunto "Usare con Evolution".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretto alcuni problemi riguardanti alcuni paragrafi non traducibili.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rimosso il riferimento alla vulnerabilità a PackagKit presente in Fedora 12.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto la Cronologia Revisioni alla fine del documento.</td></tr><tr><td>Aggiunto l'appendice "Standard di Cifratura".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 branch.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Ri-aggiornato la sezione "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiornato la sezione "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto la sezione "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto informazioni di Wikipedia all'appendice "Standard di cifratura".</td></tr><tr><td>Aggiunto Adam Ligas alla pagina degli autori, per il suo contributo allo sviluppo della sezione "7-Zip".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiornato la licenza a CC-BY-SA.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Risolto il problema relativo al Bug 515043.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretto le informazioni sui rivenditori in SPEC.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="firstname">Fedora</span> <span class="surname">Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Ricompilato per for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto "desktop-file-utils" a BUILDREQUIRES in spec.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rimosso porzioni di testo più specifiche a rhel e revisioni maggiori.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Risolto diversi problemi minori.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Nuovi screenshots per F11 in sosituzione di quelli esistenti/datati.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Modificato le specifiche LUKS per Fedora 9, incluse quelle delle versioni più recenti.</td></tr><tr><td>Risolti alcuni collegamenti a siti web, in particolare i link alla NSA.</td></tr><tr><td>Modifiche minori di formattazione.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Inserito lo screenshot mancante sulla configurazione di un firewall</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretti alcuni termini non esatti della fase di validazione. Convertiti in Fedora, precedenti riferimenti Red Hat.</td></tr></table>
+
+ </td></tr></table></div>
+ </div></div></div></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/common.css b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..d7dc3f2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/common.css
@@ -0,0 +1,1528 @@
+* {
+ widows: 2 !important;
+ orphans: 2 !important;
+}
+
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+ line-height: 1.29em;
+}
+
+body {
+ background-color: white;
+ margin:0 auto;
+ font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+ font-size:12px;
+ max-width:55em;
+ color:black;
+}
+
+body.toc_embeded {
+ /*for web hosting system only*/
+ margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+ /*for web hosting system only*/
+ border-style:none;
+ position:fixed;
+ width:290px;
+ height:99.99%;
+ top:0;
+ left:0;
+ z-index: 100;
+ border-style:none;
+ border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+ margin-left: 3em;
+}
+
+iframe.notoc {
+ border-style:none;
+ border: none;
+ padding: 0em;
+ position:fixed;
+ width: 21px;
+ height: 29px;
+ top: 0px;
+ left:0;
+ overflow: hidden;
+ margin: 0em;
+ margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+ margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+ display:block;
+ width:24em;
+ height:99%;
+ position:fixed;
+ overflow:auto;
+ top:0px;
+ left:0px;
+ padding-left:1em;
+ background-color:#EEEEEE;
+}
+
+.toc {
+ line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+ margin-top:1em;
+}
+
+.toc .part {
+ margin-top:1em;
+ display:block;
+}
+
+span.glossary,
+span.appendix {
+ display:block;
+ margin-top:0.5em;
+}
+
+div {
+ padding-top:0px;
+}
+
+div.section {
+ padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+ padding-top:0px;
+ margin-top:0.3em;
+ padding-bottom:0px;
+ margin-bottom:1em;
+}
+
+/*Links*/
+a {
+ outline: none;
+}
+
+a:link {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#3366cc;
+}
+
+a:visited {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#003366;
+}
+
+div.longdesc-link {
+ float:right;
+ color:#999;
+}
+
+.toc a, .qandaset a {
+ font-weight:normal;
+ border:none;
+}
+
+.toc a:hover, .qandaset a:hover
+{
+ border-bottom: 1px dotted;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+ color: #336699;
+ margin-top: 0em;
+ margin-bottom: 0em;
+ background-color: transparent;
+ page-break-inside: avoid;
+ page-break-after: avoid;
+}
+
+h1 {
+ font-size:2.0em;
+}
+
+.titlepage h1.title {
+ font-size: 3.0em;
+ padding-top: 1em;
+ text-align:left;
+}
+
+.book > .titlepage h1.title {
+ text-align:center;
+}
+
+.article > .titlepage h1.title {
+ text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+ text-align:center;
+}
+
+.producttitle {
+ margin-top: 0em;
+ margin-bottom: 0em;
+ font-size: 3.0em;
+ font-weight: bold;
+ background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+ color: white;
+ text-align: center;
+ padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+ margin-top: 1em;
+ text-align: center;
+}
+
+.section h1.title {
+ font-size: 1.6em;
+ padding: 0em;
+ color: #336699;
+ text-align: left;
+ background: white;
+}
+
+h2 {
+ font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+.appendix h2 {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+
+
+h3 {
+ font-size:1.3em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+h4 {
+ font-size:1.1em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+
+h5 {
+ font-size:1em;
+}
+
+h6 {
+ font-size:1em;
+}
+
+h5.formalpara {
+ font-size:1em;
+ margin-top:2em;
+ margin-bottom:.8em;
+}
+
+.abstract h6 {
+ margin-top:1em;
+ margin-bottom:.5em;
+ font-size:2em;
+}
+
+/*element rules*/
+hr {
+ border-collapse: collapse;
+ border-style:none;
+ border-top: 1px dotted #ccc;
+ width:100%;
+ margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+ display:inline;
+ padding:0em;
+}
+
+.languages li a {
+ padding:0em .5em;
+ text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+ display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+ color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+ color:black;
+}
+
+ul.languages {
+ display:block;
+ background-color:#eee;
+ padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+ position:relative;
+}
+
+.versions li {
+ width:100%;
+ clear:both;
+ display:block;
+}
+
+a.version {
+ font-size:2em;
+ text-decoration:none;
+ width:100%;
+ display:block;
+ padding:1em 0em .2em 0em;
+ clear:both;
+}
+
+a.version:before {
+ content:"Version";
+ font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+ color:#666;
+}
+
+a.version:focus, a.version:hover {
+ color:black;
+}
+
+.books {
+ display:block;
+ position:relative;
+ clear:both;
+ width:100%;
+}
+
+.books li {
+ display:block;
+ width:200px;
+ float:left;
+ position:relative;
+ clear: none ;
+}
+
+.books .html {
+ width:170px;
+ display:block;
+}
+
+.books .pdf {
+ position:absolute;
+ left:170px;
+ top:0px;
+ font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+ color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+ color:#000;
+}
+
+.books li a {
+ text-decoration:none;
+}
+
+.books li a:hover {
+ color:black;
+}
+
+/*products*/
+.products li {
+ display: block;
+ width:300px;
+ float:left;
+}
+
+.products li a {
+ width:300px;
+ padding:.5em 0em;
+}
+
+.products ul {
+ clear:both;
+}
+
+/*revision history*/
+.revhistory {
+ display:block;
+}
+
+.revhistory table {
+ background-color:transparent;
+ border-color:#fff;
+ padding:0em;
+ margin: 0;
+ border-collapse:collapse;
+ border-style:none;
+}
+
+.revhistory td {
+ text-align :left;
+ padding:0em;
+ border: none;
+ border-top: 1px solid #fff;
+ font-weight: bold;
+}
+
+.revhistory .simplelist td {
+ font-weight: normal;
+}
+
+.revhistory .simplelist {
+ margin-bottom: 1.5em;
+ margin-left: 1em;
+}
+
+.revhistory table th {
+ display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+ clear:both;
+ text-align: center;
+}
+
+h3.author {
+ margin: 0em;
+ padding: 0em;
+ padding-top: 1em;
+}
+
+.authorgroup h4 {
+ padding: 0em;
+ margin: 0em;
+ padding-top: 1em;
+ margin-top: 1em;
+}
+
+.author,
+.editor,
+.translator,
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
+}
+
+.othercredit h3 {
+ padding-top: 1em;
+}
+
+
+.othercredit {
+ margin:0em;
+ padding:0em;
+}
+
+.releaseinfo {
+ clear: both;
+}
+
+.copyright {
+ margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+ margin-bottom:1em;
+ border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+ border-bottom:1px dotted #ccc;
+}
+
+.question {
+ font-weight:bold;
+}
+
+.answer .data, .question .data {
+ padding-left: 2.6em;
+}
+
+.answer label, .question label {
+ float:left;
+ font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+ color: #0000ff;
+}
+
+.perl_BaseN {
+ color: #007f00;
+}
+
+.perl_BString {
+ color: #5C3566;
+}
+
+.perl_Char {
+ color: #ff00ff;
+}
+
+.perl_Comment {
+ color: #FF00FF;
+}
+
+
+.perl_DataType {
+ color: #0000ff;
+}
+
+
+.perl_DecVal {
+ color: #00007f;
+}
+
+
+.perl_Error {
+ color: #ff0000;
+}
+
+
+.perl_Float {
+ color: #00007f;
+}
+
+
+.perl_Function {
+ color: #007f00;
+}
+
+
+.perl_IString {
+ color: #5C3566;
+}
+
+
+.perl_Keyword {
+ color: #002F5D;
+}
+
+
+.perl_Operator {
+ color: #ffa500;
+}
+
+
+.perl_Others {
+ color: #b03060;
+}
+
+
+.perl_RegionMarker {
+ color: #96b9ff;
+}
+
+
+.perl_Reserved {
+ color: #9b30ff;
+}
+
+
+.perl_String {
+ color: #5C3566;
+}
+
+
+.perl_Variable {
+ color: #0000ff;
+}
+
+
+.perl_Warning {
+ color: #0000ff;
+}
+
+/*Lists*/
+ul {
+ padding-left:1.6em;
+ list-style-image:url(../images/dot.png);
+ list-style-type: circle;
+}
+
+ul ul {
+ list-style-image:url(../images/dot2.png);
+ list-style-type: circle;
+}
+
+ol {
+ list-style-image:none;
+ list-style-type: decimal;
+}
+
+ol ol {
+ list-style-type: lower-alpha;
+}
+
+ol.arabic {
+ list-style-type: decimal;
+}
+
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
+dt {
+ font-weight:bold;
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+dd {
+ margin:0em;
+ margin-left:2em;
+ padding-top:0em;
+ padding-bottom: 1em;
+}
+
+li {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.4em;
+}
+
+li p, li div.para {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+ display:block;
+ margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+ display:inline;
+ margin:0em;
+}
+
+.figure img {
+ display:block;
+ margin:0;
+ page-break-inside: avoid;
+}
+
+.figure .title {
+ margin:0em;
+ margin-bottom:2em;
+ padding:0px;
+}
+
+/*document modes*/
+.confidential {
+ background-color:#900;
+ color:White;
+ padding:.5em .5em;
+ text-transform:uppercase;
+ text-align:center;
+}
+
+.longdesc-link {
+ display:none;
+}
+
+.longdesc {
+ display:none;
+}
+
+.prompt {
+ padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+ font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight: bold;
+ white-space: nowrap;
+}
+
+.example {
+ background-color: #ffffff;
+ border-left: 3px solid #aaaaaa;
+ padding-top: 1em;
+ padding-bottom: 0.1em;
+}
+
+.example h6 {
+ padding-left: 10px;
+}
+
+.example-contents {
+ padding-left: 10px;
+ background-color: #ffffff;
+}
+
+.example-contents .para {
+/* padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput,
+.option {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+.replaceable {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+ font-weight: inherit;
+}
+
+pre {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ display:block;
+ background-color: #f5f5f5;
+ color: #000000;
+ border: 1px solid #aaaaaa;
+ margin-bottom: 0.3em;
+ padding:.5em 1em;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+ font-size: 0.9em;
+}
+
+pre .replaceable,
+pre .keycap {
+}
+
+code {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+/* white-space: nowrap;*/
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-weight:bold;
+}
+
+.parameter code {
+ display: inline;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+ content:url(../images/warning.png);
+ padding-left: 5px;
+}
+
+div.note:before {
+ content:url(../images/note.png);
+ padding-left: 5px;
+}
+
+div.important:before {
+ content:url(../images/important.png);
+ padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+ color: black;
+ margin: 0em;
+ padding: 0em;
+ background: none;
+ background-color: white;
+ margin-bottom: 1em;
+ border-bottom: 1px solid #aaaaaa;
+ page-break-inside: avoid;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+ margin: 0em;
+ padding: 0em;
+ color: #eeeeec;
+ padding-top: 0px;
+ padding-bottom: 0px;
+ height: 1.4em;
+ line-height: 1.4em;
+ font-size: 1.4em;
+ display:inline;
+}
+
+div.admonition_header {
+ clear: both;
+ margin: 0em;
+ padding: 0em;
+ margin-top: -3.3em;
+ padding-left: 58px;
+ line-height: 1.0em;
+ font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+ background: url(../images/red.png) top left repeat-x;
+ background-color: #590000;
+}
+
+div.note div.admonition_header {
+ background: url(../images/green.png) top right repeat-x;
+ background-color: #597800;
+}
+
+div.important div.admonition_header {
+ background: url(../images/yellow.png) top right repeat-x;
+ background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+ padding: 0em;
+ margin: 0em;
+}
+
+div.admonition {
+ border: none;
+ border-left: 1px solid #aaaaaa;
+ border-right: 1px solid #aaaaaa;
+ padding:0em;
+ margin:0em;
+ padding-top: 1.5em;
+ padding-bottom: 1em;
+ padding-left: 2em;
+ padding-right: 1em;
+ background-color: #eeeeec;
+ -moz-border-radius: 0px;
+ -webkit-border-radius: 0px;
+ border-radius: 0px;
+}
+
+/*Page Title*/
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
+}
+
+#title a.left{
+ display:inline;
+ border:none;
+}
+
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
+ padding-bottom:1em;
+}
+
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+ margin-top:.7em;
+}
+
+/*Table*/
+div.table {
+ page-break-inside: avoid;
+}
+
+table {
+ border:1px solid #6c614b;
+ width:100%;
+ border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+ border-style: none;
+}
+
+table th {
+ text-align:left;
+ background-color:#6699cc;
+ padding:.3em .5em;
+ color:white;
+}
+
+table td {
+ padding:.15em .5em;
+}
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
+ margin-top:0em;
+ padding-top:0em;
+ display:inline;
+}
+
+th, td {
+ border-style:none;
+ vertical-align: top;
+ border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+ border: none;
+}
+
+table table td {
+ border-bottom:1px dotted #aaa;
+ background-color:white;
+ padding:.6em 0em;
+}
+
+table table {
+ border:1px solid white;
+}
+
+td.remarkval {
+ color:#444;
+}
+
+td.fieldval {
+ font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+ color:white;
+ font-weight:bold;
+ background-color:#999;
+ width:120px;
+}
+
+td.remarkval {
+ width:230px;
+}
+
+td.tname {
+ font-weight:bold;
+}
+
+th.dbfield {
+ width:120px;
+}
+
+th.dbtype {
+ width:70px;
+}
+
+th.dbdefault {
+ width:70px;
+}
+
+th.dbnul {
+ width:70px;
+}
+
+th.dbkey {
+ width:70px;
+}
+
+span.book {
+ margin-top:4em;
+ display:block;
+ font-size:11pt;
+}
+
+span.book a{
+ font-weight:bold;
+}
+span.chapter {
+ display:block;
+ margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+ border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+ content:" ";
+}
+
+#breadcrumbs {
+ color:#900;
+ padding:3px;
+ margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+ margin-left:0;
+ padding-left:0;
+ display:inline;
+ border:none;
+}
+
+#breadcrumbs ul li {
+ margin-left:0;
+ padding-left:2px;
+ border:none;
+ list-style:none;
+ display:inline;
+}
+
+#breadcrumbs ul li:before {
+ content:"\0020 \0020 \0020 \00BB \0020";
+ color:#333;
+}
+
+/*index*/
+.glossary h3,
+.index h3 {
+ font-size: 2em;
+ color:#aaa;
+ margin:0em;
+}
+
+.indexdiv {
+ margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+ color:#444;
+ padding-top:.5em;
+}
+
+.glossary dl dl dt,
+.index dl dl dt {
+ color:#777;
+ font-weight:normal;
+ padding-top:0em;
+}
+
+.index dl dl dt:before {
+ content:"- ";
+ color:#ccc;
+}
+
+/*changes*/
+.footnote {
+ font-size: .7em;
+ margin:0em;
+ color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+ color:#999;
+ margin:0em;
+ padding:0em;
+ line-height: .4em;
+ font-size: 1em;
+ padding-left:0em;
+}
+
+.footnote {
+ position:relative;
+}
+
+.footnote sup {
+ color:#e3dcc0;
+ position:absolute;
+ left: .4em;
+}
+
+.footnote sup a:link,
+.footnote sup a:visited {
+ color:#92917d;
+ text-decoration:none;
+}
+
+.footnote:hover sup a {
+ text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+ padding-left:2em;
+}
+
+.footnote a:link,
+.footnote a:visited {
+ color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+ margin-top:3em;
+ page-break-inside: avoid;
+}
+
+div.preface {
+ page-break-inside: avoid;
+}
+
+div.section {
+ margin-top:1em;
+ page-break-inside: auto;
+}
+
+div.note .replaceable,
+div.important .replaceable,
+div.warning .replaceable,
+div.note .keycap,
+div.important .keycap,
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+ border:none;
+ text-decoration:none;
+ font-weight:normal;
+}
+
+.docnav {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ position:relative;
+ width:100%;
+ padding-bottom:2em;
+ padding-top:1em;
+ border-top:1px dotted #ccc;
+}
+
+.docnav li {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ display:inline;
+ font-size:.8em;
+}
+
+.docnav li:before {
+ content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+ position:absolute;
+ top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+ margin:0em 1.5em;
+}
+
+.docnav li.previous {
+ left:0px;
+ text-align:left;
+}
+
+.docnav li.next {
+ right:0px;
+ text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+ height:22px;
+ display:block;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+.docnav li.next a strong {
+ background: url(../images/stock-go-forward.png) top right no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-right:28px;
+ font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+ background: url(../images/stock-go-back.png) top left no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-left:28px;
+ padding-right:0.5em;
+ font-size:1.2em;
+}
+
+.docnav li.home a strong {
+ background: url(../images/stock-home.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav li.up a strong {
+ background: url(../images/stock-go-up.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+ color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+ color:black;
+}
+
+.docnav a {
+ max-width: 10em;
+ overflow:hidden;
+}
+
+.docnav a:link strong {
+ text-decoration:none;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+ul.docnav {
+ margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.reports li{
+ margin:0em;
+ padding:0em;
+}
+
+.reports li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.reports dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+ max-width:57em ;
+ padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+ display:block;
+ float:left;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ height:1em;
+}
+
+div.progress span {
+ height:1em;
+ float:left;
+}
+
+div.progress span.translated {
+ background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+ background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.results li{
+ margin:0em;
+ padding:0em;
+}
+
+.results li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.results h2, .results h3 {
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+ -moz-border-radius:11px;
+ -webkit-border-radius:11px;
+ border-radius: 11px;
+ page-break-inside: avoid;
+}
+
+.example {
+ -moz-border-radius:0px;
+ -webkit-border-radius:0px;
+ border-radius: 0px;
+ page-break-inside: avoid;
+}
+
+.package, .citetitle {
+ font-style: italic;
+}
+
+.titlepage .edition {
+ color: #336699;
+ background-color: transparent;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ font-weight: bold;
+ text-align: center;
+}
+
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
+}
+
+
+.strikethrough {
+ text-decoration: line-through;
+}
+
+.underline {
+ text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+ padding: 0em;
+ margin: 0em;
+ width: 12pt;
+ display: inline;
+ vertical-align: middle;
+}
+
+.stepalternatives {
+ list-style-image: none;
+ list-style-type: none;
+}
+
+
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/default.css b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/default.css
new file mode 100644
index 0000000..bf38ebb
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/default.css
@@ -0,0 +1,3 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/lang.css b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..057be29
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,51 @@
+a:link {
+ color:#0066cc;
+}
+
+a:hover, a:active {
+ color:#003366;
+}
+
+a:visited {
+ color:#6699cc;
+}
+
+
+h1 {
+ color:#3c6eb4
+}
+
+.producttitle {
+ background: #3c6eb4 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+ color:#3c6eb4;
+}
+
+
+h2,h3,h4,h5,h6 {
+ color:#3c6eb4;
+}
+
+table {
+ border:1px solid #3c6eb4;
+}
+
+table th {
+ background-color:#3c6eb4;
+}
+
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+.revhistory table th {
+ color:#3c6eb4;
+}
+
+.titlepage .edition {
+ color: #3c6eb4;
+}
+
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/print.css b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/print.css
new file mode 100644
index 0000000..773d8ae
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/css/print.css
@@ -0,0 +1,16 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
+
+#tocframe {
+ display: none;
+}
+
+body.toc_embeded {
+ margin-left: 30px;
+}
+
+.producttitle {
+ color: #336699;
+}
+
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/1.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..c21d7a3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/1.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/1.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..a2b3903
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/10.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..15b81da
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/10.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/10.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..af015ab
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/11.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..2fcc2dd
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/11.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/11.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..cb82b70
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/12.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..edebe20
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/12.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/12.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..3b6d822
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/13.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..ec48cef
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/13.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/13.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..226e461
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/14.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..33d5637
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/14.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/14.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..5aaa3a3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/15.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..f1a4eb2
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/15.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/15.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..f51dd96
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2839"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2841"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/16.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..d38a155
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/16.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/16.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..cb7e2f5
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/17.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d83e898
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/17.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/17.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..5d6f0ad
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/18.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..9e39de4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/18.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/18.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..9ea672c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/19.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..9eeedfb
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/19.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/19.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..80d1d09
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/2.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..ff9cc57
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/2.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/2.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..8e94260
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/20.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b28b4aa
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/20.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/20.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..409ac6e
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/21.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..eda952c
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/21.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/21.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..7bc03af
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/22.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..90b14b0
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/22.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/22.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..fe086f6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/23.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..8b35a74
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/23.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/23.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..f17ec29
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/24.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..6041b02
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/24.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/24.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..42a5333
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/25.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..ecb15e6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/25.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/25.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..a8d4672
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/26.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..4b2f560
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/26.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/26.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..3cf00ec
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/27.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..ecf058e
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/27.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/27.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..c8d6440
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/28.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..e64efb2
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/28.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/28.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..5acce93
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/29.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..dbbca1b
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/29.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/29.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..507dd44
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/3.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..4febe43
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/3.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/3.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..5e87e1f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/30.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..f4ffb14
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/30.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/30.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..434e663
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/31.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..0b29e87
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/31.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/31.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..08c3f2d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/32.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..a4740a3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/32.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/32.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..aa099c3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/33.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..f23ccea
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/33.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/33.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..fce979c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/34.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..7e2ab31
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/34.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/34.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..c67f8ec
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/35.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..02118e3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/35.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/35.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..da7780a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/36.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..30f4fdf
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/36.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/36.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..348549a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/37.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..6174706
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/37.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/37.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..7bc04d9
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/38.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..161661d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/38.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/38.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..ec2ad98
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/39.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..2d46b24
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/39.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/39.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..664ffdd
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/4.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..9b9dd88
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/4.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/4.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..bc06c73
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/40.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..fe2a68f
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/40.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/40.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..5a94d1b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/5.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..f239fb6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/5.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/5.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..82fb03d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/6.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..18866e6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/6.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/6.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..e2f62af
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+ id="path2846"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/7.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..52c3a18
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/7.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/7.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..a43460f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+ id="path2832"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/8.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..8a8cb21
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/8.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/8.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..2c82d3f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/9.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..0ae412f
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/9.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/9.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..b0f04c4
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png
new file mode 100644
index 0000000..2333a6d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png
new file mode 100644
index 0000000..c235534
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..79d0a80
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/dot.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/dot.png
new file mode 100644
index 0000000..36a6859
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/dot.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png
new file mode 100644
index 0000000..40aff92
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/green.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/green.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..a2aad24
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..e8fe7a4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..79509ad
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/important.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..f7594a3
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/important.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/important.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..2d33045
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/important.svg
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="important.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/important.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2611">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="681"
+ inkscape:window-width="738"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2613" />
+ </defs>
+ <g
+ transform="matrix(0.4626799,0,0,0.4626799,-5.2934127,-3.3160376)"
+ id="g5485">
+ <path
+ d="M 29.97756,91.885882 L 55.586992,80.409826 L 81.231619,91.807015 L 78.230933,63.90468 L 96.995009,43.037218 L 69.531053,37.26873 L 55.483259,12.974592 L 41.510292,37.311767 L 14.064204,43.164717 L 32.892392,63.97442 L 29.97756,91.885882 z"
+ id="path6799"
+ style="fill:#f3de82;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.536215,56.538729 L 55.48324,12.974601 L 41.51028,37.311813 L 55.536215,56.538729 z"
+ id="path6824"
+ style="opacity:0.91005291;fill:#f9f2cb;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 78.241135,63.937979 L 96.976198,43.044318 L 55.57947,56.614318 z"
+ id="use6833"
+ style="opacity:1;fill:#d0bc64;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 55.667994,80.684281 L 81.379011,91.931065 L 55.523838,56.869126 z"
+ id="use6835"
+ style="opacity:1;fill:#e0c656;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 13.877363,43.200977 L 32.640089,64.069652 L 55.283346,56.742618 z"
+ id="use6831"
+ style="opacity:1;fill:#d1ba59;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 55.32792,80.684281 L 29.616903,91.931065 L 55.472076,56.869126 z"
+ id="use6837"
+ style="opacity:1;fill:#d2b951;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 96.976198,43.044318 L 69.504294,37.314027 L 55.57947,56.614318 z"
+ id="path7073"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 81.379011,91.931065 L 78.214821,64.046881 L 55.523838,56.869126 z"
+ id="path7075"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 41.341708,37.434209 L 13.877363,43.200977 L 55.283346,56.742618 z"
+ id="path7077"
+ style="opacity:1;fill:#f6e59d;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 29.616903,91.931065 L 32.781093,64.046881 L 55.472076,56.869126 z"
+ id="path7079"
+ style="opacity:1;fill:#f3df8b;fill-opacity:1;enable-background:new" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/logo.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/logo.png
new file mode 100644
index 0000000..66a3104
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/logo.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/note.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..d6c4518
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/note.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/note.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..70e43b6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/note.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="note.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/note.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata16">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="1024"
+ inkscape:window-width="1205"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="22.217181"
+ inkscape:cy="20"
+ inkscape:window-x="334"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective18" />
+ </defs>
+ <g
+ transform="matrix(0.468275,0,0,0.468275,-5.7626904,-7.4142703)"
+ id="layer1">
+ <g
+ transform="matrix(0.115136,0,0,0.115136,9.7283,21.77356)"
+ id="g8014"
+ style="enable-background:new">
+ <g
+ id="g8518"
+ style="opacity:1">
+ <path
+ d="M -2512.4524,56.33197 L 3090.4719,56.33197 L 3090.4719,4607.3813 L -2512.4524,4607.3813 L -2512.4524,56.33197 z"
+ transform="matrix(0.1104659,-2.3734892e-2,2.2163258e-2,0.1031513,308.46782,74.820675)"
+ id="rect8018"
+ style="fill:#ffe680;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ <g
+ transform="matrix(0.5141653,-7.1944682e-2,7.1944682e-2,0.5141653,146.04015,-82.639785)"
+ id="g8020">
+ <path
+ d="M 511.14114,441.25315 C 527.3248,533.52772 464.31248,622.82928 370.39916,640.71378 C 276.48584,658.59828 187.23462,598.29322 171.05095,506.01865 C 154.86728,413.74408 217.8796,324.44253 311.79292,306.55803 C 405.70624,288.67353 494.95747,348.97858 511.14114,441.25315 z"
+ id="path8022"
+ style="opacity:1;fill:#e0c96f;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(1.2585415,-0.2300055,0.2168789,1.1867072,-248.76141,68.254424)"
+ id="path8024"
+ style="opacity:1;fill:#c00000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 358.5625,281.15625 C 348.09597,281.05155 337.43773,281.94729 326.71875,283.90625 C 240.96686,299.57789 183.37901,377.92385 198.15625,458.78125 C 209.70749,521.98673 262.12957,567.92122 325.40625,577.5625 L 357.25,433.6875 L 509.34375,405.875 C 509.14405,404.58166 509.0804,403.29487 508.84375,402 C 495.91366,331.24978 431.82821,281.88918 358.5625,281.15625 z"
+ id="path8026"
+ style="opacity:1;fill:#b60000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 294.2107,361.9442 L 282.79367,370.38482 L 261.73414,386.13346 C 253.13706,404.40842 254.3359,423.7989 259.7176,444.39774 C 273.6797,497.83861 313.42636,523.96124 369.50989,517.58957 C 398.21848,514.32797 424.51832,504.67345 440.64696,484.15958 L 469.89512,447.48298 L 294.2107,361.9442 z"
+ id="path8028"
+ style="fill:#750000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.09999999;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-78.013985,79.234385)"
+ id="path8030"
+ style="opacity:1;fill:#d40000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-69.306684,71.273294)"
+ id="path8032"
+ style="opacity:1;fill:#e11212;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/red.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/red.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/shade.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/shade.png
new file mode 100644
index 0000000..a73afdf
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/shade.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/shine.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/shine.png
new file mode 100644
index 0000000..a18f7c4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/shine.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..d320f26
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..1ee5a29
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..1cd7332
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..122536d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..d5182b4
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..e8fd52b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="220"
+ height="70"
+ id="svg6180">
+ <defs
+ id="defs6182" />
+ <g
+ transform="translate(-266.55899,-345.34488)"
+ id="layer1">
+ <path
+ d="m 316.7736,397.581 c 0,0 0,0 -20.53889,0 0.3327,4.45245 3.92157,7.77609 8.70715,7.77609 3.38983,0 6.31456,-1.39616 8.64094,-3.65507 0.46553,-0.46679 0.99726,-0.59962 1.59519,-0.59962 0.79781,0 1.59561,0.39932 2.12692,1.06388 0.3327,0.46553 0.53216,0.99726 0.53216,1.52857 0,0.73118 -0.3327,1.52857 -0.93106,2.12734 -2.7919,2.99052 -7.51086,4.98503 -12.16403,4.98503 -8.44149,0 -15.22074,-6.77967 -15.22074,-15.22158 0,-8.44149 6.58022,-15.22074 15.02171,-15.22074 8.37529,0 14.62323,6.51317 14.62323,15.08749 0,1.26418 -1.12924,2.12861 -2.39258,2.12861 z m -12.23065,-11.76512 c -4.45329,0 -7.51085,2.92473 -8.17499,7.17731 10.03626,0 16.35083,0 16.35083,0 -0.59836,-4.05355 -3.78874,-7.17731 -8.17584,-7.17731 z"
+ id="path11"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 375.46344,410.80807 c -8.44106,0 -15.22074,-6.77968 -15.22074,-15.22159 0,-8.44149 6.77968,-15.22074 15.22074,-15.22074 8.44234,0 15.22159,6.77925 15.22159,15.22074 -4.2e-4,8.44149 -6.77968,15.22159 -15.22159,15.22159 z m 0,-24.65992 c -5.31688,0 -8.77377,4.25427 -8.77377,9.43833 0,5.18364 3.45689,9.43833 8.77377,9.43833 5.31731,0 8.77504,-4.25469 8.77504,-9.43833 -4.2e-4,-5.18406 -3.45773,-9.43833 -8.77504,-9.43833 z"
+ id="path13"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 412.66183,380.36574 c -4.45963,0 -7.40966,1.319 -10.01391,4.62956 l -0.24036,-1.53995 0,0 c -0.20198,-1.60743 -1.57326,-2.84926 -3.23382,-2.84926 -1.80139,0 -3.26206,1.459 -3.26206,3.26081 0,0.003 0,0.005 0,0.008 l 0,0 0,0.003 0,0 0,23.40712 c 0,1.79464 1.46194,3.25743 3.257,3.25743 1.79465,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-12.56209 c 0,-5.71621 4.98502,-8.57432 10.23613,-8.57432 1.59519,0 2.85726,-1.32953 2.85726,-2.92515 0,-1.59561 -1.26207,-2.85726 -2.85768,-2.85726 z"
+ id="path15"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 447.02614,395.58648 c 0.0666,-8.17541 -5.78326,-15.22074 -15.222,-15.22074 -8.44192,0 -15.28779,6.77925 -15.28779,15.22074 0,8.44191 6.64684,15.22159 14.68985,15.22159 4.01434,0 7.62682,-2.06621 9.23846,-4.22518 l 0.79359,2.01434 0,0 c 0.42589,1.13177 1.5176,1.93717 2.7978,1.93717 1.65001,0 2.98756,-1.33671 2.99009,-2.98545 l 0,0 0,-7.80687 0,0 0,-4.1556 z m -15.222,9.43833 c -5.31773,0 -8.77419,-4.25469 -8.77419,-9.43833 0,-5.18406 3.45604,-9.43833 8.77419,-9.43833 5.3173,0 8.77419,4.25427 8.77419,9.43833 0,5.18364 -3.45689,9.43833 -8.77419,9.43833 z"
+ id="path17"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 355.01479,368.3337 c 0,-1.7938 -1.46194,-3.18997 -3.25659,-3.18997 -1.79422,0 -3.25743,1.39659 -3.25743,3.18997 l 0,17.1499 c -1.66097,-3.05756 -5.25026,-5.11786 -9.50495,-5.11786 -8.64052,0 -14.42336,6.51318 -14.42336,15.22074 0,8.70757 5.98229,15.22159 14.42336,15.22159 3.76555,0 7.03057,-1.55429 8.98587,-4.25554 l 0.72317,1.83428 c 0.44782,1.25912 1.64917,2.16024 3.06051,2.16024 1.78621,0 3.24984,-1.45435 3.24984,-3.24815 0,-0.005 0,-0.009 0,-0.0139 l 0,0 0,-38.95128 -4.2e-4,0 z m -15.22116,36.69111 c -5.31731,0 -8.70715,-4.25469 -8.70715,-9.43833 0,-5.18406 3.38984,-9.43833 8.70715,-9.43833 5.31773,0 8.70714,4.0544 8.70714,9.43833 0,5.38309 -3.38941,9.43833 -8.70714,9.43833 z"
+ id="path19"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 287.21553,365.34023 c -0.59414,-0.0877 -1.19966,-0.13198 -1.80097,-0.13198 -6.73118,0 -12.20746,5.4767 -12.20746,12.20788 l 0,3.8132 -3.98903,0 c -1.46237,0 -2.65908,1.19671 -2.65908,2.65781 0,1.46321 1.19671,2.93738 2.65908,2.93738 l 3.98819,0 0,20.46004 c 0,1.79464 1.46236,3.25743 3.25658,3.25743 1.79507,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-20.46004 4.40986,0 c 1.46194,0 2.65823,-1.47417 2.65823,-2.93738 0,-1.46152 -1.19629,-2.65823 -2.65823,-2.65823 l -4.40733,0 0,-3.8132 c 0,-3.13852 2.55323,-6.11469 5.69175,-6.11469 0.28294,0 0.56757,0.0211 0.84672,0.062 1.78031,0.26355 3.4358,-0.54269 3.70019,-2.32342 0.2627,-1.77904 -0.96606,-3.43538 -2.74594,-3.69935 z"
+ id="path21"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 482.01243,363.57426 c 0,-10.06788 -8.16108,-18.22938 -18.22897,-18.22938 -10.06282,0 -18.22179,8.15475 -18.22854,18.21631 l -4.2e-4,-4.2e-4 0,14.1071 4.2e-4,4.2e-4 c 0.005,2.28463 1.85832,4.13409 4.14463,4.13409 0.007,0 0.0127,-8.4e-4 0.0194,-8.4e-4 l 0.001,8.4e-4 14.07083,0 0,0 c 10.06409,-0.004 18.22138,-8.16276 18.22138,-18.22812 z"
+ id="path25"
+ style="fill:#294172" />
+ <path
+ d="m 469.13577,349.66577 c -4.72528,0 -8.55576,3.83049 -8.55576,8.55577 0,0.002 0,0.004 0,0.006 l 0,4.52836 -4.51444,0 c -8.5e-4,0 -8.5e-4,0 -0.001,0 -4.72528,0 -8.55576,3.81193 -8.55576,8.53678 0,4.72528 3.83048,8.55577 8.55576,8.55577 4.72486,0 8.55534,-3.83049 8.55534,-8.55577 0,-0.002 0,-0.004 0,-0.006 l 0,-4.54733 4.51444,0 c 8.5e-4,0 0.001,0 0.002,0 4.72486,0 8.55534,-3.79296 8.55534,-8.51781 0,-4.72528 -3.83048,-8.55577 -8.55534,-8.55577 z m -8.55576,21.63483 c -0.004,2.48998 -2.02446,4.50811 -4.51571,4.50811 -2.49378,0 -4.53426,-2.02193 -4.53426,-4.5157 0,-2.49421 2.04048,-4.55366 4.53426,-4.55366 0.002,0 0.004,4.2e-4 0.006,4.2e-4 l 3.86971,0 c 0.001,0 0.002,-4.2e-4 0.003,-4.2e-4 0.35209,0 0.63799,0.28505 0.63799,0.63715 0,4.2e-4 -4.2e-4,8.4e-4 -4.2e-4,0.001 l 0,3.92284 -4.2e-4,0 z m 8.55534,-8.5448 c -0.001,0 -0.003,0 -0.004,0 l -3.87223,0 c -8.4e-4,0 -0.002,0 -0.002,0 -0.35252,0 -0.63757,-0.28506 -0.63757,-0.63758 l 0,-4.2e-4 0,-3.90343 c 0.004,-2.49083 2.02
446,-4.50854 4.51571,-4.50854 2.49378,0 4.53468,2.02193 4.53468,4.51613 4.2e-4,2.49336 -2.04048,4.53384 -4.53426,4.53384 z"
+ id="path29"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 460.58001,362.7558 0,-4.52836 c 0,-0.002 0,-0.004 0,-0.006 0,-4.72528 3.83048,-8.55577 8.55576,-8.55577 0.71685,0 1.22623,0.0805 1.88952,0.25469 0.96774,0.25385 1.75796,1.04618 1.75838,1.96922 4.2e-4,1.11575 -0.80919,1.92621 -2.0194,1.92621 -0.57642,0 -0.78473,-0.11048 -1.62892,-0.11048 -2.49125,0 -4.51149,2.01771 -4.51571,4.50854 l 0,3.90385 0,4.2e-4 c 0,0.35252 0.28505,0.63758 0.63757,0.63758 4.3e-4,0 0.001,0 0.002,0 l 2.96521,0 c 1.10521,0 1.99747,0.88467 1.99832,1.99283 0,1.10816 -0.89353,1.99114 -1.99832,1.99114 l -3.60489,0 0,4.54733 c 0,0.002 0,0.004 0,0.006 0,4.72485 -3.83048,8.55534 -8.55534,8.55534 -0.71684,0 -1.22623,-0.0805 -1.88952,-0.25469 -0.96774,-0.25343 -1.75838,-1.04618 -1.7588,-1.9688 0,-1.11575 0.80919,-1.92663 2.01982,-1.92663 0.576,0 0.78473,0.11048 1.6285,0.11048 2.49125,0 4.51191,-2.01771 4.51613,-4.50811 0,0 0,-3.92368 0,-3.9241 0,-0.35168 -0.2859,-0.63673 -0.63799,-0.63673 -4.3e-4,0 -8.5e-4,0 -0.002,0 l -2.96521,-4.2e-4 c -1.10521,0 -1.
99831,-0.88214 -1.99831,-1.9903 -4.3e-4,-1.11533 0.90238,-1.99367 2.01939,-1.99367 l 3.58339,0 0,0 z"
+ id="path31"
+ style="fill:#ffffff" />
+ <path
+ d="m 477.41661,378.55292 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="text6223"
+ style="fill:#294172;enable-background:new" />
+ </g>
+ <path
+ d="m 181.98344,61.675273 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="path2391"
+ style="fill:#294172;enable-background:new" />
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/warning.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..ce09951
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..5f2612c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="warning.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/warning.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2482">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="910"
+ inkscape:window-width="1284"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2484" />
+ </defs>
+ <g
+ transform="matrix(0.4536635,0,0,0.4536635,-5.1836431,-4.6889387)"
+ id="layer1">
+ <g
+ transform="translate(2745.6887,-1555.5977)"
+ id="g8304"
+ style="enable-background:new">
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.8233528,8.9983906e-3,-8.9983906e-3,0.8233528,-1398.5561,740.7914)"
+ id="path8034"
+ style="opacity:1;fill:#efd259;fill-opacity:1;stroke:#efd259;stroke-opacity:1" />
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.6467652,7.0684723e-3,-7.0684723e-3,0.6467652,-1675.7492,927.16391)"
+ id="path8036"
+ style="opacity:1;fill:#a42324;fill-opacity:1;stroke:#a42324;stroke-opacity:1" />
+ <path
+ d="M -2686.7886,1597.753 C -2686.627,1596.5292 -2686.5462,1595.6987 -2686.5462,1595.218 C -2686.5462,1593.1637 -2688.0814,1592.0711 -2690.9899,1592.0711 C -2693.8985,1592.0711 -2695.4336,1593.12 -2695.4336,1595.218 C -2695.4336,1595.961 -2695.3528,1596.7914 -2695.1912,1597.753 L -2692.929,1614.4491 L -2689.0508,1614.4491 L -2686.7886,1597.753"
+ id="path8038"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ <path
+ d="M -2690.9899,1617.8197 C -2693.6124,1617.8197 -2695.8118,1619.9346 -2695.8118,1622.6416 C -2695.8118,1625.3486 -2693.6124,1627.4635 -2690.9899,1627.4635 C -2688.2829,1627.4635 -2686.168,1625.264 -2686.168,1622.6416 C -2686.168,1619.9346 -2688.2829,1617.8197 -2690.9899,1617.8197"
+ id="path8040"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ </g>
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..0ead5af
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html b/public_html/it-IT/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
new file mode 100644
index 0000000..9bd983c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.2. Secure Shell</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Dati in Movimento" /><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Dati in Movimento" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. Cifratura disco con LUKS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-
Data_in_Motion.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Avanti</strong></a></li></ul><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</h3></div></div></div><div class="para">
+ SSH (Secure Shell), è un potente protocollo di rete usato per comunicare con altri sistemi attraverso un canale sicuro. Le trasmissioni su SSH sono cifrate e protette da intercettazioni. Può essere usato anche per accessi cifrati offrendo un metodo di autenticazione più robusto, rispetto ai tradizionali metodi basati su nome-utente e password.
+ </div><div class="para">
+ SSH è molto semplice da attivare. Una volta avviato, il servizio sshd inizia ad accettare connessioni ed a permettere l'accesso al sistema solo dopo l'inserimento di un nome utente e password, corretti. Il numero di porta TCP standard del servizio SSH è 22; comunque può essere modificato nel file di configurazione <code class="filename">/etc/ssh/sshd_config</code>. Questo file contiene anche altre opzioni di configurazione di SSH.
+ </div><div class="para">
+ Secure Shell (SSH) fornisce anche tunnel cifrati tra computer ma soltanto su una porta. <a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software">Il port forwarding può essere fatto usando un tunnel SSH</a> ed il traffico può venir cifrato lungo il suo passaggio nel tunnel, tuttavia il port forwarding non è così fluido come con VPN.
+ </div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon">4.2.2.1. Accesso crittografato</h4></div></div></div><div class="para">
+ SSH supporta l'uso di chiavi crittografiche per accedere ad un computer. Questo è molto più sicuro che usare una password e, se configurato correttamente, potrebbe essere considerato come autenticazione a più fattori.
+ </div><div class="para">
+ La modifica della configurazione deve avvenire prima dell'accesso crittografato. Nel file <code class="filename">/etc/ssh/sshd_config</code> decommentare e modificare le seguenti linee così:
+<pre class="screen">PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys</pre>
+ La prima linea dice ad SSH di permettere l'autenticazione della chiave pubblica. La seconda punta al file nella cartella home nel quale è presenta la chiave pubblica autorizzata.
+ </div><div class="para">
+ Il passaggio successivo da fare è di creare la coppia di chiavi ssh nel client da usare per connettersi al sistema. Il comando <code class="command">ssh-keygen</code> genererà un set di chiavi RSA a 2048-bit per il login al sistema. Le chiavi sono conservate, come predefinito, nella cartella <code class="filename">~/.ssh</code>. E' possibile utilizzare l'opzione <code class="command">-b</code> per modificare la robustezza della chiave. Una 2048-bit è già sufficiente ma potrebbe essere migliorata a 8192-bit ed oltre.
+ </div><div class="para">
+ Nella cartella <code class="filename">~/.ssh</code> si dovrebbero vedere le due chiavi create. Se si sono accettate quelle predefinite all'avvio del comando <code class="command">ssh-keygen</code> allora saranno nominate <code class="filename">id_rsa</code> e <code class="filename">id_rsa.pub</code>, privata e pubblica. Dovrebbe essere sempre protetta. La chiave pubblica tuttavia dev'essere trasferita verso il sistema al quale si deve accedere. Una volta avuta sul sistema, il modo più semplice per aggiungere la chiave è da:
+<pre class="screen">$ cat id_rsa.pub >> ~/.ssh/authorized_keys</pre>
+ Questo allegherà la chiave pubblica al file authorized_key. L'applicazione <span class="application"><strong>SSH</strong></span> controllerà il file quando si tenta l'accesso al computer.
+ </div><div class="para">
+ Allo stesso modo delle password o qualsiasi altro metodo di autenticazione, si dovrebbero cambiare regolarmente le chiavi <span class="application"><strong>SSH</strong></span>. Quando se ne è sicuri, eliminare qualsiasi chiave inutilizzata dal file authorized_key.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Indietro</strong>4.2. Dati in Movimento</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Avanti</strong>4.2.3. Cifratura disco con LUKS</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html b/public_html/it-IT/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html
new file mode 100644
index 0000000..3a09b80
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html
@@ -0,0 +1,403 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Dati in Movimento</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Encryption.html" title="Capitolo 4. Cifratura" /><link rel="prev" href="chap-Security_Guide-Encryption.html" title="Capitolo 4. Cifratura" /><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="4.2.2. Secure Shell" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>
Indietro</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Avanti</strong></a></li></ul><div class="section" id="Security_Guide-Encryption-Data_in_Motion"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">4.2. Dati in Movimento</h2></div></div></div><div class="para">
+ I dati in movimento sono dati che vengono trasmessi nella rete. Le principali minacce contro i dati in movimento sono l'intercettazione e l'alterazione. Password e Nome Utente non dovrebbero essere mai trasmessi nella rete senza protezione, poichè potrebbero essere intercettate e usate da qualcun'altro per impersonare l'utente e/o per guadagnare l'accesso ad informazioni sensibili. Anche altre informazioni private, come quelle relative ai conti bancari, dovrebbero essere protette quando vengono trasmesse in una rete. Se la sessione di rete è stata cifrata allora non si corre alcun rischio: i dati non possono venir compromessi durante la trasmissione.
+ </div><div class="para">
+ I dati in movimento sono particolarmente vulnerabili agli attaccanti, in quanto questi non devono trovarsi nei pressi della postazione del computer, dove sono salvati i dati, ma possono trovarsi ovunque lungo il percorso seguito dai dati. Tunnel di cifratura possono proteggere i dati lungo il percorso di comunicazione.
+ </div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPN)</h3></div></div></div><div class="para">
+ Le organizzazioni con uffici dislocati in diverse località, per motivi di efficenza e proteggere i dati sensibili, spesso sono connessi tramite linee dedicate. Per esempio, molte attività commerciali usano linee frame relay o <em class="firstterm">ATM</em> (<acronym class="acronym">Asynchronous Transfer Mode</acronym>), come soluzioni di rete end-to-end per il collegamento degli uffici. Tuttavia per le piccole e medie imprese (n.d.t.: e l'Italia fonda il suo PIL sull'attività di circa l'80% di tali imprese!) che desiderano espandersi, investire in tale soluzioni, richiede alti costi di investimento in circuiti di rete digitali, molte volte ben al di là dei propri bilanci aziendali.
+ </div><div class="para">
+ Le reti <em class="firstterm">VPN</em> (<abbr class="abbrev">Virtual Private Networks</abbr>) sono state progettate proprio per venire incontro a queste esigenze aziendali. Seguendo gli stessi principi funzionali dei circuiti dedicati, le reti <abbr class="abbrev">VPN</abbr> consentono comunicazioni digitali sicure tra due partecipanti (o reti), creando una <em class="firstterm">WAN</em> (<acronym class="acronym">Wide Area Network</acronym>) a partire da <em class="firstterm">LAN</em> (<acronym class="acronym">Local Area Network</acronym>) esistenti. La differenza rispetto a linee frame relay o ATM è il mezzo di trasporto. Le reti <abbr class="abbrev">VPN</abbr> trasportano i dati sul layer IP, usando pacchetti, attraverso un canale sicuro che attraverso Internet giunge alla rete di destinazione. Le principali implementazioni free di <abbr class="abbrev">VPN</abbr>, incorporano metodi di cifratura standard ed aperti, per ulteriormente mascherare i dati in transito.
+ </div><div class="para">
+ Alcune organizzazioni impiegano soluzioni <abbr class="abbrev">VPN</abbr> hardware per aumentare la sicurezza, altre usano implementazioni software o basate su protocollo. Esistono diversi produttori di soluzioni <abbr class="abbrev">VPN</abbr> hardware, come Cisco, Nortel, IBM e Checkpoint. Esiste una soluzione<abbr class="abbrev">VPN</abbr> basata su software free anche per Linux, denominata FreeS/Wan, che utilizza una implementazione standardizzata di <abbr class="abbrev">IPsec</abbr> (<em class="firstterm">Internet Protocol Security</em>). Le soluzioni <abbr class="abbrev">VPN</abbr> sia hardware sia software, si comportano come router specializzati tra le connessioni IP dei vari uffici.
+ </div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">4.2.1.1. Come funziona una rete VPN?</h4></div></div></div><div class="para">
+ Quando un pacchetto viene trasmesso da un client, esso passa attraverso il router o gateway del <abbr class="abbrev">VPN</abbr>, che aggiunge un <abbr class="abbrev">AH</abbr> (<em class="firstterm">Authentication Header</em>) usato per routing ed autenticazione. Successivamente i dati vengono cifrati e poi racchiusi in un <abbr class="abbrev">ESP</abbr> (<em class="firstterm">Encapsulating Security Payload</em>). All'interno di quest'ultimo si trovano le istruzioni per gestire e decifrare il pacchetto.
+ </div><div class="para">
+ Il router del <abbr class="abbrev">VPN</abbr> ricevente, estrae le informazioni dall'intestazione, decifra i dati e invia i dati alla sua destinazione (una workstation o un altro nodo della rete). In una connessione network-to-network, il nodo ricevente sulla rete locale, riceve i pacchetti già decifrati e pronti per l'uso. Il processo di cifratura/decifratura in una connessione <abbr class="abbrev">VPN</abbr> network-to-network, è quindi trasparente al nodo locale.
+ </div><div class="para">
+ Con un tale livello di sicurezza, un attaccante non solo deve intercettare il pacchetto, ma anche decifrarlo. Intrusori che impiegano un attacco tipo man-in-the-middle, devono avere accesso anche ad almeno una chiave segreta per l'autenticazione delle sessioni. Poichè queste usano diversi livelli di autenticazione e di cifratura, le reti <abbr class="abbrev">VPN</abbr> sono un mezzo sicuro ed efficace per collegare multipli nodi remoti, che diventano così una intranet unificata.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">4.2.1.2. Le reti VPN e Fedora</h4></div></div></div><div class="para">
+ Fedora offre varie soluzioni per implementare una connessione sicura ad una <acronym class="acronym">WAN</acronym>. <acronym class="acronym">IPsec</acronym> (<em class="firstterm">Internet Protocol Security</em>) è l'implementazione <abbr class="abbrev">VPN</abbr> supportata in Fedora, in grado di soddisfare adeguatamente i bisogni di usabilità delle organizzazioni con uffici ramificati o utenti remoti.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">4.2.1.3. IPsec</h4></div></div></div><div class="para">
+ Fedora supporta <abbr class="abbrev">IPsec</abbr> per collegare tra loro reti ed host remoti, tramite un tunnel sicuro attraverso una rete pubblica come Internet. <abbr class="abbrev">IPsec</abbr> può essere implementato sia per una configurazione host-to-host (tra due workstation) sia per una configurazione network-to-network (tra due <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym>).
+ </div><div class="para">
+ L'implementazione di <abbr class="abbrev">IPsec</abbr> in Fedora usa <em class="firstterm">IKE</em> (<em class="firstterm">Internet Key Exchange</em>), un protocollo progettato dall'<acronym class="acronym">IETF</acronym> (Internet Engineering Task Force) ed usato per reciproca autenticazione e associazioni sicure tra i sistemi.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">4.2.1.4. Creare una connessione <abbr class="abbrev">IPsec</abbr></h4></div></div></div><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> prevede due fasi logiche. Nella prima fase, un nodo <abbr class="abbrev">IPsec</abbr> inizializza la connessione con la rete o il nodo remoto. La rete o il nodo remoto controlla le credenziali del nodo richiedente, dopodichè entrambi i nodi negoziano il metodo di autenticazione da usare per la connessione.
+ </div><div class="para">
+ Nei sistemi Fedora, una connessione di <abbr class="abbrev">IPsec</abbr> usa il metodo della <em class="firstterm">pre-shared key</em> (o della chiave pre-condivisa) per l'autenticazione dei nodi <abbr class="abbrev">IPsec</abbr>. In una connessione <abbr class="abbrev">IPsec</abbr> con chiave pre-condivisa, entrambi gli host devono usare la stessa chiave per poter passare alla seconda fase della connessione <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ La seconda fase della connessione <abbr class="abbrev">IPsec</abbr>, prevede la creazione di una <acronym class="acronym">SA</acronym> (<em class="firstterm">Security Association</em>) tra i nodi <abbr class="abbrev">IPsec</abbr>. Questa fase genera un database <abbr class="abbrev">SA</abbr> contenente informazioni di configurazioni, come il metodo di cifratura, parametri per lo scambio delle chiavi segrete ed altro. Questa fase gestisce l'effettiva connessione <abbr class="abbrev">IPsec</abbr> tra i nodi remoti o le reti.
+ </div><div class="para">
+ L'implementazione di <abbr class="abbrev">IPsec</abbr> in Fedora, usa IKE per lo scambio, attraverso Internet, delle chiavi tra gli host. Il demone delle chiavi, <code class="command">racoon</code> è addetto alla distribuzione e allo scambio della chiave IKE. Per maggiori informazioni su questo demone, vedere le pagine di man su <code class="command">racoon</code>.
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">4.2.1.5. Installazione di IPsec</h4></div></div></div><div class="para">
+ L'implementazione di <abbr class="abbrev">IPsec</abbr> richiede che il pacchetto <code class="filename">ipsec-tools</code> sia installato su tutti gli host <abbr class="abbrev">IPsec</abbr> (nel caso di una configurazione host-to-host) o router (nel caso di una configurazione network-to network). Il pacchetto contiene le librerie, i demoni e i file di configurazione essenziali per impostare una connessione <abbr class="abbrev">IPsec</abbr>, inclusi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/setkey</code> — regola il gestore delle chiavi e gli attributi di sicurezza di <abbr class="abbrev">IPsec</abbr> nel kernel. Questo eseguibile è controllato dal processo <code class="command">racoon</code>, il demone gestore delle chiavi. Per i dettagli, vedere le pagine di man su <code class="command">setkey</code>(8).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/racoon</code> — il demone che gestisce le chiavi IKE, usato per gestire e controllare la sicurezza delle associazioni e lo scambio delle chiavi tra i sistemi IPsec.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> — il file di configurazione del demone <code class="command">racoon</code>, usato per impostare vari aspetti di una connessione <abbr class="abbrev">IPsec</abbr>, inclusi i metodi di autenticazione e gli algoritmi di cifratura da usare nella connessione. Per una lista completa delle direttive disponibili, vedere le pagine di man relative a <code class="filename">racoon.conf</code>(5).
+ </div></li></ul></div><div class="para">
+ Per configurare <abbr class="abbrev">IPsec</abbr> su un sistema Fedora, si può usare l'interfaccia grafica di <span class="application"><strong>Amministrazione della rete</strong></span>, o procedere manualmente modificando i file di configurazione di rete e di <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Per connettere tra loro via IPsec, due host di una rete, vedere <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">Sezione 4.2.1.6, «Configurazione IPSec Host-to-Host»</a>.
+ </div></li><li class="listitem"><div class="para">
+ Per connettere tra loro via IPsec, due <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym>, vedere <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Sezione 4.2.1.7, «Configurazione IPsec Network-to-Network»</a>.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">4.2.1.6. Configurazione IPSec Host-to-Host</h4></div></div></div><div class="para">
+ IPsec può essere configurato per collegare tra loro due desktop o workstation (host), usando una connessione host-to host. Questo tipo di connessione usa la rete a cui è connesso ciascun host, per creare un tunnel sicuro tra i due host. Le specifiche richieste per creare una connessione host-to-host sono minime, come risulta la configurazione di <abbr class="abbrev">IPsec</abbr> su ciascun host. Gli host necessitano solo di una connessione alla rete portante (come Internet) e di un sistema Fedora per creare la connessione <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">4.2.1.6.1. Connessione Host-to-Host</h5></div></div></div><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> Host-to-Host, è una connessione cifrata tra due sistemi, in quanto su entrambi gli host, <abbr class="abbrev">IPsec</abbr> usa la stessa chiave di autenticazione. Con la connessione <abbr class="abbrev">IPsec</abbr> attiva, tutto il traffico di rete tra i due host risulta cifrato.
+ </div><div class="para">
+ Per configurare una connessione <abbr class="abbrev">IPsec</abbr> host-to-host, procedere su ciascun host, come indicato:
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Le seguenti procedure dovrebbero essere eseguite direttamente sulla macchina: si raccomanda di evitare configurazioni e connessioni <abbr class="abbrev">IPsec</abbr> da remoto.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In un terminale, digitare <code class="command">system-config-network</code> per avviare l'interfaccia grafica di <span class="application"><strong>Amministrazione della rete</strong></span>, oppure dal menu d'avvio selezionare <span class="guimenuitem"><strong>Sistema > Amministrazione > Amministrazione della rete</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Nella scheda <span class="guilabel"><strong>IPsec</strong></span>, premere sul pulsante <span class="guibutton"><strong>Nuovo</strong></span> per avviare il wizard di configurazione.
+ </div></li><li class="listitem"><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per avviare la configurazione di una connessione <abbr class="abbrev">IPsec</abbr> host-to-host.
+ </div></li><li class="listitem"><div class="para">
+ Inserire un nome unico da assegnare alla connessione, per esempio <strong class="userinput"><code>ipsec0</code></strong>. Se si desidera attivare la connessione automaticamente, all'avvio del computer, spuntare la casella di controllo. Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Selezionare come tipo di connessione, <span class="guilabel"><strong>Crittografia da Host to Host</strong></span> e poi premere <span class="guibutton"><strong>Avanti</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type"><div class="para">
+ Selezionare il tipo di cifratura da usare: manuale o automatica.
+ </div><div class="para">
+ Se si sceglie la cifratura manuale, successivamente occorrerà fornire una chiave di cifratura. Se si seleziona la cifratura automatica, sarà il demone <code class="command">racoon</code> a creare la chiave di cifratura. Se si usa la cifratura automatica, occorre che sia installato il pacchetto <code class="filename">ipsec-tools</code>.
+ </div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Inserire l'indirizzo IP dell'host remoto.
+ </div><div class="para">
+ Per determinare l'IP dell'host remoto, usare il seguente comando, <span class="emphasis"><em>sull'host remoto</em></span>:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifconfig <em class="replaceable"><code><device></code></em></pre><div class="para">
+ dove <em class="replaceable"><code><device></code></em> è la scheda di rete (Ethernet) usata per la connessione <abbr class="abbrev">VPN</abbr>.
+ </div><div class="para">
+ Se è presente una sola scheda di rete nel sistema, il dispositivo tipicamente è denominato eth0. Di seguito si riporta un esempio, con le informazioni rilevanti dell'output di questo comando:
+ </div><pre class="screen">eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
+ inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0</pre><div class="para">
+ L'indirizzo IP è dato dal numero appresso alla stringa <code class="computeroutput">inet addr:</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per connessioni host-to-host, entrambi gli host devono possedere un indirizzo pubblico. Altrimenti, se si trovano sulla stessa LAN, possono avere un indirizzo privato (p.e. indirizzi nel range 10.x.x.x o 192.168.x.x).
+ </div><div class="para">
+ Nel caso i due host si trovino su differenti LAN, oppure se un host ha un indirizzo pubblico e l'altro un indirizzo privato, vedere la <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">Sezione 4.2.1.7, «Configurazione IPsec Network-to-Network»</a>.
+ </div></div></div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys"><div class="para">
+ Se al passo 6, è stata selezionata la cifratura manuale, specificare la chiave di cifratura da usare, oppure premere <span class="guibutton"><strong>Genera</strong></span> per crearne una.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Specificare una chiave di autenticazione o premere <span class="guibutton"><strong>Genera</strong></span> per crearne una. Si può usare una qualsiasi combinazione di lettere e numeri.
+ </div></li><li class="listitem"><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li></ol></div></li><li class="listitem"><div class="para">
+ Nella pagina <span class="guilabel"><strong>IPsec — Sommario</strong></span>, rivedere le informazioni inserite e poi premere <span class="guibutton"><strong>Applica</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Per salvare la configurazione creata, selezionare <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Salva</strong></span>.
+ </div><div class="para">
+ Per rendere effettive le modifiche potrebbe essere necessario riavviare la rete. In tal caso, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~]# service network restart</pre></li><li class="listitem"><div class="para">
+ Dalla lista delle connessioni <abbr class="abbrev">IPsec</abbr>, selezionare la connessione appena creata e premere il pulsante <span class="guibutton"><strong>Attiva</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Ripetere l'intera procedura sull'altro host, prestando particolare attenzione ad usare la stessa chiave usata nel passo 8, sul primo host. Pena il non funzionamento di <abbr class="abbrev">IPsec</abbr>.
+ </div></li></ol></div><div class="para">
+ Dopo aver configurato la connessione <abbr class="abbrev">IPsec</abbr>, essa compare nella scheda di <abbr class="abbrev">IPsec</abbr> come indicato in <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection">Figura 4.1, «Connessione IPsec»</a>.
+ </div><div class="figure" id="figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_host2host.png" width="444" alt="Connessione IPsec" /><div class="longdesc"><div class="para">
+ Connessione IPsec
+ </div></div></div></div><h6>Figura 4.1. Connessione IPsec</h6></div><br class="figure-break" /><div class="para">
+ Alla fine del processo di creazione della connessione <abbr class="abbrev">IPsec</abbr>, vengono generati i seguenti file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/ifcfg-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/keys-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/<em class="replaceable"><code><remote-ip></code></em>.conf</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/psk.txt</code>
+ </div></li></ul></div><div class="para">
+ Se è stata usata la cifratura automatica, verrà creato anche il file <code class="filename">/etc/racoon/racoon.conf</code>.
+ </div><div class="para">
+ Quando la connessione è attiva, il file <code class="filename">/etc/racoon/racoon.conf</code> viene modificato per includere <code class="filename"><em class="replaceable"><code><remote-ip></code></em>.conf</code>.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">4.2.1.6.2. Configurazione manuale di <abbr class="abbrev">IPsec</abbr> Host-to-Host</h5></div></div></div><div class="para">
+ Prima di procedere, recuperare le informazioni di sistema e di rete di ogni workstation. Per una connessione host-to-host, occorre conoscere:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'indirizzo IP degli host
+ </div></li><li class="listitem"><div class="para">
+ Un nome unico (p.e. <code class="computeroutput">ipsec1</code>), identificativo della connessione <abbr class="abbrev">IPsec</abbr>. Serve ad identificare la connessione <abbr class="abbrev">IPsec</abbr> ed a distinguerla da altre connessioni.
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di cifratura fissata o una generata automaticamente da <code class="command">racoon</code>.
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di autenticazione pre-condivisa, usata durante la fase iniziale della connessione e per lo scambio delle chiavi cifrate durante la sessione.
+ </div></li></ul></div><div class="para">
+ Per esempio, si supponga che la workstation A e la workstation B vogliano connettersi tra loro attraverso un tunnel <abbr class="abbrev">IPsec</abbr>. Essi vogliono connettersi usando un chiave pre-condivisa il cui valore è <code class="computeroutput">Key_Value01</code>, e decidono di usare <code class="command">racoon</code> per generare automaticamente e condividere una chiave per l'autenticazione reciproca. Entrambi gli utenti decidono di chiamare <code class="computeroutput">ipsec1</code> le loro connessioni.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Si consiglia di usare una chiave PSK con una combinazione di lettere maiuscole/minuscole, numeri e caratteri di punteggiatura. Una chiave PSK facile da scoprire costituisce un rischio alla sicurezza.
+ </div><div class="para">
+ Non è necessario usare, sui due host, lo stesso nome per la connessione. Si potrebbe scegliere un nome che sia significativo per la propria installazione.
+ </div></div></div><div class="para">
+ Di seguito si riporta il file di configurazione di <abbr class="abbrev">IPsec</abbr> della prima workstation A per una connessione <abbr class="abbrev">IPsec</abbr> host-to host con la workstation B. L'identificativo della connessione usato nell'esempio è <em class="replaceable"><code>ipsec1</code></em>, per cui il file di configurazione è <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec1</code>:
+ </div><pre class="screen">DST=<em class="replaceable"><code>X.X.X.X</code></em>TYPE=IPSEC
+ONBOOT=no
+IKE_METHOD=PSK</pre><div class="para">
+ Per la workstation A, <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP della workstation B. Per la workstation B, <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP della workstation A. La connessione è configurata in modo da non avviarsi al boot di sistema (<code class="computeroutput">ONBOOT=no</code>) ed usa il metodo di autenticazione della chiave pre-condivisa (<code class="computeroutput">IKE_METHOD=PSK</code>).
+ </div><div class="para">
+ Di seguito si mostra il contenuto del file della chiave pre-condivisa (denominato <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec1</code>), usato da entrambe le workstation per autenticarsi tra loro. Il suo contenuto dovrebbe essere identico nelle due workstation, il cui accesso in lettura/scrittura, dovrebbe essere consentito solo all'utente root.
+ </div><pre class="screen">IKE_PSK=Key_Value01</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Per modificare i permessi al file <code class="filename">keys-ipsec1</code> in modo che solo l'utente root possa leggere o modificare il file, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ Per modificare la chiave di autenticazione, editare il file <code class="filename">keys-ipsec1</code> su entrambe le workstation. <span class="emphasis"><em>Le chiavi di autenticazione devono coincidere perchè la connessione funzioni correttamente.</em></span>
+ </div><div class="para">
+ Il successivo esempio, mostra la configurazione propria alla fase 1 della connessione con l'host remoto. Il file è denominato <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code>, in cui <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP dell'host <abbr class="abbrev">IPsec</abbr> remoto. Notare che questo file è generato automaticamente all'avvio del tunnel <abbr class="abbrev">IPsec</abbr> e non dovrebbe essere eplicitamente modificato.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ Il file di configurazione della fase 1 viene creato durante l'inizializzazione della connessione <abbr class="abbrev">IPsec</abbr> e nell'implementazione di <abbr class="abbrev">IPsec</abbr> di Fedora, contiene le seguenti istruzioni:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">remote <em class="replaceable"><code>X.X.X.X</code></em></span></dt><dd><div class="para">
+ Specifica che le seguenti istruzioni di questo file di configurazione, si applicano solo al nodo remoto identificato dall'indirizzo IP <em class="replaceable"><code>X.X.X.X</code></em>.
+ </div></dd><dt class="varlistentry"><span class="term">exchange_mode aggressive</span></dt><dd><div class="para">
+ La configurazione predefinita di <abbr class="abbrev">IPsec</abbr> in Fedora usa un metodo di autenticazione <span class="emphasis"><em>aggressive</em></span>, che riduce lo scambio di informazioni di connessione per consentire di configurare più connessioni <abbr class="abbrev">IPsec</abbr> con host multipli.
+ </div></dd><dt class="varlistentry"><span class="term">my_identifier address</span></dt><dd><div class="para">
+ Specifica il metodo di identificazione da usare per autenticare i nodi. Fedora usa indirizzi IP per identificare i nodi.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des</span></dt><dd><div class="para">
+ Specifica l'algoritmo di cifratura da usare durante l'autenticazione. Per impostazione, si usa <acronym class="acronym">3DES</acronym> (<em class="firstterm">Triple Data Encryption Standard</em>).
+ </div></dd><dt class="varlistentry"><span class="term">hash_algorithm sha1;</span></dt><dd><div class="para">
+ Specifica l'algoritmo di hash da usare durante la negoziazione della fase 1. Per impostazione, si usa SHA (Secure Hash Algorithm version 1).
+ </div></dd><dt class="varlistentry"><span class="term">authentication_method pre_shared_key</span></dt><dd><div class="para">
+ Specifica il metodo di autenticazione da usare durante la negoziazione tra i nodi. Per impostazione, Fedora usa chiavi pre-condivise per l'autenticazione.
+ </div></dd><dt class="varlistentry"><span class="term">dh_group 2</span></dt><dd><div class="para">
+ Specifica il numero di gruppo di Diffie-Hellman con cui avviare lo scambio delle chiavi. Per impostazione, si usa modp1024 (group 2).
+ </div></dd></dl></div><div class="section" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h6 class="title" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File">4.2.1.6.2.1. Il file di configurazione di racoon</h6></div></div></div><div class="para">
+ Il file <code class="filename">/etc/racoon/racoon.conf</code> dovrebbe essere identico in tutti i nodi <abbr class="abbrev">IPsec</abbr>, con l'<span class="emphasis"><em>eccezione</em></span> dell'istruzione <code class="command">include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</code>. Per la workstation A, <em class="replaceable"><code>X.X.X.X</code></em> nell'istruzione <code class="command">include</code> rappresenta l'indirizzo IP della workstation B; mentre nel file della workstation B, rappresenta l'indirizzo IP della workstation A. Di seguito si riporta un file <code class="filename">racoon.conf</code> tipico, in una connessione <abbr class="abbrev">IPsec</abbr> attiva:
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/X.X.X.X.conf";</pre><div class="para">
+ Il file <code class="filename">racoon.conf</code> predefinito, include i percorsi relativi alla configurazione di <abbr class="abbrev">IPsec</abbr>, ai file della chiave pre-condivisa ed ai certificati d'autenticazione. I campi in <code class="computeroutput">sainfo anonymous</code> descrivono una SA tra i nodi <abbr class="abbrev">IPsec</abbr> della fase 2 — la natura della connessione <abbr class="abbrev">IPsec</abbr>, il tipo di algoritmo di cifratura usato e il metodo di scambio delle chiavi. Di seguito si definiscono i campi della fase 2:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">sainfo anonymous</span></dt><dd><div class="para">
+ Denota che una SA può inizializzarsi in maniera anonima con ogni peer purchè coincidano le credenziali <abbr class="abbrev">IPsec</abbr>.
+ </div></dd><dt class="varlistentry"><span class="term">pfs_group 2</span></dt><dd><div class="para">
+ Definisce il protocollo Diffie-Hellman per lo scambio chiavi, il metodo usato dai nodi <abbr class="abbrev">IPsec</abbr> per stabilire la chiave di comunicazione segreta per la seconda fase della connessione <abbr class="abbrev">IPsec</abbr>. Per impostazione, l'implementazione di <abbr class="abbrev">IPsec</abbr> in Fedora, usa il Group 2 (o <code class="computeroutput">modp1024</code>) di Diffie-Hellman per lo scambio delle chiavi segrete. Group 2 usa chiavi generate in modulo a 1024-bit, per impedire ad attaccante eventualmente in possesso di chiavi compromesse, la decifrazione di precedenti trasmissioni <abbr class="abbrev">IPsec</abbr>.
+ </div></dd><dt class="varlistentry"><span class="term">lifetime time 1 hour</span></dt><dd><div class="para">
+ Questo parametro specifica il tempo di vita medio di una SA e può essere espresso in formato orario o di data. Per impostazione, in Fedora si specifica in ore.
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des, blowfish 448, rijndael</span></dt><dd><div class="para">
+ Specifica l'algoritmo di cifratura della fase 2. Fedora supporta gli algoritmi 3DES, 448-bit Blowfish e Rijndael (l'algoritmo usato in <acronym class="acronym">AES</acronym> o <em class="firstterm">Advanced Encryption Standard</em>).
+ </div></dd><dt class="varlistentry"><span class="term">authentication_algorithm hmac_sha1, hmac_md5</span></dt><dd><div class="para">
+ Elenca gli algoritmi di hash supportati per l'autenticazione. Quelli supportati sono HMAC-SHA1 e HMAC-MD5.
+ </div></dd><dt class="varlistentry"><span class="term">compression_algorithm deflate</span></dt><dd><div class="para">
+ Definisce l'algoritmo di compressione Deflate a supporto di IPCOMP (IP Payload Compression), per consentire trasmissioni di datagram IP più veloci, su connessioni lente.
+ </div></dd></dl></div><div class="para">
+ Per avviare la connessione, su ciascun host usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~]# /sbin/ifup <nickname></pre><div class="para">
+ in cui <nickname> è il nome della connessione <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ Per testare la connessione <abbr class="abbrev">IPsec</abbr>, eseguire l'utility <code class="command">tcpdump</code> che visualizza i pacchetti trasferiti tra gli host e verifica se sono cifrati via IPsec. Il pacchetto dovrebbe includere un'intestazione AH ed essere segnato come ESP, ad indicare che si tratta di un pacchetto cifrato. Per esempio:
+ </div><pre class="screen">[root at myServer ~]# tcpdump -n -i eth0 host <targetSystem>
+
+IP 172.16.45.107 > 172.16.44.192: AH(spi=0x0954ccb6,seq=0xbb): ESP(spi=0x0c9f2164,seq=0xbb)</pre></div></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">4.2.1.7. Configurazione IPsec Network-to-Network</h4></div></div></div><div class="para">
+ IPsec può anche essere configurato per connettere una rete (come una <acronym class="acronym">LAN</acronym> o <acronym class="acronym">WAN</acronym>), ad una rete remota usando una connessione network-to-network. Una tale connessione richiede di impostare i router <abbr class="abbrev">IPsec</abbr> sulle due reti in maniera da processare e indirizzare con trasparenza, le informazioni in transito da un nodo della <acronym class="acronym">LAN</acronym> a un nodo della <acronym class="acronym">LAN</acronym>remota. La <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection">Figura 4.2, «Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network»</a> illustra una tipica connessione <abbr class="abbrev">IPsec</abbr> network-to-network.
+ </div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="Una connessione IPsec network-to-network" /><div class="longdesc"><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network
+ </div></div></div></div><h6>Figura 4.2. Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network</h6></div><br class="figure-break" /><div class="para">
+ Lo schema mostra due <acronym class="acronym">LAN</acronym> separate da Internet. Le <acronym class="acronym">LAN</acronym> usano router <abbr class="abbrev">IPsec</abbr> per autenticare e iniziare una connessione, usando un tunnel sicuro attraverso Internet. I pacchetti intercettati da malintenzionati, richiederebbero dei sistemi di decifrazione molto potenti, in quanto dovrebbero verificare iterativamente tutte le combinazioni di chiavi possibili (brute-force decryption). Il processo di comunicazione tra un nodo della rete 192.168.1.0/24 ed un altro della rete 192.168.2.0/24 risulta completamente trasparente agli altri nodi poichè la cifratura/decifratura e il routing dei pacchetti <abbr class="abbrev">IPsec</abbr> sono interamente gestiti dai router <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ Le informazioni richieste per una connessione network-to-network, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Gli indirizzi IP esternamente accessibili dei router <abbr class="abbrev">IPsec</abbr> dedicati.
+ </div></li><li class="listitem"><div class="para">
+ Gli indirizzi di rete delle <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> servite dai router <abbr class="abbrev">IPsec</abbr> (per esempio 192.168.1.0/24 10.0.1.0/24)
+ </div></li><li class="listitem"><div class="para">
+ Gli indirizzi IP dei gateway che indirizzano i pacchetti dai nodi della rete verso Internet.
+ </div></li><li class="listitem"><div class="para">
+ Un nome unico (p.e. <code class="computeroutput">ipsec1</code>), identificativo della connessione <abbr class="abbrev">IPsec</abbr>. Serve ad identificare la connessione <abbr class="abbrev">IPsec</abbr> ed a distinguerla da altre connessioni.
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di cifratura fissata o una generata automaticamente da <code class="command">racoon</code>
+ </div></li><li class="listitem"><div class="para">
+ Una chiave di autenticazione pre-condivisa, usata durante la fase iniziale della connessione e per lo scambio delle chiavi cifrate durante la sessione.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection">4.2.1.7.1. Connessione (<abbr class="abbrev">VPN</abbr>) Network-to-Network</h5></div></div></div><div class="para">
+ Una connessione <abbr class="abbrev">IPsec</abbr> network-to-network usa due router <abbr class="abbrev">IPsec</abbr>, uno per ciascuna rete, attraverso cui passa il traffico diretto alle sotto-reti private.
+ </div><div class="para">
+ Per esempio, come mostrato nella <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec">Figura 4.3, «IPsec Network-to-Network»</a>, se la rete privata 192.168.1.0/24 invia dei pacchetti alla rete privata 192.168.2.0/24, i pacchetti passano dal gateway0 al nodo ipsec0, poi attraversano Internet e dal nodo ipsec1 al gateway1, arrivano alla rete 192.168.2.0/24.
+ </div><div class="para">
+ I router <abbr class="abbrev">IPsec</abbr> richiedono due indirizzi IP pubblici ed una seconda scheda di rete connessa alla propria rete privata. Il traffico passa attraverso un router <abbr class="abbrev">IPsec</abbr> soltanto se è destinato al router <abbr class="abbrev">IPsec</abbr> con il quale ha una connessione cifrata.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="IPsec Network-to-Network" /><div class="longdesc"><div class="para">
+ IPsec Network-to-Network
+ </div></div></div></div><h6>Figura 4.3. IPsec Network-to-Network</h6></div><br class="figure-break" /><div class="para">
+ Configurazioni alternative possono includere un firewall tra ciascun router IP e Internet, ed un firewall intranet tra ciascun router <abbr class="abbrev">IPsec</abbr> e il gateway della sotto-rete. Il router <abbr class="abbrev">IPsec</abbr> ed il gateway della sottorete possono anche coincidere con un unico sistema con due scede di rete: una con un IP pubblico che agisce da router <abbr class="abbrev">IPsec</abbr>; l'altra con un IP privato che agisce da gateway per la sottorete privata. Ciascun router <abbr class="abbrev">IPsec</abbr> può usare il gateway della propria rete o un gateway pubblico per trasmettere i pacchetti all'altro router <abbr class="abbrev">IPsec</abbr>.
+ </div><div class="para">
+ Per configurare una connessione network-to-network <abbr class="abbrev">IPsec</abbr>, usare la seguente procedura:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ In un terminale, digitare <code class="command">system-config-network</code> per avviare l'interfaccia grafica di <span class="application"><strong>Amministrazione della rete</strong></span>, oppure dal menu d'avvio selezionare <span class="guimenuitem"><strong>Sistema > Amministrazione > Amministrazione della rete</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Nella scheda <span class="guilabel"><strong>IPsec</strong></span>, premere sul pulsante <span class="guibutton"><strong>Nuovo</strong></span> per avviare il wizard di configurazione.
+ </div></li><li class="listitem"><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per avviare la configurazione di una connessione <abbr class="abbrev">IPsec</abbr> network-to-network.
+ </div></li><li class="listitem"><div class="para">
+ Inserire un nome unico con cui indicare la connessione, per esempio <strong class="userinput"><code>ipsec0</code></strong>. Se si desidera attivare automaticamente la connessione all'avvio del computer, attivare la casella di controllo. Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Selezionare <span class="guilabel"><strong>Crittografia da rete a rete (VPN)</strong></span>, per il tipo di connessione e poi premere <span class="guibutton"><strong>Avanti</strong></span>.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n"><div class="para">
+ Selezionare il tipo di cifratura da usare: manuale o automatica.
+ </div><div class="para">
+ Se si sceglie la cifratura manuale, successivamente occorrerà fornire una chiave di cifratura. Se si seleziona la cifratura automatica, sarà il demone <code class="command">racoon</code> a creare la chiave di cifratura. Se si usa la cifratura automatica, occorre che sia installato il pacchetto <code class="filename">ipsec-tools</code>.
+ </div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div></li><li class="listitem"><div class="para">
+ Nella scheda <span class="guilabel"><strong>Rete Locale</strong></span>, inserire le seguenti informazioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Indirizzo locale</strong></span> — L'indirizzo IP della scheda di rete sul router <abbr class="abbrev">IPsec</abbr> connesso alla rete privata.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Maschera di sottorete locale</strong></span> — La subnet mask dell'indirizzo IP della rete locale
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Gateway della rete locale</strong></span> — L'indirizzo del gateway per la sottorete privata
+ </div></li></ul></div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Local_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_local.png" width="444" alt="Informazioni di rete locale" /><div class="longdesc"><div class="para">
+ Informazioni di rete locale
+ </div></div></div></div><h6>Figura 4.4. Informazioni di rete locale</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ Nella pagina <span class="guilabel"><strong>Rete remota</strong></span>, inserire le seguenti informazioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Indirizzo IP remoto</strong></span> — L'indirizzo IP pubblico del router <abbr class="abbrev">IPsec</abbr> dell'<span class="emphasis"><em>altra</em></span> rete privata. Nel nostro caso, per il router ipssec0, inserire l'IP del router ipsec1.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Indirizzo di rete remota</strong></span> — L'indirizzo della sottorete dietro all'<span class="emphasis"><em>altro</em></span> router <abbr class="abbrev">IPsec</abbr>. Nel nostro esempio, inserire <strong class="userinput"><code>192.168.1.0</code></strong> se si configura ipsec1, e <strong class="userinput"><code>192.168.2.0</code></strong> se si configura ipsec0.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Maschera di sottorete remota</strong></span> — La maschera della sottorete remota.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Gateway della rete remota</strong></span> — L'indirizzo IP del gateway per la rete remota.
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys-n"><div class="para">
+ Se nel passo 6 si è scelta la cifratura maunale, specificare la chiave di cifratura da usare o premere <span class="guibutton"><strong>Genera</strong></span> per crearne una.
+ </div><div class="para">
+ Specificare una chiave di autenticazione o premere <span class="guibutton"><strong>Genera</strong></span> per crearne una. Questa chiave può essere una combinazione di numeri, lettere e caratteri di punteggiatura.
+ </div></li></ul></div><div class="para">
+ Premere <span class="guibutton"><strong>Avanti</strong></span> per continuare.
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Remote_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_remote.png" width="444" alt="Informazioni di rete remota" /><div class="longdesc"><div class="para">
+ Informazioni di rete remota
+ </div></div></div></div><h6>Figura 4.5. Informazioni di rete remota</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ Nella pagina <span class="guilabel"><strong>IPsec — Sommario</strong></span>, rivedere le informazioni inserite e poi premere <span class="guibutton"><strong>Applica</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Per salvare la configurazione, selezionare <span class="guimenu"><strong>File</strong></span> => <span class="guimenuitem"><strong>Salva</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Per attivare la connessione, selezionare la connessione <abbr class="abbrev">IPsec</abbr> dalla lista, e poi premere <span class="guibutton"><strong>Attiva</strong></span>.
+ </div></li><li class="listitem"><div class="para">
+ Abilitare l'IP forwarding:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Modificare il file <code class="filename">/etc/sysctl.conf</code> impostando <code class="computeroutput">net.ipv4.ip_forward</code> su <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Usare il seguente comando per rendere effettiva la modifica:
+ </div><pre class="screen">[root at myServer ~]# /sbin/sysctl -p /etc/sysctl.conf</pre></li></ol></div></li></ol></div><div class="para">
+ Lo script di rete che attiva automaticamente la connessione <abbr class="abbrev">IPsec</abbr>, crea i percorsi di instradamento dei pacchetti, trasmettendoli, se necessario, attraverso il router <abbr class="abbrev">IPsec</abbr>.
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">4.2.1.7.2. Configurazione manuale di <abbr class="abbrev">IPsec</abbr> Network-to-Network</h5></div></div></div><div class="para">
+ Si supponga di voler connettere due <acronym class="acronym">LAN</acronym>, A (lana.example.com) e B (lanb.example.com), usando un tunnel <abbr class="abbrev">IPsec</abbr>. La <acronym class="acronym">LAN</acronym> A ha indirizzo 192.168.1.0/24, la <acronym class="acronym">LAN</acronym> B 192.168.2.0/24. Gli indirizzi IP dei gateway sono 192.168.1.254 per la <acronym class="acronym">LAN</acronym> A e 192.168.2.254 per la <acronym class="acronym">LAN</acronym> B. I router <abbr class="abbrev">IPsec</abbr> sono distinti da ciascun gateway e usano due schede di rete: ad eth0 è assegnato un indirizzo IP statico accessibile esternamente, connesso ad Internet, mentre eth1 funge da punto di routing processando e trasmettendo i pacchetti della <acronym class="acronym">LAN</acronym> da un nodo della rete ai suoi nodi remoti.
+ </div><div class="para">
+ La connessione <abbr class="abbrev">IPsec</abbr> tra le due <acronym class="acronym">LAN</acronym>, usa una chiave pre-condivisa di valore <code class="computeroutput">r3dh4tl1nux</code>, e gli amministratori di A e B decidono di usare <code class="command">racoon</code> per generare e condividere una chiave di autenticazione tra i router <abbr class="abbrev">IPsec</abbr>. L'amministratore della <acronym class="acronym">LAN</acronym> A decide di chiamare la propria connessione <code class="computeroutput">ipsec0</code>, mentre l'altro <code class="computeroutput">ipsec1</code>.
+ </div><div class="para">
+ Il seguente esempio, illustra il contenuto del file <code class="filename">ifcfg</code> per una connessione <abbr class="abbrev">IPsec</abbr> network-to-network sulla <acronym class="acronym">LAN</acronym> A. Il nome univoco che identifica la connessione è <abbr class="abbrev">ipsec0</abbr>, cosicchè il file risultante è <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec0</code>.
+ </div><pre class="screen">TYPE=IPSEC
+ONBOOT=yes
+IKE_METHOD=PSK
+SRCGW=192.168.1.254
+DSTGW=192.168.2.254
+SRCNET=192.168.1.0/24
+DSTNET=192.168.2.0/24
+DST=<em class="replaceable"><code>X.X.X.X</code></em></pre><div class="para">
+ I parametri contenuti nel file hanno il seguente significato:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">TYPE=IPSEC</span></dt><dd><div class="para">
+ Specifica il tipo di connessione
+ </div></dd><dt class="varlistentry"><span class="term">ONBOOT=yes</span></dt><dd><div class="para">
+ Specifica se la connessione si avvia al boot del sistema
+ </div></dd><dt class="varlistentry"><span class="term">IKE_METHOD=PSK</span></dt><dd><div class="para">
+ Specifica che la connessione usa il metodo di autenticazione pre-shared key (o chiave pre-condivisa).
+ </div></dd><dt class="varlistentry"><span class="term">SRCGW=192.168.1.254</span></dt><dd><div class="para">
+ L'indirizzo IP del gateway locale. Per la LAN A, è il gateway della LAN A e per la LAN B, è il gateway della LAN B.
+ </div></dd><dt class="varlistentry"><span class="term">DSTGW=192.168.2.254</span></dt><dd><div class="para">
+ L'indirizzo IP del gateway remoto. Per la LAN A, è il gateway della LAN B e per la LAN B è il gateway della LAN A.
+ </div></dd><dt class="varlistentry"><span class="term">SRCNET=192.168.1.0/24</span></dt><dd><div class="para">
+ Specifica l'indirizzo della rete locale, che per questo esempio è l'indirizzo di rete della LAN A.
+ </div></dd><dt class="varlistentry"><span class="term">DSTNET=192.168.2.0/24</span></dt><dd><div class="para">
+ Specifica l'indirizzo della rete remota, che per questo esempio è l'indirizzo di rete della LAN B.
+ </div></dd><dt class="varlistentry"><span class="term">DST=X.X.X.X</span></dt><dd><div class="para">
+ L'indirizzo IP pubblico esternamente accessibile, sulla rete remota (LAN B).
+ </div></dd></dl></div><div class="para">
+ L'esempio seguente riporta il contenuto del file della chiave pre-condivisa, <code class="filename">/etc/sysconfig/network-scripts/keys-ipsec<em class="replaceable"><code>X</code></em></code> (in cui <em class="replaceable"><code>X</code></em> è 0 ed 1, rispettivamente, per le <acronym class="acronym">LAN</acronym> A e B), usato da entrambe le reti per reciproca autenticazione. Il contenuto deve essere identico sulle due reti ed accessibile in lettura/scrittura soltanto all'utente root.
+ </div><pre class="screen">IKE_PSK=r3dh4tl1nux</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Per modificare i permessi al file <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> in modo che solo l'utente root possa leggere o modificare il file, usare il seguente comando:
+ </div><pre class="screen">chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ Per cambiare la chiave di autenticazione, modificare il file <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> su entrambi i router di <abbr class="abbrev">IPsec</abbr>. <span class="emphasis"><em>Le chiavi di autenticazione devono coincidere perchè la connessione funzioni correttamente</em></span>.
+ </div><div class="para">
+ Di seguito si riporta il contenuto del file di configurazione <code class="filename">/etc/racoon/racoon.conf</code> per la connessione <abbr class="abbrev">IPsec</abbr>. Notare che il parametro <code class="computeroutput">include</code> in basso, è inserito automaticamente ed è presente solo quando il tunnel <abbr class="abbrev">IPsec</abbr> è in esecuzione.
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</pre><div class="para">
+ Ciò che segue sono le impostazioni specifiche per la connessione alla rete remota. Il file è denominato <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> (dove <em class="replaceable"><code>X.X.X.X</code></em> è l'indirizzo IP del router <abbr class="abbrev">IPsec</abbr> remoto). Notare che questo file è creato automaticamente all'attivazione del tunnel <abbr class="abbrev">IPsec</abbr> e non dovrebbe essere esplicitamente modificato.
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ Prima di avviare la connessione <abbr class="abbrev">IPsec</abbr>, si dovrebbe abilitare l'IP forwarding nel kernel. Per abilitare l'IP forwarding, eseguire il seguente comando:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Modificare il file <code class="filename">/etc/sysctl.conf</code> impostando <code class="computeroutput">net.ipv4.ip_forward</code> su <strong class="userinput"><code>1</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Usare il seguente comando per rendere effettiva la modifica:
+ </div><pre class="screen">[root at myServer ~] # sysctl -p /etc/sysctl.conf</pre></li></ol></div><div class="para">
+ Per avviare la connessione <abbr class="abbrev">IPsec</abbr>, usare il seguente comando su ciascun router:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup ipsec0</pre><div class="para">
+ A questo punto le connessioni sono attivate ed entrambe le <acronym class="acronym">LAN</acronym> A e B possono comunicare tra loro. L'instradamento dei pacchetti è creato automaticamente dagli script di inizializzazione durante l'esecuzione di <code class="command">ifup</code> sulla connessione <abbr class="abbrev">IPsec</abbr>. Per visualizzare un elenco di percorsi di instradamento, usare il comando:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ip route list</pre><div class="para">
+ Per testare la connessione <abbr class="abbrev">IPsec</abbr>, eseguire l'utility <code class="command">tcpdump</code> sulla scheda di rete rivolta all'esterno (eth0 nel caso dell'esempio), che visualizza i pacchetti trasferiti tra gli host (o reti) e verifica se sono cifrati via IPsec. Per esempio, per verificare la connessione della <acronym class="acronym">LAN</acronym> A, usare il comando:
+ </div><pre class="screen">[root at myServer ~] # tcpdump -n -i eth0 host <em class="replaceable"><code>lana.example.com</code></em></pre><div class="para">
+ Il pacchetto dovrebbe includere un'intestazione AH ed essere segnato come ESP, ad indicare che si tratta di un pacchetto cifrato. Per esempio (le back slash denotano una continuazione di linea):
+ </div><pre class="screen">12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \
+ lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \
+ (ipip-proto-4)</pre></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">4.2.1.8. Avviare ed interrompere una connessione <abbr class="abbrev">IPsec</abbr></h4></div></div></div><div class="para">
+ Se la connessione <abbr class="abbrev">IPsec</abbr>, non è stata configurata per avviarsi al boot del sistema, si può usare un terminale da cui controllare l'avvio o l'interruzione.
+ </div><div class="para">
+ Per avviare la connessione <abbr class="abbrev">IPsec</abbr>, usare il seguente comando su ciascun host per una connessione host-to-host, o router per una connessione network-to-network:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup <em class="replaceable"><code><nickname></code></em></pre><div class="para">
+ dove <em class="replaceable"><code><nickname></code></em> è il nome precedentemente configurato, come <code class="computeroutput">ipsec0</code>.
+ </div><div class="para">
+ Per interrompere la connessione, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifdown <em class="replaceable"><code><nickname></code></em></pre></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Indietro</strong>Capitolo 4. Cifratura</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Avanti</strong>4.2.2. Secure Shell</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/apas02.html b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02.html
new file mode 100644
index 0000000..1ccbc69
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2. Cifratura a chiave pubblica</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Encryption_Standards.html" title="Appendice A. Standard di crittografia" /><link rel="prev" href="chap-Security_Guide-Encryption_Standards.html" title="Appendice A. Standard di crittografia" /><link rel="next" href="apas02s02.html" title="A.2.2. RSA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption_Standards.html"
><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="apas02s02.html"><strong>Avanti</strong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm40903296">A.2. Cifratura a chiave pubblica</h2></div></div></div><div class="para">
+ La crittografia a chiave pubblica è un algoritmo di cifratura, la cui caratteristica distintiva è l'uso di algoritmi a chiave asimmetrica in sostituzione o in aggiunta agli algoritmi a chiave simmetrica. Grazie all'uso delle tecniche di crittografia a chiave pubblica, sono diventati disponibili molti metodi pratici per proteggere le comunicazioni o per autenticare i messaggi. Essi non richiedono uno scambio iniziale sicuro di una o più chiavi segrete, come richiesto dagli algoritmi a chive simmetrica. Inoltre questi algoritmi di cifratura possono essere usati per creare firme digitali sicure.<sup>[<a id="idm40901616" href="#ftn.idm40901616" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ La crittografia a chiave pubblica è una tecnologia che si è diffusa in tutto il mondo ed è alla base di standard di comunicazioni e di autenticazioni usati in Internet, come TLS o Transport Layer Security, il successore di SSL, PGP e GPG.<sup>[<a id="idm32497440" href="#ftn.idm32497440" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ La tecnica che contraddistingue la crittografia a chiave pubblica è l'uso degli algoritmi a chiave asimmetrica, in cui la chiave usata per cifrare un messaggio non è la stessa per la sua decifrazione. Ogni utente ha una coppia di chiavi — una pubblica ed una privata. La chiave privata è tenuta segreta mentre l'altra è pubblicamente distribuita. I messaggi sono cifrati con la chiave pubblica e possono essere decifrati soltanto con la chiave privata corrispondente. Le chiavi sono matematicamente correllate tra loro ma la chiave privata non può essere facilmente ricavata, in termini di tempo e risorse dalla pubblica. Grazie alla sua invenzione, a partire dalla metà degli anni '70 del secolo scorso, si è sviluppata la crittografia informatica.<sup>[<a id="idm24949744" href="#ftn.idm24949744" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ In contrasto, gli algoritmi a chiave simmetrica di cui esistono innumerevoli varianti inventate nel corso di centinaia di anni, usano una unica chiave segreta, condivisa, usata sia per cifrare sia per decifrare. In questo schema di cifratura, la chiave segreta deve essere condivisa in anticipo.<sup>[<a id="idm24946960" href="#ftn.idm24946960" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ Poichè gli algoritmi a chiave simmetrica sono meno avidi di risorse di calcolo, è pratica comune scambiare una chiave usando un algoritmo di scambio chiavi, e cifrare i dati usando questa chiave ed un algoritmo a chiave simmetrica. PGP e la famiglia di protocolli SSL/TLS per esempio, usando questo schema e perciò vengono detti sistemi di cifratura ibridi.<sup>[<a id="idm27501856" href="#ftn.idm27501856" class="footnote">25</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm52117696">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Lo scambio di chiavi D-H (Diffie–Hellman) è un protocollo di crittografia, che consente a due interlocutori di scambiarsi tra loro una chiave condivisa segreta, su una rete non sicura. Questa chiave può essere usata per cifrare le successive comunicazioni usando un sistema di cifratura simmetrico. <sup>[<a id="idm52116288" href="#ftn.idm52116288" class="footnote">26</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm52114080">A.2.1.1. Storia del protocollo D-H</h4></div></div></div><div class="para">
+ Lo schema è stato pubblicato la prima volta da Whitfield Diffie e Martin Hellman nel 1976, sebbene si scoprì più tardi fosse già stato inventato alcuni anni prima all'interno del GCHQ (l'agenzia britannica della sicurezza, nonché dello spionaggio e controspionaggio), da parte di Malcolm J. Williamson, ma fino allora tenuto secretato. Nel 2002, Hellmann suggerì di denominare l'algoritmo scambio di chiavi Diffie–Hellman–Merkle, come riconoscimento al contributo apportato da parte di Ralph Merkle, all'invenzione della crittografia a chiave pubblica.<sup>[<a id="idm48075040" href="#ftn.idm48075040" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Sebbene lo scambio di chiavi Diffie-Hellman sia un protocollo di scambio anonimo (non-autenticato), esso fa da base per una varietà di protocolli di autenticazione.<sup>[<a id="idm48072384" href="#ftn.idm48072384" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ Il documento U.S. Patent 4,200,770, descrive l'algoritmo accreditando l'invenzione a Hellman, Diffie, e Merkle..<sup>[<a id="idm33523472" href="#ftn.idm33523472" class="footnote">29</a>]</sup>
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm40901616" href="#idm40901616" class="para">21</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm32497440" href="#idm32497440" class="para">22</a>] </sup>
+ "Cifratura a chiave pubblica" <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm24949744" href="#idm24949744" class="para">23</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm24946960" href="#idm24946960" class="para">24</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm27501856" href="#idm27501856" class="para">25</a>] </sup>
+ "Cifratura a chiave pubblica." <span class="emphasis"><em>Wikipedia.</em></span> 29 ago 2010 <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">http://it.wikipedia.org/wiki/Crittografia_asimmetrica</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm52116288" href="#idm52116288" class="para">26</a>] </sup>
+ "Diffie-Hellman" <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm48075040" href="#idm48075040" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm48072384" href="#idm48072384" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm33523472" href="#idm33523472" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 17 sett 2010 <a href="http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman">http://it.wikipedia.org/wiki/Scambio_di_chiavi_Diffie-Hellman</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption_Standards.html"><strong>Indietro</strong>Appendice A. Standard di crittografia</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="apas02s02.html"><strong>Avanti</strong>A.2.2. RSA</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s02.html b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s02.html
new file mode 100644
index 0000000..71c1562
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s02.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.2. RSA</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /><link rel="prev" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /><link rel="next" href="apas02s03.html" title="A.2.3. DSA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="apas02s03.html"><strong>Avanti</strong>
</a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm33520976">A.2.2. RSA</h3></div></div></div><div class="para">
+ In crittografia, l'RSA (RSA sta per Rivest, Shamir e Adleman che per primi lo descrissero pubblicamente), è un algoritmo di crittografia a chiave pubblica. E' il primo algoritmo noto per essere impiegato sia per autenticare sia per cifrare e la sua invenzione ha segnato il primo vero passo in avanti, nel campo della crittografia. L'RSA è ampiamente impiegato nei protocolli di comunicazione digitali, commerciali ed è considerato abbastanza sicuro con l'impiego di chiavi molto lunghe e con implementazioni moderne.<sup>[<a id="idm45717424" href="#ftn.idm45717424" class="footnote">30</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm45717424" href="#idm45717424" class="para">30</a>] </sup>
+ "RSA" <span class="emphasis"><em>Wikipedia</em></span> 23 ago 2010 <a href="http://it.wikipedia.org/wiki/RSA">http://it.wikipedia.org/wiki/RSA</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02.html"><strong>Indietro</strong>A.2. Cifratura a chiave pubblica</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="apas02s03.html"><strong>Avanti</strong>A.2.3. DSA</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s03.html b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s03.html
new file mode 100644
index 0000000..9e93830
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s03.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.3. DSA</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /><link rel="prev" href="apas02s02.html" title="A.2.2. RSA" /><link rel="next" href="apas02s04.html" title="A.2.4. SSL/TLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s02.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="apas02s04.html"><strong>Avanti</strong></a></li></u
l><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm45715056">A.2.3. DSA</h3></div></div></div><div class="para">
+ Il DSA (Digital Signature Algorithm) è uno standard di autenticazione digitale del Governo Federale degli Stati Uniti d'America (o FIPS). E' stato proposto dal NIST (National Institute of Standards and Technology), nell' agosto del 1991 per il suo impiego come standard (Digital Signature Standard o DSS) ed adottato nel 1993, specificato come FIPS 186. Una revisione minore compare nel 1996 specificato come FIPS 186-1. Lo standard è stato ulteriormente esteso nel 2000 come FIPS 186-2 e successivamente nel 2009 come FIPS 186-3.<sup>[<a id="idm41227488" href="#ftn.idm41227488" class="footnote">31</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm41227488" href="#idm41227488" class="para">31</a>] </sup>
+ "Digital Signature Algorithm"<span class="emphasis"><em>Wikipedia</em></span> 20 ago 2010 <a href="http://it.wikipedia.org/wiki/Digital_Signature_Algorithm">http://it.wikipedia.org/wiki/Digital_Signature_Algorithm</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s02.html"><strong>Indietro</strong>A.2.2. RSA</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="apas02s04.html"><strong>Avanti</strong>A.2.4. SSL/TLS</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s04.html b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s04.html
new file mode 100644
index 0000000..9ff539f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s04.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.4. SSL/TLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /><link rel="prev" href="apas02s03.html" title="A.2.3. DSA" /><link rel="next" href="apas02s05.html" title="A.2.5. Il sistema Cramer–Shoup" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s03.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="apas02s05.html"><strong>Avanti</s
trong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm41225152">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ Il TLS (Transport Layer Security) ed il suo predecessore, l'SSL (Secure Socket Layer), sono due protocolli di crittografia che assicurano la sicurezza delle comunicazioni, su reti non fidate come Internet. TLS ed SSL cifrano i segmenti ai capi delle connessioni, al livello del Transport Layer. Diverse versioni del protocollo sono ampiamente impiegate in applicazioni come browser web, client di posta elettronica, fax via Internet, client di chat e applicazioni VoIP (Voice over IP). TLS è un protocollo standard sostenuto dall'IETF, il cui ultimo aggiornamento si trova nel documento RFC 5246, basato sulle precedenti specifiche di SSL, sviluppate da Netscape Corporation.
+ </div><div class="para">
+ Il protocollo TLS permette alle applicazioni client/server di comunicare attraverso una rete, impedendo le intercettazioni e le manomissioni da parte di terzi. TLS attraverso la crittografia offre autenticazioni e trasmissioni sicure di dati sensibili tra gli endpoint di una rete non fidata, come Internet. TLS permette cifrature RSA sicure con chiavi da 1024 e 2048 bit.
+ </div><div class="para">
+ In un tipico utilizzo di un browser web, l'autenticazione TLS è unilaterale: soltanto il server è autenticato (il client conosce l'identità del server), il client no (il client rimane non autenticato o anonimo).
+ </div><div class="para">
+ Ma TLS supporta anche la più sicura modalità di connessione, bilaterale (tipicamente usata nelle applicazioni enterprise), in cui entrambi gli endpoint della "comunicazione" possono essere sicuri con chi stanno comunicando (a condizione di aver attentamente esaminato le informazioni di identità nel certificato dell'interlocutore). Ciò è nota come mutua autenticazione o 2SSL. La mutua autenticazione richiede che anche il lato client (del TLS) possegga un certificato (con un browser web di solito non si rientra in questo scenario). In alternativa si potrebbero impiegare TLS-PSK, Secure Remote Password (SRP) o altri protocolli in grado di garantire la reciproca autenticazione, in assenza di certificati.
+ </div><div class="para">
+ In genere, le informazioni e i certificati necessari per TLS sono gestiti sotto forma di certificati X.509 che impongono requisiti necessari su dati e sul loro formato.
+ </div><div class="para">
+ Il protocollo SSL opera in maniera modulare. Per impostazione progettuale, risulta estensibile con compatibilità retroattive e future.<sup>[<a id="idm23231680" href="#ftn.idm23231680" class="footnote">32</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm23231680" href="#idm23231680" class="para">32</a>] </sup>
+ "Transport Layer Security" <span class="emphasis"><em>Wikipedia</em></span> 7 ott 2010 <a href="http://it.wikipedia.org/wiki/Transport_Layer_Security">http://it.wikipedia.org/wiki/Transport_Layer_Security</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s03.html"><strong>Indietro</strong>A.2.3. DSA</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="apas02s05.html"><strong>Avanti</strong>A.2.5. Il sistema Cramer–Shoup</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s05.html b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s05.html
new file mode 100644
index 0000000..c7b4e7f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s05.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.5. Il sistema Cramer–Shoup</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /><link rel="prev" href="apas02s04.html" title="A.2.4. SSL/TLS" /><link rel="next" href="apas02s06.html" title="A.2.6. Cifratura ElGamal" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s04.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="apas02s06.html"><strong>Avanti</stron
g></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm32928320">A.2.5. Il sistema Cramer–Shoup</h3></div></div></div><div class="para">
+ Il sistema Cramer-Shoup è un algoritmo di cifratura a chiave simmetrica che si è dimostrato essere il primo schema efficiente contro attacchi di crittoanalisi basati su assunzioni crittografiche standard. La sua sicurezza deriva dalla intrattabilità computazionale dell'assunzione di Diffie–Hellman. Sviluppato da Ronald Cramer e Victor Shoup nel 1998, esso è una estensione del sistema Elgamal. A differenza di quest'ultimo, estremamente malleabile, Cramer–Shoup aggiunge ulteriori elementi per garantire la non-malleabilità anche contro attacchi molto consistenti. La sua non malleabilità deriva dall'uso di una funzione di hash <span class="emphasis"><em>collision resistance</em></span> e da ulteriore complessità computazionele, risultando in un testo cifrato doppio rispetto a Elgamal. <sup>[<a id="idm32926160" href="#ftn.idm32926160" class="footnote">33</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm32926160" href="#idm32926160" class="para">33</a>] </sup>
+ "Cramer–Shoup cryptosystem" <span class="emphasis"><em>Wikipedia</em></span> 5 October 2010 <a href="http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem">http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s04.html"><strong>Indietro</strong>A.2.4. SSL/TLS</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="apas02s06.html"><strong>Avanti</strong>A.2.6. Cifratura ElGamal</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s06.html b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s06.html
new file mode 100644
index 0000000..25c1696
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/apas02s06.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.6. Cifratura ElGamal</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /><link rel="prev" href="apas02s05.html" title="A.2.5. Il sistema Cramer–Shoup" /><link rel="next" href="appe-Publican-Revision_History.html" title="Appendice B. Cronologia Revisioni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s05.html"><strong>Indietro</strong></a></li><li class="next"><a accesske
y="n" href="appe-Publican-Revision_History.html"><strong>Avanti</strong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm26167120">A.2.6. Cifratura ElGamal</h3></div></div></div><div class="para">
+ In crittografia, il sitema ElGamal è un algoritmo di cifratura a chiave pubblica basato sul sistema di scambio di chiavi Diffie-Hellman. E' stato descritto la prima volta da Taher Elgamal nel 1985. La cifratura ElGamal viene usata nel software libero GNU Privacy Guard, in recenti versioni di PGP ed in altri sistemi di crittografia. La cifratura DSA è una variante dello schema di autenticazione ElGamal, da non confondersi con la cifratura ElGamal.<sup>[<a id="idm26165552" href="#ftn.idm26165552" class="footnote">34</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm26165552" href="#idm26165552" class="para">34</a>] </sup>
+ "ElGamal encryption" <span class="emphasis"><em>Wikipedia</em></span> 13 October 2010 <a href="http://en.wikipedia.org/wiki/ElGamal_encryption">http://en.wikipedia.org/wiki/ElGamal_encryption</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s05.html"><strong>Indietro</strong>A.2.5. Il sistema Cramer–Shoup</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="appe-Publican-Revision_History.html"><strong>Avanti</strong>Appendice B. Cronologia Revisioni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html b/public_html/it-IT/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html
new file mode 100644
index 0000000..5a915b1
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendice B. Cronologia Revisioni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="apas02s06.html" title="A.2.6. Cifratura ElGamal" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s06.html"><strong>Indietro</strong></a></li><li class="next"></li></ul><div xml:lang="it-IT" class="appendix" id="appe-Publican-Revision_History" lang="it-IT"><div class="titlepage"><div><div><h1 clas
s="title">Cronologia Revisioni</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><strong>Diario delle Revisioni</strong></th></tr><tr><td align="left">Revisione 18.0-1</td><td align="left">Sat October 6 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Sistemato il capitolo Basic Hardening (BZ 841825 e 693620).</td></tr><tr><td>Sistemato il link LUKS (BZ 846299).</td></tr><tr><td>Aggiunta sezione GUI al capitolo 7 Zip (BZ 854781).</td></tr><tr><td>Sistemato capitolo yum-plugin-security (BZ 723282).</td></tr><tr><td>Sistemato GPG CLI command screen (BZ 590493).</td></tr><tr><td>Migliorata sezione Yubikey (BZ 644238).</td></tr><tr><td>Sistemato typos (BZ 863636).</td></tr><tr><td>Rimosso margine wiki in alcuni capitoli.</td></tr><tr><td>Istruzioni Seahorse aggiornate.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 17.0-1</td><td align="left">Tue January 24 2012</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched per Fedora 17.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 16.0-1</td><td align="left">Fri September 09 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiornato per Fedora 16.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.3-1</td><td align="left">Sat Apr 02 2011</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>VPN spostato al capitolo Cifratura e riformattato.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.2-1</td><td align="left">Wed Oct 20 2010</td><td align="left"><span class="author"><span class="firstname">Zach</span> <span class="surname">Oglesby</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto testo per l'utilizzo di Yubikey su Fedora con autenticazione locale. (BZ 644999)</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.2-0</td><td align="left">Fri Oct 6 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Eliminato tutte le variabili nel sorgente del documento.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.1-2</td><td align="left">Fri Oct 1 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretto il link a DISA Unix Checklist ed aggiornato link</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.1-1</td><td align="left">Wed Jul 8 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto il capitolo su CVE</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 14.0-1</td><td align="left">Fri May 28 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Branched per Fedora 14</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-7</td><td align="left">Fri May 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rimosso "bug" di testo dal capitolo 7-Zip (bug 591980).</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-6</td><td align="left">Wed Apr 14 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Completato l'appendice sugli standard di cifratura</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto "Usare GPG in Alpine".</td></tr><tr><td>Aggiunto "Usare con Evolution".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretto alcuni problemi riguardanti alcuni paragrafi non traducibili.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rimosso il riferimento alla vulnerabilità a PackagKit presente in Fedora 12.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto la Cronologia Revisioni alla fine del documento.</td></tr><tr><td>Aggiunto l'appendice "Standard di Cifratura".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 branch.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Ri-aggiornato la sezione "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiornato la sezione "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto la sezione "Local users may install trusted packages".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto informazioni di Wikipedia all'appendice "Standard di cifratura".</td></tr><tr><td>Aggiunto Adam Ligas alla pagina degli autori, per il suo contributo allo sviluppo della sezione "7-Zip".</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiornato la licenza a CC-BY-SA.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Risolto il problema relativo al Bug 515043.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretto le informazioni sui rivenditori in SPEC.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="firstname">Fedora</span> <span class="surname">Release Engineering</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Ricompilato per for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Aggiunto "desktop-file-utils" a BUILDREQUIRES in spec.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Rimosso porzioni di testo più specifiche a rhel e revisioni maggiori.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Risolto diversi problemi minori.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Nuovi screenshots per F11 in sosituzione di quelli esistenti/datati.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Modificato le specifiche LUKS per Fedora 9, incluse quelle delle versioni più recenti.</td></tr><tr><td>Risolti alcuni collegamenti a siti web, in particolare i link alla NSA.</td></tr><tr><td>Modifiche minori di formattazione.</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Inserito lo screenshot mancante sulla configurazione di un firewall</td></tr></table>
+
+ </td></tr><tr><td align="left">Revisione 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Corretti alcuni termini non esatti della fase di validazione. Convertiti in Fedora, precedenti riferimenti Red Hat.</td></tr></table>
+
+ </td></tr></table></div>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s06.html"><strong>Indietro</strong>A.2.6. Cifratura ElGamal</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
new file mode 100644
index 0000000..a10d31b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 2. Guida base all'hardening</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html" title="1.5.4. Applicare i cambiamenti" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html" title="2.2. Perchè è importante?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-S
ecurity_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Basic_Hardening" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 2. Guida base all'hardening</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Basic_Hardening.html#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Principi generali</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html">2.2. Perchè è importante?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security.html">2.3. Sicurezza fisica</a></span></dt><dt><span class="section"><a href="sect-Security
_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html">2.4. Perchè è importante</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html">2.5. Cos'altro posso fare?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Up_to_date.html">2.7. Mantenere il software aggiornato</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Services.html">2.8. Servizi</a></span></dt><dt><span class="section"><a href="
sect-Security_Guide-Basic_Hardening-NTP.html">2.9. NTP</a></span></dt></dl></div><div class="para">
+ La <a href="http://www.nsa.gov">US National Security Agency</a> (NSA) ha messo a punto due guide per l'hardening di una installazione standard di Red Hat Enterprise Linux 5. Molti dei suggerimenti forniti in queste guide sono valide anche per le installazioni di Fedora. Questa guida base dell'hardening riguarderà porzioni della NSA Hardening Tips e spiegherà perché l'implementazione di tali suggerimenti è importante. Il presente documento non rappresenta l'intera guida NSA all'Hardening.
+ </div><div class="para">
+ Come per qualsiasi modifica di un sistema questi cambiamenti potrebbero portare a risultati indesiderati. Le modifiche dovrebbero essere valutate sul sistema prima di atturle.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Principi generali</h2></div></div></div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Criptare tutti i dati trasmessi in rete. L'informazione di autenticazione criptata (come le password) è particolarmente importante. </td></tr><tr><td>Limitare la quantità del software installato ed avviato in modo da ridurre le vulneràbilità.</td></tr><tr><td>Usare software di security-enhancing e gli strumenti disponibili (ad esempio SELinux e IPTables).</td></tr><tr><td>Avviare ogni servizio di rete su un server separato se possibile. Questo limita i rischi di compromissione da un servizio ad altri.</td></tr><tr><td>Mantenere gli account utente. Creare delle buone regole per le password e blindarne l'uso. Eliminare gli account utente inutilizzati.</td></tr><tr><td>Rivedere i log di sistema e applicazioni su base programmata. Inviare i log su server dedicati. Questo inpedisce le intrusioni evitando il rilevamento di modifiche locali.</td></tr><tr><td>Mai accedere come root, a meno che non strettamente
necessario. Gli amministratori dovrebbero usare <code class="command">sudo</code> per eseguire i comandi come root quando richiesti. Gli account che usano sudo sono specificati in <code class="filename">/etc/sudoers</code>, che è modificato tramite l'utilità visudo. Normalmente i log rilevanti sono scritti in <code class="filename">/var/log/secure</code>.</td></tr></table>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Indietro</strong>1.5.4. Applicare i cambiamenti</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Avanti</strong>2.2. Perchè è importante?</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html
new file mode 100644
index 0000000..0e46568
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 8. Common Vulnerabilities and Exposures</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="7.4. Installare pacchetti firmati da repository fidati" /><link rel="next" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html" title="8.2. Usare yum-plugin-security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-CVE" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 8. Common Vulnerabilities and Exposures</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">8.1. Plugin YUM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html">8.2. Usare yum-plugin-security </a></span></dt></dl></div><div class="para">
+ Il sistema CVE o Common Vulnerabilities and Exposures (Vulnerabilità ed Esposizioni Comuni), offre un sistema di riferimento per vulnerabilità e falle di sicurezza note pubblicamente. ITRE Corporation gestisce il sistema con fondi del National Cyber Security Division del Department of Homeland Security degli Stati Uniti d'America.
+ </div><div class="para">
+ MITRE Corporation assegna un identificatore CVE ad ogni vulnerabilità o falla di sicurezza. Il CVE è usato per tracciare la vulnerabilità nei vari pezzi di codice, dato che una singolo CVE può interessare diversi pacchetti software e diversi rivenditori.
+ </div><div class="section" id="sect-Security_Guide-CVE-yum_plugin"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin">8.1. Plugin YUM</h2></div></div></div><div class="para">
+ Il pacchetto <span class="package">yum-plugin-security</span> è una caratteristica di Fedora. Se installato, questo modulo di yum fa in modo di recuperare soltanto gli aggiornamenti di sicurezza. Può essere usato anche per fornire informazioni sull'avviso Red Hat, sul bug nel database di Bugzilla Red Hat o sul numero di CVE dalla directory del MITR, cui fa riferimento l'aggiornamento di un pacchetto.
+ </div><div class="para">
+ Per abilitare questa caratterisitica basta semplicemente installare il plugin con il comando <code class="command">yum install yum-plugin-security</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Indietro</strong>7.4. Installare pacchetti firmati da repository f...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>Avanti</strong>8.2. Usare yum-plugin-security </a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html
new file mode 100644
index 0000000..cc7a19d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 4. Cifratura</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="3.9.6.2. Utili siti web su IPTables" /><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Dati in Movimento" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Res
ources-Useful_IP_Tables_Websites.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Encryption" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 4. Cifratura</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Dati a Riposo</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Completa cifratura del disco</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. Cifratura basata su file</a></span></dt></dl></dd><dt><span class="section"><a
href="Security_Guide-Encryption-Data_in_Motion.html">4.2. Dati in Movimento</a></span></dt><dd><dl><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPN)</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">4.2.3. Cifratura disco con LUKS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">4.2.4. Archivi 7-Zip cifrati</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">4.2.5. Usare GNU Privacy Guard (GnuPG)</a></span></dt></dl></dd></dl></div><div class="para">
+ Esistono due principali tipi di dati che devono essere protetti: i dati a riposo e i dati in movimento. Questi differenti tipi di dati sono protetti in modo simile, usando tecnologie simili ma le implementazioni possono essere completamente differenti. Nessuna implementazione, per quanto sicura, può sentirsi tale contro tutti i possibili metodi di compromissione, proprio perchè l'informazione può essere a riposo e in movimento in differenti istanti di tempo.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Data_at_Rest"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">4.1. Dati a Riposo</h2></div></div></div><div class="para">
+ I dati a riposo sono i dati immagazzinati su disco fisso, nastro, CD, DVD o altro supporto. La principale minaccia contro questo tipo di dati è rappesentata dal furto. I portatili negli aereoporti, i CD spediti per posta e i nastri di backup che vengono lasciati nei posti sbagliati sono tutti esempi di eventi in cui i dati possono essere compromessi da un furto. Se i dati sono stati cifrati allora non c'è da preoccuparsi così tanto della loro compromissione.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Completa cifratura del disco</h3></div></div></div><div class="para">
+ La completa cifratura del disco o di una sua partizione, rappresenta uno dei metodi migliori per proteggere i dati. Non solo è protetto ogni file ma anche la memoria temporanea contenente parti di questi file. La completa cifratura del disco è in grado di proteggere tutti i file, evitando all'utente la preoccupazione di quali file proteggere ed eventuali sue dimenticanze.
+ </div><div class="para">
+ Fedora 14 (e le versioni precedenti fino a Fedora 9), supporta in modo nativo la cifratura LUKS. LUKS cifra le partizioni del disco fisso proteggendo i dati quando il computer è inattivo. Inoltre protegge il computer anche da attaccanti che in modalità <span class="emphasis"><em>single user</em></span> o in altro modo riescono ad accedere al computer.
+ </div><div class="para">
+ Soluzioni di cifratura del disco come LUKS, proteggono i dati solo quando il computer è spento. Una volta attivo e decifrato da LUKS, i file sul disco diventano disponibili a chiunque abbia accesso alla macchina. Per proteggere i file quando il computer è acceso, usare la cifratura del disco in combinazione con un'altra soluzione, come la cifratura basata su file. Ricordare inoltre che è buona norma bloccare il computer, ogni qualvolta ci si allontana dalla propria postazione. Impostare un salvaschermo protetto da frase d'accesso che si attivi dopo qualche minuto di inattività, è un buon modo per mantenere lontani eventuali intrusi.
+ </div></div><div class="section" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. Cifratura basata su file</h3></div></div></div><div class="para">
+ GnuPG (GPG) è una versione open source di PGP che consente di firmare e/o cifrare un file o un messaggio email. Ciò serve a garantire l'integrità del messaggio o del file ed inoltre protegge la confidenzialità delle informazioni contenute. Nel caso delle mail GPG fornisce una doppia protezione. Non solo fornisce la protezione dei Dati a Riposo ma anche dei Dati in Movimento.
+ </div><div class="para">
+ La cifratura basata su file serve a proteggere il file dopo che esso ha lasciato il computer, come quando si spedisce un CD per posta. Alcune soluzioni lasciano dei residui del file cifrato, che un attaccante con accesso fisico al computer, in determinate circostanze, può usare per ripristinare il file cifrato. Per proteggere i contenuti di questi file da utenti maliziosi, usare la cifratura basata su file in combinazione con altre soluzioni, come la completa cifratura del disco.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Indietro</strong>3.9.6.2. Utili siti web su IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Avanti</strong>4.2. Dati in Movimento</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html
new file mode 100644
index 0000000..b3edc6f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendice A. Standard di crittografia</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="chap-Security_Guide-References.html" title="Capitolo 9. Riferimenti" /><link rel="next" href="apas02.html" title="A.2. Cifratura a chiave pubblica" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-References.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n"
href="apas02.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="appendix" id="chap-Security_Guide-Encryption_Standards" lang="it-IT"><div class="titlepage"><div><div><h1 class="title">Standard di crittografia</h1></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm30149184">A.1. Crittografia sincrona</h2></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm47570672">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ In crittografia, lo standard AES (Advanced Encryption Standard) è un algoritmo di cifratura standard adottato dal governo degli Stati Uniti d'America. Lo standard prevede tre blocchi di cifratura, AES-128, AES-192 e AES-256, adottati da una collezione più larga originariamente nota come Rijndael. Ciascuna blocco di cifratura di 128 bit ha chiavi da 128, 192 e 256 bit, rispettivamente. Le cifrature AES sono state ampiamente analizzate e ora sono usate in tutto il mondo in sostituzione del suo predecessore il DES (Data Encryption Standard).<sup>[<a id="idm31492048" href="#ftn.idm31492048" class="footnote">15</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm18521392">A.1.1.1. Usi dell'AES</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm22096448">A.1.1.2. Storia dell'AES</h4></div></div></div><div class="para">
+ L'AES è stato annunciato dal NIST (National Institute of Standards and Technology), nel U.S. FIPS PUB 197 (FIPS 197) il 26 novembre del 2001, dopo un periodo di standardizzazione durato cinque anni, in cui quindici progetti alternativi sono stati analizzati e studiati, riconoscendo il Rijndael come il più adatto (vedere il processo di sviluppo dell'Advanced Encryption Standard, per maggiori dettagli). L'AES è divenuto uno standard effettivo il 26 maggio 2002. E' disponibile in diversi pacchetti di cifratura. L'AES è il primo algoritmo di cifratura pubblicamente accessibile ed aperto, approvato dall'NSA per proteggere informazioni top secret. <sup>[<a id="idm34001712" href="#ftn.idm34001712" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ L'algoritmo di cifratura Rijndael è stato progettato da due progettisti belgi, Joan Daemen e Vincent Rijmen. Il nome Rijndael è una parola composta da parti di nome dei due inventori.<sup>[<a id="idm28405648" href="#ftn.idm28405648" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm16286192">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ Lo standard DES (Data Encryption Standard), è un cifrario a blocchi, scelto dal National Bureau of Standards degli Stati Uniti d'America, come standard per cifrare le informazioni delle agenzie federali (o FIPS: Federal Information Processing Standard), a partire dal 1976 e poi adottato globalmente da altri Stati. Il DES si basa su un algoritmo di cifratura a chiave simmetrica di 56 bit. L'algoritmo fin dai suoi esordi presentava diverse difficoltà nei suoi elementi progettuali con una chiave relativamente corta e il sospetto di manomissioni da parte dell'NSA (National Security Agency). Conseguentemente il DES divenne oggetto di approfondite anailsi da parte di numerose università che portarono alle attuali conoscenze sugli algoritmi di crittografia e sulle tecniche di crittoanalisi.<sup>[<a id="idm38947104" href="#ftn.idm38947104" class="footnote">18</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm22076224">A.1.2.1. Usi del DES</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm22074784">A.1.2.2. Storia del DES</h4></div></div></div><div class="para">
+ Il DES è ufficialmente riconosciuto come insicuro per molte applicazioni, principlamente a causa della scarsa lunghezza della chiave, 56 bit. Nel gennaio 1999 due agenzie, la Distributed.net e la Electronic Frontier Foundation collaborarono insieme, per forzare pubblicamente una chiave DES in circa 22 ore e 15 minuti. Inoltre esistono diversi studi teorici, di difficile implementazione pratica, che dimostrano la debolezza dell'algoritmo di cifratura. L'algoritmo acquista maggiore sicurezza pratica nella forma di Triple DES, persistendo tuttavia la sua vulnerabilità teorica. In tempi recenti, il DES è stato superato e sostituito dall'AES (Advanced Encryption Standard).<sup>[<a id="idm29314512" href="#ftn.idm29314512" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ In alcuni documenti, DES può indicare lo standard di cifratura o indicare l'algoritmo, detto DEA (the Data Encryption Algorithm).<sup>[<a id="idm29312048" href="#ftn.idm29312048" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm31492048" href="#idm31492048" class="para">15</a>] </sup>
+ "Advanced Encryption Standard" <span class="emphasis"><em>Wikipedia.</em></span> 28 sett 2010 <a href="http://it.wikipedia.org/wiki/Advanced_Encryption_Standard">http://it.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm34001712" href="#idm34001712" class="para">16</a>] </sup>
+ "Advanced Encryption Standard" <span class="emphasis"><em>Wikipedia.</em></span> 28 sett 2010 <a href="http://it.wikipedia.org/wiki/Advanced_Encryption_Standard">http://it.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm28405648" href="#idm28405648" class="para">17</a>] </sup>
+ "Advanced Encryption Standard" <span class="emphasis"><em>Wikipedia</em></span> 28 sett 2010 <a href="http://it.wikipedia.org/wiki/Advanced_Encryption_Standard">http://it.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm38947104" href="#idm38947104" class="para">18</a>] </sup>
+ "Data Encryption Standard" <span class="emphasis"><em>Wikipedia</em></span> 20 sett 2010 <a href="http://it.wikipedia.org/wiki/Data_Encryption_Standard">http://it.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm29314512" href="#idm29314512" class="para">19</a>] </sup>
+ "Data Encryption Standard" <span class="emphasis"><em>Wikipedia.</em></span> 20 sett 2010 <a href="http://it.wikipedia.org/wiki/Data_Encryption_Standard">http://it.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm29312048" href="#idm29312048" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 20 sett 2010 <a href="http://it.wikipedia.org/wiki/Data_Encryption_Standard">http://it.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-References.html"><strong>Indietro</strong>Capitolo 9. Riferimenti</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="apas02.html"><strong>Avanti</strong>A.2. Cifratura a chiave pubblica</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html
new file mode 100644
index 0000000..49ef54d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 5. Principi generali di Sicurezza dell'Informazione</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="4.2.5.7. Sulla crittografia a chive pubblica" /><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="Capitolo 6. Installazione sicura" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security
_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-General_Principles_of_Information_Security" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 5. Principi generali di Sicurezza dell'Informazione</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Consigli, guide e strumenti</a></span></dt></dl></div><div class="para">
+ I seguenti principi generali offrono una panoramica sulle buone pratiche di sicurezza:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cifrare i dati trasmessi in rete per ridurre gli attacchi tipo man-in-the-middle e le possibilità di intercettazione. E' particolarmente importante cifrare le informazioni di autenticazione come le password.
+ </div></li><li class="listitem"><div class="para">
+ minimizzare la quantità di software installato e dei servizi in esecuzione.
+ </div></li><li class="listitem"><div class="para">
+ usare software e strumenti che aumentino la sicurezza come Security-Enhanced Linux (SELinux) per controlli MAC (Mandatory Access Control), iptables di Netfilter per il filtraggio di pacchetti (firewall) e GNU Privacy Guard (GnuPG) per cifrare file.
+ </div></li><li class="listitem"><div class="para">
+ eseguire se possibile, ogni servizio di rete su un server differente per minimizzare il rischio che la compromissione di un servizio possa essere usato per compromettere anche altri servizi.
+ </div></li><li class="listitem"><div class="para">
+ mantenere gli account utenti: creare e rinforzare la policy delle password; eliminare gli account utente non usati.
+ </div></li><li class="listitem"><div class="para">
+ controllare regolarmente i log di sistema e delle applicazioni. Per impostazione, gli avvisi (log) di sistema relativi alla sicurezza sono salvati nei file <code class="filename">/var/log/secure</code> e <code class="filename">/var/log/audit/audit.log</code>. Nota: la trasmissione dei log su un server dedicato serve ad impedire che gli attaccanti possano facilmente modificare i log locali eliminando le tracce dei loro tentativi di intrusione.
+ </div></li><li class="listitem"><div class="para">
+ non accedere mai direttamente come root a meno che non sia assolutamente necessario. Gli amministratori dovrebbero usare <code class="command">sudo</code> per eseguire comandi root. Gli account che possono usare <code class="command">sudo</code> sono specificati in <code class="filename">/etc/sudoers</code>. Usare lo strumento <code class="command">visudo</code> per modificare il file <code class="filename">/etc/sudoers</code>.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Consigli, guide e strumenti</h2></div></div></div><div class="para">
+ L'agenzia statunitense <a href="www.nsa.gov">NSA</a> (National Security Agency), fornisce fondamentali guide e consigli per molti sitemi operativi, per aiutare le agenzie governative, le aziende e gli individui a rendere sicuri i propri sistemi da attacchi informatici. Per esempio, le seguenti guide in formato PFD, sono dedicate al sistema Red Hat Enterprise Linux 5:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf">Hardening Tips for the Red Hat Enterprise Linux 5</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf">Guide to the Secure Configuration of Red Hat Enterprise Linux 5</a>
+ </div></li></ul></div><div class="para">
+ L'agenzia <a href="http://www.disa.mil/">DISA</a> (Defense Information Systems Agency), fornisce documenti, checklist e test (<a href="http://iase.disa.mil/index2.html">I.A.S.E.</a> o Information Assurance Support Environment), che aiutano a rendere sicuro il proprio sistema. <a href="http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf">U.S.T.I.G.</a> (pdf) o Unix Security Technical Implementation Guide, è una guida sulla sicurezza in UNIX - una guida per utenti avanzati di UNIX e Linux.
+ </div><div class="para">
+ Il pacchetto <a href="http://iase.disa.mil/stigs/downloads/zip/unclassified_unix_checklist_v5r1-26_20100827.zip">UNIX Security Checklist Version 5, Release 1.26</a> fornito dalla DISA, contiene una raccolta di documenti e checklist che vanno dai permessi da assegnare ai file ai controlli da fare sul sistema.
+ </div><div class="para">
+ Inoltre, la DISA ha reso disponibile degli script <a href="http://iase.disa.mil/stigs/SRR/unix.html">UNIX SPR</a> che permettono agli amministratori di controllare specifiche impostazioni di sistema. Questi script elencano in un rapporto, in formato XML, tutte le vulnerabilità note presenti nel sistema.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Indietro</strong>4.2.5.7. Sulla crittografia a chive pubblica</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Avanti</strong>Capitolo 6. Installazione sicura</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html
new file mode 100644
index 0000000..67c50e1
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 9. Riferimenti</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html" title="8.2. Usare yum-plugin-security" /><link rel="next" href="chap-Security_Guide-Encryption_Standards.html" title="Appendice A. Standard di crittografia" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-CVE-yum_p
lugin-using_yum_plugin_security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption_Standards.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-References" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 9. Riferimenti</h2></div></div></div><div class="para">
+ I seguenti riferimenti sono collegamenti ad ulteriori informazioni rilevanti in SELinux e Fedora ma che esulano dagli scopi di questa guida. Notare che dato il rapido sviluppo di SELinux, alcuni materiali potrebbero applicarsi solo a specifiche versioni di Fedora.
+ </div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>Libri</h6><dl><dt class="varlistentry"><span class="term">SELinux by Example</span></dt><dd><div class="para">
+ Mayer, MacMillan, and Caplan
+ </div><div class="para">
+ Prentice Hall, 2007
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Tutorials_and_Help"><h6>Tutorial ed aiuto</h6><dl><dt class="varlistentry"><span class="term">Understanding and Customizing the Apache HTTP SELinux Policy</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-apache-fc3/">http://docs.fedoraproject.org/selinux-apache-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Tutorials and talks from Russell Coker</span></dt><dd><div class="para">
+ <a href="http://www.coker.com.au/selinux/talks/ibmtu-2004/">http://www.coker.com.au/selinux/talks/ibmtu-2004/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Generic Writing SELinux policy HOWTO</span></dt><dd><div class="para">
+ <a href="http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html">http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Red Hat Knowledgebase</span></dt><dd><div class="para">
+ <a href="http://kbase.redhat.com/">http://kbase.redhat.com/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-General_Information"><h6>Informazioni generali</h6><dl><dt class="varlistentry"><span class="term">Sito web NSA SELinux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/selinux/</a>
+ </div></dd><dt class="varlistentry"><span class="term">NSA SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/faqs.shtml">http://www.nsa.gov/selinux/info/faq.cfm</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html">http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux NSA's Open Source Security Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.oreilly.com/catalog/selinux/">http://www.oreilly.com/catalog/selinux/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Technology"><h6>Tecnologia</h6><dl><dt class="varlistentry"><span class="term">Una introduzione a Object Classes and Permissions</span></dt><dd><div class="para">
+ <a href="http://www.tresys.com/selinux/obj_perms_help.html">http://www.tresys.com/selinux/obj_perms_help.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Integrating Flexible Support for Security Policies into the Linux Operating System (una retrospettiva sull'implementazione di Flask in Linux)</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf">http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">Implementing SELinux as a Linux Security Module</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">A Security Policy Configuration for the Security-Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml">http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Community"><h6>Community</h6><dl><dt class="varlistentry"><span class="term">Fedora SELinux User Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-user-guide/">http://docs.fedoraproject.org/selinux-user-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux Managing Confined Services Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide/">http://docs.fedoraproject.org/selinux-managing-confined-services-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux community page</span></dt><dd><div class="para">
+ <a href="http://selinux.sourceforge.net">http://selinux.sourceforge.net</a>
+ </div></dd><dt class="varlistentry"><span class="term">IRC</span></dt><dd><div class="para">
+ irc.freenode.net, #selinux, #fedora-selinux, #security
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-History"><h6>Storia</h6><dl><dt class="varlistentry"><span class="term">Quick history of Flask</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Full background on Fluke (Flux µ-kernel Environment)</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>Indietro</strong>8.2. Usare yum-plugin-security </a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption_Standards.html"><strong>Avanti</strong>Appendice A. Standard di crittografia</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html
new file mode 100644
index 0000000..0820be3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 6. Installazione sicura</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Capitolo 5. Principi generali di Sicurezza dell'Informazione" /><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="6.2. Utilizzo di LUKS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Secure_Installation" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 6. Installazione sicura</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Partizioni del disco</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">6.2. Utilizzo di LUKS</a></span></dt></dl></div><div class="para">
+ La sicurezza inizia nel momento in cui si inserisce il CD o DVD nel lettore per installare Fedora. Configurare il sistema in modo sicuro dall'inizio, semplifica l'implementazione di ulteriori impostazioni di sicurezza successive.
+ </div><div class="section" id="sect-Security_Guide-Secure_Installation-Disk_Partitions"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Partizioni del disco</h2></div></div></div><div class="para">
+ L'NSA raccomanda di creare partizioni separate per /boot, /, /home, /tmp e /var/tmp. Le motivazioni di questa scelta sono le seguenti:
+ </div><div class="para">
+ /boot - Questa partizione è la prima ad essere letta dal sistema durante la fase di avvio del sistema. Il boot loader e le immagini kernel usate per avviare il sistema Fedora, si trovano in questa partizione. La partizione non dovrebbe essere cifrata. Se i dati di questa partizione fossero inclusi in / e quest'ultima venisse cifrata o diventasse inutilizzabile allora il sistema non sarebbe capace di avviarsi.
+ </div><div class="para">
+ /home - Se i dati utente si trovassero in / invece che in una partizione separata, la partizione si riempirebbe a tal punto da portare all'instabilità del sistema operativo. Inoltre, l'up-grade del sistema è molto più semplice se i dati utente si trovano nella proporia partizione di /home, in quanto essi non vengono modificati durante l'aggiornamento di Fedora. Inoltre, se la partizione / si corrompe tutti i dati utente potrebbero, molto probabilmente, andare perduti per sempre. Invece una partizione separata garantisce una migliore protezione contro la perdita dei dati. In tal modo si possono anche programmare backup regolari di questa partizione.
+ </div><div class="para">
+ /tmp e /var/tmp - Sia la directory /tmp sia la directory /var/tmp sono usate per contenere i dati temporanei, cioè che non hanno una lunga durata. Inoltre, se un flusso di dati satura una di queste directory esso potrebbe riempire tutto lo spazio disponibile. In tal caso e se le directory si trovassero in / il sistema diventerebbe presto instabile e ci sarebbe un crash. Per questo motivo è una buona idea realizzare partizioni separate per queste directory.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Indietro</strong>Capitolo 5. Principi generali di Sicurezza dell'I...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Avanti</strong>6.2. Utilizzo di LUKS</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html
new file mode 100644
index 0000000..7f18ba6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html
@@ -0,0 +1,528 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 3. Proteggere la rete locale</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-NTP.html" title="2.9. NTP" /><link rel="next" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Indietro</strong></a></li><li class="next
"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Securing_Your_Network" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 3. Proteggere la rete locale</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Analizzare la sicurezza di una workstation</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. Protezione del BIOS e del Boot Loader</a></span></dt><dt><span class="section"><a href="chap-Secur
ity_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Protezione delle password</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Controlli amministrativi</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Servizi di rete disponibili</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Firewall personali</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Strumenti di comunicazione che aumentano la sicurezza</a></span></dt></dl></dd><dt><span class=
"section"><a href="sect-Security_Guide-Server_Security.html">3.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Proteggere i servizi con TCP Wrapper e xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">3.2.2. Proteggere Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">3.2.3. Proteggere NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">3.2.4. Proteggere NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">3.2.5. Proteggere HTTP Apache</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">3.2.6. Proteggere FTP</
a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">3.2.7. Proteggere Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">3.2.8. Controllare le porte in ascolto</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduzione</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">3.3.2. Primo utilizzo di una nuova Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">3.3.3. Come funziona la registrazione di una Smart Card</a></span></dt>
<dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">3.3.4. Come funziona l'accesso via Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">3.3.5. Configurare Firefox ad usare Kerberos con SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Utilizzo di Yubikey con un server centralizzato</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Yubikey-Web_Sites.html">3.4.2. Autenticazione ai siti web con la Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span
class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Vantaggi di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">3.5.2. File di configurazione di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">3.5.3. Formato del file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">3.5.4. Un esempio di file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">3.5.5. Creare moduli PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Aut
hentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">3.5.6. Caching delle credenziali PAM ed Amministrative</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">3.5.7. Proprietario di PAM e di Dispositivo</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">3.5.8. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">3.6. TCP Wrapper e xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrapper</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">3.6.2. File di configurazione di TCP Wrapper</a></span></dt><dt><spa
n class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">3.6.4. File di configuratione di xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">3.6.5. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Cos'è Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">3.7.2. Terminologia Kerberos</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">3.7.3. Come funziona Kerberos</a></span></dt><dt><span class="secti
on"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">3.7.4. Kerberos e PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">3.7.5. Configurare un server Kerberos 5</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">3.7.6. Configurare un client Kerberos 5</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">3.7.7. Associazione tra Dominio e Realm</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">3.7.8. Impostare KDC secondari</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">3.7.9. Impostare autenticazioni cross realm</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">3.7.10. Ulteriori risors
e</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">3.8. Firewall</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter e IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">3.8.2. Configurazione di un firewall di base</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">3.8.3. Usare IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">3.8.4. Filtraggi IPTables comuni</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">3.8.5. Regole di <code class="computeroutput">FORWARD</code> e <acronym class="acronym">NAT</acronym></a></span></dt><dt><span class="section"><a href="sect-Security_
Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">3.8.6. Software maliziosi e indirizzi IP spoofed</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">3.8.7. IPTables e Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">3.8.9. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Filtraggio pacchetti</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html">3.9.2. Opzioni di comando di IPTables</a></span></dt><dt><span class="section"><a href="sect
-Security_Guide-IPTables-Saving_IPTables_Rules.html">3.9.3. Salvataggio delle regole IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">3.9.4. Script di controllo IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">3.9.5. IPTables ed IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">3.9.6. Ulteriori risorse</a></span></dt></dl></dd></dl></div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Workstation_Security" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Workstation_Security">3.1. Workstation Security</h2></div></div></div><div class="para">
+ La sicurezza di un ambiente Linux inizia dalle workstation. La policy di sicurezza deve partire dalla singola macchina, in modo da assicurare la sicurezza alla macchina e al sistema di cui la macchina fa parte. Un rete di computer è sicura soltanto se non esiste alcun punto debole.
+ </div><div class="section" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Analizzare la sicurezza di una workstation</h3></div></div></div><div class="para">
+ Quando si analizza la sicurezza di una workstation Fedora, occorre tener conto dei seguenti fattori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Sicurezza del BIOS e del Boot Loader</em></span> — Può un utente non autorizzato accedere fisicamente alla macchina ed avviare la macchina in modalità mono utente o di ripristino, senza usare una password?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Sicurezza della Password</em></span> — Quanto sono sicure le password di accesso degli utenti?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Controlli Amministrativi</em></span> — Chi può accedere al sistema e quanti controlli amministrativi possiede?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Servizi di rete disponibili</em></span> — Quali servizi sono in ascolto per servire richieste dalla rete: devono essere tutti in esecuzione?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Firewall</em></span> — Che tipo di firewall, se occorre, è necessario?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Strumenti di comunicazione sicuri</em></span> — Quali strumenti dovrebbero essere usati per le comunicazioni tra workstation e quali evitati?
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. Protezione del BIOS e del Boot Loader</h3></div></div></div><div class="para">
+ Proteggere con password BIOS e Boot Loader, impedisce ad utenti non autorizzati di avviare la macchina con dischi di avvio o di ottenere privilegi amministrativi, in modalità single user. Le misure da prendere servono sia a proteggere le informazioni nella macchina sia la macchina stessa.
+ </div><div class="para">
+ Per esempio, se una macchina viene usata in una posizione sicura dove hanno accesso solo persone di fiducia ed il computer non contiene informazioni sensibili, allora non dovrebbe essere cruciale prevenire questo tipo di attacchi. Comunque, se un portatile di un utente con chiavi SSH non cifrate private per la rete corporativa viene lasciato scollegato in una zona pubblica, esso potrebbe portare ad una falla nella sicurezza con ramificazione all'intera compagnia.
+ </div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">3.1.2.1. Password per accedere al BIOS</h4></div></div></div><div class="para">
+ Le ragioni per proteggere il BIOS di un compter con password, sono fondamentalmente due, <sup>[<a id="idm37075680" href="#ftn.idm37075680" class="footnote">11</a>]</sup>:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire le modifiche alle impostazioni del BIOS</em></span> — Se un intrusore ha accesso al BIOS, egli può configurare l'avvio da USB o DVD, permettendogli di avviare la modalità rescue del sistema o la modalità single user, con possibilità di avviare processi arbitrari o copiare dati sensibili.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire il Boot di sistema</em></span> — Alcuni BIOS permettono di proteggere con password, il processo di boot. Se attivato, all'accensione della macchina viene richiesto di inserire una passowrd. In tal modo, un attacker deve conoscere la password per avviare il processo di boot.
+ </div></li></ol></div><div class="para">
+ I metodi per l'impostazione della password di BIOS variano tra produttori, consultare perciò il manuale della motherboard allegato al computer, per informazioni specifiche.
+ </div><div class="para">
+ La password di BIOS può essere resettata, disconnettendo la pila CMOS o agendo sui ponticelli di contatto nella motherboard: per questo motivo, si consiglia di rendere inaccessibile, per quanto possibile, il case del computer. Comunque, prima di manovrare sulla motherboard, fare riferimento ai manuali a disposizione.
+ </div><div class="section" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms">3.1.2.1.1. Rendere sicure le piattaforme non-x86</h5></div></div></div><div class="para">
+ Altre architetture usano degli assembler con operazioni hardware di basso livello, grosso modo simili al BIOS dei sistemi x86. Per esempio, le macchine con processori <span class="trademark">Intel</span>® <span class="trademark">Itanium</span>™ usano la shell <em class="firstterm">Extensible Firmware Interface</em> (<em class="firstterm">EFI</em>).
+ </div><div class="para">
+ Per istruzioni su come proteggere con password, i simil-BIOS di altre architetture, fare riferimento alle indicazioni del produttore.
+ </div></div></div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">3.1.2.2. Password per Boot Loader</h4></div></div></div><div class="para">
+ Le ragioni principali per proteggere con password, un boot loader Linux sono le seguenti:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire l'accesso Single User Mode</em></span> — Se un attacker può avviare il sistema in modalità mono utente, egli accede automaticamente come utente root senza che venga richiesta la passoword di root.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire l'accesso alla console GRUB</em></span> — Se la macchina usa GRUB come proprio boot loader, un attacker può usare l'interfaccia di editazione di GRUB per modificare la configurazione o per carpire informazioni, con il comando <code class="command">cat</code>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Impedire l'accesso a sistemi operativi poco sicuri</em></span> — In un sistema dual boot, un attacker può selezionare un sistema operativo privo di policy di controllo d'accesso e di permessi, come DOS.
+ </div></li></ol></div><div class="para">
+ Nelle piattaforme x86, Fedora viene distribuito con il boot loader GRUB. Per informazioni dettagliate su GRUB, fare riferimento alla <span class="application"><strong>Fedora Installation Guide</strong></span> su <a href="http://docs.fedoraproject.org">http://docs.fedoraproject.org</a>.
+ </div><div class="section" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB">3.1.2.2.1. Proteggere GRUB con password</h5></div></div></div><div class="para">
+ Per configurare GRUB secondo le richieste della <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Sezione 3.1.2.2, «Password per Boot Loader»</a>, aggiungere una direttiva di password al suo file di configurazione. Le operazioni da eseguire sono, scegliere per prima cosa una password robusta, aprire un terminale, avviando una shell di root, e poi digitare il seguente comando:
+ </div><pre class="screen"><code class="command">/sbin/grub-md5-crypt</code></pre><div class="para">
+ Quando richiesto, inserire la password per GRUB e premere <span class="keycap"><strong>Invio</strong></span>. Il comando restituisce un hash MD5 della password.
+ </div><div class="para">
+ Successivamente, aprire il file di configurazione di GRUB, <code class="filename">/boot/grub/grub.conf</code> e inserire, immediatamente dopo la riga contente la stringa <code class="command">timeout</code> nella sezione principale del file, la seguente riga:
+ </div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre><div class="para">
+ Sostituire <em class="replaceable"><code><password-hash></code></em> con il valore restituito dal comando <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="idm39173152" href="#ftn.idm39173152" class="footnote">12</a>]</sup>.
+ </div><div class="para">
+ Al successivo riavvio del sistema, il menu di GRUB vieta l'accesso all'interfaccia di editazione o di comando, se non dopo aver digitato <span class="keycap"><strong>p</strong></span> seguito dalla password di GRUB.
+ </div><div class="para">
+ Per impostare la terza richiesta, ossia impedire in un sistema dual boot l'avvio di un s.o. poco sicuro, occorre editare sempre il file <code class="filename">/boot/grub/grub.conf</code>.
+ </div><div class="para">
+ Nella riga contenente la stringa <code class="computeroutput">title</code>, individuare il sistema operativo che si vuole proteggere ed aggiungere immediatamente dopo, la direttiva <code class="command">lock</code>.
+ </div><div class="para">
+ Per un sistema DOS, la riga diventerebbe qualcosa di simile:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock</code></pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Perchè questo metodo funzioni correttamente, occorre che sia presente una riga <code class="computeroutput">password</code>, nella sezione principale del file <code class="filename">/boot/grub/grub.conf</code>. Diversamente, un attacker potrebbe accedere all'interfaccia di editazione di GRUB e rimuovere il lock.
+ </div></div></div><div class="para">
+ Per creare una password diversa per ogni kernel o sistema operativo, aggiungere <code class="command">lock</code>, seguito dalla password, su ogni riga relativa.
+ </div><div class="para">
+ Ogni sistema protetto da una password dovrebbe iniziare con una riga simile:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Password_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. Protezione delle password</h3></div></div></div><div class="para">
+ Le password sono il metodo principale usato da Fedora per verificare l'dentità di un utente. Per questo motivo, la sicurezza della password è molto importante: serve a proteggere l'utente, la workstation e la rete.
+ </div><div class="para">
+ Per motivi di sicurezza, il processo di installazione configura il sistema usando <em class="firstterm">Message-Digest Algorithm</em> (<span class="emphasis"><em>MD5</em></span>) e password non leggibili. Si raccomanda vivamente di non alterare queste impostazioni.
+ </div><div class="para">
+ Se durante l'installazione, si deseleziona la codifica MD5, le password saranno generate usando il vecchio formato <em class="firstterm">Data Encryption Standard</em> (<em class="firstterm"><acronym class="acronym">DES</acronym></em>). Questo standard, limita le password ad otto caratteri alfanumerici (vietando l'uso di caratteri di punteggiatura e di altri caratteri speciali), con un modesto livello di codifica a 56 bit.
+ </div><div class="para">
+ Inoltre se si deseleziona l'illeggibilità delle password, le password saranno salvate e cifrate con un funzione hash one-way, nel file <code class="filename">/etc/passwd</code> accessibile a tutti, rendendo il sistema vulnerabile ad attacchi da parte di cracker di password. Infatti, se un intrusore riesce ad accedere ad una macchina come un regolare utente, egli può copiare il file <code class="filename">/etc/passwd</code> sulla propria macchina, e carpire le password salvate, sebbene cifrate, usando una delle tante applicazioni di cracking disponibili. A questo punto è solo una questione di tempo: se è presente una password poco sicura, l'applicazione prima o poi riuscirà facilmente a decodificarla.
+ </div><div class="para">
+ Le password illeggibili eliminano questo tipo di attacco, salvando le password cifrate nel file <code class="filename">/etc/shadow</code>, leggibile soltanto da parte dell'utente root.
+ </div><div class="para">
+ Un potenziale attacker può tentare di carpire le password anche da remoto, tramite un servizio di rete attivo sulla macchina come SSH o FTP. Questo tipo di attacco richiede più tempo e lascia traccia nei file di log del sistema. Ma in presenza di <span class="emphasis"><em>password deboli</em></span>, a suo favore, il cracker che inizia un attacco contro un sistema, p.e in piena notte, potrebbe avere accesso al sistema prima dell'alba, e tempo sufficiente per cancellare nel file di log, ogni traccia dei suoi tentativi d'accesso.
+ </div><div class="para">
+ Oltre al formato e al salvataggio che sono considerazioni di sistema, c'è il problema del contenuto, che è la cosa effettivamente fondamentale che spetta all'utente, ossia creare una password robusta.
+ </div><div class="section" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords">3.1.3.1. Creare password robuste</h4></div></div></div><div class="para">
+ Per creare una password sicura è una buona idea seguire queste linee guida:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare solo parole o solo numeri</em></span> — In una password usare una miscela di parole e numeri (Sull'uso delle parole vedi più avanti).
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 8675309
+ </div></li><li class="listitem"><div class="para">
+ antonio
+ </div></li><li class="listitem"><div class="para">
+ hackme
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare parole riconoscibili</em></span> — Parole come nomi propri, sostantivi o anche termini di show televisi o di attori, anche se terminanti con dei numeri, dovrebbero essere evitati.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ bisio45
+ </div></li><li class="listitem"><div class="para">
+ jolie-34
+ </div></li><li class="listitem"><div class="para">
+ mazingaZ
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare parole di lingue straniere</em></span> — Le applicazioni di cracking, spesso, scansionano le parole nei dizionari di molte lingue straniere. Affidarsi a una parola straniera non è molto sicuro.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cheguevara
+ </div></li><li class="listitem"><div class="para">
+ bienvenido1
+ </div></li><li class="listitem"><div class="para">
+ 1dumbKopf
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare la terminologia Hacker</em></span> — Se si ritiene di rientrare in una elite, perchè per la propria password usa la terminologia Hacker — anche chiamato linguaggio l337 (LEET) — si rifletta bene. Molti dizionari includono il linguaggio 1337.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ H4X0R
+ </div></li><li class="listitem"><div class="para">
+ 1337
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare informazioni personali</em></span> — Evitare di usare ogni informazione personale. Se l'attacker conosce un pò l'identità della vittima, il suo compito di deduzione della password si semplifica. La seguente lista mostra il genere di password da evitare:
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Il proprio nome
+ </div></li><li class="listitem"><div class="para">
+ I nomi dei propri animali domestici
+ </div></li><li class="listitem"><div class="para">
+ I nomi dei familiari
+ </div></li><li class="listitem"><div class="para">
+ Le date di nascita
+ </div></li><li class="listitem"><div class="para">
+ Il proprio numero di telefono o codice postale
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non invertire parole riconoscibili</em></span> — Buoni programmi di cracking sono capaci di invertire parole comuni, per cui invertire una password debole non ne aumenta la sicurezza.
+ </div><div class="para">
+ Ecco alcuni esempi di password poco sicure:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ R0X4H
+ </div></li><li class="listitem"><div class="para">
+ oinotna
+ </div></li><li class="listitem"><div class="para">
+ 43-eiloj
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non trascrivere la password</em></span> — Mai conservare una password su un pezzo di carta. Meglio impararla a memoria!
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Non usare la stessa password su tutte le macchine</em></span> — Su ogni macchina usare una password differente. In questo modo, se un sistema viene compromesso, le altre macchine non sono immediatamente a rischio.
+ </div></li></ul></div><div class="para">
+ Di seguito si riportano alcuni suggerimenti per creare password robuste:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Creare password lunghe almeno otto caratteri</em></span> — Più lunga la password, tanto meglio. Se si usa la codifica MD5, la password dovrebbe essere lunga almeno 15 caratteri. Con la codifica DES usare la lunghezza massima (otto caratteri).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Usare lettere maiuscole e minuscole</em></span> — Fedora è case sensitive (distingue tra maiuscole/minuscole), per cui l'uso di lettere miste aumenta la robustezza delle password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Usare lettere e numeri</em></span> — L'aggiunta di numeri alle password, soprattutto se inserite all'interno (non solo all'inizio o alla fine), aumenta la robustezza delle password.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Includere caratteri speciali</em></span> — L'uso di caratteri speciali, come &, $, e >, può notevolmente migliorare la robustezza di una password (ciò non è possibile con la codifica DES).
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Scegliere una password da ricordare</em></span> — La miglior password del mondo serve a ben poco, se poi non si può ricordare; usare acronimi o altre tecniche di memorizzazione, per tenere a mente la password.
+ </div></li></ul></div><div class="para">
+ Con tutte queste regole, può sembrare difficile creare una password che soddisfi tutti i criteri di una buona password, evitando tutte le caratteristiche di una cattiva. Fortunatamente, esistono alcuni procedimenti per creare una password, sicura e facile da ricordare.
+ </div><div class="section" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology">3.1.3.1.1. Metodologia per creare password sicure</h5></div></div></div><div class="para">
+ Esistono diversi metodi per creare password sicure. Uno dei più comuni impiega acronimi. Ecco un esempio:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Si pensi ad una frase facile da ricordare, come
+ </div><div class="para">
+ <span class="emphasis"><em>con un mazzo di rose rosse, fischiettando, vado all'appuntamento con la mia bella</em></span>
+ </div></li><li class="listitem"><div class="para">
+ Successivamente, trasformare la frase, inclusa la punteggiatura, in un acronimo.
+ </div><div class="para">
+ <strong class="userinput"><code>cumdrr,f,vaaclmb</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Aggiungere un pò di "rumore" sostituendo, numeri e simboli al posto delle lettere. Per esempio, sostituire, la <strong class="userinput"><code>a</code></strong> con <strong class="userinput"><code>7</code></strong> e la <strong class="userinput"><code>d</code></strong> con il simbolo at (<strong class="userinput"><code>@</code></strong>):
+ </div><div class="para">
+ <strong class="userinput"><code>cum at rr,f,v77clmb</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Aggiungere ulteriore "rumore", capitalizzando almeno una lettera, per esempio la <strong class="userinput"><code>m</code></strong>.
+ </div><div class="para">
+ <strong class="userinput"><code>cum at rr,f,v77clMb</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ Non usare mai come password, la <span class="emphasis"><em>riproduzione fedele</em></span> di questo esempio.
+ </div></li></ul></div><div class="para">
+ Se è imperativo creare password sicure, la loro corretta gestione è altrattanto importante, soprattutto per gli amministratori di organizzazioni più grandi. Il paragrafo seguente, illustrerà buone pratiche per creare e gestire le password degli utenti di una organizzazione.
+ </div></div></div><div class="section" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization">3.1.3.2. Creare le password degli utenti di una organizzazione</h4></div></div></div><div class="para">
+ Se un'organizzazione ha un gran numero di utenti, gli amministratori di sistema hanno a disposizione due opzioni di base per incoraggiare l'uso di buone password. Possono creare le password per i loro utenti oppure possono lasciare agli utenti la creazione delle proprie password, verificando che esse siano qualitativamente accettabili.
+ </div><div class="para">
+ La creazione delle password da assegnare agli utenti, assicura che esse siano buone ma alla lunga può appesantire, soprattutto se l'organizzazione manifesta una certa dinamicità nel turn over del personale. Inoltre ciò aumenta il rischio che gli utenti appuntino la password su carta.
+ </div><div class="para">
+ Per questi motivi, la maggior parte degli amministratori peferisce lasciare agli utenti la creazione delle proprie password, per poi verificare attivamente che siano buone ed in alcuni casi, obbligare gli utenti a cambiarle periodicamente, usando delle password con validità temporale limitata.
+ </div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords">3.1.3.2.1. Obbligare ad usare password robuste</h5></div></div></div><div class="para">
+ Per proteggere la rete da intrusioni, è buona norma per gli amministratori verificare che le password usate all'interno dell'organizzazione siano robuste. Quando gli utenti devono creare o modificare la password, essi possono usare l'applicazione <code class="command">passwd</code> gestito da <em class="firstterm">Pluggable Authentication Manager</em> (<em class="firstterm">PAM</em>), in grado di verificare se la password digitata è troppo corta o facile da crackare. Questa verifica avviene tramite il modulo PAM, <code class="filename">pam_cracklib.so</code>. Poichè PAM è configurabile, è possibile aggiungere altri moduli di verifica delle password, come <code class="filename">pam_passwdqc</code> (disponibile su <a href="http://www.openwall.com/passwdqc/"> openwall.com </a>) o anche realizzare un nuovo modulo. Per una lista dei moduli PAM disponibili, fare riferimento a <a href="http://www.kernel.org/pub/linux/libs/pam/modules.html">PAM modules</a> sul sito di kern
el.org. Per maggiori informazioni su PAM, fare riferimento alla <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>.
+ </div><div class="para">
+ La verifica fatta all'atto di creazione della password, tuttavia, non rileva password cattive così efficacemente come invece fanno le applicazioni di cracking.
+ </div><div class="para">
+ Sono disponibili molte applicazioni di cracking che funzionano su Fedora, anche se nessuna viene distribuita con il sistame operativo. Di seguito viene fornito un elenco delle più comuni applicazioni di cracking:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>John The Ripper</strong></span></em></span> — Un'applicazione di cracking, flessibile e veloce. Permette di usare più liste di parole e, tramite ricerca esaustiva (o forza bruta) di crackare le password. L'applicazione è disponibile sul sito <a href="http://www.openwall.com/john/">openwall.com</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Crack</strong></span></em></span> — Forse l'applicativo di cracking più conosciuto, <span class="application"><strong>Crack</strong></span> è anche molto veloce, sebbene non così semplice da usare come <span class="application"><strong>John The Ripper</strong></span>. Può essere trovato sul sito <a href="http://www.crypticide.com/alecm/security/crack/c50-faq.html">crypticide.com</a>.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Slurpie</strong></span></em></span> — <span class="application"><strong>Slurpie</strong></span>, simile a <span class="application"><strong>John The Ripper</strong></span> ed a <span class="application"><strong>Crack</strong></span>, è stato progettato per essere eseguito contemporaneamente su più computer, in modo da creare un sistema di cracking distribuito. Può essere trovato, insieme ad altri strumenti di attacco che operano su sistemi distribuiti, su <a href="http://www.ussrback.com/distributed.htm"> ussrback.com</a>.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Assicurarsi sempre di avere le necessarie autorizzazioni, prima di tentare qualsiasi cracking di password, nella propria organizzazione.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Passphrases"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Passphrases">3.1.3.2.2. Passphrase</h5></div></div></div><div class="para">
+ Nei sistemi moderni, le passphrase (o frasi d'accesso) e le password, sono le pietre angolari della sicurezza. Sfortunatamente, tecniche ben più sicure ed affidabili come biometrie o autenticazioni a due fattori, ancora non fano parte di molti sistemi. Se le password vengono impiegate per rendere sicuro un sistema, occorre spiegare il ruolo svolto dalle passphrase. Queste ultime sono più lunghe delle password e permettono una migliore protezione rispetto alle password, anche quando vengono implementate senza usare caratteri non-standard, come numeri e simboli.
+ </div></div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging">3.1.3.2.3. Durata delle password</h5></div></div></div><div class="para">
+ Limitare la durata delle password, è un'altra tecnica usata dagli amministratori di sistema per proteggere l'organizzazione da cattive password. Con tale tecnica, dopo un determinato periodo di tempo (generalmente 90 giorni), all'utente viene richiesto di ricreare una nuova password. La teoria che giustifica tutto ciò è che, se un utente è obbligato a cambiare periodicamente la propria password, allora una password crackata rimane utile ad un intrusore, soltanto per un periodo di tempo limitato. L'aspetto negativo è che potrebbe aumentare la tendenza dell'utente a trascrivere su carta, la propria password.
+ </div><div class="para">
+ In Fedora sono disponibili due applicazioni usate per impostare la durata di una password: il comando <code class="command">chage</code> e l'applicazione grafica <span class="application"><strong>Gestione Utenti</strong></span> (<code class="command">system-config-users</code>).
+ </div><div class="para">
+ L'opzione <code class="option">-M</code> nel comando <code class="command">chage</code>, permette di specificare il numero di giorni di validità della password. Per esempio, per impostare la scadenza di una password dopo 90 giorni, usare il seguente comando:
+ </div><pre class="screen"><code class="command">chage -M 90 <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ Nel comando precedente, sostituire <em class="replaceable"><code><username></code></em> con il nome dell'utente. Per disabilitare la scadenza su una password, è consuetudine usare il valore <code class="command">99999</code> (equivalente a circa 273 anni).
+ </div><div class="para">
+ Per modificare scadenze e informazioni di più account, si può usare il comando <code class="command">chage</code> in modo interattivo. Per entrare in modalità interattiva, digitare il segente comando:
+ </div><pre class="screen"><code class="command">chage <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ Di seguito si riporta un esempio di sessione interattiva:
+ </div><pre class="screen">[root at myServer ~]# chage davido
+Changing the aging information for davido
+Enter the new value, or press ENTER for the default
+Minimum Password Age [0]: 10
+Maximum Password Age [99999]: 90
+Last Password Change (YYYY-MM-DD) [2006-08-18]:
+Password Expiration Warning [7]:
+Password Inactive [-1]:
+Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
+[root at myServer ~]#</pre><div class="para">
+ Per maggiori informazioni sulle opzioni disponibili, fare riferimento alle pagine di man.
+ </div><div class="para">
+ Per impostare scadenze su password, si può usare anche l'applicazione grafica <span class="application"><strong>Gestione Utenti</strong></span>. Nota: occorre essere amministratore per effettuare questa operazione.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Per avviare l'interfaccia Gestione Utenti, selezionare dal menu <span class="guimenuitem"><strong>Sistema > Amministrazione > Utenti e Gruppi</strong></span>. Oppure in un terminale, digitare il comando <code class="command">system-config-users</code>.
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda, <span class="guilabel"><strong>Utenti</strong></span> e quindi l'utente interessato, nella lista degli utenti.
+ </div></li><li class="step"><div class="para">
+ Per visualizzare la finestra delle Proprietà dell'Utente, cliccare sul bottone <span class="guibutton"><strong>Proprietà</strong></span>, (oppure dal menu, selezionare <span class="guimenuitem"><strong>File > Proprietà</strong></span>).
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda <span class="guilabel"><strong>Password Info</strong></span> e abilitare la casella di contollo con l'etichetta, <span class="guilabel"><strong>Abilitare la scadenza sulla password</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Inserire il valore richiesto nel campo <span class="guilabel"><strong>Giorni di validità</strong></span> e poi cliccare sul bottone <span class="guibutton"><strong>OK</strong></span>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Password_Aging-Specifying_password_aging_options"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_info.png" width="444" alt="Impostazione della scadenza" /><div class="longdesc"><div class="para">
+ Illustrazione <span class="guilabel"><strong>Informazione Password</strong></span>
+ </div></div></div></div><h6>Figura 3.1. Impostazione della scadenza</h6></div><br class="figure-break" /></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Controlli amministrativi</h3></div></div></div><div class="para">
+ Quando si gestisce un PC, per esempio il PC di casa, l'utente può svolgere i compiti di amministrazione come utente root, oppure acquisire privilegi effettivi di root, con programmi <em class="firstterm">setuid</em>, come <code class="command">sudo</code> o <code class="command">su</code>. Un programma setuid opera con l'ID utente (o <span class="emphasis"><em>UID</em></span>) del proprietario del programma, e non con l'UID di colui che utilizza il programma. Questi programmi, in un listato di formato lungo, sono denotati con una <code class="computeroutput">s</code> nei flag di proprietà, come indicato di seguito:
+ </div><pre class="screen"><code class="computeroutput">-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su</code></pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ La <code class="computeroutput">s</code> può essere maiuscola o minuscola. Se è maiuscola vuol dire che il bit di permesso non è stato impostato.
+ </div></div></div><div class="para">
+ Nell'ambito di una organizzazione, gli amministratori devono stabilire se e quali tipi di accessi amministrativi assegnare agli utenti delle proprie macchine. Per esempio, attraverso il modulo PAM denominato <code class="filename">pam_console.so</code>, alcuni compiti normalmente riservati soltanto all'utente root, come il riavvio o il montaggio di supporti rimovibili, sono estesi al primo utente che accede ad un terminale (fare riferimento alla <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>, per maggiori informazioni sul modulo <code class="filename">pam_console.so</code>). Inoltre, altri importatnti compiti amministrativi, come modificare le impostazioni di rete, configurare un nuovo mouse o montare un dispositivo di rete, sono possbili soltanto se si hanno i privilegi necessari. Quindi, gli amministratori di sistemi, devono stabilire il livello di accesso da attribuire ag
li utenti della rete aziendale.
+ </div><div class="section" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access">3.1.4.1. Permettere l'accesso come utente root</h4></div></div></div><div class="para">
+ Se gli utenti di una organizzazione sono fidati ed adeguatamente esperti, allora il loro accesso come root non dovrebbe essere un problema. Permettere di accedere come root, significa assegnare agli utenti attività di minore importanza, come aggiungere dispositivi o configurare interfacce di rete, lasciando agli amministratori maggiore libertà per aspetti più importanti, come garantire la sicurezza della rete e del sistema.
+ </div><div class="para">
+ Dall'altro lato, permettere ai singoli utenti l'accesso come utente root, può generare i seguenti problemi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Errata configurazione della macchina</em></span> — Gli utenti con accesso privilegiato, potrebbero configurare erroneamente la propria macchina e richiedere la necessaria assistenza. Peggio ancora, potrebbero causare, inconsapevolmente, delle falle nella sicurezza del sistema.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Eseguire servizi non sicuri</em></span> — Gli utenti con accesso root, potrebbero eseguire sulle proprie macchine, servizi insicuri come FTP o Telnet, mettendo potenzialmente a rischio le loro credenziali di accesso, ossia username e password. Infatti, questi servizi trasmettono in chiaro queste informazioni nella rete.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Inviare allegati e-mail come root</em></span> — Sebbene piuttosto rari, si può dire che non esistono virus allegati in email, che possano minacciare un sistema Linux. L'unica situazione che può rivelarsi una minaccia, si ha quando gli allegati vengono aperti dall'utente root.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access">3.1.4.2. Disabilitare l'accesso come utente root</h4></div></div></div><div class="para">
+ Se per queste o altre ragioni, un amministratore ritiene opportuno non dover assegnare agli utenti i privilegi di root, allora la password di root dovrebbe essere custodita segretamente, e l'accesso al runlevel 1 o l'accesso <span class="emphasis"><em>single user mode</em></span>, dovrebbe essere disabilitato (vedere la <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">Sezione 3.1.2.2, «Password per Boot Loader»</a>, per maggiori ragguagli su questo tipo di protezione).
+ </div><div class="para">
+ La <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account">Tabella 3.1, «Metodi per disabilitare l'account root»</a> descrive altri metodi disponibili all'amministratore, per disabilitare gli accessi come utente root:
+ </div><div class="table" id="tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account"><h6>Tabella 3.1. Metodi per disabilitare l'account root</h6><div class="table-contents"><table summary="Metodi per disabilitare l'account root" border="1"><colgroup><col width="12%" class="method" /><col width="29%" class="description" /><col width="29%" class="effect" /><col width="29%" class="noaffect" /></colgroup><thead><tr><th>
+ Metodo
+ </th><th>
+ Descrizione
+ </th><th>
+ Influenza
+ </th><th>
+ Non influenza
+ </th></tr></thead><tbody><tr><td>
+ Modificare la shell di root
+ </td><td>
+ Aprire il file <code class="filename">/etc/passwd</code> e modificare la shell da <code class="command">/bin/bash</code> in <code class="command">/sbin/nologin</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso alla shell di root e registra nei file log di sistema, ogni tentativo d'accesso.</td></tr><tr><td>I seguenti programmi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Programmi che non necessitano di una shell, come client FTP, e-mail e molti programmi setuid.</td></tr><tr><td>I seguenti programmi <span class="emphasis"><em>possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· client FTP</td></tr><tr><td>· client e-mail</td></tr></table>
+
+ </td></tr><tr><td>
+ Disabilitare l'accesso root da ogni terminale (tty)
+ </td><td>
+ Un file <code class="filename">/etc/securetty</code> vuoto, nega l'accesso come utente root, da qualsiasi terminale collegato al computer.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso all'account root da un terminale locale o da remoto. I seguenti programmi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· Altri servizi di rete che aprono un tty</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>I programmi che non eseguono come root, ma eseguono compiti amministrativi attraverso setuid o altri meccanismi.</td></tr><tr><td>I seguenti programmi <span class="emphasis"><em>possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td></tr><tr><td>
+ Disabilitare gli accessi SSH di root
+ </td><td>
+ Aprire il file <code class="filename">/etc/ssh/sshd_config</code> e impostare il parametro <code class="command">PermitRootLogin</code> su <code class="command">no</code>.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso all'account root via gli strumenti OpenSSH. I seguenti programmi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Il metodo vieta l'accesso all'account root, soltanto attraverso gli strumenti OpenSSH.</td></tr></table>
+
+ </td></tr><tr><td>
+ Usare PAM per limitare l'accesso all'account root da parte dei servizi.
+ </td><td>
+ Nella directory <code class="filename">/etc/pam.d/</code>, modificare il file relativo al servizio interessato. Assicurarsi che per l'autenticazione sia richiesto il file <code class="filename">pam_listfile.so</code>.<sup>[<a id="idm39611568" href="#ftn.idm39611568" class="footnote">a</a>]</sup>
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Vieta l'accesso all'account root ai servizi di rete controllati da PAM.</td></tr><tr><td>I seguenti servizi <span class="emphasis"><em>non possono accedere</em></span> all'account root:</td></tr><tr><td>· client FTP</td></tr><tr><td>· client e-mail</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr><tr><td>· Tutti i servizi controllati da PAM</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>I programmi e i servizi non controllati da PAM.</td></tr></table>
+
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><div class="para"><sup>[<a id="ftn.idm39611568" href="#idm39611568" class="para">a</a>] </sup>
+ Fare riferimento alla <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Sezione 3.1.4.2.4, «Disabilitare l'account root usando PAM»</a> per i dettagli.
+ </div></div></td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">3.1.4.2.1. Disabilitare la shell di root</h5></div></div></div><div class="para">
+ Per evitare che gli utenti accedano direttamente come root, l'amministratore di sistema può impostare nel file <code class="filename">/etc/passwd</code>, la shell dell'account root su <code class="command">/sbin/nologin</code>. Ciò impedisce di accedere all'account root, con i comandi che richiedono una shell, come <code class="command">su</code> e <code class="command">ssh</code>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ I programmi che non necessitano di accedere alla shell, come client e-mail o il comando <code class="command">sudo</code>, tuttavia possono continuare ad accedere all'account root.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins">3.1.4.2.2. Disabilitare le sessioni di root</h5></div></div></div><div class="para">
+ Per ulteriormente limitare l'accesso all'accout root, gli amministratori possono disabilitare le sessioni di root da terminale, modificando il file <code class="filename">/etc/securetty</code>. Questo file elenca tutti i dispositivi da cui l'utente root può avviare una sessione. Se il file non esiste, allora l'utente root può avviare una sessione da ogni tipo di dispositivo di comunicazione presente, sia via terminale sia attraverso una interfaccia di rete. Ciò potrebbe essere piuttosto rischioso per la sicurezza della rete, giacchè si potrebbe avviare una sessione come utente root, via Telnet, servizio che trasmette in chiaro le informazioni di accesso. In Fedora, per impostazione, il file <code class="filename">/etc/securetty</code> permette di avviare una sessione di root, soltanto attraverso un terminale fisicamente collegato alla macchina. Per vietare ogni tipo di sessione di root, rimuovere il contenuto di questo file, digitando il seguente comando:
+ </div><pre class="screen"><code class="command">echo > /etc/securetty</code></pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Un file <code class="filename">/etc/securetty</code> completamente vuoto, <span class="emphasis"><em>consente</em></span> tuttavia di avviare sessioni di root da remoto, usando l'insieme di strumenti OpenSSH, poichè il terminale non viene aperto fino ad autenticazione avvenuta.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins">3.1.4.2.3. Disabilitare le sessioni SSH di root</h5></div></div></div><div class="para">
+ Le sessioni di root, attraverso il protocollo SSH, in Fedora sono disabilitate per impostazione; comunque, se questa impostazione viene abilitata può essere nuovamente disabilitata, modificando il file di configurazione del demone SSH (<code class="filename">/etc/ssh/sshd_config</code>). Modificare la riga:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin yes</code></pre><div class="para">
+ con la seguente:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin no</code></pre><div class="para">
+ Per rendere effettive le modifiche, riavviare il demone SSH, per esempio con il seguente comando:
+ </div><pre class="screen"><code class="computeroutput">kill -HUP `cat /var/run/sshd.pid`</code></pre></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">3.1.4.2.4. Disabilitare l'account root usando PAM</h5></div></div></div><div class="para">
+ PAM, con il modulo <code class="filename">/lib/security/pam_listfile.so</code>, permette di regolare in maniera flessibilie gli accessi degli account. L'amministratore può usare questo modulo, per creare una lista di utenti non autorizzati ad avviare sessioni. Il file di configurazione <code class="filename">/etc/pam.d/vsftpd</code>, nel seguente esempio, mostra un utilizzo del modulo sul server FTP, <code class="command">vsftpd</code> (il carattere <code class="computeroutput">\ </code> alla fine della prima riga, <span class="emphasis"><em>non</em></span> è necessario se la direttiva rientra in un'unica riga):
+ </div><pre class="screen">auth required /lib/security/pam_listfile.so item=user \
+sense=deny file=/etc/vsftpd.ftpusers onerr=succeed</pre><div class="para">
+ Con questa istruzione, PAM legge il file <code class="filename">/etc/vsftpd.ftpusers</code> in cui sono elencati tutti gli utenti a cui è vietato l'accesso al servizio. L'amministratore può modificare il nome di questo file, mantenere una lista separata per ogni servizio oppure usare una lista unica per vietare l'accesso a più servizi.
+ </div><div class="para">
+ Se un amministratore vuole negare l'accesso a più servizi, un'analoga riga può essere aggiunta ai file PAM di configurazione, come <code class="filename">/etc/pam.d/pop</code> e <code class="filename">/etc/pam.d/imap</code> per client e-mail o <code class="filename">/etc/pam.d/ssh</code> per client SSH.
+ </div><div class="para">
+ Per maggiori informazioni su PAM, fare riferimento alla <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access">3.1.4.3. Limitare l'accesso all'account root</h4></div></div></div><div class="para">
+ Piuttosto che negare completamente l'accesso all'utente root, l'amministratore potrebbe limitare l'accesso solo ai programmi setuid, come <code class="command">su</code> o <code class="command">sudo</code>.
+ </div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">3.1.4.3.1. Il comando <code class="command">su</code></h5></div></div></div><div class="para">
+ Quando si esegue il comando <code class="command">su</code>, viene richiesto di inserire la password di root, e dopo autenticazione si ha a disposizione una shell di root.
+ </div><div class="para">
+ Una volta avviata la sessione con il comando <code class="command">su</code>, l'utente <span class="emphasis"><em>è</em></span> l'utente root, con pieno ed assoluto controllo sul sistema.<sup>[<a id="idm35984976" href="#ftn.idm35984976" class="footnote">13</a>]</sup> Inoltre, una volta diventato root, l'utente può usare il comando <code class="command">su</code> per diventare altri utenti presenti nel sistema, senza che sia richiesta alcuna password.
+ </div><div class="para">
+ Data la grande potenza di questo programma, gli amministratori potrebbero limitarne l'accesso ad un numero ristretto di utenti.
+ </div><div class="para">
+ Uno dei modi più semplici per far ciò, consiste nell'aggiungere gli utenti scelti, ad un gruppo amministrativo speciale, denominato <em class="firstterm">wheel</em>. In concreto, come utente root digitare il seguente comando:
+ </div><pre class="screen"><code class="command">usermod -G wheel <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ Nel precedente comando, sostituire <em class="replaceable"><code><username></code></em> con lo username dell'utente che si vuole aggiungere al gruppo <code class="command">wheel</code>.
+ </div><div class="para">
+ Alternativamente, si può usare la GUI <span class="application"><strong>Gestione Utenti</strong></span> per modificare il gruppo di appartenenza degli utenti, come spiegato di seguito. Nota: Occorre possedere i privilegi di amministratore per effettuare questa operazione.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Per avviare l'interfaccia Gestione Utenti, selezionare dal menu <span class="guimenuitem"><strong>Sistema > Amministrazione > Utenti e Gruppi</strong></span>. Oppure in un terminale, digitare il comando <code class="command">system-config-users</code>.
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda, <span class="guilabel"><strong>Utenti</strong></span> e quindi l'utente interessato, nella lista degli utenti.
+ </div></li><li class="step"><div class="para">
+ Per visualizzare la finestra delle Proprietà dell'Utente, cliccare sul bottone <span class="guibutton"><strong>Proprietà</strong></span>, (oppure dal menu, selezionare <span class="guimenuitem"><strong>File > Proprietà</strong></span>).
+ </div></li><li class="step"><div class="para">
+ Selezionare la scheda <span class="guilabel"><strong>Gruppi</strong></span>, nella lista attivare la checkbox relativa al gruppo wheel e poi cliccare sul bottone <span class="guibutton"><strong>OK</strong></span>. Fare riferimento alla <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group.">Figura 3.2, «Aggiungere utenti al gruppo "wheel"»</a>.
+ </div></li><li class="step"><div class="para">
+ In un editor di testo, aprire il file di configurazione PAM per il comando <code class="command">su</code> (<code class="filename">/etc/pam.d/su</code>) e rimuovere il carattere di commento <span class="keycap"><strong>#</strong></span>, dalla seguente riga:
+ </div><pre class="screen">auth required /lib/security/$ISA/pam_wheel.so use_uid</pre><div class="para">
+ Questa modifica comporta che soltanto i membri del gruppo di amministrazione <code class="computeroutput">wheel</code> possono usare questo programma.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group."><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_groups.png" width="444" alt="Aggiungere utenti al gruppo "wheel"" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>Gruppi</strong></span>
+ </div></div></div></div><h6>Figura 3.2. Aggiungere utenti al gruppo "wheel"</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione predefinita, l'utente root fa parte del gruppo <code class="computeroutput">wheel</code>.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command">3.1.4.3.2. Il comando <code class="command">sudo</code></h5></div></div></div><div class="para">
+ Anche il comando <code class="command">sudo</code>, come il precedente, consente agli utenti di ottenere i privilegi amministrativi. Anteponendo <code class="command">sudo</code> ad un comando amministrativo, viene richiesto di inserire la <span class="emphasis"><em>propria</em></span> password. In tal modo, dopo autenticazione positiva, viene eseguito il comando come se fosse eseguto dall'utente root.
+ </div><div class="para">
+ Il formato base del comando <code class="command">sudo</code>, è il seguente:
+ </div><pre class="screen"><code class="command">sudo <em class="replaceable"><code><command></code></em></code></pre><div class="para">
+ Nell'esempio precedente, <em class="replaceable"><code><command></code></em> è il comando amministrativo da eseguire, per esempio il comando <code class="command">mount</code>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Gli utenti che usano il comando <code class="command">sudo</code>, dovrebbero prestare particolare attenzione a chiudere la sessione prima di allontanarsi dalla propria macchina, giacchè tutti i sudoers (ossia gli utenti abilitati ad usare il comando sudo), possono continuare ad usare il comando per un periodo di cinque minuti, senza che venga richiesto di inserire la password. Questa impostazione può essere modificata nel file di configurazione relativo, <code class="filename">/etc/sudoers</code>.
+ </div></div></div><div class="para">
+ Il comando <code class="command">sudo</code> consente una maggiore flessibilità. Per esempio, soltanto gli utenti elencati nel file di configurazione <code class="filename">/etc/sudoers</code>, possono utilizzare il comando <code class="command">sudo</code> che esegue nella shell dell'<span class="emphasis"><em>utente</em></span> e non nella shell di root. Ciò significa che la sheel di root può essere completamente disabilitata. (<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">Sezione 3.1.4.2.1, «Disabilitare la shell di root»</a>).
+ </div><div class="para">
+ Il comando <code class="command">sudo</code> offre anche una registrazione degli accessi effettuati. Ogni tentativo di autenticazione è registrato nel file <code class="filename">/var/log/messages</code>, mentre il comando associato insieme allo username dell'utente è registrato nel file <code class="filename">/var/log/secure</code>.
+ </div><div class="para">
+ Un altro vantaggio del comando <code class="command">sudo</code>, deriva dal fatto che un amministratore può autorizzare gli utenti ad accedere solo a specifici comandi, secondo le loro necessità.
+ </div><div class="para">
+ Per modificare il file di configurazione <code class="filename">/etc/sudoers</code> del comando <code class="command">sudo</code>, si dovrebbe usare il comando <code class="command">visudo</code>.
+ </div><div class="para">
+ Per estendere a qualcuno pieni privilegi amministrativi, digitare <code class="command">visudo</code> ed aggiungere, nella sezione che specifica i privilegi utenti, una riga simile alla seguente:
+ </div><pre class="screen"><code class="command">juan ALL=(ALL) ALL</code></pre><div class="para">
+ Questo esempio stabilisce che l'utente <code class="computeroutput">juan</code> può usare il comando <code class="command">sudo</code> da ogni host ed eseguire ogni comando.
+ </div><div class="para">
+ L'esempio seguente illustra il grado di configurazione del comando <code class="command">sudo</code>:
+ </div><pre class="screen"><code class="command">%users localhost=/sbin/shutdown -h now</code></pre><div class="para">
+ L'esempio stabilisce che tutti gli utenti possono lanciare il comando <code class="command">/sbin/shutdown -h now</code>.
+ </div><div class="para">
+ Le pagine di man su <code class="filename">sudoers</code> descrivono tutte le opzioni di configurazione possibili.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Available_Network_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Servizi di rete disponibili</h3></div></div></div><div class="para">
+ Se il controllo degli utenti sugli accessi amministrativi è un problema importante soprattutto per chi gestisce una organizzazione, monitorare quali servizi di rete devono essere attivi è di fondamentale importanza per chiunque amministri o operi con un sistema Linux.
+ </div><div class="para">
+ Molti servizi in Fedora si comportano come dei server di rete. Se un servizio di rete è in esecuzione su una macchina, allora l'applicazione server (o <em class="firstterm">demone</em>) è in ascolto, in attesa di connessioni su una o più porte di rete. Ognuno di questi server dovrebbe essere trattato come una possbile via di attacco.
+ </div><div class="section" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services">3.1.5.1. I rischi per i servizi</h4></div></div></div><div class="para">
+ I servizi di rete possono creare molti rischi ai sistemi Linux. Di seguito si riporta un elenco dei principali problemi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Denial of Service Attacks (DoS)</em></span> — Un attacco che intasa un servizio con raffiche di richieste, rendendo il sistema inutilizzabile.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Distributed Denial of Service Attack (DDoS)</em></span> — Un attacco di tipo DoS che usa più macchine compromesse (spesso in numero di mille e più), per condurre un attacco coordinato su un servizio, inondando la macchina vittima con raffiche di richieste in modo da renderla inutilizzabile.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Attacchi alle vulnerabilità di script</em></span> — Se un server utilizza script per eseguire compiti sul lato server, come comunemente fanno i server Web, un cracker può tentare un attacco sfruttando le vulnerabilità presenti negli script. Gli attacchi alle vulnerabilità di script, possono causare condizioni di buffer overflow o addirittura consentire l'alterazione di file.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Attacchi di Buffer Overflow</em></span> — I servizi che si connettono usando le porte numerate tra 0 e 1023 devono eseguire con privilegi di root, quindi se il servizio viene compromesso da un Buffer Overflow, l'attacker in ascolto può accedere al sistema con pieni privilegi. Poichè di tanto in tanto, si verificano buffer overflow nei sistemi, i cracker, per identificare i sistemi con tale vulnerabilità usano strumenti automatizzati, e una volta ottenuto l'accesso, utilizzano strumenti di rootkit automatizzati per preservare i privilegi di accesso. (n.d.t.: rootkit = accesso di livello amministrativo).
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Le minacce alle vulnerabilità di tipo buffer overflow sono ridotte in Fedora, grazie a <em class="firstterm">ExecShield</em>, una tecnologia supportata nei kernel per mono- e multi-processori x86-compatibili che proteggono e segmentano la memoria. ExecShield riduce il rischio di buffer overflow, separando la memoria virtuale in segmenti eseguibili e non eseguibili. Ogni pezzo di programma che tenti di eseguire al di fuori del segmento eseguibile (come fanno i codici maliziosi generati da un buffer overflow), genera un segmentation fault e viene arrestato.
+ </div><div class="para">
+ Execshield include supporto anche per la tecnologia <em class="firstterm">No eXecute</em> (<acronym class="acronym">NX</acronym>) su piattaforme AMD64 e la tecnologia <em class="firstterm">eXecute Disable</em> (<acronym class="acronym">XD</acronym>) su sistemi Itanium e <span class="trademark">Intel</span>® 64. Queste tecnologie operano in congiunzione con ExecShield, prevenendo l'esecuzione di codice malizioso nella zone eseguibile della memoria virtuale, con una granularità di 4KB per codice.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Per limitare la possibilità di attacchi, tutti i servizi non utilizzati dovrebbero essere disattivati.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">3.1.5.2. Identificare e configurare i servizi</h4></div></div></div><div class="para">
+ Per aumentare la sicurezza, molti servizi di rete installati con Fedora sono disattivati per impostazione predefinita. Esistono tuttavia alcune importanti eccezioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">cupsd</code> — Il server di stampa predefinito di Fedora.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">lpd</code> — Un server di stampa alternativo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">xinetd</code> — Un server particolare che controlla le connessioni da alcuni server subordinati, come <code class="command">gssftp</code> e <code class="command">telnet</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code> — Il <em class="firstterm">Mail Transport Agent</em> (<abbr class="abbrev">MTA</abbr> o server di posta), sendmail, è abilitato per impostazione predefinita, ma è in ascolto solo per connessioni da <span class="interface">localhost</span>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sshd</code> — Il server OpenSSH, un sicuro sostitutivo di Telnet.
+ </div></li></ul></div><div class="para">
+ In caso di indecisione se lasciare attivi questi servizi, si consiglia buon senso ed eccesso di prudenza. Per esempio, se una stampante non è disponibile, non conviene lasciare <code class="command">cupsd</code> in esecuzione. Analogamente con <code class="command">portmap</code>: se non si montano volumi NFSv3 o non si usa NIS (il servizio <code class="command">ypbind</code>), allora anche il servizio <code class="command">portmap</code> dovrebbe essere disabilitato.
+ </div><div class="figure" id="figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-service_config.png" width="444" alt="Strumento per configurare i servizi" /><div class="longdesc"><div class="para">
+ <span class="application"><strong>Strumento per configurare i servizi</strong></span>
+ </div></div></div></div><h6>Figura 3.3. <span class="application">Strumento per configurare i servizi</span></h6></div><br class="figure-break" /><div class="para">
+ Se non si è sicuri sulla funzione di un certo servizio, lo <span class="application"><strong>Strumento per configurare i servizi</strong></span> ha un campo descrittivo, illustrato in <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool">Figura 3.3, «<span class="application">Strumento per configurare i servizi</span>»</a>, che fornisce qualche informazione.
+ </div><div class="para">
+ Controllare i servizi di rete che sia avviano al boot, costituisce soltanto una parte della storia; si dovrebbero controllare anche le porte in ascolto (o aperte). Fare riferimento alla <a class="xref" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">Sezione 3.2.8, «Controllare le porte in ascolto»</a>, per maggiori informazioni.
+ </div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Insecure_Services">3.1.5.3. Servizi poco sicuri</h4></div></div></div><div class="para">
+ Potenzialmente, tutti i servizi di rete sono poco sicuri, per questo è molto importante disabilitare i servizi non utilizzati. Falle nei servizi, vengono di tanto in tanto scoperti e corretti, per cui diventa assolutamente indispensabile aggiornare regolarmente i pacchetti associati ai servizi di rete. Vedere la <a class="xref" href="sect-Security_Guide-Security_Updates.html">Sezione 1.5, «Aggiornamenti di sicurezza»</a>, per maggiori informazioni.
+ </div><div class="para">
+ Alcuni protocolli di rete sono intrinsecamente molto più insicuri di altri. Tra questi servizi rientrano quelli che:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Trasmettono in chiaro, username e password</em></span> — Molti protocolli, piuttosto datati, come Telnet ed FTP, non cifrano la fase di autenticazione di una sessione, per cui dovrebbero essere evitati.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Trasmettere in chiaro, dati sensibili</em></span> — Molti protocolli trasmettono in chiaro (ossia senza cifratura), i dati. Tra questi protocolli rientrano Telnet, FTP, HTTP, ed SMTP. Anche molti file system di rete, come NFS ed SMB, trasmettono in chiaro. Usando questi protocolli, è responsabilità dell'utente stabilire se è il caso di trasmettere in chiaro i propri dati.
+ </div><div class="para">
+ Servizi remoti di memory dump, come <code class="command">netdump</code>, trasmettono in chiaro il contenuto della memoria. Le memory dump possono contenere password, o anche i dati di un database ed altre informazioni sensibili.
+ </div><div class="para">
+ Altri servizi come <code class="command">finger</code> e <code class="command">rwhod</code> rivelano informazioni sugli utenti di un sistema.
+ </div></li></ul></div><div class="para">
+ Esempi di servizi intrinsecamente poco sicuri sono <code class="command">rlogin</code>, <code class="command">rsh</code>, <code class="command">telnet</code> ed <code class="command">vsftpd</code>.
+ </div><div class="para">
+ Tutti i programmi shell e di accesso remoto (<code class="command">rlogin</code>, <code class="command">rsh</code>, e <code class="command">telnet</code>) dovrebbero essere evitati a favore di SSH. Fare riferimento alla <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">Sezione 3.1.7, «Strumenti di comunicazione che aumentano la sicurezza»</a>, per maggiori informazioni su <code class="command">sshd</code>.
+ </div><div class="para">
+ FTP non è così inerentemente rischioso come le shell remote, tuttavia richiede configurazioni e controlli molto scrupolosi. Vedere la <a class="xref" href="sect-Security_Guide-Server_Security-Securing_FTP.html">Sezione 3.2.6, «Proteggere FTP»</a>, per maggiori informazioni sui server FTP.
+ </div><div class="para">
+ I servizi che andrebbero attentamente configurati e protetti da firewall, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">finger</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">authd</code> (denominato <code class="command">identd</code> in precedenti versioni di Fedora)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump-server</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">nfs</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rwhod</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">smb</code> (Samba)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">yppasswdd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypserv</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypxfrd</code>
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni su come rendere sicuri i servizi di rete, consultare la <a class="xref" href="sect-Security_Guide-Server_Security.html">Sezione 3.2, «Server Security»</a>.
+ </div><div class="para">
+ Il paragrafo successivo illustra gli strumenti disponibili per impostare un semplice firewall.
+ </div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Firewall personali</h3></div></div></div><div class="para">
+ Dopo aver configurato i <span class="emphasis"><em>necessari</em></span> servizi di rete, è importante implementare un firewall.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ La configurazione dei servizi e l'implementazione di un firewall, sono operazioni da fare <span class="emphasis"><em>prima</em></span> di connettersi ad Internet o altra rete non fidata.
+ </div></div></div><div class="para">
+ Il firewall, impedisce ai pacchetti di accedere all'interfaccia di rete del sistema. Se una porta è bloccata dal firewall, ogni richiesta diretta alla porta viene ignorata. Se un servizio è in ascolto su una porta bloccata, il servizio non riceverà alcun pacchetto e di fatto risulta disabilitato. Per questo motivo, occorre prestare particolare attenzione alla configurazione di un firewall, bloccando le porte non utilizzate e sbloccando le porte dei servizi usati.
+ </div><div class="para">
+ Per la maggior parte degli utenti, il miglior strumento per configurare un semplice firewall rimane l'interfaccia grafica distribuita in Fedora: <span class="application"><strong>Amministrazione Firewall</strong></span> (<code class="command">system-config-firewall</code>). Questo strumento crea regole <code class="command">iptables</code> per un firewall generico, usando una GUI.
+ </div><div class="para">
+ Per maggiori informazioni sull'uso di questa applicazione e sulle opzioni disponibili, per creare un firewall di base, vedere la <a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">Sezione 3.8.2, «Configurazione di un firewall di base»</a>.
+ </div><div class="para">
+ Per gli utenti avanzati e gli amministratori di server, la configurazione manuale di un firewall con <code class="command">iptables</code> è probabilmente una scelta migliore. Fare riferimento alla <a class="xref" href="sect-Security_Guide-Firewalls.html">Sezione 3.8, «Firewall»</a>, per maggiori informazioni. Per una guida omnicomprensiva sul comando <code class="command">iptables</code>, vedere la <a class="xref" href="sect-Security_Guide-IPTables.html">Sezione 3.9, «IPTables»</a>.
+ </div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Strumenti di comunicazione che aumentano la sicurezza</h3></div></div></div><div class="para">
+ Man mano che è aumentata la dimensione e la popolarità di Internet, è aumentata anche la minaccia delle intercettazioni. Di conseguenza, nel corso degli anni, sono stati sviluppati diversi strumenti per cifrare le comunicazioni.
+ </div><div class="para">
+ Fedora, per proteggere le informazioni, distribuisce due strumenti che usano algoritmi di cifratura di alto livello e che si basano su sistemi di criptazione a chiave pubblica.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>OpenSSH</em></span> — Una implementazione free del protocollo di comunicazione cifrata, SSH.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gnu Privacy Guard (GPG)</em></span> — Una implementazione free dell'applicazione di cifratura PGP (Pretty Good Privacy).
+ </div></li></ul></div><div class="para">
+ OpenSSH, sostituendo vecchi servizi privi di cifratura come <code class="command">telnet</code> e <code class="command">rsh</code>, offre accessi più sicuri verso macchine remote. OpenSSH include un servizio di rete denominato <code class="command">sshd</code> e tre applicazioni client da terminale:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — Una console per accesso remoto.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">scp</code> — Un comando per copiare da/verso remoto
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sftp</code> — Un client pseudo-ftp sicuro, per il trasferimento di file.
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni su OpenSSH, fare riferimento alla <a class="xref" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">Sezione 4.2.2, «Secure Shell»</a>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Sebbene il servizio <code class="command">sshd</code> sia inerentemente sicuro, il servizio <span class="emphasis"><em>deve</em></span> essere tenuto aggiornato. Per maggiori informazioni, vedere la <a class="xref" href="sect-Security_Guide-Security_Updates.html">Sezione 1.5, «Aggiornamenti di sicurezza»</a>.
+ </div></div></div><div class="para">
+ GPG è un sistema usato anche per cifrare le e-mail. Può essere usato sia per trasmettere e-mail contenenti dati sensibili sia per cifrare i dati sensibili nei dischi.
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm37075680" href="#idm37075680" class="para">11</a>] </sup>
+ Il numero e il tipo di protezione supportata dipende dai produttori
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm39173152" href="#idm39173152" class="para">12</a>] </sup>
+ GRUB accetta anche password in chiaro, tuttavia per aumentare il livello di sicurezza si raccomanda di aggiungere un hash MD5
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm35984976" href="#idm35984976" class="para">13</a>] </sup>
+ Questo accesso è ancora soggetto alle restrizioni imposte da SELinux, se abilitato
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Indietro</strong>2.9. NTP</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Avanti</strong>3.2. Server Security</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html
new file mode 100644
index 0000000..e023e25
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 1. Panoramica sulla Sicurezza</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="pr01s02.html" title="2. Inviateci i vostri commenti!" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attaccanti e Vulnerabilità" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey=
"n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Security_Overview" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 1. Panoramica sulla Sicurezza</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduzione alla Sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. Cosa s'intende per Sicurezza Informatica?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Int
roduction_to_Security-Security_Controls">1.1.3. Controlli di Sicurezza</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusione</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.2. Attaccanti e Vulnerabilità</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. Una breve storia degli Hacker</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.2.2. Minacce alla sicurezza di rete</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.2.3. Minacce alla sicurezza server</a></span></dt><dt><span class
="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.2.4. Minacce alla sicurezza di workstation e PC di casa</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.3. Analisi della vulnerabilità</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Pensare come il nemico</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.3.2. Analisi e Test</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.3.3. Valutazione degli strumenti</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Rischi e Attacchi comuni</a
></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Aggiornamenti di sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Aggiornare i pacchetti</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html">1.5.2. Verificare la firma dei pachetti</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html">1.5.3. Installare pacchetti firmati</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">1.5.4. Applicare i cambiamenti</a></span></dt></dl></dd></dl></div><div class="para">
+ In seguito al sempre crescente affidamento di attività commerciali e di dati personali a sistemi di rete distribuiti, molte industrie del settore si sono organizzate fondando standard di sicurezza informatica. Le Aziende, per controllare la sicurezza dei loro sistemi e progettare soluzioni adatte alle loro esigenze operative, nel corso del tempo hanno sempre più richiesto la consulenza e le competenze di esperti di sicurezza. Molte aziende sono per natura dinamiche, con dipendenti che hanno accesso alle risorse IT della compagnia sia localmente sia da remoto, con la necessità di avere ambienti di elaborazione delle informazioni sicuri.
+ </div><div class="para">
+ Sfortunatamente, molte organizzazioni (come pure i singoli utenti), considerano la sicurezza un aspetto secondario, un processo che viene tralasciato in favore di un aumento di efficenza, produttività e di entrate economiche. Spesso si pensa ad una vera pratica di sicurezza soltanto <span class="emphasis"><em>dopo</em></span> che si è avuta un'intrusione. Gli esperti in sicurezza concordano che adottare alcune buone pratiche, prima di connettersi ad una rete poco sicura come Internet, è un mezzo efficace per contrastare molti tentativi di intrusione.
+ </div><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Introduction_to_Security" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. Introduzione alla Sicurezza</h2></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. Cosa s'intende per Sicurezza Informatica?</h3></div></div></div><div class="para">
+ Con Sicurezza Informatica si definisce un termine genarale che coinvolge un'ampia area dei processi informativi. Le aziende, per le loro transazioni economiche e per accedere ad informazioni strategiche, impiegano sistemi di computer e di rete, e considerano i dati trattati come una risorsa importante per la loro attività. Alcune definizioni e misurazioni di campo economico, come TCO (Total Cost of Ownership) o Costo Totale di Proprietà e QoS (Quality of Service) o Qualità del Servizio, rientrano anche nel nostro vocabolario. Attraverso questi strumenti, le aziende possono valutare integrità e disponibilità dei dati, come una parte dei costi nel processo di pianificazione e gestione. In alcune aziende, come nel commercio elettronico, la disponibilità e affidabilità dei dati può fare la differenza tra il succcesso e il fallimento aziendale.
+ </div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. Come è nata la Sicurezza Informatica? </h4></div></div></div><div class="para">
+ La sicurezza dell'informazione si è evoluta nel corso degli anni, stimolata da una domanda di reti pubbliche in grado di mantenere riservate informazioni personali, finanziarie ed altri dati sensibili. Esistono numerose istanze come il caso Mitnick <sup>[<a id="idm48728896" href="#ftn.idm48728896" class="footnote">1</a>]</sup> e il caso Vladimir Levin <sup>[<a id="idm17345104" href="#ftn.idm17345104" class="footnote">2</a>]</sup>, che hanno indotto molte organizzazioni industriali a ripensare ad un diverso modo di trattare l'informazione, la sua trasmissione e diffusione. La popolarità di Internet è stato uno degli sviluppi più importanti che ha portato a intensificare gli sforzi sulla sicurezza dei dati.
+ </div><div class="para">
+ Un numero sempre crescente di persone usano i loro computer per accedere alle risorse offerte da Internet. Dalla ricerca e recupero di informazione alla posta elettronica, al commercio elettronico, Internet è stato riconosciuto come uno dei più importanti sviluppi del XX secolo.
+ </div><div class="para">
+ Tuttavia, Internet e i suoi primi protocolli, sono stati sviluppati come un sistema <em class="firstterm">trust-based</em> o fidato. In altre parole, l'Internet Protocol non è stato progettato per essere sicuro. Non esistono nell'ambito degli stack di comunicazione TCP/IP degli standard di sicurezza approvati, risultando vulnerabile a potenziali utenti e processi maliziosi. Gli sviuppi moderni hanno reso la comunicazione su Internet più sicura, anche se di tanto in tanto, si verificano incidenti che conquistano l'attenzione mondiale e avvertono che nulla è ancora completamente sicuro.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Security_Today"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. La Sicurezza Oggi</h4></div></div></div><div class="para">
+ Nel Febbraio del 2000, contro diversi siti Internet molto frequentati, fu portato un attacco di tipo DDoS (Distributed Denial of Service). L'attacco coinvolse yahoo.com, cnn.com, amazon.com, fbi.gov e diversi altri domini risultarono completamente isolati, irraggiungibili da parte dei normali utenti, poichè l'attacco riuscì a bloccare, per alcune ore, diversi router con raffiche di pacchetti ICMP molto lunghi, detti <em class="firstterm">ping flood</em>. L'attacco fu realizzato da un gruppo di anonimi che usarono dei programmi molto diffusi, appositamente sviluppati, per intercettare la presenza di porte vulnerabili nei server di rete; riuscirono ad installare sui server, delle applicazioni client, i <em class="firstterm">trojans</em>, e al momento giusto sferrarono un attacco contro ogni server infettato, rendendo i siti inutilizzabili. Da questa storia, molti concludono che la colpa sia nelle falle inerenti al sistema Internet, in quanto i router e i protocolli sono
strutturati per accettare tutti i dati d'ingresso, a prescindere da dove vengano o del perchè siano stati spediti.
+ </div><div class="para">
+ Nel 2007, una violazione di dati riuscì a compromettere la già nota debolezza del protocollo di cifratura per reti wireless, WEP (Wired Equivalent Privacy), causando la sottrazione, ai danni di una istituzione finanziaria mondiale, di oltre 45 milioni di numeri di carte di credito. <sup>[<a id="idm17351392" href="#ftn.idm17351392" class="footnote">3</a>]</sup>
+ </div><div class="para">
+ In un altro caso, dall'auto del corriere, fu sottratto il disco che conteneva le registrazioni delle cedole assicurative di oltre 2,2 milioni di pazienti. <sup>[<a id="idm17352992" href="#ftn.idm17352992" class="footnote">4</a>]</sup>
+ </div><div class="para">
+ Oggigiorno, circa 1,8 miliardi di persone nel mondo usano o hanno usato Internet. <sup>[<a id="idm17353984" href="#ftn.idm17353984" class="footnote">5</a>]</sup> Nello stesso tempo:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Ogni giorno, secondo le registrazioni fornite dal CERT Coordination Center presso la Carnegie Mellon University.<sup>[<a id="idm17356352" href="#ftn.idm17356352" class="footnote">6</a>]</sup>, si verificano circa 225 casi piuttosto gravi di falle di sicurezza.
+ </div></li><li class="listitem"><div class="para">
+ Nel 2003, il numero di casi riportati dal CERT è cresciuto a 137.529, dagli 82.094 nel 2002 e dai 52.658 nel 2001. <sup>[<a id="idm17358672" href="#ftn.idm17358672" class="footnote">7</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ Il danno economico causato dall'impatto dei tre virus più pericolosi, diffusi su Internet negli ultimi tre anni, è di circa 13,2 miliardi di dollari.<sup>[<a id="idm50557424" href="#ftn.idm50557424" class="footnote">8</a>]</sup>
+ </div></li></ul></div><div class="para">
+ Da una indagine svolta nel 2008, per conto di <span class="emphasis"><em>CIO Magazine</em></span> dal gruppo di esperti tecnologici e commerciali, "The Global State of Information Security"<sup>[<a id="idm50555328" href="#ftn.idm50555328" class="footnote">9</a>]</sup>, sono emersi i seguenti punti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Appena il 43% degli intervistati analizzano o controllano la conformità degli utenti alle policy di sicurezza
+ </div></li><li class="listitem"><div class="para">
+ Soltanto il 22% mantiene un inventario delle aziende esterne che fanno uso dei loro dati
+ </div></li><li class="listitem"><div class="para">
+ Quasi la metà degli incidenti, dovuti a problemi di sicurezza, sono stati classificati come "Sconosciuti"
+ </div></li><li class="listitem"><div class="para">
+ Il 44% degli intervistati prevede di aumentare l'investimento in sicurezza nel prossimo anno
+ </div></li><li class="listitem"><div class="para">
+ Il 59% ritiene di avere una strategia di sicurezza informatica
+ </div></li></ul></div><div class="para">
+ Questi risultati sono una prova che la sicurezza informatica è diventata una spesa quantificabile e giustificabile negli investimenti IT. Le organizzazioni che richiedono integrità e pronta disponibilità dei dati, sollecitano le competenze di amministratori di rete, sviluppatori ed ingegneri a garantire una affidabilità di 24h x 7giorni settimanali, ai loro sistemi, servizi ed informazioni. Cadere vittima di utenti o processi malintenzionati o di attacchi coordinati, è una minaccia al successo stesso dell'organizzazione.
+ </div><div class="para">
+ Sfortunatamente, la sicurezza dei sistemi e della rete può risultare un affare piuttosto complicato, che richiede una conoscenza approfondita su come l'organizzazione considera, usa, manipola e trasmette le sue informazioni. Capire come un'organizzazione (e le persone che ne fanno parte) porta avanti i suoi affari è il punto di partenza per implementare un efficace progetto di sicurezza.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">1.1.1.3. Standardizzare la Sicurezza</h4></div></div></div><div class="para">
+ Le aziende di ogni settore si basano su regole e regolamenti che sono emanati da enti regolatori come l'IEEE (Institute of Electrical and Electronics Engineers). Lo stesso avviene per la sicurezza informatica. Molti consulenti e rivenditori del settore sicurezza informatica, concordano su un modello standard di sicurezza denominato CIA o <em class="firstterm">Confidentiality, Integrity and Availability</em>. Questo modello a tre livelli, è un componente generalmente accettato per stimare il rischio delle informazioni sensibili e per stabilire una policy di sicurezza. Di seguito si descrive il modello CIA in maggior dettaglio.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Confidentiality — Le informazioni sensibili devono essere rese disponobili solo a un numero predefinito di persone. La trasmissione e l'uso non autorizzato di informazioni deve quindi essere limitato. Per esempio, la confidenzialità assicura che le informazioni finanziarie o personali di un cliente, non siano ottenute da un individuo non autorizzato, per propositi fraudolenti come la sostituzione d'identità o la sottrazione di credito.
+ </div></li><li class="listitem"><div class="para">
+ Integrity — L'informazione non deve essere alterata in modo da renderla incompleta o scorretta. Gli utenti non autorizzati non devono avere la possibilità di modificare o distruggere informazioni sensibili.
+ </div></li><li class="listitem"><div class="para">
+ Availability — L'informazione deve essere disponibile agli utenti autorizzati ogni qualvolta ciò è richiesto. La disponibilità è una garanzia che l'informazione può essere ottenuta sempre, in ogni momento. Questa è spesso misurata in termini percentuale e stabilita nei Service Level Agreement (SLA) in fase di contratto tra service provider e clienti.
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-SELinux"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</h3></div></div></div><div class="para">
+ Fedora include un miglioramento al kernel Linux, denominato SELinux, che implementa una architettura MAC (Mandatory Access Control) per la regolazione precisa del controllo su file, processi, utenti ed applicazioni. Per ulteriori informazioni su SELinux, fare riferimento alla <a href="http://docs.fedoraproject.org/it-IT/Fedora/13/html/Security-Enhanced_Linux/index.html">Fedora SELinux User Guide</a>. Per informazioni sulla configurazione e i servizi protetti da SELinux, consultare <a href="http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/index.html">Managing Confined Services</a>. Per altre risorse, vedere il <a class="xref" href="chap-Security_Guide-References.html">Capitolo 9, <em>Riferimenti</em></a>.
+ </div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Security_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Controlli di Sicurezza</h3></div></div></div><div class="para">
+ La Sicurezza Informatica è spesso suddivisa in tre categorie principali o <em class="wordasword">controls</em>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Fisico
+ </div></li><li class="listitem"><div class="para">
+ Tecnico
+ </div></li><li class="listitem"><div class="para">
+ Amministrativo
+ </div></li></ul></div><div class="para">
+ Queste tre grandi categorie definiscono i principali obiettivi per una implemetazione di sicurezza. Nell'ambito di questi controlli, esistono delle sotto-categorie che ulteriormente suddividono i controlli e la loro implementazione.
+ </div><div class="section" id="sect-Security_Guide-Security_Controls-Physical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Physical_Controls">1.1.3.1. Controlli Fisici</h4></div></div></div><div class="para">
+ Il controllo fisico riguarda l'implementazione delle misure di sicurezza tali da impedire o prevenire accessi non autorizzati a materiale riservato. Esempi di controlli fisici includono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Video camere di sorveglianza a circuito chiuso
+ </div></li><li class="listitem"><div class="para">
+ Sistemi di allarme a sensore termico e di movimento
+ </div></li><li class="listitem"><div class="para">
+ Guardie di sicurezza
+ </div></li><li class="listitem"><div class="para">
+ Documenti d'identificazione
+ </div></li><li class="listitem"><div class="para">
+ Porte d'acciaio con serrature di sicurezza
+ </div></li><li class="listitem"><div class="para">
+ Sistemi Biometrici, tra cui strumenti di riconoscimento vocale e dell'iride, lettori di impronte digitali e facciali ed altri metodi usati per il riconoscimento degli individui
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Technical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Technical_Controls">1.1.3.2. Controlli Tecnici</h4></div></div></div><div class="para">
+ I controlli tecnici usano la tecnologia come base, per controllare l'accesso e l'uso di dati riservati in una struttura fisica e attraverso una rete. I controlli tecnici comprendono un'ampio ambito e diverse tecnologie, tra le quali:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Tecniche di cifratura
+ </div></li><li class="listitem"><div class="para">
+ Smart card
+ </div></li><li class="listitem"><div class="para">
+ Autenticazione di rete
+ </div></li><li class="listitem"><div class="para">
+ Access control lists (ACLs)
+ </div></li><li class="listitem"><div class="para">
+ Software per controllare l'integrità dei file
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Administrative_Controls">1.1.3.3. Controlli Amministrativi</h4></div></div></div><div class="para">
+ I controlli amministrativi definiscono i fattori umani legati alla sicurezza. Essi coinvolgono il personale di ogni livello di un'organizzazione e determinano quali utenti possono avere accesso a quali risorse ed informazioni, per mezzo di:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Addestramento e consapevolezza
+ </div></li><li class="listitem"><div class="para">
+ Preparazione per affrontare disastri ed avviare piani di ripristino
+ </div></li><li class="listitem"><div class="para">
+ Strategie per assumere e licenziare il personale
+ </div></li><li class="listitem"><div class="para">
+ Registrazione e controllo di accesso del personale
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Conclusion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusione</h3></div></div></div><div class="para">
+ Ora che si conoscono le origini, le ragioni e gli aspetti legati alla sicurezza, sarà più facile stabilire le azioni da intraprendere usando Fedora. Per poter pianificare ed implemetare una corretta strategia è importante individuare i fattori e le condizioni che garantiscono la sicurezza. Con queste informazioni, il processo può essere formalizzato e la sua realizzazione diventa più chiara, man mano che si procede nei dettagli specifici del processo di sicurezza.
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm48728896" href="#idm48728896" class="para">1</a>] </sup>
+ http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm17345104" href="#idm17345104" class="para">2</a>] </sup>
+ http://www.livinginternet.com/i/ia_hackers_levin.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm17351392" href="#idm17351392" class="para">3</a>] </sup>
+ http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm17352992" href="#idm17352992" class="para">4</a>] </sup>
+ http://www.healthcareitnews.com/story.cms?id=9408
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm17353984" href="#idm17353984" class="para">5</a>] </sup>
+ http://www.internetworldstats.com/stats.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm17356352" href="#idm17356352" class="para">6</a>] </sup>
+ http://www.cert.org
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm17358672" href="#idm17358672" class="para">7</a>] </sup>
+ http://www.cert.org/stats/fullstats.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm50557424" href="#idm50557424" class="para">8</a>] </sup>
+ http://www.newsfactor.com/perl/story/16407.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm50555328" href="#idm50555328" class="para">9</a>] </sup>
+ http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Indietro</strong>2. Inviateci i vostri commenti!</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Avanti</strong>1.2. Attaccanti e Vulnerabilità</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html
new file mode 100644
index 0000000..83cb4ec
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Capitolo 7. Manutenzione del software</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="6.2. Utilizzo di LUKS" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="7.2. Pianificare e configurare gli aggiornamenti di sicurezza" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="chapter" id="chap-Security_Guide-Software_Maintenance" lang="it-IT"><div class="titlepage"><div><div><h2 class="title">Capitolo 7. Manutenzione del software</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Installare il software indispensabile</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">7.2. Pianificare e configurare gli aggiornamenti di sicurezza</a></span></dt><dt><span class="section"><a href="sect-Security_
Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">7.3. Regolare gli aggiornamenti automatici</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">7.4. Installare pacchetti firmati da repository fidati</a></span></dt></dl></div><div class="para">
+ La manutenzione del software è estremente importante per mantenere sicuro un sistema. E' di vitale importanza applicare patch (correzioni) ai programmi appena si rendono disponibili, in modo da impedire agli attaccanti di sfruttare le falle scoperte per infiltrarsi nel sistema.
+ </div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Installare il software indispensabile</h2></div></div></div><div class="para">
+ E' una buona pratica installare soltanto i pacchetti dei programmi usati, dato che ogni pezzo di codice potrebbe contenere una vulnerabilità. Se si installa da un DVD si ha la possibilità di selezionare esattamente i pacchetti da installare. Poi una volta installato il sistema, se si ha la necessità di altri programmi essi possono sempre essere installati successivamente.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Indietro</strong>6.2. Utilizzo di LUKS</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Avanti</strong>7.2. Pianificare e configurare gli aggiornamenti ...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/SCLogin.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/SCLogin.png
new file mode 100644
index 0000000..5bdef58
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/SCLogin.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png
new file mode 100644
index 0000000..2809b32
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/auth-panel.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/auth-panel.png
new file mode 100644
index 0000000..6335d2f
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/auth-panel.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/authicon.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/authicon.png
new file mode 100644
index 0000000..e397b63
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/authicon.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png
new file mode 100644
index 0000000..1dbf27d
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-firewall_config.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-firewall_config.png
new file mode 100644
index 0000000..6abd4b0
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-firewall_config.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png
new file mode 100644
index 0000000..4a236a7
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png
new file mode 100644
index 0000000..e49a5c1
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png
new file mode 100644
index 0000000..5457d97
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-service_config.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-service_config.png
new file mode 100644
index 0000000..71b4c21
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-service_config.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png
new file mode 100644
index 0000000..9527476
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png
new file mode 100644
index 0000000..54ccc33
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/icon.svg b/public_html/it-IT/Fedora/18/html/Security_Guide/images/icon.svg
new file mode 100644
index 0000000..c471a60
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/images/icon.svg
@@ -0,0 +1,3936 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
+ xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg3017"
+ sodipodi:version="0.32"
+ inkscape:version="0.44+devel"
+ sodipodi:docname="book.svg"
+ sodipodi:docbase="/home/andy/Desktop">
+ <metadata
+ id="metadata489">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="480"
+ inkscape:window-width="858"
+ inkscape:pageshadow="0"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ inkscape:zoom="1"
+ inkscape:cx="16"
+ inkscape:cy="15.944056"
+ inkscape:window-x="0"
+ inkscape:window-y="33"
+ inkscape:current-layer="svg3017" />
+ <defs
+ id="defs3019">
+ <linearGradient
+ id="linearGradient2381">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop2383" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop2385" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="XMLID_1758_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop3903" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3905" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3890" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3892" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1755_">
+ <use
+ id="use3874"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3877" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3879" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3881" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3883" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="XMLID_1754_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop3863" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop3865" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop3867" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop3869" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop3851" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3853" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1751_">
+ <use
+ id="use3837"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3840" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3842" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3844" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3846" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="XMLID_1750_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3830" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3832" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3818" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3820" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="XMLID_1748_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3803" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3805" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3807" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3809" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="XMLID_2275_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9947" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9949" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9951" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9953" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_2273_">
+ <use
+ id="use9933"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="XMLID_2274_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9936" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9938" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9940" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9942" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="XMLID_2272_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9917" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9919" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9921" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9923" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleInM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(-0.4,-0.4)"
+ style="fill:#5c5c4f"
+ id="path3197" />
+ </marker>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="XMLID_3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#bfbfbf;stop-opacity:1"
+ offset="0"
+ id="stop20103" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop20105" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="linearGradient36592"
+ xlink:href="#XMLID_3298_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="XMLID_3297_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop20096" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20098" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="linearGradient36595"
+ xlink:href="#XMLID_3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="XMLID_3296_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#0f6124;stop-opacity:1"
+ offset="0"
+ id="stop20087" />
+ <stop
+ style="stop-color:#219630;stop-opacity:1"
+ offset="1"
+ id="stop20089" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#219630" />
+ </linearGradient>
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="linearGradient36677"
+ xlink:href="#XMLID_3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="XMLID_3295_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20076" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.5"
+ id="stop20078" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20080" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="linearGradient36604"
+ xlink:href="#XMLID_3295_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="XMLID_3294_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop20069" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20071" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="linearGradient36607"
+ xlink:href="#XMLID_3294_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="XMLID_3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20056" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20058" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20060" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20062" />
+ <stop
+ style="stop-color:#c2c2c2;stop-opacity:1"
+ offset="0.5"
+ id="stop20064" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C2C2C2" />
+ </linearGradient>
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="linearGradient36610"
+ xlink:href="#XMLID_3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="XMLID_3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20043" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20045" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20047" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20049" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20051" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="linearGradient36613"
+ xlink:href="#XMLID_3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleOutM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(0.4,0.4)"
+ style="fill:#5c5c4f;fill-rule:evenodd;stroke-width:1pt;marker-start:none"
+ id="path3238" />
+ </marker>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="XMLID_3457_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="stop8309" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8311" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="stop8313" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#B2B2B2" />
+ </linearGradient>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="lg1997"
+ xlink:href="#XMLID_3457_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="XMLID_3456_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="stop8300" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8302" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8304" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="lg2000"
+ xlink:href="#XMLID_3456_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="XMLID_3455_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8291" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.69999999"
+ id="stop8293" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8295" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.7"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="lg2003"
+ xlink:href="#XMLID_3455_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ id="lg63694">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop63696" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop63698" />
+ </linearGradient>
+ <linearGradient
+ x1="458"
+ y1="483"
+ x2="465.20001"
+ y2="271.39999"
+ id="lg2006"
+ xlink:href="#lg63694"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(6.3e-2,0,0,6.3e-2,-1.3,-9.8)" />
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="XMLID_3453_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8271" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0.2"
+ id="stop8273" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8275" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="lg2009"
+ xlink:href="#XMLID_3453_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="XMLID_3449_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8232" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8234" />
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="1"
+ id="stop8236" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#ECD600" />
+ </linearGradient>
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="lg2016"
+ xlink:href="#XMLID_3449_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8219" />
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8221" />
+ <stop
+ style="stop-color:#c96b00;stop-opacity:1"
+ offset="0.89999998"
+ id="stop8223" />
+ <stop
+ style="stop-color:#9a5500;stop-opacity:1"
+ offset="1"
+ id="stop8225" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.9"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#9A5500" />
+ </radialGradient>
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="rg2020"
+ xlink:href="#XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.513992,0,0,2.347576,-689.1621,-378.5717)" />
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="XMLID_3447_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="0"
+ id="stop8204" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8206" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8208" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="lg2026"
+ xlink:href="#XMLID_3447_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop8197" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="1"
+ id="stop8199" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFF95E" />
+ </radialGradient>
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="rg2029"
+ xlink:href="#XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.7,0,0,1.7,-457.5,-266.8)" />
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="XMLID_3445_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8184" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8186" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8188" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8190" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8192" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="lg2032"
+ xlink:href="#XMLID_3445_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="XMLID_3444_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8171" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8173" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8175" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8177" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8179" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="lg2035"
+ xlink:href="#XMLID_3444_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="379.70001"
+ y1="167.89999"
+ x2="383.89999"
+ y2="172.89999"
+ id="lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16159" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16161" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s16163" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="379.60001"
+ y1="167.8"
+ x2="383.79999"
+ y2="172"
+ id="lg6416"
+ xlink:href="#lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.622156,0.623859,-0.623859,2.62182,-882.9706,-673.7921)" />
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="s16152" />
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="1"
+ id="s16154" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg6453"
+ xlink:href="#lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="0"
+ id="s16145" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="s16147" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#E5E5E5"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg6456"
+ xlink:href="#lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <radialGradient
+ cx="347.29999"
+ cy="244.5"
+ r="5.1999998"
+ fx="347.29999"
+ fy="244.5"
+ id="lg4282_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#333;stop-opacity:1"
+ offset="0"
+ id="s16135" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s16137" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0"
+ id="s16111" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.60000002"
+ id="s16113" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="1"
+ id="s16115" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.6" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg6467"
+ xlink:href="#lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16100" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.40000001"
+ id="s16102" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0.89999998"
+ id="s16104" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16106" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.9" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg6465"
+ xlink:href="#lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="307.79999"
+ y1="395.20001"
+ x2="313.79999"
+ y2="413.60001"
+ id="lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16091" />
+ <stop
+ style="stop-color:#fcd72f;stop-opacity:1"
+ offset="0.40000001"
+ id="s16093" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16095" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="306.5"
+ y1="393"
+ x2="309"
+ y2="404"
+ id="lg6400"
+ xlink:href="#lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="352.10001"
+ y1="253.60001"
+ x2="348.5"
+ y2="237.8"
+ id="lg4276_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16077" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16079" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s16057" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.80000001"
+ id="s16059" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="s16061" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.8" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg6463"
+ xlink:href="#lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16048" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16050" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16052" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg6461"
+ xlink:href="#lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16041" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16043" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="5.6e-003" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg6381"
+ xlink:href="#lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="348.39999"
+ y1="247.39999"
+ x2="354.10001"
+ y2="242"
+ id="lg4271_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s16025" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.40000001"
+ id="s16027" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="s16029" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#000000"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg4270_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16007" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16009" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg6459"
+ xlink:href="#lg4270_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)" />
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="XMLID_2708_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop75318" />
+ <stop
+ style="stop-color:#fffcea;stop-opacity:1"
+ offset="1"
+ id="stop75320" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#FFFCEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="lg1907"
+ xlink:href="#XMLID_2708_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="XMLID_2707_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffdea0;stop-opacity:1"
+ offset="0"
+ id="stop75305" />
+ <stop
+ style="stop-color:#ffd89e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75307" />
+ <stop
+ style="stop-color:#ffd79e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75309" />
+ <stop
+ style="stop-color:#dbaf6d;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75311" />
+ <stop
+ style="stop-color:#6f4c24;stop-opacity:1"
+ offset="1"
+ id="stop75313" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.3" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6F4C24"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="lg1910"
+ xlink:href="#XMLID_2707_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="58"
+ y1="73.199997"
+ x2="44.5"
+ y2="19"
+ id="XMLID_2704_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)">
+ <stop
+ style="stop-color:#d4a96c;stop-opacity:1"
+ offset="0.5"
+ id="stop75284" />
+ <stop
+ style="stop-color:#dcb273;stop-opacity:1"
+ offset="0.60000002"
+ id="stop75286" />
+ <stop
+ style="stop-color:#f0ca87;stop-opacity:1"
+ offset="0.80000001"
+ id="stop75288" />
+ <stop
+ style="stop-color:#ffdc96;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75290" />
+ <stop
+ style="stop-color:#c18a42;stop-opacity:1"
+ offset="1"
+ id="stop75292" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C18A42"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="XMLID_2703_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0"
+ id="stop75268" />
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0.40000001"
+ id="stop75270" />
+ <stop
+ style="stop-color:#c0aa94;stop-opacity:1"
+ offset="1"
+ id="stop75272" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.4" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C0AA94"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="lg1916"
+ xlink:href="#XMLID_2703_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="224.31"
+ y1="19.450001"
+ x2="214.33"
+ y2="11.46"
+ id="XMLID_419_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#404040;stop-opacity:1"
+ offset="0"
+ id="s1903" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1905" />
+ <stop
+ style="stop-color:#e9e9e9;stop-opacity:1"
+ offset="1"
+ id="s1907" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E9E9E9" />
+ </linearGradient>
+ <linearGradient
+ x1="221.84"
+ y1="32.779999"
+ x2="212.2"
+ y2="20.27"
+ id="lg1988"
+ xlink:href="#XMLID_419_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1900"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s1902" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s1906" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.33" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D3D3D3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="234.81"
+ y1="33.279999"
+ x2="228.27"
+ y2="33.279999"
+ id="lg1908"
+ xlink:href="#lg1900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="XMLID_416_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#575757;stop-opacity:1"
+ offset="0"
+ id="s1874" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1876" />
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1"
+ offset="1"
+ id="s1878" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#D3D3D3" />
+ </linearGradient>
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1991"
+ xlink:href="#XMLID_416_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.1,0,0,1.1,-54.33,-75.4)">
+ <stop
+ style="stop-color:#c9ffc9;stop-opacity:1"
+ offset="0"
+ id="stop29201" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="stop29203" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#23A11F" />
+ </radialGradient>
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="radialGradient5711"
+ xlink:href="#x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.23,0,0,1.23,-709.93,-245.02)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5722"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="x5002_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29134" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.2"
+ id="stop29136" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="stop29138" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.20"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#999999" />
+ </linearGradient>
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="lg5725"
+ xlink:href="#x5002_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29157" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29159" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="lg5728"
+ xlink:href="#x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="x5003_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="stop29143" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="stop29145" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E5E5E5" />
+ </linearGradient>
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5732"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29124" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29126" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="lg5735"
+ xlink:href="#x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="XMLID_2433_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d6d6d6;stop-opacity:1"
+ offset="0"
+ id="71615" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71617" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="lg1952"
+ xlink:href="#XMLID_2433_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.98,0,0,0.98,2.88,2.75)">
+ <stop
+ style="stop-color:#d2d2d2;stop-opacity:1"
+ offset="0.19"
+ id="71592" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.44999999"
+ id="71594" />
+ <stop
+ style="stop-color:#c7c7c7;stop-opacity:1"
+ offset="0.60000002"
+ id="71596" />
+ <stop
+ style="stop-color:#b9b9b9;stop-opacity:1"
+ offset="0.74000001"
+ id="71598" />
+ <stop
+ style="stop-color:#a4a4a4;stop-opacity:1"
+ offset="0.86000001"
+ id="71600" />
+ <stop
+ style="stop-color:#8a8a8a;stop-opacity:1"
+ offset="0.95999998"
+ id="71602" />
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="1"
+ id="71604" />
+ <a:midPointStop
+ offset="0.19"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="0.8"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#808080" />
+ </radialGradient>
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="radialGradient2331"
+ xlink:href="#XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-276.62,-121.54)" />
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="XMLID_2430_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b5d8ff;stop-opacity:1"
+ offset="0"
+ id="71582" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="71584" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#000000" />
+ </linearGradient>
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="lg2820"
+ xlink:href="#XMLID_2430_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="XMLID_2429_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0"
+ id="71564" />
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0.25"
+ id="71566" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="0.44"
+ id="71568" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71570" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.25"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.44"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="lg2818"
+ xlink:href="#XMLID_2429_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.851,0,0,0.849,69.297,51.658)">
+ <stop
+ style="stop-color:#23468e;stop-opacity:1"
+ offset="0"
+ id="stop10972" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10974" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </radialGradient>
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="rg5791"
+ xlink:href="#lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.858,0,0,0.857,-511.7,9.02)" />
+ <linearGradient
+ x1="616.112"
+ y1="76.247002"
+ x2="588.14099"
+ y2="60.742001"
+ id="lg3497_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#01326e;stop-opacity:1"
+ offset="0"
+ id="stop10962" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10964" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg3496_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop10950" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10952" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg5794"
+ xlink:href="#lg3496_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg3495_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10941" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10943" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10945" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg5771"
+ xlink:href="#lg3495_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.615,-43.098)" />
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg3494_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10932" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10934" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10936" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg5774"
+ xlink:href="#lg3494_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.616,-43.098)" />
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="g3302_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#005e00;stop-opacity:1"
+ offset="0"
+ id="s6504" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="s6506" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#23A11F"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="lg5851"
+ xlink:href="#g3302_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s6483" />
+ <stop
+ style="stop-color:#eee;stop-opacity:1"
+ offset="0.17"
+ id="s6485" />
+ <stop
+ style="stop-color:#e3e3e3;stop-opacity:1"
+ offset="0.34"
+ id="s6487" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.50999999"
+ id="s6489" />
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1"
+ offset="0.67000002"
+ id="s6491" />
+ <stop
+ style="stop-color:#919191;stop-opacity:1"
+ offset="0.83999997"
+ id="s6493" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6495" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.71" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="lg5855"
+ xlink:href="#g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,103.123)" />
+ <clipPath
+ id="g3299_">
+ <use
+ id="use6469"
+ x="0"
+ y="0"
+ width="1005.92"
+ height="376.97"
+ xlink:href="#g101_" />
+ </clipPath>
+ <radialGradient
+ cx="1189.9301"
+ cy="100.05"
+ r="40.400002"
+ fx="1189.9301"
+ fy="100.05"
+ id="g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,-8.46e-2,0,0.34,394.16,137.13)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6472" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s6474" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#000000"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1199.74"
+ cy="97.150002"
+ r="40.400002"
+ fx="1199.74"
+ fy="97.150002"
+ id="rg5860"
+ xlink:href="#g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.409,-0.107,0,0.429,-451.489,113.149)" />
+ <linearGradient
+ x1="796.38"
+ y1="67.580002"
+ x2="781.28003"
+ y2="58.549999"
+ id="g3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#4c8bca;stop-opacity:1"
+ offset="0"
+ id="s6462" />
+ <stop
+ style="stop-color:#b7e9ff;stop-opacity:1"
+ offset="1"
+ id="s6464" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B7E9FF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6448" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6450" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="lg5890"
+ xlink:href="#g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)" />
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(0,70.17)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6439" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.51999998"
+ id="s6441" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6443" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.52" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="lg5866"
+ xlink:href="#g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,28.6)" />
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="g3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6412" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6414" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="lg5871"
+ xlink:href="#g3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="g3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="s6403" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.28"
+ id="s6405" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6407" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.28" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="lg5874"
+ xlink:href="#g3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,137.29)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6380" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="s6382" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="lg5878"
+ xlink:href="#g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,113.351)" />
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6371" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6373" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="rg5881"
+ xlink:href="#g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,0,0,0.36,238.56,86.87)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6362" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.63999999"
+ id="s6364" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6366" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.64" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="rg5884"
+ xlink:href="#g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.408,0,0,0.448,-638.943,49.495)" />
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6347" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.38999999"
+ id="s6349" />
+ <stop
+ style="stop-color:#b1b1b1;stop-opacity:1"
+ offset="0.75"
+ id="s6351" />
+ <stop
+ style="stop-color:#aaa;stop-opacity:1"
+ offset="0.88"
+ id="s6353" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.97000003"
+ id="s6355" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6357" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.39" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.87" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="rg5887"
+ xlink:href="#g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <pattern
+ patternTransform="matrix(0.592927,0,0,0.592927,78,462)"
+ id="cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-365.3146,-513.505)"
+ id="g3047">
+ id="path2858" />
+ <path
+ inkscape:label="#path2854"
+ sodipodi:nodetypes="czzzz"
+ style="fill:#e3dcc0"
+ id="path3060"
+ d="M 390.31462,529.50504 C 390.31462,534.47304 386.28262,538.50504 381.31462,538.50504 C 376.34662,538.50504 372.31462,534.47304 372.31462,529.50504 C 372.31462,524.53704 376.34662,520.50504 381.31462,520.50504 C 386.28262,520.50504 390.31462,524.53704 390.31462,529.50504 z " />
+</g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.733751,0,0,0.733751,67,367)"
+ id="dark-cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-408.0946,-513.505)"
+ id="dark-cream-spot"
+ inkscape:label="#g3043">
+ <path
+ sodipodi:nodetypes="czzzz"
+ style="fill:#c8c5ac"
+ d="M 433.09458,529.50504 C 433.09458,534.47304 429.06258,538.50504 424.09458,538.50504 C 419.12658,538.50504 415.09458,534.47304 415.09458,529.50504 C 415.09458,524.53704 419.12658,520.50504 424.09458,520.50504 C 429.06258,520.50504 433.09458,524.53704 433.09458,529.50504 z "
+ id="path2953" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.375,0,0,0.375,379,400)"
+ id="white-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-484.3997,-513.505)"
+ id="white-spot"
+ inkscape:label="#g3035">
+ <path
+ style="opacity:0.25;fill:white"
+ id="path3033"
+ d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+ sodipodi:nodetypes="czzzz" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.455007,0,0,0.455007,-5e-5,1.9e-5)"
+ id="black-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-448.3997,-513.505)"
+ id="black-spot"
+ inkscape:label="#g3039">
+ <path
+ sodipodi:nodetypes="czzzz"
+ d="M 473.39967,529.50504 C 473.39967,534.47304 469.36767,538.50504 464.39967,538.50504 C 459.43167,538.50504 455.39967,534.47304 455.39967,529.50504 C 455.39967,524.53704 459.43167,520.50504 464.39967,520.50504 C 469.36767,520.50504 473.39967,524.53704 473.39967,529.50504 z "
+ id="path2961"
+ style="opacity:0.25;fill:black" />
+ </g>
+ </pattern>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="linearGradient17334"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17336" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17338" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17340" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17342" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5112"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.6461"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#16336E" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="linearGradient17426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop17428" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17430" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="linearGradient17434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17436" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17438" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17440" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17442" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="0.4213"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A6100C" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17709"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17711"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17713"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17715"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17717"
+ xlink:href="#XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17721"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17723"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17418" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17420" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <defs
+ id="defs9929">
+ <path
+ d="M 489.21,209.35 L 485.35,203.63 C 483.63,204.25 473.47,208.93 471.5,210.18 C 470.57,210.77 470.17,211.16 469.72,212.48 C 470.93,212.31 471.72,212.49 473.42,213.04 C 473.26,214.77 473.24,215.74 473.57,218.2 C 474.01,216.88 474.41,216.49 475.34,215.9 C 477.33,214.65 487.49,209.97 489.21,209.35 z "
+ id="XMLID_960_" />
+ </defs>
+ <clipPath
+ id="clipPath17448">
+ <use
+ id="use17450"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17452"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17454" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17456" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17458" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17460" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17463"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17465" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17467" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17469" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17471" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17807"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17810"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17812"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17814"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17816"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17818"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17349" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17351" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#96BAD6" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop17381" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17383" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17862"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,-166.1427,-0.18283)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17864"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3859">
+ <polygon
+ points="465.54,213.52 481.94,217.46 482.74,216.71 487.46,198.05 471.08,194.07 470.26,194.83 465.54,213.52 "
+ id="XMLID_343_" />
+ </defs>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="linearGradient17389"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop17391" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop17393" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop17395" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop17397" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17400">
+ <use
+ id="use17402"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17406" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17408" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17410" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17412" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17882"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3826">
+ <polygon
+ points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
+ id="XMLID_338_" />
+ </defs>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="linearGradient17357"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17359" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17361" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17364">
+ <use
+ id="use17366"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17370" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17372" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17374" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17376" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient2387"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5105"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5145"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient2381"
+ id="linearGradient2371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398" />
+ </defs>
+ <g
+ transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
+ id="g5089">
+ <path
+ d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
+ transform="translate(282.8327,227.1903)"
+ style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
+ id="path5091" />
+ <rect
+ width="27.85074"
+ height="29.369793"
+ rx="1.1414107"
+ ry="1.1414107"
+ x="286.96509"
+ y="227.63805"
+ style="fill:#032c87"
+ id="rect5093" />
+ <path
+ d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
+ style="fill:white"
+ id="rect5095" />
+ <path
+ d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
+ style="fill:#a70000;fill-opacity:1;stroke-width:2"
+ id="path5097" />
+ <rect
+ width="25.241802"
+ height="29.736675"
+ rx="0.89682275"
+ ry="0.89682275"
+ x="290.73544"
+ y="220.92249"
+ style="fill:#809cc9"
+ id="rect5099" />
+ <path
+ d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
+ transform="matrix(0.499065,-0.866565,0,1,0,0)"
+ style="fill:#4573b3;fill-opacity:1"
+ id="rect5101" />
+ <path
+ d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
+ style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
+ id="path5103" />
+ </g>
+</svg>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png
new file mode 100644
index 0000000..281afd6
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png b/public_html/it-IT/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png
new file mode 100644
index 0000000..38ee5ea
Binary files /dev/null and b/public_html/it-IT/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png differ
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/index.html b/public_html/it-IT/Fedora/18/html/Security_Guide/index.html
new file mode 100644
index 0000000..d164b9f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/index.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Guida alla Sicurezza</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><meta name="description" content="La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi
Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="next" href="pref-Security_Guide-Preface.html" title="Prefazione" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="book" id="idm49075088" lang="it-IT"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weigh
t="bold" font-size="12pt" text-align="center"><span class="productname">Fedora</span> <span class="productnumber">18</span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm49075088" class="title">Guida alla Sicurezza</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">Guida alla protezione di Fedora Linux</h2></div><p class="edition">Edizione 18.0.1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ <span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
+
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="it-IT" class="authorgroup" lang="it-IT"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien at redhat
.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Adam</span> <span class="surname">Ligas</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a class="email" href="mailto:gent86 at fedoraproject.org">gent86 at fedoraproject.org</a></code></
div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm46640480" class="legalnotice"><h1 class="legalnotice">Nota Legale</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2007-2012 Fedora Project Contributors.
+ </div><div class="para">
+ The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+ </div><div class="para">
+ Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+ </div><div class="para">
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+ </div><div class="para">
+ For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+ </div><div class="para">
+ <span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+ </div><div class="para">
+ <span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+ </div><div class="para">
+ <span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+ </div><div class="para">
+ <span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+ </div><div class="para">
+ All other trademarks are the property of their respective owners.
+ </div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Sommario</h6><div class="para">
+ La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione.
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="pref-Security_Guide-Preface.html">Prefazione</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm16721936">1. Convenzioni del documento</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm44039248">1.1. Convenzioni tipografiche</a></span></dt><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm11658720">1.2. Convenzioni del documento</a></span></dt><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idm4132176">1.3. Note ed avvertimenti</a></span></dt></dl></dd><dt><span class="section"><a href="pr01s02.html">2. Inviateci i vostri commenti!</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Security_Overview.html">1. Panoramica sulla Sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview
.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduzione alla Sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. Cosa s'intende per Sicurezza Informatica?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. Controlli di Sicurezza</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. Conclusione</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.2. Attaccanti e Vulnerabilità</a></span></dt>
<dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. Una breve storia degli Hacker</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.2.2. Minacce alla sicurezza di rete</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.2.3. Minacce alla sicurezza server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.2.4. Minacce alla sicurezza di workstation e PC di casa</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.3. Analisi della vulnerabilità</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vul
nerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Pensare come il nemico</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.3.2. Analisi e Test</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.3.3. Valutazione degli strumenti</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Rischi e Attacchi comuni</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Aggiornamenti di sicurezza</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Aggiornare i pacchetti</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Verifyi
ng_Signed_Packages.html">1.5.2. Verificare la firma dei pachetti</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html">1.5.3. Installare pacchetti firmati</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">1.5.4. Applicare i cambiamenti</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Basic_Hardening.html">2. Guida base all'hardening</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Basic_Hardening.html#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. Principi generali</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html">2.2. Perchè è importante?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security.html">2.3. Sicurezza fisica</a></span>
</dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html">2.4. Perchè è importante</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html">2.5. Cos'altro posso fare?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html">2.6. Networking</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Up_to_date.html">2.7. Mantenere il software aggiornato</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Services.html">2.8. Servi
zi</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-NTP.html">2.9. NTP</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Securing_Your_Network.html">3. Proteggere la rete locale</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">3.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. Analizzare la sicurezza di una workstation</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. Protezione del BIOS e del Boot Loader</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation
_Security-Password_Security">3.1.3. Protezione delle password</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. Controlli amministrativi</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. Servizi di rete disponibili</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. Firewall personali</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. Strumenti di comunicazione che aumentano la sicurezza</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html">3.2. Se
rver Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Proteggere i servizi con TCP Wrapper e xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">3.2.2. Proteggere Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">3.2.3. Proteggere NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">3.2.4. Proteggere NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">3.2.5. Proteggere HTTP Apache</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">3.2.6. Proteggere FTP</a></span></dt><dt><span class="section"><a href="sect-Security_Guide
-Server_Security-Securing_Sendmail.html">3.2.7. Proteggere Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">3.2.8. Controllare le porte in ascolto</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduzione</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">3.3.2. Primo utilizzo di una nuova Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">3.3.3. Come funziona la registrazione di una Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_o
n_SSO-How_Smart_Card_Login_Works.html">3.3.4. Come funziona l'accesso via Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">3.3.5. Configurare Firefox ad usare Kerberos con SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html">3.4. Yubikey</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Utilizzo di Yubikey con un server centralizzato</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Yubikey-Web_Sites.html">3.4.2. Autenticazione ai siti web con la Yubikey</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authenticatio
n_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Vantaggi di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">3.5.2. File di configurazione di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">3.5.3. Formato del file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">3.5.4. Un esempio di file di configurazione di PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">3.5.5. Creare moduli PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.ht
ml">3.5.6. Caching delle credenziali PAM ed Amministrative</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">3.5.7. Proprietario di PAM e di Dispositivo</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">3.5.8. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">3.6. TCP Wrapper e xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrapper</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">3.6.2. File di configurazione di TCP Wrapper</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xine
td-xinetd.html">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">3.6.4. File di configuratione di xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">3.6.5. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Cos'è Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">3.7.2. Terminologia Kerberos</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">3.7.3. Come funziona Kerberos</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">3.7
.4. Kerberos e PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">3.7.5. Configurare un server Kerberos 5</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">3.7.6. Configurare un client Kerberos 5</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">3.7.7. Associazione tra Dominio e Realm</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">3.7.8. Impostare KDC secondari</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">3.7.9. Impostare autenticazioni cross realm</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">3.7.10. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-S
ecurity_Guide-Firewalls.html">3.8. Firewall</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter e IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">3.8.2. Configurazione di un firewall di base</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">3.8.3. Usare IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">3.8.4. Filtraggi IPTables comuni</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">3.8.5. Regole di <code class="computeroutput">FORWARD</code> e <acronym class="acronym">NAT</acronym></a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">3.
8.6. Software maliziosi e indirizzi IP spoofed</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">3.8.7. IPTables e Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">3.8.9. Ulteriori risorse</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Filtraggio pacchetti</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html">3.9.2. Opzioni di comando di IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">3.9.3. Salvatag
gio delle regole IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">3.9.4. Script di controllo IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">3.9.5. IPTables ed IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">3.9.6. Ulteriori risorse</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Encryption.html">4. Cifratura</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">4.1. Dati a Riposo</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. Completa cifratura del disco</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encr
yption.html#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. Cifratura basata su file</a></span></dt></dl></dd><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html">4.2. Dati in Movimento</a></span></dt><dd><dl><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPN)</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">4.2.3. Cifratura disco con LUKS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">4.2.4. Archivi 7-Zip cifrati</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">4.2.5. Usare GNU Privacy Guard (GnuPG)</a></span></d
t></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html">5. Principi generali di Sicurezza dell'Informazione</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. Consigli, guide e strumenti</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Secure_Installation.html">6. Installazione sicura</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. Partizioni del disco</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">6.2. Utilizzo di LUKS</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Software_Maintenan
ce.html">7. Manutenzione del software</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. Installare il software indispensabile</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">7.2. Pianificare e configurare gli aggiornamenti di sicurezza</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">7.3. Regolare gli aggiornamenti automatici</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">7.4. Installare pacchetti firmati da repository fidati</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-CVE.html">8. Common Vulnerabilities and Exposures</a>
</span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">8.1. Plugin YUM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html">8.2. Usare yum-plugin-security </a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-References.html">9. Riferimenti</a></span></dt><dt><span class="appendix"><a href="chap-Security_Guide-Encryption_Standards.html">A. Standard di crittografia</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idm30149184">A.1. Crittografia sincrona</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idm47570672">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idm16286192">A.1.2. Data Encryption Standard - DES</a></span></dt><
/dl></dd><dt><span class="section"><a href="apas02.html">A.2. Cifratura a chiave pubblica</a></span></dt><dd><dl><dt><span class="section"><a href="apas02.html#idm52117696">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="apas02s02.html">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="apas02s03.html">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="apas02s04.html">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="apas02s05.html">A.2.5. Il sistema Cramer–Shoup</a></span></dt><dt><span class="section"><a href="apas02s06.html">A.2.6. Cifratura ElGamal</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="appe-Publican-Revision_History.html">B. Cronologia Revisioni</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Avanti</strong>Prefazione</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/pr01s02.html b/public_html/it-IT/Fedora/18/html/Security_Guide/pr01s02.html
new file mode 100644
index 0000000..56e2f48
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/pr01s02.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. Inviateci i vostri commenti!</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="pref-Security_Guide-Preface.html" title="Prefazione" /><link rel="prev" href="pref-Security_Guide-Preface.html" title="Prefazione" /><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="Capitolo 1. Panoramica sulla Sicurezza" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><strong>Indietro</strong></a></li><li c
lass="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm9589856">2. Inviateci i vostri commenti!</h2></div></div></div><a id="idm29361104" class="indexterm"></a><div class="para">
+ Se individuate degli errori di battitura in questo manuale, o se pensate di poter contribuire al suo miglioramento, contattateci subito! Inviate i vostri suggerimenti tramite Bugzilla: <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a> sul componente <span class="application"><strong>Fedora.</strong></span>
+ </div><div class="para">
+ Quando inviate un bug report, assicuratevi di indicare l'identificatore del manuale: <em class="citetitle">security-guide</em>
+ </div><div class="para">
+ Se inviate un suggerimento per contribuire al miglioramento della guida, cercate di essere il più specifici possibile. Se avete individuato un errore, indicate il numero della sezione e alcune righe di testo, in modo da agevolare la ricerca dell'errore.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><strong>Indietro</strong>Prefazione</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Avanti</strong>Capitolo 1. Panoramica sulla Sicurezza</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html b/public_html/it-IT/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html
new file mode 100644
index 0000000..5db8078
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Prefazione</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="index.html" title="Guida alla Sicurezza" /><link rel="prev" href="index.html" title="Guida alla Sicurezza" /><link rel="next" href="pr01s02.html" title="2. Inviateci i vostri commenti!" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Avanti</strong></a></li></u
l><div xml:lang="it-IT" class="preface" id="pref-Security_Guide-Preface" lang="it-IT"><div class="titlepage"><div><div><h1 class="title">Prefazione</h1></div></div></div><div xml:lang="it-IT" class="section" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm16721936">1. Convenzioni del documento</h2></div></div></div><div class="para">
+ Questo manuale utilizza numerose convenzioni per evidenziare parole e frasi, ponendo attenzione su informazioni specifiche.
+ </div><div class="para">
+ Nelle edizioni PDF e cartacea questo manuale utilizza caratteri presenti nel set <a href="https://fedorahosted.org/liberation-fonts/">Font Liberation</a>. Il set Font Liberation viene anche utilizzato nelle edizioni HTML se il set stesso è stato installato sul vostro sistema. In caso contrario, verranno mostrati caratteri alternativi ma equivalenti. Da notare: Red Hat Enterprise Linux 5 e versioni più recenti, includono per default il set Font Liberation.
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm44039248">1.1. Convenzioni tipografiche</h3></div></div></div><div class="para">
+ Vengono utilizzate quattro convenzioni tipografiche per richiamare l'attenzione su parole e frasi specifiche. Queste convenzioni, e le circostanze alle quali vengono applicate, sono le seguenti.
+ </div><div class="para">
+ <code class="literal">Neretto monospazio</code>
+ </div><div class="para">
+ Usato per evidenziare l'input del sistema, incluso i comandi della shell, i nomi dei file ed i percorsi. Utilizzato anche per evidenziare tasti e combinazione di tasti. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Per visualizzare i contenuti del file <code class="filename">my_next_bestselling_novel</code> nella vostra directory di lavoro corrente, inserire il comando <code class="command">cat my_next_bestselling_novel</code> al prompt della shell e premere <span class="keycap"><strong>Invio</strong></span> per eseguire il comando.
+ </div></blockquote></div><div class="para">
+ Quanto sopra riportato include il nome del file, un comando della shell ed un tasto, il tutto riportato in neretto monospazio e distinguibile grazie al contesto.
+ </div><div class="para">
+ Le combinazioni di tasti possono essere distinte dai tasti tramite il trattino che collega ogni parte della combinazione. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Premere <span class="keycap"><strong>Invio</strong></span> per eseguire il comando.
+ </div><div class="para">
+ Premere <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F2</strong></span> per smistarsi sul primo virtual terminal. Premere <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> per ritornare alla sessione X-Windows.
+ </div></blockquote></div><div class="para">
+ Il primo paragrafo evidenzia il tasto specifico singolo da premere. Il secondo riporta due combinazioni di tasti, (ognuno dei quali è un set di tre tasti premuti contemporaneamente).
+ </div><div class="para">
+ Se si discute del codice sorgente, i nomi della classe, i metodi, le funzioni i nomi della variabile ed i valori ritornati indicati all'interno di un paragrafo, essi verranno indicati come sopra, e cioè in <code class="literal">neretto monospazio</code>. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Le classi relative ad un file includono <code class="classname">filesystem</code> per file system, <code class="classname">file</code> per file, e <code class="classname">dir</code> per directory. Ogni classe possiede il proprio set associato di permessi.
+ </div></blockquote></div><div class="para">
+ <span class="application"><strong>Proportional Bold</strong></span>
+ </div><div class="para">
+ Ciò denota le parole e le frasi incontrate su di un sistema, incluso i nomi delle applicazioni; il testo delle caselle di dialogo; i pulsanti etichettati; le caselle e le etichette per pulsanti di selezione, titoli del menu e dei sottomenu. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Selezionare <span class="guimenu"><strong>Sistema</strong></span> → <span class="guisubmenu"><strong>Preferenze</strong></span> → <span class="guimenuitem"><strong>Mouse</strong></span> dalla barra del menu principale per lanciare <span class="application"><strong>Preferenze del Mouse</strong></span>. Nella scheda <span class="guilabel"><strong>Pulsanti</strong></span>, fate clic sulla casella di dialogo <span class="guilabel"><strong>mouse per mancini</strong></span>, e successivamente fate clic su <span class="guibutton"><strong>Chiudi</strong></span> per cambiare il pulsante primario del mouse da sinistra a destra (rendendo così il mouse idoneo per un utilizzo con la mano sinistra).
+ </div><div class="para">
+ Per inserire un carattere speciale in un file <span class="application"><strong>gedit</strong></span>, selezionare <span class="guimenu"><strong>Applicazioni</strong></span> → <span class="guisubmenu"><strong>Accessori</strong></span> → <span class="guimenuitem"><strong>Mappa carattere</strong></span> dalla barra menu principale. Successivamente, selezionare <span class="guimenu"><strong>Cerca</strong></span> → <span class="guimenuitem"><strong>Trova…</strong></span> dalla barra del menu <span class="application"><strong>Mappa carattere</strong></span>, inserire il nome del carattere nel campo <span class="guilabel"><strong>Cerca</strong></span> e cliccare <span class="guibutton"><strong>Successivo</strong></span>. Il carattere ricercato verrà evidenziato nella <span class="guilabel"><strong>Tabella caratteri</strong></span>. Fare un doppio clic sul carattere evidenziato per posizionarlo nel campo <span class="guilabel"><strong>Testo da copiare</strong></span>,
e successivamente fare clic sul pulsante <span class="guibutton"><strong>Copia</strong></span>. Ritornare ora al documento e selezionare <span class="guimenu"><strong>Modifica</strong></span> → <span class="guimenuitem"><strong>Incolla</strong></span> dalla barra del menu di <span class="application"><strong>gedit</strong></span>.
+ </div></blockquote></div><div class="para">
+ Il testo sopra riportato include i nomi delle applicazioni; nomi ed oggetti del menu per l'intero sistema; nomi del menu specifici alle applicazioni; e pulsanti e testo trovati all'interno di una interfaccia GUI, tutti presentati in neretto proporzionale e distinguibili dal contesto.
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>Corsivo neretto monospazio</code></em></code> o <span class="application"><strong><em class="replaceable"><code>Corsivo neretto proporzionale</code></em></strong></span>
+ </div><div class="para">
+ Sia se si tratta di neretto monospazio o neretto proporzionale, l'aggiunta del carattere corsivo indica un testo variabile o sostituibile . Il carattere corsivo denota un testo che non viene inserito letteralmente, o visualizzato che varia a seconda delle circostanze. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Per collegarsi ad una macchina remota utilizzando ssh, digitare <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> al prompt della shell. Se la macchina remota è <code class="filename">example.com</code> ed il nome utente sulla macchina interessata è john, digitare <code class="command">ssh john at example.com</code>.
+ </div><div class="para">
+ Il comando <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> rimonta il file system indicato. Per esempio, per rimontare il file system <code class="filename">/home</code>, il comando è <code class="command">mount -o remount /home</code>.
+ </div><div class="para">
+ Per visualizzare la versione di un pacchetto attualmente installato, utilizzare il comando <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code>. Esso ritornerà il seguente risultato: <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>.
+ </div></blockquote></div><div class="para">
+ Da notare la parola in Corsivo neretto — nome utente, domain.name, file-system, pacchetto, versione e release. Ogni parola racchiude il testo da voi inserito durante l'emissione di un comando o per il testo mostrato dal sistema.
+ </div><div class="para">
+ Oltre all'utilizzo normale per la presentazione di un titolo, il carattere Corsivo denota il primo utilizzo di un termine nuovo ed importante. Per esempio:
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Publican è un sistema di pubblicazione per <em class="firstterm">DocBook</em>.
+ </div></blockquote></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm11658720">1.2. Convenzioni del documento</h3></div></div></div><div class="para">
+ Gli elenchi originati dal codice sorgente e l'output del terminale vengono evidenziati rispetto al testo circostante.
+ </div><div class="para">
+ L'output inviato ad un terminale è impostato su <code class="computeroutput">tondo monospazio</code> e così presentato:
+ </div><pre class="screen">books Desktop documentation drafts mss photos stuff svn
+books_tests Desktop1 downloads images notes scripts svgs</pre><div class="para">
+ Gli elenchi del codice sorgente sono impostati in <code class="computeroutput">tondo monospazio</code> ma vengono presentati ed evidenziati nel modo seguente:
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+
+<span class="perl_Keyword">import</span> javax.naming.InitialContext;
+
+<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> ExClient
+{
+ <span class="perl_Keyword">public</span> <span class="perl_DataType">static</span> <span class="perl_DataType">void</span> <span class="perl_Function">main</span>(String args[])
+ <span class="perl_Keyword">throws</span> Exception
+ {
+ InitialContext iniCtx = <span class="perl_Keyword">new</span> InitialContext();
+ Object ref = iniCtx.<span class="perl_Function">lookup</span>(<span class="perl_String">"EchoBean"</span>);
+ EchoHome home = (EchoHome) ref;
+ Echo echo = home.<span class="perl_Function">create</span>();
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Created Echo"</span>);
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
+ }
+}</pre></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm4132176">1.3. Note ed avvertimenti</h3></div></div></div><div class="para">
+ E per finire, tre stili vengono usati per richiamare l'attenzione su informazioni che in caso contrario potrebbero essere ignorate.
+ </div><div class="note"><div class="admonition_header"><h2>Nota Bene</h2></div><div class="admonition"><div class="para">
+ Una nota è un suggerimento o un approccio alternativo per il compito da svolgere. Non dovrebbe verificarsi alcuna conseguenza negativa se la nota viene ignorata, ma al tempo stesso potreste non usufruire di qualche trucco in grado di facilitarvi il compito.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Le caselle 'importante' riportano informazioni che potrebbero passare facilmente inosservate: modifiche alla configurazione applicabili solo alla sessione corrente, o servizi i quali necessitano di un riavvio prima di applicare un aggiornamento. Ignorare queste caselle non causa alcuna perdita di dati ma potrebbe causare irritazione e frustrazione da parte dell'utente.
+ </div></div></div><div class="warning"><div class="admonition_header"><h2>Avvertenza</h2></div><div class="admonition"><div class="para">
+ Un Avvertimento non dovrebbe essere ignorato. Se ignorato, potrebbe verificarsi una perdita di dati.
+ </div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Indietro</strong>Guida alla Sicurezza</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Avanti</strong>2. Inviateci i vostri commenti!</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html
new file mode 100644
index 0000000..2d321eb
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5.3. Libri</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="3.6.5.2. Utili siti su TCP Wrapper" /><link rel="next" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey
="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Books"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">3.6.5.3. Libri</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Hacking Linux Exposed</em>, by Brian Hatch, James Lee, and George Kurtz (Osbourne/McGraw-Hill) — E' una eccellente risorsa sulla sicurezza con informazioni su TCP Wrapper e <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Indietro</strong>3.6.5.2. Utili siti su TCP Wrapper</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Avanti</strong>3.7. Kerberos</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html
new file mode 100644
index 0000000..4357663
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9.3. Documentazione relativa</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="3.8.9.2. Siti utili sui firewall" /><link rel="next" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Secu
rity_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">3.8.9.3. Documentazione relativa</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Red Hat Linux Firewalls</em> di Bill McCarty (Red Hat Press) — Un manuale su come costruire firewall server e di rete, usando tecnologie open source, come Netfilter e <code class="command">iptables</code>, per operazioni di filtraggio dei pacchetti. Include anche argomenti correlati, come l'analisi dei messaggi di firewall, sviluppo di regole di firewall e la progettazione di un firewall personale, usando vari strumenti grafici.
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Linux Firewalls</em> di Robert Ziegler (New Riders Press) — Un manuale con informazioni su come creare firewall, usando sia <code class="command">ipchains</code> del kernel, sia Netfilter e <code class="command">iptables</code>. Vengono trattati anche diversi argomenti sulla sicurezza, come le questioni riguardanti l'accesso remoto e i sistemi anti-intrusione.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Indietro</strong>3.8.9.2. Siti utili sui firewall</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Avanti</strong>3.9. IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
new file mode 100644
index 0000000..a4e7ec0
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9.2. Siti utili sui firewall</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Ulteriori risorse" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="3.8.9.3. Documentazione relativa" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">3.8.9.2. Siti utili sui firewall</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">Netfilter</a> — Il sito ufficiale dei progetti Netfilter e <code class="command">iptables</code>.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.tldp.org/">tldp.org</a> — The Linux Documentation Project, contiene molte guide utili, relative alla creazione e all'amministrazione di un firewall.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.iana.org/assignments/port-numbers">Internet Assigned Numbers Authority</a> — La lista ufficiale dei numeri di porta assegnati ai servizi, così come stabilito dall'IANA (Internet Assigned Numbers Authority).
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Indietro</strong>3.8.9. Ulteriori risorse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Avanti</strong>3.8.9.3. Documentazione relativa</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
new file mode 100644
index 0000000..28b9830
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.6.2. Utili siti web su IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. Ulteriori risorse" /><link rel="next" href="chap-Security_Guide-Encryption.html" title="Capitolo 4. Cifratura" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPT
ables-Additional_Resources.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">3.9.6.2. Utili siti web su IPTables</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">netfilter.org</a> — Il sito web del progetto netfilter/iptables. Contiene informazioni assortite su <code class="command">iptables</code>, inclusa una FAQ con soluzioni per problemi specifici e varie guide scritte da Rusty Russell, il manutentore del firewall IP di Linux. Gli HOWTO, coprono vari argomenti come concetti di rete, filtraggio dei pacchetti nel kernel e configurazioni NAT.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Indietro</strong>3.9.6. Ulteriori risorse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Avanti</strong>Capitolo 4. Cifratura</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
new file mode 100644
index 0000000..5f3374c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.10.2. Siti utili su Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. Ulteriori risorse" /><link rel="next" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Ad
ditional_Resources.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">3.7.10.2. Siti utili su Kerberos</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/">Kerberos: The Network Authentication Protocol</a> — sul sito del MIT.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">The Kerberos Frequently Asked Questions </a> — Utili Domande/Risposte su Kerberos
+ </div></li><li class="listitem"><div class="para">
+ <a href="ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS">Kerberos: An Authentication Service for Open Network Systems</a> — E' la versione PostScript del documento originario su Kerberos, scritto da Jennifer G. Steiner, Clifford Neuman, e Jeffrey I. Schiller.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/dialogue.html">Designing an Authentication System: a Dialogue in Four Scenes</a> — Questo documento, scritto originariamente da Bill Bryant nel 1988, e modificato da Theodore Ts'o nel 1997, è una conversazione tra due sviluppatori che riflettono sul progetto di un sistema di autenticazione in stile Kerberos. Lo stile colloquiale della discussione, lo rende un buon punto di partenza per coloro che sono completamente all'oscuro di Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.ornl.gov/~jar/HowToKerb.html">How to Kerberize your site</a> — E' un buon riferimento per kerberizzare una rete.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.networkcomputing.com/netdesign/kerb1.html">Kerberos Network Design Manual</a> — Fornisce una panoramica sul sistema Kerberos.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Indietro</strong>3.7.10. Ulteriori risorse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Avanti</strong>3.8. Firewall</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
new file mode 100644
index 0000000..eb34706
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.8.2. Siti web utili su PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. Ulteriori risorse" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrapper e xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">3.5.8.2. Siti web utili su PAM</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — Il sito web principale del progetto Linux-PAM, con informazioni sui vari moduli di PAM, una FAQ e documenti.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ La documentazione presente nel sito sopra citato, riguarda la versione di PAM più recente e potrebbe non essere conforme al 100% alla versione inclusa in Fedora.
+ </div></div></div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Indietro</strong>3.5.8. Ulteriori risorse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Avanti</strong>3.6. TCP Wrapper e xinetd</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
new file mode 100644
index 0000000..fe49335
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5.2. Utili siti su TCP Wrapper</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Ulteriori risorse" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Ulteriori risorse" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="3.6.5.3. Libri" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">3.6.5.2. Utili siti su TCP Wrapper</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.xinetd.org"><code class="systemitem">xinetd</code></a> — La home page del progetto, con esempi di file di configurazione, un elenco completo di caratteristiche ed una FAQ informativa.
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial">An-Unofficial-Xinetd-Tutorial</a> — Un tutorial che discute diverse modalità per ottimizzare i file di configurazione di <code class="systemitem">xinetd</code> predefiniti, per specifici obbiettivi di sicurezza.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Indietro</strong>3.6.5. Ulteriori risorse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Avanti</strong>3.6.5.3. Libri</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
new file mode 100644
index 0000000..9238e1e
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.2. Opzioni per il controllo d'accesso</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Modificare i file di configurazione di xinetd" /><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Modificare i file di configurazione di xinetd" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="3.6.4.3.3. Opzioni di Binding e di Redirection" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">3.6.4.3.2. Opzioni per il controllo d'accesso</h5></div></div></div><div class="para">
+ Gli utenti dei servizi di <code class="systemitem">xinetd</code> possono scegliere di usare regole d'accesso basate su TCP Wrapper, sui file di configurazione di <code class="systemitem">xinetd</code> o su una combinazione di entrambi. Per maggiori informazioni sui file di controllo d'accesso basati su TCP Wrapper, fare riferimento alla <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">Sezione 3.6.2, «File di configurazione di TCP Wrapper»</a>.
+ </div><div class="para">
+ Questa sezione spiega l'uso di <code class="systemitem">xinetd</code> per controllare l'accesso ai servizi.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Diversamente dai TCP Wrapper, le modifiche al controllo d'accesso hanno effetto solo dopo il riavvio del servizio <code class="systemitem">xinetd</code>.
+ </div><div class="para">
+ Inoltre, diversamente dai TCP Wrapper, il controllo d'accesso basato su <code class="systemitem">xinetd</code>, influenza solo i servizi controllati da <code class="systemitem">xinetd</code>.
+ </div></div></div><div class="para">
+ Il controllo d'accesso di <code class="systemitem">xinetd</code> differisce dal metodo usato dai TCP Wrapper. Mentre per i TCP Wrapper le configurazioni di controllo d'accesso si trovano nei due file <code class="filename">/etc/hosts.allow</code> e <code class="filename">/etc/hosts.deny</code>, per <code class="systemitem">xinetd</code> le configurazioni si trovano in file distinti, uno per ciascun servizio, nella directory <code class="filename">/etc/xinetd.d/</code>.
+ </div><div class="para">
+ <code class="systemitem">xinetd</code> supporta le seguenti opzioni d'accesso:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">only_from</code> — Specifica gli host autorizzati ad usare il servizio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">no_access</code> — Specifica gli host non autorizzati ad usare il servizio
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">access_times</code> — Specifica il periodo in cui il servizio è disponibile, secondo il formato HH:MM-HH:MM, dove HH = 00, 01 ... 24.
+ </div></li></ul></div><div class="para">
+ Le opzioni <code class="option">only_from</code> e <code class="option">no_access</code> possono specificare un elenco di indirizzi IP o hostname, o anche specificare una rete. Analogamente ai TCP Wrapper, combinando controlli d'accesso di <code class="systemitem">xinetd</code> con opportune configurazioni dei messaggi di log, ripettivamente per bloccare le richieste da host indesiderati e registrare i vari tentativi di accesso, contribuisce a garantire una maggiore sicurezza al sistema.
+ </div><div class="para">
+ Per esempio, il seguente file <code class="filename">/etc/xinetd.d/telnet</code> può essere usato per bloccare le connessioni Telnet da una particolare rete e limitare il periodo di connessione agli utenti autorizzati:
+ </div><pre class="screen">service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ no_access = 172.16.45.0/24
+ log_on_success += PID HOST EXIT
+ access_times = 09:45-16:15
+}</pre><div class="para">
+ Nell'esempio, quando un client, con indirizzo <code class="systemitem">172.16.45.2</code>, tenta di accedere dalla rete <code class="systemitem">172.16.45.0/24</code> al servizio Telnet, egli riceve il seguente messaggio:
+ </div><pre class="screen">Connection closed by foreign host.</pre><div class="para">
+ Inoltre, i suoi tentativi d'accesso vengono registrati nel file <code class="filename">/var/log/messages</code> come segue:
+ </div><pre class="screen">Sep 7 14:58:33 localhost xinetd[5285]: FAIL: telnet address from=172.16.45.2
+Sep 7 14:58:33 localhost xinetd[5283]: START: telnet pid=5285 from=172.16.45.2
+Sep 7 14:58:33 localhost xinetd[5283]: EXIT: telnet status=0 pid=5285 duration=0(sec)</pre><div class="para">
+ Quando si usano TCP Wrapper insieme ai controlli d'accesso di <code class="systemitem">xinetd</code>, è importante capire il legame tra i due meccanismi di controllo d'accesso.
+ </div><div class="para">
+ Di seguito si mostra la sequenza di eventi attivati da <code class="systemitem">xinetd</code> quando un client richiede di effettuare una connessione:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Il demone <code class="systemitem">xinetd</code> analizza le regole d'accesso basate su TCP Wrapper, caricando la libreria <code class="filename">libwrap.a</code>. Se una regola vieta l'accesso, la connessione viene scartata. Se una regola consente l'accesso, il controllo passa a <code class="systemitem">xinetd</code>.
+ </div></li><li class="listitem"><div class="para">
+ Il demone <code class="systemitem">xinetd</code> controlla le proprie regole d'accesso sia per il servizio di <code class="systemitem">xinetd</code> sia per il servizio richiesto. Se esiste una regola di divieto, la connessione viene scartata. Altrimenti, <code class="systemitem">xinetd</code> avvia una istanza del servizio e passa il controllo della connessione al servizio.
+ </div></li></ol></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Occorre prestare una certa attenzione ad utilizzare controlli d'accesso di TCP Wrapper in combinazione con i controlli di <code class="systemitem">xinetd</code>. Effetti indesiderati possono verificarsi in caso di errate configurazioni.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Indietro</strong>3.6.4.3. Modificare i file di configurazione di x...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Avanti</strong>3.6.4.3.3. Opzioni di Binding e di Redirection</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
new file mode 100644
index 0000000..16cc6cf
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.3. Opzioni di Binding e di Redirection</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Modificare i file di configurazione di xinetd" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="3.6.4.3.2. Opzioni per il controllo d'accesso" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="3.6.4.3.4. Opzioni per gestire le risorse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedo
raproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">3.6.4.3.3. Opzioni di Binding e di Redirection</h5></div></div></div><div class="para">
+ I file di configurazione dei servizi di <code class="systemitem">xinetd</code>, supportano il collegamento del servizio con un indirizzo IP e la redirezione verso altri indirizzi IP, hostname o porte.
+ </div><div class="para">
+ Il collegamento è controllato con l'opzione <code class="option">bind</code> nei file di configurazione dei servizi e serve a collegare il servizio ad un indirizzo IP nel sistema. Con tale opzione, solo gli host con richieste dirette all'IP specificato possono accedere al servizio. Si può usare questo metodo per collegare p.e. diversi servizi su differenti schede di rete.
+ </div><div class="para">
+ Ciò si rivela particolarmente vantaggioso nei sistemi con schede di rete mulltiple o con indirizzi IP multipli. In tali sistemi, servizi non sicuri come Telnet, possono essere configurati (p.e.) per ricevere connessioni soltanto dalla scheda connessa ad una rete privata e non dalla scheda connessa ad Internet.
+ </div><div class="para">
+ L'opzione <code class="option">redirect</code> accetta un indirizzo IP o hostname seguito da un numero di porta. Tale opzione consente di dirottare ogni richiesta di un servizio verso un host e una porta specifica. Questa caratteristica può essere usata per puntare ad un'altra porta del sistema, per redirezionare la richiesta verso un IP differente sulla stessa macchina, per trasferire la richiesta su un sistema completamente diverso oppure può essere usata combinando alcune di queste possibilità. Un utente che si connette al servizio, in maniera trasparente, viene trasferito su un altro sistema senza alcuna interruzione.
+ </div><div class="para">
+ Il demone <code class="systemitem">xinetd</code> effettua questa redirezione generando un processo, per il trasferimento dei dati tra i due sistemi, che dura quanto la connessione tra la macchina client richiedente e l'host del servizio.
+ </div><div class="para">
+ I vantaggi forniti dalle opzioni <code class="option">bind</code> e <code class="option">redirect</code>, diventano ancora più evidenti quando le opzioni vengono impiegate insieme. Collegando un servizio ad un particolare indirizzo IP di un sistema e poi reindirizzando le richieste verso una seconda macchina che solo la prima può vedere, un sistema interno può essere usato per fornire servizi ad una rete completamente diversa. Alternativamente, queste opzioni possono essere usate per limitare l'esposizione di un servizio su una macchina multi-homed, ad un indirizzo IP noto, oppure per reindirizzare le richieste verso un'altra macchina, appositamente configurata.
+ </div><div class="para">
+ Per esempio, si consideri un sistema usato come firewall con questa impostazione per Telnet:
+ </div><pre class="screen">service telnet
+{
+ socket_type = stream
+ wait = no
+ server = /usr/kerberos/sbin/telnetd
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ bind = 123.123.123.123
+ redirect = 10.0.1.13 23
+}</pre><div class="para">
+ Le opzioni <code class="option">bind</code> e <code class="option">redirect</code> assicurano che il servizio Telnet sulla macchina sia collegato all'indirizzo IP esterno <code class="systemitem">123.123.123.123</code>, verso Internet. Inoltre, ogni richiesta di servizio Telnet inviata all'indirizzo <code class="systemitem">123.123.123.123</code>, viene rediretta, attraverso una seconda scheda di rete, all'indirizzo IP interno <code class="systemitem">10.0.1.13</code> a cui possono accedere soltanto il firewall e i sistemi interni. Il firewall quindi gestisce la comunicazione tra i due sistemi, e cosa importante, in maniera trasparente al sistema richiedente che ritiene di comunicare con <code class="systemitem">123.123.123.123</code>, quando in realtà è connesso con una macchina differente.
+ </div><div class="para">
+ Questa caratteristica è particolarmente utile per quegli utenti con connessioni a banda larga e con un solo indirizzo IP. Quando si usa NAT (Network Address Translation), i sistemi dietro al gateway che usano solo indirizzi IP interni, non sono disponibili dall'esterno. Comunque, se certi servizi controllati da <code class="systemitem">xinetd</code> vengono configurati con le opzioni <code class="option">bind</code> e <code class="option">redirect</code>, il gateway può agire da proxy tra i sistemi esterni ed una macchina interna configurata per fornire un servizio. Inoltre, le varie opzioni di log e di controllo d'accesso di <code class="systemitem">xinetd</code> sono disponibili per fornire ulteriore protezione al sistema.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Indietro</strong>3.6.4.3.2. Opzioni per il controllo d'accesso</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Avanti</strong>3.6.4.3.4. Opzioni per gestire le risorse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
new file mode 100644
index 0000000..81d9d55
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.4. Opzioni per gestire le risorse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Modificare i file di configurazione di xinetd" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="3.6.4.3.3. Opzioni di Binding e di Redirection" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. Ulteriori risorse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">3.6.4.3.4. Opzioni per gestire le risorse</h5></div></div></div><div class="para">
+ Il demone <code class="systemitem">xinetd</code> può creare una protezione di base contro attacchi tipo DoS (Denial of Service). Di seguito si riporta un elenco di direttive che aiutano a limitare i rischi di tali attacchi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">per_source</code> — Definisce il numero massimo di istanze di un servizio, per indirizzo IP ricevente. Accetta solo interi e si può usare sia nel file <code class="filename">xinetd.conf</code> sia nei file di configurazione dei servizi, nella cartella <code class="filename">xinetd.d/</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Definisce il numero massimo di connessioni per secondo. La direttiva prende due argomenti di tipo intero, separati da spazio. Il primo argomento rappresenta il numero massimo di connessioni al secondo, per un servizio. L'altro argomento è il numero di secondi di interruzione di <code class="systemitem">xinetd</code>, prima di riabilitare il servizio. Accetta solo interi e si può usare sia nel file <code class="filename">xinetd.conf</code> sia nei file di configurazione dei servizi, nella cartella <code class="filename">xinetd.d/</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">max_load</code> — Definisce il carico medio da assegnare alla CPU per un servizio. Accetta come argomento un numero decimale (in virgola mobile).
+ </div><div class="para">
+ Il carico medio è una misura (grossolana) del numero dei processi attivi in un dato momento. Per maggiori informazioni sul carico medio di una CPU, vedere le pagine man relative ai comandi <code class="command">uptime</code>, <code class="command">who</code> e <code class="command">procinfo</code>.
+ </div></li></ul></div><div class="para">
+ Esistono anche altre opzioni per la gestione delle risorse. Per maggiori informazioni, fare riferimento alle pagine di man relative a <code class="filename">xinetd.conf</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Indietro</strong>3.6.4.3.3. Opzioni di Binding e di Redirection</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Avanti</strong>3.6.5. Ulteriori risorse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
new file mode 100644
index 0000000..c15490a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.2. Minacce alla sicurezza di rete</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attaccanti e Vulnerabilità" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attaccanti e Vulnerabilità" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Minacce alla sicurezza server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. Minacce alla sicurezza di rete</h3></div></div></div><div class="para">
+ Pratiche scorrette quando si configurano i seguenti aspetti di rete, aumentano il rischio di un attacco.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.2.2.1. Architetture non sicure</h4></div></div></div><div class="para">
+ Una rete non correttamente configurata è il punto d'accesso principale per utenti non autorizzati. Una rete locale fidata ed <span class="emphasis"><em>aperta</em></span> verso una rete altamente insicura come Internet, è vulnerabile come un'abitazione con una porta socchiusa in un quartiere a rischio — non è detto che succeda qualcosa, ma qualcuno potrebbe approfittare <span class="emphasis"><em>eventualmente</em></span> della ingenuità.
+ </div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks">1.2.2.1.1. Reti broadcast</h5></div></div></div><div class="para">
+ Spesso gli amministratori di sistema trascurano, nei loro schemi di sicurezza, l'importanza dei dispositivi di rete. Semplici dispositivi come hub e router si basano sul principio di broadcast; cioè, quando un nodo trasmette un pacchetto ad un'altro nodo della rete, l'hub o il router invia in broadcast il pacchetto finchè il nodo destinatario non riceve e analizza il pacchetto. Questo metodo rende particolarmente vulnerabile <em class="firstterm">ARP</em> (Address Resolution Protocol) o <em class="firstterm">MAC</em> (Media Access Control) all'address spoofing da parte di intrusi sia esterni sia interni.
+ </div></div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers">1.2.2.1.2. Server centralizzati</h5></div></div></div><div class="para">
+ Un'altra potenziale trappola è l'uso di sistemi centralizzati. Un modo comunemente usato da molte aziende, per il contenimento dei costi, è quello di concentrare tutti i servizi su una singola macchina molto potente. Ciò può risultare conveniente, perchè facilita la gestione e riduce i costi di gestione, rispetto a configurazioni con server multipli. Tuttavia, un server centralizzato introduce un unico punto di rottura: se il server viene compromesso, ciò può portare all'inutilizzo completo della rete o peggio ancora, alla manomissione o sottrazione di dati. In queste situazioni, un server centrale diventa una porta aperta che permette di accedere all'intera rete.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Indietro</strong>1.2. Attaccanti e Vulnerabilità</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Avanti</strong>1.2.3. Minacce alla sicurezza server</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
new file mode 100644
index 0000000..3ac6e39
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3. Minacce alla sicurezza server</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attaccanti e Vulnerabilità" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.2.2. Minacce alla sicurezza di rete" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.2.3.2. Servizi privi di patch" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. Minacce alla sicurezza server</h3></div></div></div><div class="para">
+ La sicurezza server è tanto importante quanto la sicurezza di rete, in quanto un server spesso gestisce moltissime informazioni vitali per un'organizzazione. Se un server viene compromesso, tutto il suo contenuto può diventare accessibile al cracker che può manometterlo o rubarlo. Le seguenti sezioni descrivono alcuni dei principali problemi.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.2.3.1. Servizi non usati e porte aperte</h4></div></div></div><div class="para">
+ Una installazione completa di Fedora comprende più di mille applicazioni e librerie. Comunque, molti amministratori di server non scelgono di installare tutti i pacchetti presenti nella distribuzione, preferendo invece una installazione di base con diverse applicazioni server.
+ </div><div class="para">
+ Una pratica comune a molti amministratori, è installare il sistema operativo senza prestare attenzione a quali programmi vengono effetivamente installati. Ciò può causare futuri problemi, perchè si installano servizi non necessari, configurati con impostazioni predefinite ed eventualmente in esecuzione. Il risultato è di trovarsi con servizi non richiesti come Telnet, DHCP o DNS, in esecuzione su un server o workstation a insaputa dell'amministratore, che possono causare traffico indesiderato verso il server o peggio, una potenziale breccia nel sistema per i cracker. Fare riferimento alla <a class="xref" href="sect-Security_Guide-Server_Security.html">Sezione 3.2, «Server Security»</a>, per informazioni su come chiudere le porte e disabilitare i servizi non utilizzati.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Indietro</strong>1.2.2. Minacce alla sicurezza di rete</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Avanti</strong>1.2.3.2. Servizi privi di patch</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
new file mode 100644
index 0000000..6683626
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.4. Minacce alla sicurezza di workstation e PC di casa</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. Attaccanti e Vulnerabilità" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.2.3.4. Servizi intrinsecamente insicuri" /><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.2.4.2. Applicazioni client vulnerabili" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. Minacce alla sicurezza di workstation e PC di casa</h3></div></div></div><div class="para">
+ Workstation e PC non sono così frequentemente prede di attacchi come le reti o i server, ma siccome spesso contengono dati sensibili, come i dati relativi a carte di credito, essi possono diventare un obbiettivo dei cracker. Le workstation possono anche essere coinvolte ed usate, a insaputa dell'utente, come macchine "slave" per attacchi coordinati. Per queste ragioni, conoscere le vulnerabilità di workstation può evitare agli utenti la reinstallazione del sistema operativo o peggio, il difficile recupero dei dati trafugati.
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.2.4.1. Password inadeguate</h4></div></div></div><div class="para">
+ Cattive password sono uno dei modi più semplici per agevolare ad un attaccante, l'accesso al sistema. Per saperne di più su come evitare di creare inutili falle con le password, fare riferimento alla <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">Sezione 3.1.3, «Protezione delle password»</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Indietro</strong>1.2.3.4. Servizi intrinsecamente insicuri </a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Avanti</strong>1.2.4.2. Applicazioni client vulnerabili</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html
new file mode 100644
index 0000000..a5b4f06
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Attaccanti e Vulnerabilità</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Capitolo 1. Panoramica sulla Sicurezza" /><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="Capitolo 1. Panoramica sulla Sicurezza" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.2.2. Minacce alla sicurezza di rete" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. Attaccanti e Vulnerabilità</h2></div></div></div><div class="para">
+ Per pianificare ed implementare una buona strategia di sicurezza, occorre conoscere i motivi che determinano, attaccanti motivati, ad avviare una intrusione nel sistema. Ma prima di affrontare questi motivi, bisogna introdurre la terminologia usata per identificare un attaccante.
+ </div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. Una breve storia degli Hacker</h3></div></div></div><div class="para">
+ Il significato moderno della parola <em class="firstterm">hacker</em>, risale al 1960 ed al Tech Model Railroad Club del Massachusetts Institute of Technology (MIT), dove i membri si dilettavano a realizzare trenini elettrici, ricchi di dettagli e in diverse scale. <em class="firstterm">Hacker</em> era usato per indicare i membri del club che scoprivano un trucco o una ingegnosa scorciatoia per risolvere un problema.
+ </div><div class="para">
+ Il termine hacker da allora è stato usato per descrivere sia gli appassionati di computer che i programmatori geniali. Una caratteristica che accomuna molti hacker è la curiosità di scoprire i dettagli di come funzionano i computer e le reti, senza una particolare motivazione ulteriore. Gli sviluppatori del software open source, spesso si considerano degli hacker, ed usano la parola hacker in senso di rispetto.
+ </div><div class="para">
+ Solitamente, gli hacker seguono una forma di <em class="firstterm">etica hacker</em>, in cui è essenziale la ricerca e la conoscenza di informazione, e la condivisione di questa conoscenza con la community è uno dei doveri di ogni hacker. Con questa motivazione, spesso capita di sentire di sfide lanciate da hacker ai sistemi di sicurezza di computer di istituzioni universitarie. Per questo motivo, la stampa usa spesso il termine hacker, per indicare chiunque tenti di accedere illecitamente ai sistemi ed alla rete con intenzioni illecite, maliziose o criminali. In realtà la terminologia esatta per questo tipo di individuo è <em class="firstterm">cracker</em> — un termine appositamente creato dagli hacker, a metà degli anni '80, per ben differenziare le due comunità.
+ </div><div class="section" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray">1.2.1.1. Tonalità di grigio</h4></div></div></div><div class="para">
+ Negli Stati Uniti, si distinguono sostanzialmente tre tipi di gruppi che trovano e analizzano le vulnerabilità nei sistemi e nella rete. Questi gruppi sono spessso individuati dal colore del cappello che "indossano" quando eseguono un intervento, ed il colore è una indicazione del grado di rischio che stanno affrontando.
+ </div><div class="para">
+ Chi porta un cappello di colore bianco o un <em class="firstterm">white hat hacker</em>, verifica le rete ed i sistemi valutando la loro performance e determinando quanto siano vulnerabili alle intrusioni. Di solito, un white hat hacker testa la sicurezza del sistema tentando di crackare il proprio sistema o quello di un cliente che lo ha appositamente chiamato. I ricercatori universitari e i consulenti in sicurezza, sono due esempi di white hat hacker.
+ </div><div class="para">
+ Chi indossa un cappello di colore nero o un <em class="firstterm">black hat hacker</em>, è un cracker. In generale, i cracker non sono molto interessati alla programmazione o al funzionamento del sistema. Spesso si affidano a programmi maliziosi realizzati da altri, per carpire informazioni sensibili per scopi personali o causare danni ai sistemi ed alla rete.
+ </div><div class="para">
+ Chi indossa un cappello grigio o un <em class="firstterm">gray hat hacker</em>, ha le competenze e, nella maggior parte dei casi, le intenzioni di un white hat hacker, ma occasionalmente utilizza le sue conoscenze con finalità meno nobili. Un gray hat hacker può essere immaginato come un white hat hacker che a volte, per propri motivi, diventa un black hat hacker.
+ </div><div class="para">
+ Si può dire che un gray hat hacker segua un'altra etica hacker, secondo cui sarebbe lecito intrufolarsi nei sistemi, a patto di non commettere danni o carpire dati sensibili. Si potrebbe obbiettare, comunque, che l'atto di intaccare un sistema è di per sè eticamente scorretto (n.d.t. oltre che legalmente perseguibile).
+ </div><div class="para">
+ Qualunque sia l'intenzione di un intrusore, importante è conoscere le debolezze sfruttate dal cracker. Nella parte restante di questo capitolo ci si focalizzerà su questi aspetti.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Indietro</strong>Capitolo 1. Panoramica sulla Sicurezza</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Avanti</strong>1.2.2. Minacce alla sicurezza di rete</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
new file mode 100644
index 0000000..de35942
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.6. Attivare il servizio IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="3.8.2.5. Salvare le impostazioni" /><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Usare IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">3.8.2.6. Attivare il servizio IPTables</h4></div></div></div><div class="para">
+ Le regole del firewall sono attive solo se <code class="command">iptables</code> è in esecuzione. Per avviare manualmente il servizio, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # service iptables restart</pre><div class="para">
+ Per far sì che <code class="command">iptables</code> si avvii al boot, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Indietro</strong>3.8.2.5. Salvare le impostazioni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Avanti</strong>3.8.3. Usare IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
new file mode 100644
index 0000000..438300f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.2. Abilitare e disabilitare il firewall</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="3.8.2.3. Servizi fidati" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" />
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">3.8.2.2. Abilitare e disabilitare il firewall</h4></div></div></div><div class="para">
+ Selezionare una delle seguenti opzioni per il firewall:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Disabilitato</strong></span> — Questa opzione consente il completo accesso al sistema, privando il sistema di ogni controllo di sicurezza. Usare questa impostazione soltanto se il sistema si trova in una rete sicura (senza connessione ad Internet), o se si configura un firewall personalizzato, utilizzando lo strumento da linea di comando <code class="command">iptables</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Avviso</h2></div><div class="admonition"><div class="para">
+ Le configurazioni e le regole personalizzate del firewall sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code>. Se si seleziona <span class="guilabel"><strong>Disabilitato</strong></span> e si preme <span class="guibutton"><strong>OK</strong></span> le attuali configurazioni e regole di firewall vengono azzerate.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Abilitato</strong></span> — Questa opzione configura il sistema a rifiutare le richieste di connessioni in ingresso, ossia tutte quelle connessioni provenienti dall'esterno che non corrispondono a richieste effettuate dal sistema, come repliche DNS o richieste DHCP. Se occorre autorizzare l'accesso a servizi in esecuzione sulla macchina, essi possono essere impostati nel firewall.
+ </div><div class="para">
+ Se il sistema è collegato ad Internet ma non esegue alcun server, questa opzione è la scelta più sicura.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Indietro</strong>3.8.2. Configurazione di un firewall di base</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Avanti</strong>3.8.2.3. Servizi fidati</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
new file mode 100644
index 0000000..e61c171
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.4. Altre porte</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="3.8.2.3. Servizi fidati" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="3.8.2.5. Salvare le impostazioni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">3.8.2.4. Altre porte</h4></div></div></div><div class="para">
+ Lo strumento di <span class="application"><strong>Amministrazione Firewall</strong></span> include una sezione <span class="guilabel"><strong>Altre porte</strong></span> per impostare in <code class="command">iptables</code> i numeri delle porte IP fidate. Per esempio, per permettere ad IRC ed IPP (Internet Printing Protocol) di superare le regole del firewall, aggiungere quanto segue alla sezione <span class="guilabel"><strong>Altre porte</strong></span>:
+ </div><div class="para">
+ <code class="computeroutput">194:tcp,631:tcp</code>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Indietro</strong>3.8.2.3. Servizi fidati</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Avanti</strong>3.8.2.5. Salvare le impostazioni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
new file mode 100644
index 0000000..0b0fdae
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.5. Salvare le impostazioni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="3.8.2.4. Altre porte" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="3.8.2.6. Attivare il servizio IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation
Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">3.8.2.5. Salvare le impostazioni</h4></div></div></div><div class="para">
+ Premere il pulsante <span class="guibutton"><strong>OK</strong></span> per salvare i cambiamenti apportati al firewall. Se è stato selezionato <span class="guilabel"><strong>Abilita firewall</strong></span>, le opzioni selezionate verranno tradotte in comandi <code class="command">iptables</code> e salvate nel file <code class="filename">/etc/sysconfig/iptables</code>. Immediatamente dopo il salvataggio, viene ri-avviato automaticamente il servizio <code class="command">iptables</code> in modo da rendere immediate le modifiche apportate al firewall. Se invece è stato selezionato <span class="guilabel"><strong>Disabilita firewall</strong></span>, il file <code class="filename">/etc/sysconfig/iptables</code> viene eliminato ed il servizio <code class="command">iptables</code> immediatamente interrotto.
+ </div><div class="para">
+ Comunque, le varie impostazioni vengono salvate anche nel file <code class="filename">/etc/sysconfig/system-config-firewall</code>, usato dal sistema al successivo riavvio dell'applicazione per il regolare ripristino delle impostazioni. Si raccomanda di non modificare direttamente questo file.
+ </div><div class="para">
+ Anche se il filrewall viene avviato immediatamente, il servizio <code class="command">iptables</code> non è configurato per avviarsi automaticamente al boot. Per maggiori informazioni, fare riferimento alla <a class="xref" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html">Sezione 3.8.2.6, «Attivare il servizio IPTables»</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Indietro</strong>3.8.2.4. Altre porte</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Avanti</strong>3.8.2.6. Attivare il servizio IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
new file mode 100644
index 0000000..b025af2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.3. Servizi fidati</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="3.8.2.2. Abilitare e disabilitare il firewall" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="3.8.2.4. Altre porte" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Doc
umentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">3.8.2.3. Servizi fidati</h4></div></div></div><div class="para">
+ Abilitando le opzioni nella lista <span class="guilabel"><strong>Servizi fidati</strong></span>, si autorizza il servizio a passare attraverso (bypass) il firewall.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
+ Il protocollo HTTP è usato da Apache (e da altri server web) per servire pagine web. Se si intende rendere pubblico il proprio server web, abilitare la check-box relativa. Non occorre abilitare questa opzione per visualizzare pagine web sul server locale o per lo sviluppo di pagine web. Questo servizio richiede che sia installato il pacchetto <code class="filename">httpd</code>.
+ </div><div class="para">
+ L'abilitazione di <span class="guilabel"><strong>WWW (HTTP)</strong></span> non apre una porta per il servizio HTTPS, la versione SSL di HTTP. Se è necessario questo servizio, abilitare la check-box relativa al server <span class="guilabel"><strong>Secure WWW (HTTPS)</strong></span>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>FTP</strong></span></span></dt><dd><div class="para">
+ Il protocollo FTP è usato per trasferire file fra computer. Se si intende creare un server FTP disponibile pubblicamente, abilitare la check-box relativa. Questo servizio richiede che sia installato il pacchetto <code class="filename">vsftpd</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>SSH</strong></span></span></dt><dd><div class="para">
+ SSH (Secure Shell) è una raccolta di strumenti per accedere ed eseguire comandi su una macchina remota. Per autorizzare l'accesso remoto alla macchina via ssh, abilitare la check-box relativa. Questo servizio richiede che sia installato il pacchetto <code class="filename">openssh-server</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Telnet</strong></span></span></dt><dd><div class="para">
+ Telnet è un protocollo per accedere a macchine remote. Le comunicazioni Telnet non sono cifrate e non offrono nessuna protezione contro le intercettazioni. Consentire l'accesso Telnet in ingresso non è raccomandato. Per autorizzare l'accesso alla macchina via Telnet, abilitare la check-box relativa. Questo servizio richiede che sia installato il pacchetto <code class="filename">telnet-server</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Mail (SMTP)</strong></span></span></dt><dd><div class="para">
+ SMTP è un protocollo che consente ad host remoti di connettersi direttammente ad una macchina per l'invio di mail. Non si deve abilitare questo servizio se si riceve la posta dal proprio ISP, via POP3 o IMAP oppure se si utilizza uno strumento come <code class="command">fetchmail</code>. Per consentire la consegna di posta dalla macchina remota abilitare questa check-box. Notare che un server SMTP configurato in modo scorretto, potrebbe consentire a macchine remote di usare il server per l'invio di spam.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>NFS4</strong></span></span></dt><dd><div class="para">
+ NFS (Network File System) è un protocollo di condivisione file usato comunemente sui sistemi *NIX. La versione 4 di questo protocollo è più sicuro dei suoi predecessori. Se si desidera condividere i propri file o cartelle con altri utenti della rete, abilitare questa check-box.
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Samba</strong></span></span></dt><dd><div class="para">
+ Samba è una implementazione del protocollo di rete proprietario, SMB. Se si desidera condividere file, cartelle o stampanti locali con macchine microsoft windows, abilitare questa check-box.
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Indietro</strong>3.8.2.2. Abilitare e disabilitare il firewall</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Avanti</strong>3.8.2.4. Altre porte</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html
new file mode 100644
index 0000000..69b5bcd
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Perchè è importante?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html" title="2.3. Sicurezza fisica" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="cha
p-Security_Guide-Basic_Hardening.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. Perchè è importante?</h2></div></div></div><div class="para">
+ I principi generali della NSA rappresentano una panoramica sulle migliori procedure di sicurezza. Ci sono articoli di questo elenco che probabilmente non verranno utilizzati da tutti e ci sono elementi mancanti che dovrebbero essere sottolineato come best practice. Ulteriori informazioni su queste e altre idee verranno spiegate in seguito.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Basic_Hardening.html"><strong>Indietro</strong>Capitolo 2. Guida base all'hardening</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Avanti</strong>2.3. Sicurezza fisica</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html
new file mode 100644
index 0000000..b42f516
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.9. NTP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Services.html" title="2.8. Servizi" /><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_
Guide-Basic_Hardening-Services.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-NTP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</h2></div></div></div><div class="para">
+ Il Network Time Protocol o <em class="firstterm">NTP</em> mantiene sincronizzata l'ora sui sistemi. L'ora è un pezzo molto importante per la sicurezza e dovrebbe essere mantenuta più precisamente possibile. L'ora è utilizzata nei file di log, i timestamp e nella crittografia. Se qualcuno è in grado di controllare le impostazioni dell'orario allora sarà anche in grado di ricreare un'irruzione che è molto più difficile.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>Indietro</strong>2.8. Servizi</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Avanti</strong>Capitolo 3. Proteggere la rete locale</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html
new file mode 100644
index 0000000..2852756
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6.2. IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. Networking" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. Networking" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html" title="2.7. Mantenere il software aggiornato" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Gu
ide-Basic_Hardening-Networking.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</h3></div></div></div><div class="para">
+ IPv6 è il protocollo Internet più recente che mira a risolvere il deficit quantitativo degli indirizzi IPv4. E, sebbene non ci siano rischi per la sicurezza direttamente associati con il nuovo protocollo, ci sono alcune cose da capire prima di utilizzare questa nuova tecnologia.
+ </div><div class="para">
+ Molti amministratori di sistema hanno familiarità con IPv4 e i work-around che sono stati messi in atto per farlo lavorare. Uno di questi è la traduzione dell'indirizzo di rete o <em class="firstterm">NAT</em> . NAT è tradizionalmente utilizzato per mantenere al minimo il numero di indirizzi IP pubblici necessari quando si imposta una rete locale. Non tutti i sistemi su queste reti richiedono indirizzi IP pubblici ed indirizzi preziosi possono essere salvati mediante l'attuazione di questa tecnologia. Ci sono alcune caratteristiche di sicurezza che rappresentano effetti collaterali di NAT; il più grande dei quali è che il traffico in uscita non è permesso senza il port forwarding attraverso il router. Poiché IPv6 risolve il problema dell'indirizzamento, non c'è più la necessità di utilizzare NAT. Ogni cosa può avere un indirizzo IP pubblico e, in senso lato, non tutto è pubblicamente instradabile su Internet quando si stabiliscono connessioni fisiche e logich
e.
+ </div><div class="para">
+ Un'altra cosa di cui preoccuparsi è come il software di sicurezza si occupa di questo nuovo protocollo. <span class="application"><strong>iptables</strong></span> non sa o non capisce l'IPv6 e quindi ne ignora tutti i pacchetti. Ciò significa che se la rete sta utilizzando IPv6 e non è stato attivato <span class="application"><strong>ip6tables</strong></span> allora si lascia una porta al sistema aperto al mondo.
+ </div><div class="para">
+ L'utilizzo di IPv6 non è pericoloso fino a quando se ne conoscono e se ne capiscono i cambiamenti che il software del sistema ha subìto per rendere possibile l'utilizzo di questo nuovo protocollo di rete.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>Indietro</strong>2.6. Networking</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>Avanti</strong>2.7. Mantenere il software aggiornato</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html
new file mode 100644
index 0000000..0a1ef71
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. Networking</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html" title="2.5. Cos'altro posso fare?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html" title="2.6.2. IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey
="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Networking">2.6. Networking</h2></div></div></div><div class="para">
+ La connessione di rete del computer è il gateway verso il sistema. I file e il tempo d'elaborazione potrebbero essere a disposizione di chiunque si colleghi con successo al sistema tramite la connessione di rete se le altre garanzie non sono state implementate. Uno dei modi principali per mantenere il controllo del sistema è in primo luogo quello di evitare che gli aggressori possano accedere al sistema.
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> è oggi il software firewall più utilizzato sui sistemi Linux. Questo programma intercetta i pacchetti in entrata al computer attraverso la connessione di rete e li filtra in base alle regole specificate. Ulteriori informazioni possono essere trovate su <a class="xref" href="sect-Security_Guide-IPTables.html">Sezione 3.9, «IPTables»</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Indietro</strong>2.5. Cos'altro posso fare?</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>Avanti</strong>2.6.2. IPv6</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html
new file mode 100644
index 0000000..8087477
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. Cos'altro posso fare?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html" title="2.4. Perchè è importante" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. Networking" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accessk
ey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. Cos'altro posso fare?</h2></div></div></div><div class="para">
+ Fin da Fedora 9, la crittografia LUKS è stata supportata in modo nativo per proteggere i dati memorizzati in una partizione criptata LUKS. Quando si installa Fedora 9, selezionare la casella per crittografare il file system quando si imposta il file system. Criptando la partizione root e la <code class="filename">/home</code> (o la partizione singola / se si accetta il file system predefinito), gli attaccanti usano una sorgente esterna o l'avvio in modalità utente singolo. Naturalmente si utilizza una passphrase per proteggere i dati.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Indietro</strong>2.4. Perchè è importante</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>Avanti</strong>2.6. Networking</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html
new file mode 100644
index 0000000..3d1cfd7
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. Perchè è importante</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html" title="2.3. Sicurezza fisica" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html" title="2.5. Cos'altro posso fare?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. Perchè è importante</h2></div></div></div><div class="para">
+ Un attaccante può prendere il controllo completo del tuo sistema eseguendo il boot da una sorgente esterna. Eseguendo il boot da una sorgente esterna (p.e. un live CD Linux) molte delle impostazioni di sicurezza vengono superate. Se l'attaccante può modificare le impostazioni di GRUB può eseguire il boot in modalità utente singolo che permette l'accesso amministrativo al sistema.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>Indietro</strong>2.3. Sicurezza fisica</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>Avanti</strong>2.5. Cos'altro posso fare?</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html
new file mode 100644
index 0000000..f3b66e9
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. Sicurezza fisica</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html" title="2.2. Perchè è importante?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html" title="2.4. Perchè è importante" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. Sicurezza fisica</h2></div></div></div><div class="para">
+ La sicurezza fisica di un sistema è di estrema importanza. Molti dei suggerimenti dati qui non proteggono se l'attaccante ha accesso fisico al tuo sistema.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Questa sezione contiene informazioni riguardo GRUB Legacy e non sono valide per il rilascio attuale (conosciuto anche come GRUB2). Fedora 16 e versioni successive non usano GRUB Legacy così molti dei comandi non funzioneranno.
+ </div></div></div><div class="para">
+ Configurare il BIOS per disabilitare l'avvio da CD/DVD, floppy e dispositivo esterno, ed impostare una password per proteggerli. Poi impostare una password per il bootloader GRUB. Generare una password hash usando il comando <code class="command">/sbin/grub-md5-crypt</code>. Aggiungere l'hash alla prima linea del <code class="command">/etc/grub.conf</code> usando <code class="command">password --md5 'passwordhash'</code>. Questo impedisce agli utenti di usare la modalità single user o cambiare le impostazioni.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>Indietro</strong>2.2. Perchè è importante?</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>Avanti</strong>2.4. Perchè è importante</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html
new file mode 100644
index 0000000..bbc3462
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.8. Servizi</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html" title="2.7. Mantenere il software aggiornato" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-NTP.html" title="2.9. NTP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide
-Basic_Hardening-Up_to_date.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Services"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Services">2.8. Servizi</h2></div></div></div><div class="para">
+ I servizi in Linux sono programmi che vengono eseguiti come demoni in background. E 'importante controllare questi programmi regolarmente per determinare se bisogna tenerli in esecuzione. Molti demoni aprono le porte di rete al fine di ascoltare le chiamate. Mantenere aperte porte non necessarie può danneggiare la sicurezza complessiva del sistema. Una falla di sicurezza sconosciuta in un software è in grado di dare il via libera ad un hacker all'interno del sistema senza una buona ragione.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>Indietro</strong>2.7. Mantenere il software aggiornato</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>Avanti</strong>2.9. NTP</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html
new file mode 100644
index 0000000..d4708f2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.7. Mantenere il software aggiornato</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html" title="2.6.2. IPv6" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Services.html" title="2.8. Servizi" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Harde
ning-Networking-IPv6.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Up_to_date"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. Mantenere il software aggiornato</h2></div></div></div><div class="para">
+ Il software viene patchato tutti i giorni. Alcuni di questi aggiornamenti risolvono i problemi di sicurezza che sono stati identificati dagli sviluppatori. Quando queste diventano disponibili è importante che vengano applicate al sistema appena possibile. Uno dei modi più semplici per gestire gli aggiornamenti per il sistema è quello di usare <span class="application"><strong>yum</strong></span>. Un plugin speciale è disponibile per consentire solo aggiornamenti di sicurezza ignorando correzioni di bug e miglioramenti. Questo plugin è descritto meglio su <a class="xref" href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">Sezione 8.1, «Plugin YUM»</a> .
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>Indietro</strong>2.6.2. IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>Avanti</strong>2.8. Servizi</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html
new file mode 100644
index 0000000..47e2fd3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Usare yum-plugin-security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-CVE.html" title="Capitolo 8. Common Vulnerabilities and Exposures" /><link rel="prev" href="chap-Security_Guide-CVE.html" title="Capitolo 8. Common Vulnerabilities and Exposures" /><link rel="next" href="chap-Security_Guide-References.html" title="Capitolo 9. Riferimenti" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-CVE
.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. Usare yum-plugin-security </h2></div></div></div><div class="para">
+ Il principale comando di questo plugin è <code class="command">yum list-sec</code>. E' molto simile a <code class="command">yum check-update</code> con la differenza che elenca anche l'ID di Red Hat dell'avviso ed il tipo di ciascun aggiornamento come “enhancement” (miglioramento), “bugfix” (risoluzione) o “security” (sicurezza):
+ </div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Se si usa <code class="command">yum list-sec cves</code>, l'ID Red Hat è rimpiazzato dall'ID in CVE dell'avviso cui fa riferimento l'aggiornamento; se si usa <code class="command">yum list-sec bzs</code> l'ID si riferisce a quello in Bugzilla di Red Hat. Se un pacchetto si riferisce a ID multipli in Bugzilla o CVE, il pacchetto potrebbe essere elencato più volte:
+ </div><div class="para">
+ Ecco un tipico esempio d'output di <code class="command">yum list-sec bzs</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>387431 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>345101 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Un esempio d'output di <code class="command">yum list-sec cves</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ L'altro comando disponibile in <span class="package">yum-plugin-security</span> è <code class="command">info-sec</code>. Esso accetta un numero d'avviso come argomento, un ID CVE o Bugzilla e restituisce informazioni dettagliate sull'avviso, inclusa una breve argomentazione sulla natura del problema o dei problemi sollevati dall'avviso.
+ </div><div class="para">
+ Oltre a questi due nuovi comandi sono disponibili anche nuove opzioni nel comando <code class="command">yum update</code>, per selezionare solo aggiornamenti di sicurezza o solo aggiornamenti associati ad un avviso o bug.
+ </div><div class="para">
+ Per applicare solo aggiornamenti di sicurezza, usare:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --security</code></td></tr></table>
+
+ </div><div class="para">
+ Per applicare tutti gli aggiornamenti al Bug #410101 di Bugzilla, eseguire:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --bz 410101</code></td></tr></table>
+
+ </div><div class="para">
+ Per applicare tutti gli aggiornamenti relativi all'avviso di CVE con ID CVE-2007-5707 e gli aggiornamenti relativi all'avviso di Red Hat con ID RHSA-2007:1082-5, eseguire:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5</code></td></tr></table>
+
+ </div><div class="para">
+ Maggiori informazioni su queste nuove capacità sono presenti nelle pagine man(8) del pacchetto <span class="package">yum-plugin-security</span>.
+ </div><div class="para">
+ Per maggiori informazioni sugli aggiornamenti di sicurezza in Fedora, si prega di visitare la pagina Fedora Security al seguente link <a href="https://fedoraproject.org/wiki/Security">https://fedoraproject.org/wiki/Security</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-CVE.html"><strong>Indietro</strong>Capitolo 8. Common Vulnerabilities and Exposures</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Avanti</strong>Capitolo 9. Riferimenti</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
new file mode 100644
index 0000000..a2074a2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.2. Opzioni di Comando</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="3.9.2.3. Opzioni di Parametro" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" />
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">3.9.2.2. Opzioni di Comando</h4></div></div></div><div class="para">
+ Le opzioni di comando indicano ad <code class="command">iptables</code> di eseguire un'azione. In un comando <code class="command">iptables</code> è permesso specificare solo una opzione di comando e, ad eccezione di help, deve essere espressa in caratteri maiuscoli.
+ </div><div class="para">
+ Le opzioni di comando di <code class="command">iptables</code>, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-A</code> — Appende la regola alla fine della catena. Diversamente dall'opzione <code class="option">-I</code> (descritta più avanti), non accetta alcun numero intero ma appende la regola sempre alla fine della catena.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-C</code> — Controlla una regola prima di aggiungerla alla catena. Questo comando serve a costruire regole <code class="command">iptables</code> complesse, richiedendo interattivamente l'inserimento di parametri e opzioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-D <integer> | <rule></code> — Elimina una regola da una catena usando un numero (p.e. <code class="option">5</code> sta per la quinta regola nella catena) o specificando la regola. Quest'ultima deve corrispondere esattamente con una regola esistente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-E</code> — Rinomina una catena definita dall'utente, ossia una catena non predefinita. (Fare riferimento all'opzione <code class="option">-N</code> per maggiori informazioni sulle catene definite dall'utente). Si tratta di una variazione estetica senza effetti sulla struttura della tabella.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se si tenta di rinominare una catena predefinita, il sistema restituisce l'errore <code class="computeroutput">Match not found</code> (Corrispondenza non trovata): non si possono rinominare le catene predefinite.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-F</code> — Scarica la catena selezionata eliminando di conseguenza tutte le regole nella catena. Se non si specifica nessuna catena, questo comando scarica tutte le regole da tutte le catene.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-h</code> — Fornisce un elenco delle strutture dei comandi di <code class="command">iptables</code> insieme ad un breve sommario dei parametri e delle opzioni disponibili.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-I [<integer>]</code> — Inserisce la regola nel punto specifico della catena definito dal numero. Se non viene specificato nessun numero, la regola viene inserita in cima alla catena.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Come già notato, l'ordinamento delle regole in una catena determina le regole da applicare ai pacchetti e cio è da tener presente quando si aggiunge una regola con l'opzione <code class="option">-A</code> o con l'opzione <code class="option">-I</code>.
+ </div><div class="para">
+ Con l'opzione <code class="option">-I</code> specificando il numero di un posto esistente, <code class="command">iptables</code> inserisce la nuova regola <span class="emphasis"><em>prima</em></span> della regola esistente.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-L</code> — Elenca tutte le regole della catena. Per elencare le regole in tutte le catene della tabella predefinita <code class="option">filter</code>, non specificare alcuna catena o tabella. Invece, per elencare le regole in una catena specifica di una particolare tabella, usare la seguente sintassi:
+ </div><pre class="screen"><code class="computeroutput"> iptables -L <em class="replaceable"><code><chain-name></code></em> -t <em class="replaceable"><code><table-name></code></em></code></pre><div class="para">
+ Per maggiori informazioni sull'opzione di comando <code class="option">-L</code> (in grado di visualizzare numeri di regola e descrizioni più dettagliate sulle regole), fare riferimento alla <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html">Sezione 3.9.2.6, «Elencare le opzioni»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-N</code> — Crea una nuova catena. Il nome della catena deve essere unico altrimenti si ha un messaggio di errore.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-P</code> — Imposta la policy predefinita sulla catena, ossia applica il <span class="emphasis"><em>target</em></span> (azione) specificato, per esempio ACCEPT o DROP ai pacchetti per i quali non esiste una regola corrispondente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-R</code> — Sostituisce una regola nella catena. Il numero di regola deve essere specificato dopo il nome della catena. La prima regola in una catena corrisponde alla regola numero uno.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-X</code> — Elimina una catena precedentemente creata. Non è possibile eliminare le catene predefinite.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-Z</code>·— Imposta a zero, in tutte le catene di una tabella, i contatori di byte e di pacchetti.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Indietro</strong>3.9.2. Opzioni di comando di IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Avanti</strong>3.9.2.3. Opzioni di Parametro</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
new file mode 100644
index 0000000..a32de24
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4. Match Option</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="3.9.2.3. Opzioni di Parametro" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="3.9.2.4.2. Protocollo UDP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">3.9.2.4. Match Option</h4></div></div></div><div class="para">
+ Per vari protocolli di rete esistono delle match option (o opzioni di corrispondenza), configurabili per creare regole per protocolli specifici. Per usare queste opzioni occorre specificare il tipo di protocollo nel comando <code class="command">iptables</code>. Per esempio, <code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> applica le opzioni al protocollo specificato. Notare che è possibile usare anche l'ID di protocollo. Per esempio, le due regole seguenti hanno lo stesso significato:
+ </div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code></pre><pre class="screen"><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code></pre><div class="para">
+ Le definizioni dei vari servizi si trovano nel file <code class="filename">/etc/services</code>. Per ragioni di leggibilità, si raccomanda di usare il nome invece del numero di porta del servizio corripondente.
+ </div><div class="warning"><div class="admonition_header"><h2>Avviso</h2></div><div class="admonition"><div class="para">
+ Proteggere il file <code class="filename">/etc/services</code> da modifche non autorizzate. Se il file è modificabile, i cracker possono usare il file per abilitare le porte. Per proteggere il file, digitare come root i seguenti comandi:
+ </div><pre class="screen">
+[root at myServer ~]# chown root.root /etc/services
+[root at myServer ~]# chmod 0644 /etc/services
+[root at myServer ~]# chattr +i /etc/services</pre><div class="para">
+ Ciò impedisce di rinominare, eliminare o di creare collegamenti al file.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol">3.9.2.4.1. Protocollo TCP</h5></div></div></div><div class="para">
+ Queste sono le opzioni disponibili per il protocollo TCP (<code class="option">-p tcp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Specifica il numero di porta di destinazione.
+ </div><div class="para">
+ Per configurare questa opzione, usare un nome (come www o smtp), un numero o un range di numeri di porta.
+ </div><div class="para">
+ Per specificare un range di numeri, separare i due numeri con il carattere "due punti" (<code class="option">:</code>). Per esempio: <code class="option">-p tcp --dport 3000:3200</code>. Il range di valori massimo è <code class="option">0:65535</code>.
+ </div><div class="para">
+ Usare il carattere "punto esclamativo" (<code class="option">!</code>) dopo l'opzione <code class="option">--dport</code> per indicare i pacchetti che <span class="emphasis"><em>non</em></span> usano quel servizio di rete o numero di porta.
+ </div><div class="para">
+ Per conoscere i nomi e gli aliases dei servizi di rete con i numeri di porta usati, vedere il file <code class="filename">/etc/services</code>.
+ </div><div class="para">
+ L'opzione <code class="option">--destination-port</code> è la versione estesa di <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Specifica la porta mittente usando le stesse opzioni di <code class="option">--dport</code>. L'opzione <code class="option">--source-port</code> è la versione estesa di <code class="option">--sport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--syn</code> — Applica la regola a tutti i pacchetti TCP designati ad iniziare la comunicazione, generalmente detti <em class="firstterm">SYN packet</em>. I pacchetti che trasportano dati (data payload) non ne sono influenzati.
+ </div><div class="para">
+ Usare il carattere "punto esclamativo" (<code class="option">!</code>) dopo l'opzione <code class="option">--syn</code> per indicare i pacchetti <span class="emphasis"><em>non-SYN</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-flags <tested flag list> <set flag list></code> — Si applica ai pacchetti TCP che hanno impostati particolari bit (flag).
+ </div><div class="para">
+ L'opzione <code class="option">--tcp-flags</code> accetta due parametri. Il primo è la maschera, una lista di flag separati da virgole da esaminare nel pacchetto. Il secondo parametro è una lista di flag separati da virgole che devono risultare settati.
+ </div><div class="para">
+ I flag possibili sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ACK</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">FIN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PSH</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RST</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SYN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">URG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ALL</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NONE</code>
+ </div></li></ul></div><div class="para">
+ Per esempio, la seguente regola si applica ai pacchetti TCP che hanno il flag SYN settato e i flag ACK e FIN non settato:
+ </div><div class="para">
+ <code class="command">--tcp-flags ACK,FIN,SYN SYN</code>
+ </div><div class="para">
+ Usare il carattere punto esclamativo (<code class="option">!</code>) dopo l'opzione<code class="option">--tcp-flags</code> per invertire l'effetto della regola.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-option</code> — Applica la regola se è impostata l'opzione tcp. La regola può anche essere invertita usando il punto esclamativo (<code class="option">!</code>).
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Indietro</strong>3.9.2.3. Opzioni di Parametro</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Avanti</strong>3.9.2.4.2. Protocollo UDP</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
new file mode 100644
index 0000000..8cfb55d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.3. Opzioni di Parametro</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="3.9.2.2. Opzioni di Comando" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. Match Option" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cla
ss="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">3.9.2.3. Opzioni di Parametro</h4></div></div></div><div class="para">
+ Per costruire una regola, alcuni comandi <code class="command">iptables</code> inclusi quelli usati per aggiungere, appendere, eliminare, inserire o sostituire le regole in una catena, richiedono vari parametri.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-c</code> — Resetta i contatori di una regola. Questo parametro accetta le opzioni <code class="option">PKTS</code> e <code class="option">BYTES</code> per specificare il contatore da resettare.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-d</code> — Imposta l'hostname, l'indirizzo IP o la rete di destinazione di un pacchetto intercettato dalla regola. Nel caso di reti sono supportati i seguenti formati di indirizzo (IP/netmask) :
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M.M.M.M</code></em></code> — Dove <em class="replaceable"><code>N.N.N.N</code></em> è il range di indirizzi IP e <em class="replaceable"><code>M.M.M.M</code></em> è la netmask.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M</code></em></code> — Dove <em class="replaceable"><code>N.N.N.N</code></em> è il range di indirizzi IP e <em class="replaceable"><code>M</code></em> è la bitmask.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">-f</code> — Applica la regola solo ai pacchetti frammentati.
+ </div><div class="para">
+ Per applicare la regola solo ai pacchetti non frammentati (n.d.t. i complementari), si può usare il carattere punto esclamativo (<code class="option">!</code>) dopo il parametro.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ La tecnica della frammentazione dei pacchetti è uno standard minore del protocollo IP.
+ </div><div class="para">
+ Originariamente progettato per consentire ai pacchetti IP di attraversare le reti in frame di diverse lunghezze, oggigiorno la frammentazione è usata molto spesso per generare attacchi DoS. Inoltre è importante notare che IPv6 non consente affatto la frammentazione.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-i</code> — Imposta la scheda di rete di ingresso (p.e. <code class="option">eth0</code> o <code class="option">ppp0</code>). Con la tabella <code class="option">filter</code> questo parametro può essere usato solo con le catene INPUT e FORWARD; con le tabelle <code class="option">nat</code> e <code class="option">mangle</code> solo con la catena PREROUTING.
+ </div><div class="para">
+ Supporta anche le seguenti opzioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Punto esclamativo (<code class="option">!</code>) — Inverte la direttiva escludendo dalla regola le interfacce specificate.
+ </div></li><li class="listitem"><div class="para">
+ Somma (<code class="option">+</code>) — Un carattere "jolly" usato per individuare tutte le interfacce che coincidono con la stringa specificata. Per esempio, il parametro <code class="option">-i eth+</code> applicherà la regola a tutte le schede Ethernet escludendo le altre, come <code class="option">ppp0</code>.
+ </div></li></ul></div><div class="para">
+ Se l'opzione <code class="option">-i</code> non ha argomento allora la regola si applica a tutte le interfacce presenti.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-j</code> — Salta al target (azione) specificato se il pacchetto è intercettato dalla regola.
+ </div><div class="para">
+ I target standard sono <code class="option">ACCEPT</code>, <code class="option">DROP</code>, <code class="option">QUEUE</code>, e <code class="option">RETURN</code>.
+ </div><div class="para">
+ Nei moduli di <code class="command">iptables</code> caricati per default, sono disponibili anche opzioni Target Extension. Tra questi sono inclusi <code class="option">LOG</code>, <code class="option">MARK</code> e <code class="option">REJECT</code>, tra gli altri. Per maggiori informazioni su questi e altri target fare riferimento alle pagine di man di <code class="command">iptables</code>.
+ </div><div class="para">
+ Questa opzione può essere usata anche per dirigere un pacchetto intercettato verso un'altra catena esterna differente, contenente altre regole da applicare al pacchetto.
+ </div><div class="para">
+ Se non è specificato alcun target, il pacchetto avanza senza subire alcuna azione ed il contatore di questa regola viene incrementato di uno.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-o</code> — Imposta la scheda di rete di uscita. Questa opzione si applica solo alle catene OUTPUT e FORWARD della tabella <code class="option">filter</code> e alla catena POSTROUTING delle tabelle <code class="option">nat</code> e <code class="option">mangle</code>. L'opzione accetta gli stessi parametri dell'opzione <code class="option">-i</code> (che specifica la scheda di ingresso).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-p <protocol></code> — Imposta il protocollo IP. Alcuni valori possibili sono <code class="option">icmp</code>, <code class="option">tcp</code>, <code class="option">udp</code> o <code class="option">all</code> oppure un valore numerico corrispondente. Più in generale si può usare un qualsiasi protocollo elencato nel file <code class="filename">/etc/protocols</code>.
+ </div><div class="para">
+ Il valore "<code class="option">all</code>" applica la regola a tutti i protocolli supportati ed è il valore predefinito, se una regola non specifica alcun protocollo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-s</code> — Imposta il mittente su un pacchetto usando la stessa sintassi dell'opzione destinazione (<code class="option">-d</code>).
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Indietro</strong>3.9.2.2. Opzioni di Comando</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Avanti</strong>3.9.2.4. Match Option</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
new file mode 100644
index 0000000..7420a2c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.6. Elencare le opzioni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="3.9.2.5. Opzioni target" /><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="3.9.3. Salvataggio delle regole IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">3.9.2.6. Elencare le opzioni</h4></div></div></div><div class="para">
+ Il comando predefinito <code class="command">iptables -L [<chain-name>]</code>, mostra le attuali catene nella tabella predefinita. Altre opzioni forniscono maggiori informazioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-v</code> — Visualizza un output più prolisso, per esempio il numero di pacchetti e byte analizzati da ogni catena, il numero di pacchetti e byte individuati da ogni regola e le schede di rete interessate da una particolare regola.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-x</code> — Espande i numeri al loro valore esatto. Il numero di pacchetti e bytes analizzati da una catena o regola risultano abbreviati in <code class="computeroutput">Kilobytes</code>, <code class="computeroutput">Megabytes</code> o <code class="computeroutput">Gigabytes</code>. Questa opzione visualizza il valore esatto di pacchetti e byte.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-n</code> — Visualizza gli indirizzi IP e i numeri di porta in formato numerico, invece del formato predefinito basato su hostname e nome del servizio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--line-numbers</code> — Elenca il numero d'ordine delle regole nella catena. Questa opzione risulta molto utile quando si vuole rimuovere una regola o per localizzare la posizione nelle catena in cui inserire una regola.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-t <table-name></code> — Specifica un nome di tabella. Se omesso si fa riferiemento alla tabella predefinita.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Indietro</strong>3.9.2.5. Opzioni target</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Avanti</strong>3.9.3. Salvataggio delle regole IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
new file mode 100644
index 0000000..b3c12af
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.5. Opzioni target</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="3.9.2.4.4. Ulteriori moduli Match Option" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="3.9.2.6. Elencare le opzioni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation
Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">3.9.2.5. Opzioni target</h4></div></div></div><div class="para">
+ Quando un pacchetto viene intercettato da una regola, il pacchetto può essere inviato a vari "target" che intraprendono l'azione appropriata. Ogni catena hanno un target predefinito che entra in azione se nessuna regola nella catena è in grado di intercettare il pacchetto o se la regola corrispondente è priva di un target specifico.
+ </div><div class="para">
+ Di seguito si riportano i target standard:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code><user-defined-chain></code></em></code> — Una catena definita dall'utente. In nomi della catene devono essere unici. Il target passa il pacchetto alla catena specificata.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ACCEPT</code> — Invia il pacchetto alla sua destinazione o ad un'altra catena.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DROP</code> — Scarta il pacchetto senza rispondere. Il sistema che ha spedito il pacchetto non viene avvisato dell'insuccesso.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">QUEUE</code> — Il pacchetto è messo in coda per essere gestito dall'applicazione dello spazio utente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RETURN</code> — Interrompe il controllo delle regole sul pacchetto. Se il pacchetto viene intercettato in una catena interna alla principale, il pacchetto è restituito alla catena principale da cui vengono riavviate le verifiche rimaste in sospeso. Se il target <code class="option">RETURN</code> viene usato in una catena predefinita e il pacchetto non può ritornare alla catena precedente, per la catena corrente si usa il target predefinito.
+ </div></li></ul></div><div class="para">
+ In aggiunta sono disponibili estensioni con cui definire altri target, detti moduli "target" o moduli "match option", tuttavia la maggior parte si applicano soltanto a particolari tabelle e situazioni. Per maggiori informazioni sui moduli "match option", fare riferimento alla <a class="xref" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html">Sezione 3.9.2.4.4, «Ulteriori moduli Match Option»</a>.
+ </div><div class="para">
+ Esistono molti moduli target, la maggior parte dei quali si applicano a tabelle e situazioni specifiche. Alcuni dei moduli più comuni inclusi per impostazione in Fedora, sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">LOG</code> — Registra nel file di log tutti i pacchetti intercettati dalla regola. Poichè i pacchetti sono individuati dal kernel, è il file <code class="filename">/etc/syslog.conf</code> che determina in quale file registrare questi avvisi (logs). Per impostazione, i logs si trovano nel file <code class="filename">/var/log/messages</code>.
+ </div><div class="para">
+ Le opzioni che si possono usare con il target <code class="option">LOG</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--log-level</code> — Imposta il livello di priorità degli eventi di log. Per una lista dei livelli di priorità, fare riferimento alle pagine di man di <code class="filename">syslog.conf</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-ip-options</code> — Registra tutte le opzioni impostate nell'header di un pacchetto IP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-prefix</code> — Antepone una stringa di caratteri (max. 29) davanti ad ogni riga di log. Ciò può essere molto utile in fase di analisi dei pacchetti per realizzare filtri di syslog.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ A causa di un problema potrebbe essere necessario inserire uno spazio davanti al valore del parametro <em class="replaceable"><code>log-prefix</code></em>.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-options</code> — Registra tutte le opzioni impostate nell'header di un pacchetto TCP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-sequence</code> — Registra la sequenza numerica TCP del pacchetto.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">REJECT</code> — Scarta il pacchetto e restituisce al sistema remoto un pacchetto d'errore.
+ </div><div class="para">
+ Il target <code class="option">REJECT</code> accetta l'opzione <code class="option">--reject-with <em class="replaceable"><code><type></code></em></code> (in cui <em class="replaceable"><code><type></code></em> è il tipo di rifiuto), permettendo di restituire insieme al pacchetto d'errore informazioni più dettagliate. Il messaggio <code class="computeroutput">port-unreachable</code> è il tipo predefinito di errore. Per la lista completa di opzioni <code class="option"><em class="replaceable"><code><type></code></em></code>, fare riferimento alle pagine di man di <code class="command">iptables</code>.
+ </div></li></ul></div><div class="para">
+ Altri moduli target, tra cui alcuni molto utili per il mascheramento IP con la tabella <code class="option">nat</code> o per l'alterazione dei pacchetti con la tabella <code class="option">mangle</code>, possono trovarsi nelle pagine di man di <code class="command">iptables</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Indietro</strong>3.9.2.4.4. Ulteriori moduli Match Option</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Avanti</strong>3.9.2.6. Elencare le opzioni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html
new file mode 100644
index 0000000..d1e9179
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Rischi e Attacchi comuni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Capitolo 1. Panoramica sulla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.3.3.5. Le necessità future" /><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. Aggiornamenti di sicurezza" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Common_Exploits_and_Attacks" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Rischi e Attacchi comuni</h2></div></div></div><div class="para">
+ La <a class="xref" href="sect-Security_Guide-Common_Exploits_and_Attacks.html#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits">Tabella 1.1, «Attacchi comuni»</a> illustra alcune delle azioni più comuni e i punti d'ingresso usati per accedere alle risorse di rete di un'organizzazione. Per ogni attacco si fornisce una descrizione di come sia stata realizzata e le contromisure da prendere, a protezione delle risorse di rete.
+ </div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><h6>Tabella 1.1. Attacchi comuni</h6><div class="table-contents"><table summary="Attacchi comuni" border="1"><colgroup><col width="20%" class="Exploit" /><col width="40%" class="Description" /><col width="40%" class="Notes" /></colgroup><thead><tr><th>
+ Attacco
+ </th><th>
+ Descrizione
+ </th><th>
+ Note
+ </th></tr></thead><tbody><tr><td>
+ Password vuote o predefinite
+ </td><td>
+ Lasciare le password amministrative vuote oppure utilizzare una password predefinita, impostata dal produttore. Ciò è molto comune in alcuni hardware come router e firewall ed anche in alcuni servizi in esecuzione su Linux (in Fedora invece non esistono password predefinite).
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Si trovano comunemente in hardware di rete come router, firewall, VPN e dispositivi di memorizzazione di rete (NAS).</td></tr><tr><td>Comune in molti sistemi operativi proprietari, specialmente in quelli che vendono servizi (come UNIX e Windows).</td></tr><tr><td>Gli amministratori a volte creano account di utenti privilegiati, in fretta e furia, lasciando la password vuota; ciò può essere un punto d'accesso ideale per utenti maliziosi che scoprono l'account.</td></tr></table>
+
+ </td></tr><tr><td>
+ Chiavi predefinite condivise
+ </td><td>
+ Alcuni servizi di sicurezza, a volte, per motivi di sviluppo o per test valutativi, impostano le chiavi di sicurezza in modo predefinito. Se le chiavi non vengono modificate e vengono usate in un ambiente di produzione su Internet, <span class="emphasis"><em>tutti</em></span> gli utenti con le stesse chiavi predefinite avranno accesso alle risorse di quella chiave ed alle informazioni sensibili che essa contiene.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Molto comune negli access point dei sistemi wireless e nelle appliance secure server preconfigurate.</td></tr></table>
+
+ </td></tr><tr><td>
+ IP Spoofing
+ </td><td>
+ Una macchina remota agisce come un nodo sulla rete locale, trova le vulnerabilità nei server ed installa un programma backdoor o trojan, per ottenere il controllo sulle risorse di rete.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Lo spoofing è abbastanza difficile da realizzare, dato che comporta prevedere, da parte dell'attaccante, i numeri della sequenza TCP/IP necessari per coordinare una connessione con il sistema target; tuttavia, sono disponibili molti strumenti che assistono i cracker nel perseguire questo tipo di attacco.</td></tr><tr><td>Dipende dai servizi in esecuzione sul sistema target (come <code class="command">rsh</code>, <code class="command">telnet</code>, FTP e altri) che usano tecniche di autenticazione <em class="firstterm">source-based</em>, i quali non sono raccomandati se confrontati con PKI o altre forme di autenticazione cifrata, usate in <code class="command">ssh</code> o SSL/TLS.</td></tr></table>
+
+ </td></tr><tr><td>
+ Eavesdropping (Origliare)
+ </td><td>
+ Raccogliere dati che passano tra i nodi attivi di una rete, stando in ascolto fra i due nodi della connessione.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Questo tipo di attacco funziona, principalmente, nei protocolli con trasmissione del testo in chiaro come Telnet, FTP ed HTTP.</td></tr><tr><td>Gli attaccanti remoti, per eseguire questo attacco, devono avere accesso ad un sistema compromesso sulla LAN; solitamente, il cracker usa un attacco attivo (come l'IP spoofing o man-in-the-middle), per compromettere il sistema sulla LAN.</td></tr><tr><td>Misure preventive includono servizi con scambio di chiavi crittografiche, password "usa e getta" oppure autenticazione cifrata; è inoltre consigliata una robusta cifratura durante la trasmissione.</td></tr></table>
+
+ </td></tr><tr><td>
+ Vulnerabilità nei servizi
+ </td><td>
+ L'attaccante può trovare una falla o una scappatoia in un servizio in esecuzione su Internet; attraverso questa vulnerabilità, l'attaccante compromette l'intero sistema e qualsiasi dato in esso contenuto, e potrebbe compromettere altri sistemi sulla rete.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>I servizi basati su HTTP come CGI, sono vulnerabili all'esecuzione di comandi remoti ed anche ad accessi da shell interattive. Anche se il servizio HTTP è in esecuzione come un utente non privilegiato, come "nobody", informazioni come file di configurazione e mappe di rete possono essere lette, oppure l'attaccante può avviare un attacco tipo DoS (Denial of Service) consumando risorse di sistema o renderle indisponibili agli utenti.</td></tr><tr><td>A volte i servizi possono presentare vulnerabilità che non vengono notate in fase di sviluppo e di test; queste vulnerabilità (come i <em class="firstterm">buffer overflows</em>, in cui l'attaccante manda in crash un servizio riempiendo il buffer di memoria di una applicazione con valori arbitrari, dandogli un prompt di comando interattivo dal quale può eseguire comandi arbitrari) possono fornire un controllo amministrativo completo a chi effettua l'atta
cco.</td></tr><tr><td>Gli amministratori dovrebbero assicurarsi che i servizi non siano in esecuzione come utente root, e dovrebbero vigilare su patch e aggiornamenti di errata per le applicazioni, da produttori o da organizzazioni di sicurezza come il CERT e il CVE.</td></tr></table>
+
+ </td></tr><tr><td>
+ Vulnerabilità nelle applicazioni
+ </td><td>
+ L'attaccante trova falle nelle applicazioni desktop e workstation (come i client e-mail) per eseguire codice arbitrario, impiantare <span class="emphasis"><em>trojan</em></span> per attacchi futuri o per mandare in crash il sistema. Potrebbero verificarsi ulteriori attacchi, se la workstation compromessa ha privilegi amministrativi sul resto della rete.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Le workstation e i desktop sono più facili da sfruttare se gli utenti non hanno le conoscenze o l'esperienza per prevenire o rilevare un rischio; è importante informare gli utenti sui rischi che si corrono, quando si installa software non autorizzato oppure si aprono allegati di mail non attese.</td></tr><tr><td>Si possono implementare dei metodi di sicurezza, facendo in modo che i software di gestione posta non aprano o eseguano automaticamente gli allegati. In aggiunta, l'aggiornamento automatico delle workstation tramite i servizi di rete Red Hat o altri servizi di gestione, possono ridurre il carico di lavoro e le disattenzioni sulla sicurezza in sistemi multi-utente.</td></tr></table>
+
+ </td></tr><tr><td>
+ Attacchi Denial of Service (DoS)
+ </td><td>
+ Gli attaccanti o gruppi di attaccanti si coordinano contro la rete di una organizzazione o contro le risorse di un server, inviando pacchetti non autorizzati all'host obiettivo (può essere un server, un router o una workstation). Ciò induce la risorsa a diventare non disponibile agli utenti legittimi.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Il caso più famoso di DoS si è verificato negli USA nel 2000. Molti siti commerciali e di governo ad alto traffico, sono stati resi in-disponibili da un attacco coordinato di ping flood usando diversi sistemi compromessi a banda larga, che agivano da <em class="firstterm">zombie</em> o nodi rimbalzanti di pacchetti broadcast.</td></tr><tr><td>Il mittente dei pacchetti, di solito, viene falsificato (oltre ad essere ritrasmesso) rendendo arduo scoprire l'origine dell'attacco.</td></tr><tr><td>Migliorare il filtraggio dei pacchetti in ingresso (IETF rfc2267), usando <code class="command">iptables</code> e sistemi di intrusione (IDS) come <code class="command">snort</code>, possono aiutare gli amministratori a individuare e prevenire attacchi DoS distribuiti.</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Indietro</strong>1.3.3.5. Le necessità future</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Avanti</strong>1.5. Aggiornamenti di sicurezza</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html
new file mode 100644
index 0000000..e3ba732
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. Archivi 7-Zip cifrati" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="4.2.4.3. Istruzioni d'uso passo passo" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="4.2.4.5. 7-Zip e gli altri sistemi operativi" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docume
ntation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI">4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI</h4></div></div></div><div class="para">
+ Gli archivi 7-Zip possono essere estratti come qualsiasi altro archivio via GUI ma la creazione di un archivio 7-Zip sicuro richiede dei passaggi aggiuntivi.
+ </div><div class="para">
+ Di seguito si riportano le istruzioni per comprimere e cifrare la propria cartella <code class="filename">Documenti</code>. La cartella <code class="filename">Documenti</code> originaria, rimane inalterata. Questa tecnica si può applicare a tutte le altre cartelle o file del sistema a cui si ha accesso. Si presume di lavorare in ambiente GNOME.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Aprire il file browser: Cliccare Attività -> File
+ </div></li><li class="listitem"><div class="para">
+ Tasto-destro sulla cartella "Documenti"
+ </div></li><li class="listitem"><div class="para">
+ Selezionare l'opzione "Comprimi"
+ </div></li><li class="listitem"><div class="para">
+ Selezionare ".7z" come estensione del file
+ </div></li><li class="listitem"><div class="para">
+ Espandere la voce "Altre opzioni"
+ </div></li><li class="listitem"><div class="para">
+ Controllare "Criptare anche la lista dei file"
+ </div></li><li class="listitem"><div class="para">
+ Fornire una password nel campo password
+ </div></li><li class="listitem"><div class="para">
+ Cliccare sul pulsante "Crea"
+ </div></li></ul></div><div class="para">
+ Apparirà il file "Documents.7z" nella cartella home. Se si tenta di aprirlo, verrà richiesta la password dell'archivio per poi mostrare il contenuto. Il file verrà aperto e potrà essere manipolato se la password fornita è corretta. Eliminare il file "Documents.7z" per concludere questa prova e tornare allo stato precedente.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Indietro</strong>4.2.4.3. Istruzioni d'uso passo passo</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Avanti</strong>4.2.4.5. 7-Zip e gli altri sistemi operativi</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
new file mode 100644
index 0000000..a4f3400
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.2. Instruzioni di installazione passo passo</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. Archivi 7-Zip cifrati" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. Archivi 7-Zip cifrati" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="4.2.4.3. Istruzioni d'uso passo passo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cla
ss="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">4.2.4.2. Instruzioni di installazione passo passo</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Aprire un Terminale: <code class="code">Cliccare Applicationi -> Strumenti di Sistema -> Terminale</code> oppure in GNOME 3: <code class="code">Attività -> Applicationi -> Terminale</code>
+ </div></li><li class="listitem"><div class="para">
+ Installare 7-Zip come utente root: <code class="code">sudo yum install p7zip</code>
+ </div></li><li class="listitem"><div class="para">
+ Chiudere il terminale: <code class="code">Ctrl+D</code>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Indietro</strong>4.2.4. Archivi 7-Zip cifrati</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Avanti</strong>4.2.4.3. Istruzioni d'uso passo passo</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
new file mode 100644
index 0000000..9c12e3c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.5. 7-Zip e gli altri sistemi operativi</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. Archivi 7-Zip cifrati" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html" title="4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docna
v"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">4.2.4.5. 7-Zip e gli altri sistemi operativi</h4></div></div></div><div class="para">
+ 7-Zip, per impostazione, non viene distribuito con microsoft windows o mac os x. Se si vuole usare 7-Zip su queste piattaforme occorre <a href="http://www.7-zip.org/download.html">scaricare</a> le versioni appropriate a questi sistemi operativi.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Indietro</strong>4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Avanti</strong>4.2.5. Usare GNU Privacy Guard (GnuPG)</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
new file mode 100644
index 0000000..7707dc8
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.3. Istruzioni d'uso passo passo</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. Archivi 7-Zip cifrati" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="4.2.4.2. Instruzioni di installazione passo passo" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html" title="4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">4.2.4.3. Istruzioni d'uso passo passo</h4></div></div></div><div class="para">
+ Di seguito si riportano le istruzioni per comprimere e cifrare la propria cartella <code class="filename">Documenti</code>. La cartella <code class="filename">Documenti</code> originaria, rimane inalterata. Questa tecnica si può applicare a tutte le altre cartelle o file del sistema a cui si ha accesso. Si presume di lavorare in ambiente GNOME.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Aprire un Terminale: <code class="code">Cliccare Applicationi -> Strumenti di Sistema -> Terminale</code>
+ </div></li><li class="listitem"><div class="para">
+ Comprimere e Cifrare: (inserire una password quando richiesto) <code class="code">7za a -mhe=on -ms=on -p Documenti.7z Documenti/</code>
+ </div></li></ul></div><div class="para">
+ La cartella <code class="filename">Documenti</code> è ora compressa e cifrata. Successivamente si sposta la cartella archivio da un'altra parte, dove verrà estratta.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Creare una nuova directory: <code class="code">mkdir nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Spostare la cartella archivio nella nuovaDirectory: <code class="code">mv Documenti.7z nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Spostarsi nella nuovaDirectory: <code class="code">cd nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Estrarre i file: (inserire la password, quando richiesto) <code class="code">7za x Documenti.7z</code>
+ </div></li></ul></div><div class="para">
+ I file estratti dall'archivio ora si trovano nella nuovaDirectory. Le seguenti istruzioni ripristinano le condizioni iniziali, rimuovendo tutti i file e directory create.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Spostarsi nella directory superiore: <code class="code">cd ..</code>
+ </div></li><li class="listitem"><div class="para">
+ Eliminare la cartella nuovaDirectory, contenente l'archivio e i file estratti: <code class="code">rm -rf nuovaDirectory</code>
+ </div></li><li class="listitem"><div class="para">
+ Chiudere il terminale: <code class="code">Ctrl+D</code>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Indietro</strong>4.2.4.2. Instruzioni di installazione passo passo</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>Avanti</strong>4.2.4.4. Creare un Archivio Sicuro 7-Zip via GUI</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
new file mode 100644
index 0000000..510b049
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4. Archivi 7-Zip cifrati</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Dati in Movimento" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="4.2.3.5. Link di interesse" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="4.2.4.2. Instruzioni di installazione passo passo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. Archivi 7-Zip cifrati</h3></div></div></div><div class="para">
+ <a href="http://www.7-zip.org/">7-Zip</a> è uno strumento di compressione file, cross-platform di prossima generazione, usato per proteggere il contenuto degli archivi con un robusto sistema di cifratura (AES-256). Ciò è particolarmente utile per trasferire dati tra computer con sistemi operativi diversi (p.e. Linux a casa, windows in ufficio), essendo una soluzione di archiviazione con sistema di cifratura portabile.
+ </div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">4.2.4.1. Installazione di 7-Zip in Fedora</h4></div></div></div><div class="para">
+ 7-Zip non è un pacchetto base di Fedora ma può essere scaricato dal repository. Una volta installato il pacchetto riceverà gli aggiornamenti come avviene con gli altri pacchetti del sistema, senza richiedere particolare manutenzione.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Indietro</strong>4.2.3.5. Link di interesse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Avanti</strong>4.2.4.2. Instruzioni di installazione passo passo</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
new file mode 100644
index 0000000..f804109
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.7. Sulla crittografia a chive pubblica</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html" title="4.2.5.6. Usare GPG con Thunderbird" /><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Capitolo 5. Principi generali di Sicurezza dell'Informazione" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentatio
n Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">4.2.5.7. Sulla crittografia a chive pubblica</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <a href="http://it.wikipedia.org/wiki/Crittografia_asimmetrica">Wikipedia - Crittografia asimmetrica</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://computer.howstuffworks.com/encryption.htm">How Encryption Works</a>
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Indietro</strong>4.2.5.6. Usare GPG con Thunderbird</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Avanti</strong>Capitolo 5. Principi generali di Sicurezza dell'I...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
new file mode 100644
index 0000000..cc8d452
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.3. Generare chiavi GPG con un terminale</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="4.2.5.2. Generare chiavi GPG in KDE" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html" title="4.2.5.4. Usare GPG con Alpine" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">4.2.5.3. Generare chiavi GPG con un terminale</h4></div></div></div><div class="para">
+ Usare il seguente comando di shell: <code class="code">gpg --gen-key</code>
+ </div><div class="para">
+ Il comando genera una coppia di chiavi, una pubblica ed una privata. I destinatari usano la chiave pubblica per autenticare e/o decifrare le comunicazioni. Distribuire la chiave pubblica alle persone interessate a ricevere comunicazioni autenticate come le mailing list. Il Fedora Documentation Project, per esempio, richiede ai propri partecipanti di indicare la propria chiave GPG nelle propria pagina personale.
+ </div><div class="para">
+ Una serie di prompt condurrano lungo processo di creazione. Per assegnare valori predefiniti basta premere il tasto <code class="code">Invio</code>. Il primo prompt richiede di selezionare il tipo di chiave:
+ </div><div class="para">
+
+<pre class="screen">Si prega di selezionare il tipo di chiave: ⏎ (1) RSA e RSA (predefinito)⏎ (2) DSA e Elgamal⏎ (3) DSA (solo firma)⏎ (4) RSA (solo firma)⏎ Selezione?</pre>
+ In quasi tutti i casi quella predefinita è la scelta corretta. Una chiave RSA permette non solo di firmare le comunicazioni ma anche di criptare i file.
+ </div><div class="para">
+ Quindi scegliere la dimensione della chiave:
+<pre class="screen">Le chiavi RSA dovrebbero avere una lunghezza compresa tra 1024 e 4096 bit. ⏎ Quale lunghezza si preferisce ? (2048)</pre>
+ Ancora, quella predefinita è sufficiente per quasi tutti gli utenti e rappresenta un buon livello di sicurezza.
+ </div><div class="para">
+ Dopodiché scegliere quando scadrà la chiave. E' una buona idea impostare una data di scadenza invece di usare il valore predefinito che è ''none''. Se per esempio l'indirizzo email coperto dalla chiave non è più valido, una data di scadenza avviserà i destinatari di non usare più quella chiave pubblica.
+ </div><div class="para">
+
+<pre class="screen">Si prega di specificare il tempo di validità della chiave.⏎ 0 = la chave non scade ⏎ d = la chiave scade in n giorni ⏎ w = la chiave scade in n settimane ⏎ m = la chiave scade n mesi ⏎ y = la chiave scade in n anni ⏎ La chiave è valida per ? (0)</pre>
+
+ </div><div class="para">
+ Inserendo per esempio <code class="code">1y</code>, la chiave avrà validità di un anno. (Tenere presente che è possibile modificare la scadenza anche successivamente).
+ </div><div class="para">
+ Prima di richiedere altre informazioni, appare il seguente prompt: <code class="code">Is this correct (y/n)?</code> Inserire <code class="code">y</code>, per terminare il processo.
+ </div><div class="para">
+ Successivamente, inserire il proprio nome ed indirizzo email. Ricordare che il processo di creazione di una chiave pubblica serve ad identificare se stessi come persone reali, inserire perciò il proprio nome reale. Non usare alias o nickname che potrebbero mascherare la propria identità.
+ </div><div class="para">
+ Inserire il proprio indirizzo email reale. Se si inserisce un indirizzo fasullo gli altri potrebbero avere dei problemi a rintracciare la chiave pubblica e potrebbe complicare l'autenticazione delle comunicazioni. Se per esempio la chiave GPG è impiegata per far parte della mailing list del Docs Project, inserire la email usata per accedere alla mailing list.
+ </div><div class="para">
+ Nel campo commento inserire alias o altre informazioni a piacere. (Alcune persone usano chiavi differenti per scopi differenti, identificando ciascuna chiave con un commento, come "Ufficio" o "Fedora Project").
+ </div><div class="para">
+ Al prompt di conferma, se tutte le informazioni sono corrette, digitare O per continuare o usare le altre opzioni per risolvere eventuali problemi. Infine inserire una passphrase per proteggere la propria chiave segreta. Il programma <code class="code">gpg</code> richiede di inserire due volte in successione la stessa passphrase, scongiurando errori di battitura.
+ </div><div class="para">
+ A questo punto, <code class="code">gpg</code> genera dei dati random garantendo una chiave segreta (pressocchè) unica. Per aiutare l'applicazione a migliorare la generazione random dei dati può essere efficace durante questa fase, spostare il mouse, digitare sulla tastiera o fare altre operazioni. Una volta completato questo passaggio, le chiavi sono pronte per l'uso:
+ </div><pre class="screen">
+pub 1024D/1B2AFA1C 2005-03-31 luigi votta (Fedora Docs Project) <lewis41 at fedoraproject.org>
+Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
+sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+</pre><div class="para">
+ Key fingerprint (impronta digitale) è una breve "firma" della propria chiave. Essa permette di confermare ai destinatari di aver ricevuto la chiave senza alcuna manomissione. Non occorre ricordare la propria fingerprint. Per visualizzarla basta usare il comando <code class="code"> gpg --fingerprint lewis41 at fedoraproject.org</code>.
+ </div><div class="para">
+ La "GPG key ID" (ID della chiave GPG) è composta da 8 numeri esadecimali (base 16: 0-F). Nell'esempio precedente l'ID della chiave GPG, è pari a 1B2AFA1C. In molte situazioni quando viene richiesto il proprio ID della chiave GPG, occorre anteporre il simbolo "0x" all'ID, come in "0x1B2AFA1C".
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si dimentica la passphrase la chiave non può più essere usata e tutti i dati cifrati con la chiave andranno perduti.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Indietro</strong>4.2.5.2. Generare chiavi GPG in KDE</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Avanti</strong>4.2.5.4. Usare GPG con Alpine</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
new file mode 100644
index 0000000..a461449
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.2. Generare chiavi GPG in KDE</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="4.2.5.3. Generare chiavi GPG con un terminale" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">4.2.5.2. Generare chiavi GPG in KDE</h4></div></div></div><div class="para">
+ Avviare il programma KGpg, selezionando <span class="guimenuitem"><strong>Applications > Utilities > Encryption Tool</strong></span>. Se è la prima volta che si usa KGpg, il programma avvia un wizard da cui creare una coppia di chiavi GPG. Occorre inserire il nome, l'indirizzo di posta ed un commento (opzionale). Si può indicare anche una scadenza per la chiave, come pure il grado di robustezza (numero di bit) e l'algoritmo di cifratura. Nella seconda pagina del wizard si richiede di inserire una passphrase, per poter usare la chiave. Al termine del processo di crezione la chiave compare nella finestra principale di <code class="code">KGpg</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si dimentica la passphrase la chiave non può più essere usata e tutti i dati cifrati con la chiave andranno perduti.
+ </div></div></div><div class="para">
+ Per trovare l'ID della chiave controllare alla colonna Key ID. In molti casi se richiesto si dovrebbe anteporre "0x" all'ID come in "0x6789ABCD". Si raccomanda di creare una copia di backup della chiave e di custodirla in un luogo sicuro.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Indietro</strong>4.2.5. Usare GNU Privacy Guard (GnuPG)</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Avanti</strong>4.2.5.3. Generare chiavi GPG con un terminale</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html
new file mode 100644
index 0000000..a5ff198
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.4. Usare GPG con Alpine</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="4.2.5.3. Generare chiavi GPG con un terminale" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Usare GPG con Evolution" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">4.2.5.4. Usare GPG con Alpine</h4></div></div></div><div class="para">
+ Se si usa il client di posta <span class="application"><strong>Alpine</strong></span> o <span class="application"><strong>Pine</strong></span>, per usare GPG occorre installare il pacchetto <span class="package">ez-pine-gpg</span> scaricabile da <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a>. Una volta installato, occorre modificare il file <code class="filename">~/.pinerc</code>. Ossia:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ il path <code class="filename">/home/username/bin</code> deve essere sostituito con il path del pacchetto installato
+ </div></li><li class="listitem"><div class="para">
+ individuare i due gpg-identifier dopo la stringa _RECIPIENTS_, e sostituirli con l'ID della chiave GPG. In questo modo spedendo un messaggio cifrato a qualcuno, il messaggio viene cifrato anche con la propria chiave; senza questa impostazione non sarebbe possibile leggere il messaggio nella cartella dei messaggi inviati.
+ </div></li></ol></div><div class="para">
+ La modifica dovrebbe assomigliare a qualcosa di simile:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Indietro</strong>4.2.5.3. Generare chiavi GPG con un terminale</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Avanti</strong>4.2.5.5. Usare GPG con Evolution</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html
new file mode 100644
index 0000000..a9ff013
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5.3. Firmare e cifrare email con Evolution</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Usare GPG con Evolution" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html" title="4.2.5.5.2. Verificare le email con Evolution" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html" title="4.2.5.6. Usare GPG con Thunderbird" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">4.2.5.5.3. Firmare e cifrare email con Evolution</h5></div></div></div><div class="para">
+ Firmare una email consente al destinatario di verficare l'autenticità della email, ossia del mittente. Il Fedora Project incoraggia caldamente i propri utenti a firmare le email, incluse quelle indirizzate alle mailing list dei vari progetti Fedora. Cifrare le email consente di leggere il loro contenuto soltanto ai destinatari, per questo motivo non cifrare le email inviate alle mailing list.
+ </div><div class="para">
+ Nelle impostazioni dell'account selezionare la scheda <span class="guilabel"><strong>Sicurezza</strong></span>. Per firmare le proprie email inserire nella casella di testo con l'etichetta <span class="guilabel"><strong>ID della chiave PGP/GPG</strong></span>, l'ID della propria chiave. Per cifrare le email, abilitare la casella con l'etichetta <span class="guilabel"><strong>Cifrare sempre per stessi quando si inviano messaggi cifrati</strong></span>. Un messaggio cifrato può anche essere firmato ed è una buona regola farlo. Al momento dell'invio di una email firmata Evolution richiede di inserire la passphrase per la chiave GPG (dopo tre tentativi falliti Evolution segnala un messaggio di errore). Se si abilita la casella con l'etichetta <span class="guilabel"><strong>Ricorda la password per il resto della sessione</strong></span>, non occorrere reinserire la passphrase per firmare o decifrare email nelle volte successive, a meno di non chiudere e riavviare una nuova
sessione.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Indietro</strong>4.2.5.5.2. Verificare le email con Evolution</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>Avanti</strong>4.2.5.6. Usare GPG con Thunderbird</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html
new file mode 100644
index 0000000..282196a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5.2. Verificare le email con Evolution</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Usare GPG con Evolution" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Usare GPG con Evolution" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html" title="4.2.5.5.3. Firmare e cifrare email con Evolution" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">4.2.5.5.2. Verificare le email con Evolution</h5></div></div></div><div class="para">
+ Evolution verifica automaticamente la validità di ogni messaggio ricevuto. Se Evolution non riesce a verificare la firma GPG di un messaggio a causa di una chiave pubbilca mancante (o manomessa), nella parte in basso del messaggio compare una banda rossa. Se il messaggio è stato verificato ma la chiave non risulta firmata nè localmente nè globalmente, il banner è di colore giallo. Se il messaggio è stato verificato e la chiave risulta firmata, il banner è verde. Cliccando sull'icona con il sigillo all'interno del banner, Evolution visualizza una finestra con informazioni di sicurezza sulla firma. Per aggiungere una chiave pubblica al proprio porta chiavi personale, usare la funzione di ricerca e l'indirizzo email del proprietario della chiave: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>. Per importare la chiave corretta occorre che l'ID della chiave coincida con le informazioni fornite da Evolution.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>Indietro</strong>4.2.5.5. Usare GPG con Evolution</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Avanti</strong>4.2.5.5.3. Firmare e cifrare email con Evolution</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html
new file mode 100644
index 0000000..ec74013
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5. Usare GPG con Evolution</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html" title="4.2.5.4. Usare GPG con Alpine" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html" title="4.2.5.5.2. Verificare le email con Evolution" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">4.2.5.5. Usare GPG con Evolution</h4></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">4.2.5.5.1. Configurare GPG per l'uso con Evolution</h5></div></div></div><div
class="para">
+ Per configurare GPG in <span class="application"><strong>Evolution</strong></span>, dal menu di <span class="application"><strong>Evolution</strong></span> selezionare <span class="guimenu"><strong>Modifica > </strong></span> → <span class="guisubmenu"><strong> > Preferenze</strong></span>. Nella finestra delle <span class="guilabel"><strong>Preferenze di Evolution</strong></span>, selezionare nel pannello di sinistra <span class="guilabel"><strong>Account di posta</strong></span>. Nel pannello di destra selezionare l'account di posta che si vuole autenticare. Poi premere il pulsante <span class="guibutton"><strong>Modifica</strong></span>. Nella finestra delle impostazioni <span class="guilabel"><strong>Editor account</strong></span>, selezionare la scheda <span class="guilabel"><strong>Sicurezza</strong></span>.
+ </div><div class="para">
+ Nel campo di testo etichettato <span class="guilabel"><strong>ID della chiave PGP/GPG</strong></span>, inserire l'ID della chiave GPG corrispondente a questo account di posta. Un metodo per scoprire l'ID della chiave è usare questo comando in un terminale: <code class="command">gpg --fingerprint EMAIL_ADDRESS</code>. L'ID della chiave coincide con gli ultimi otto caratteri (4 byte) del fingerprint della chiave. Può essere una buona idea abilitare anche la casella con l'etichetta <span class="guilabel"><strong>Cifrare sempre per se stessi quando si inviano messaggi cifrati</strong></span>. Si potrebbe anche abilitare la casella <span class="guilabel"><strong>Firmare sempre i messaggi in uscita quando si usa questo account</strong></span>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se le chiavi pubbliche non vengono contrassegnate come fidate non sarà possibie cifrare le email, a meno di non selezionare l'opzione <span class="guilabel"><strong>Dare sempre fiducia nel cifrare alle chiavi nel portachiavi personale</strong></span>. In tal caso si riceve un messaggio in cui si segnala il fallimento della verifica di fiducia.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>Indietro</strong>4.2.5.4. Usare GPG con Alpine</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>Avanti</strong>4.2.5.5.2. Verificare le email con Evolution</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html
new file mode 100644
index 0000000..43e5cd8
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.6. Usare GPG con Thunderbird</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. Usare GNU Privacy Guard (GnuPG)" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html" title="4.2.5.5.3. Firmare e cifrare email con Evolution" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="4.2.5.7. Sulla crittografia a chive pubblica" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_righ
t.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">4.2.5.6. Usare GPG con Thunderbird</h4></div></div></div><div class="para">
+ Fedora include Mozilla Thunderbird nel pacchetto <span class="package">thunderbird</span>, ed il pacchetto <span class="package">mozilla-mail</span> contenente l'applicazione di posta di Mozilla. Thunderbird è il client di posta raccomandato di Mozilla. Thunderbird è accessibile da <span class="guimenuitem"><strong>Applicazioni > Internet > Thunderbird Email</strong></span>.
+ </div><div class="para">
+ I prodotti Mozilla supportano varie estensioni, componenti che aggiungono nuove funzionalità alle applicazioni principali. Le estensioni Enigmail offrono supporto GPG ai client di posta di Mozilla. Esistono versioni di Enigmail sia per Mozilla Thunderbird sia per Mozilla Suite (Seamonkey). Il software Netscape di AOL è basato sui prodotti Mozilla e può usare queste estensioni.
+ </div><div class="para">
+ Per installare Enigmail su Fedora seguire le seguenti istruzioni.
+ </div><div class="para">
+ Enigmail usa il termine OpenPGP nei menu e tra le opzioni. GPG è una implementazione di OpenPGP ed entrambe le terminologie possono considerarsi equivalenti.
+ </div><div class="para">
+ Enigmail si può scaricare da <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a>.
+ </div><div class="para">
+ Per screenshot sull'impiego di Enigmail e GPG visitare <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">4.2.5.6.1. Installazione di Enigmail</h5></div></div></div><div class="para">
+ Enigmail è anche disponibile nei repository di Fedora e può essere installato usando il comando <code class="code">yum install thunderbird-enigmail</code> in un terminale. In alternativa si può procedere con l'ausilio grafico del Gestore dei pacchetti, selezionando <span class="guilabel"><strong>Sistema -> Amministrazione -> Aggiungi/Rimuovi Software</strong></span> dal menu principale, e installando il pacchetto denominato <span class="package">thunderbird-enigmail</span>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>Indietro</strong>4.2.5.5.3. Firmare e cifrare email con Evolution</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Avanti</strong>4.2.5.7. Sulla crittografia a chive pubblica</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html
new file mode 100644
index 0000000..7a5ac6f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5. Usare GNU Privacy Guard (GnuPG)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Dati in Movimento" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="4.2.4.5. 7-Zip e gli altri sistemi operativi" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="4.2.5.2. Generare chiavi GPG in KDE" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cla
ss="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Encryption-Using_GPG" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG">4.2.5. Usare GNU Privacy Guard (GnuPG)</h3></div></div></div><div class="para">
+ <span class="application"><strong>GnuPG</strong></span> (GPG) è usato per identificare gli utenti ed autenticare le comunicazioni, incluse quelle con persone non direttamente note. GPG consente a chi riceve una email firmata GPG di verificare l'autenticità del messaggio. In altre parole, GPG garantisce con ragionevole certezza che le comunicazioni firmate provengono effettivamente da chi ha le ha firmate. GPG è utile perchè impedisce a un terzo (l'intruso) di alterare il messaggio, intercettare conversazioni o corrompere codice.
+ </div><div class="para">
+ GPG può essere usato anche per firmare e/o cifrare i file sul proprio sistema o su un drive di rete. Ciò serve ad aumentare la protezione impedendo che un file venga alterato o letto da persone non autorizzate.
+ </div><div class="para">
+ Per poter usare GPG per autenticare o cifrare email occorre dapprima creare una coppia di chiavi, pubblica e privata. Una volta create, per poterle utilizzare occorre impostare il client di posta.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">4.2.5.1. Generare chiavi GPG in GNOME</h4></div></div></div><div class="para">
+ L'utilità Seahorse rende più facile la gestione della chiave GPG. E' possibile installare <span class="package">Seahorse</span> via riga di comando con <code class="code">su -c "yum install seahorse"</code> o via GUI usando <span class="application"><strong>Aggiungi/Rimuovi Software</strong></span>.
+ </div><div class="para">
+ Per creare una chiave selezionare <span class="application"><strong>Passwords and Keys</strong></span> per avviare l'applicazione <span class="application"><strong>Seahorse</strong></span>. Dal menu <code class="code">File</code> selezionare <code class="code">New</code> poi <code class="code">PGP Key</code> ed ancora <code class="code">Continue</code>. Digitare il proprio nome, indirizzo mail ed un commento opzionale di descrizione (ad esempio: John C. Smith, jsmith at example.com, The Man). Selezionare <code class="code">Create</code>. Nella finestra di dialogo verrà richiesta una password per la chiave. Sceglierne una forte ma anche facile da ricordare. Cliccare su <code class="code">OK</code> per creare la chiave.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si dimentica la passphrase la chiave non può più essere usata e tutti i dati cifrati con la chiave andranno perduti.
+ </div></div></div><div class="para">
+ Per trovare l'ID della chiave controllare alla colonna Key ID. In molti casi se richiesto si dovrebbe anteporre "0x" all'ID come in "0x6789ABCD". Si raccomanda di creare una copia di backup della chiave e di custodirla in un luogo sicuro.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Indietro</strong>4.2.4.5. 7-Zip e gli altri sistemi operativi</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Avanti</strong>4.2.5.2. Generare chiavi GPG in KDE</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
new file mode 100644
index 0000000..d525b64
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.5. Le necessità future</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Valutazione degli strumenti" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.3.3.4. VLAD lo scanner" /><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Rischi e Attacchi comuni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class
="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.3.3.5. Le necessità future</h4></div></div></div><div class="para">
+ Per ogni target e risorsa esistono molti strumenti disponibili. Esistono strumenti per reti wireless, reti Novell, sistemi windows, sistemi Linux ed altri ancora. Un altro aspetto importante da considerare, quando si analizzano le vulnerabilità, riguarda la sicurezza fisica, la selezione del personale e l'analisi delle reti vocali/PBX. Nuovi concetti come <em class="firstterm">war walking</em>, riguardanti la scansione perimetrale della struttura fisica in cui ha sede l'organizzazione, alla ricerca di vulnerabilità nelle reti wireless, sono alcuni concetti emergenti che si potrebbero investigare, e se necessario, includere in un'analisi di routine. L'immaginazione, il tempo e le risorse sono gli unici limiti per pianificare e condurre un'analisi di vulnerabilità.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Indietro</strong>1.3.3.4. VLAD lo scanner</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Avanti</strong>1.4. Rischi e Attacchi comuni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html
new file mode 100644
index 0000000..86e0ed8
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.2. Nessus</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Valutazione degli strumenti" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Valutazione degli strumenti" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.3.3.3. Nikto" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nessus"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.3.3.2. Nessus</h4></div></div></div><div class="para">
+ Nessus è uno scanner di sicurezza. L'architettura a plug-in di Nessus permette di personalizzare il suo utilizzo, secondo le necessità della rete e del sistema. Come ogni scanner, Nessus rimane uno strumento valido finchè rimane valido il database delle firme. Fortunatamente, Nessus è frequentemente aggiornato ed offre report completi, scansione degli host e ricerca in tempo reale di vulnerabilità. Si ricordi che potrebbero rivelarsi falsi positivi e falsi negativi, anche in uno strumento potente e frequentemente aggiornato come Nessus.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Il client e il server Nessus è disponibile nei repository di Fedora ma il suo uso richiede una iscrizione. Nessus è stato inserito in questo documento come riferimento per quegli utenti che potrebbero essere interessati ad usare questa diffusa applicazione.
+ </div></div></div><div class="para">
+ Per maggiori informazioni su Nessus, fare riferimento al sito web ufficiale, al seguente URL:
+ </div><div class="para">
+ <a href="http://www.nessus.org/"> http://www.nessus.org/ </a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Indietro</strong>1.3.3. Valutazione degli strumenti</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Avanti</strong>1.3.3.3. Nikto</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html
new file mode 100644
index 0000000..4837c8c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.3. Nikto</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Valutazione degli strumenti" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.3.3.2. Nessus" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.3.3.4. VLAD lo scanner" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nikto"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.3.3.3. Nikto</h4></div></div></div><div class="para">
+ Nikto è uno scanner di scrpit CGI (Common Gateway Interface). Nikto controlla le vulnerabilità in script CGI, ma in modo da essere evasivo così da eludere i sistemi anti-intrusione. Prima di usarlo, si consiglia di leggere attentamente la documentazione allegata alla sua distribuzione. Se si dispone di un server Web che serve script CGI, Nikto può essere una eccellente risorsa per controllare la sicurezza di questi server.
+ </div><div class="para">
+ Maggiori informazioni su Nikto, possono trovarsi al seguente URL:
+ </div><div class="para">
+ <a href="http://www.cirt.net/code/nikto.shtml"> http://www.cirt.net/code/nikto.shtml </a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Indietro</strong>1.3.3.2. Nessus</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Avanti</strong>1.3.3.4. VLAD lo scanner</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
new file mode 100644
index 0000000..5118401
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.4. VLAD lo scanner</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Valutazione degli strumenti" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.3.3.3. Nikto" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.3.3.5. Le necessità future" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.3.3.4. VLAD lo scanner</h4></div></div></div><div class="para">
+ VLAD è uno scanner di vulnerabilità sviluppato dal gruppo <acronym class="acronym">RAZOR</acronym> presso Bindview, Inc., che controlla la Top Ten dei problemi di sicurezza più comuni (probelmi SNMP, di condivisione file, ecc), nella lista SANS. Anche se non così ricco di funzionalità come Nessus, VLAD è comunque un buon investigatore.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ VLAD non è incluso in Fedora e non è supportato. E' stato inserito in questo documento come riferimento per quegli utenti che potrebbero essere interessati ad usare questa diffusa applicazione.
+ </div></div></div><div class="para">
+ Maggiori informazioni su VLAD, possono trovarsi sul sito web di RAZOR, al seguente URL:
+ </div><div class="para">
+ <a href="http://www.bindview.com/Support/Razor/Utilities/"> http://www.bindview.com/Support/Razor/Utilities/ </a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Indietro</strong>1.3.3.3. Nikto</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Avanti</strong>1.3.3.5. Le necessità future</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
new file mode 100644
index 0000000..d81b846
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5.3. DMZ e IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. Regole di FORWARD e NAT" /><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="3.8.5.2. Prerouting" /><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="3.8.6. Software maliziosi e indirizzi IP spoofed" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">3.8.5.3. DMZ e IPTables</h4></div></div></div><div class="para">
+ Si possono creare regole <code class="command">iptables</code> che re-indirizzino il traffico verso macchine dedicate, come server HTTP o FTP in una rete <acronym class="acronym">DMZ</acronym> (<em class="firstterm">demilitarized zone</em>). Una <acronym class="acronym">DMZ</acronym> è una speciale sottorete locale, dedicata quasi esclusivamente a fornire servizi verso reti pubbliche come Internet.
+ </div><div class="para">
+ Per esempio, per impostare una regola di re-indirizzamento, che instradi le richieste HTTP in ingresso verso un server HTTP dedicato su 10.0.4.2 (fuori dal range della LAN 192.168.1.0/24), si potrebbe usare la seguente regola di <code class="computeroutput">PREROUTING</code>:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.4.2:80</pre><div class="para">
+ Con questo comando, tutte le connessioni HTTP diretta alla porta 80 vengono instradate verso il server HTTP della sottorete DMZ. Questo tipo di segmentazione della rete si dimostra molto più sicuro, rispetto a connessioni HTTP dirette ad una macchina nella rete LAN interna.
+ </div><div class="para">
+ Se il server HTTP è configurato per accettare connessioni sicure, allora si dovrà re-instradare anche la porta 443.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Indietro</strong>3.8.5.2. Prerouting</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Avanti</strong>3.8.6. Software maliziosi e indirizzi IP spoofed</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
new file mode 100644
index 0000000..1b0c1dc
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5.2. Prerouting</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. Regole di FORWARD e NAT" /><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. Regole di FORWARD e NAT" /><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="3.8.5.3. DMZ e IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">3.8.5.2. Prerouting</h4></div></div></div><div class="para">
+ Per rendere pubblico un server delle rete interna, si può usare l'opzione <code class="option">-j DNAT</code> della catena PREROUTING specificando un indirizzo IP di destinazione e un numero di porta a cui indirizzare i pacchetti in ingresso richiedenti il servizio.
+ </div><div class="para">
+ Per esempio, per re-indirizzare le richieste HTTP al proprio server HTTP Apache, localizzato all'indirizzo 172.31.0.23, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80</pre><div class="para">
+ Questa regola specifica che la tabella <acronym class="acronym">NAT</acronym> usa la catena PREROUTING, re-indirizzando le richieste HTTP in ingresso, esclusivamente all'indirizzo IP 172.31.0.23.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se nella catena FORWARD è presente una policy predefinita di DROP, perchè il mascheramento IP sia possibile, occorre inserire in coda una regola di forward che re-indirizzi tutte le richieste HTTP. Per fare ciò, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT</pre><div class="para">
+ Questa regola re-indirizza tutte le richieste HTTP dal firewall al server HTTP Apache, dietro il firewall.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Indietro</strong>3.8.5. Regole di FORWARD e NAT</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Avanti</strong>3.8.5.3. DMZ e IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html
new file mode 100644
index 0000000..60e8b84
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9. Ulteriori risorse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="3.8.8. IPv6" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="3.8.9.2. Siti utili sui firewall" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.ht
ml"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. Ulteriori risorse</h3></div></div></div><div class="para">
+ Molti aspetti su firewall e Netfilter non sono stati adeguatamente esposti ed approfonditi in questo capitolo, che vuole essere una introduzione ed uno stimolo per ulteriori letture. Per chi volesse approfondire l'argomento, di seguito si riportano alcune interessanti risorse.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">3.8.9.1. Documentazione installata riguardante i firewall</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Per informazioni sul comando <code class="command">iptables</code> e le opzioni disponibili, vedere la <a class="xref" href="sect-Security_Guide-IPTables.html">Sezione 3.9, «IPTables»</a>.
+ </div></li><li class="listitem"><div class="para">
+ La pagina di man su <code class="command">iptables</code> contiene una spiegazione delle varie opzioni.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Indietro</strong>3.8.8. IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Avanti</strong>3.8.9.2. Siti utili sui firewall</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
new file mode 100644
index 0000000..f623b9d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2. Configurazione di un firewall di base</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="3.8.2.2. Abilitare e disabilitare il firewall" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Sec
urity_Guide-Firewalls.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. Configurazione di un firewall di base</h3></div></div></div><div class="para">
+ Così come in una costruzione medioevale il muro tagliafuoco tenta di prevenire la propagazione del fuoco, il firewall di un computer tenta di impedire che software maliziosi si propaghino nel computer. Un firewall serve anche ad impedire che utenti non autorizzati possano accedere al computer.
+ </div><div class="para">
+ In una installazione predefinita di Fedora esiste un firewall tra il proprio computer (o la rete locale), e una qualsiasi rete non sicura come ad esempio Internet. Esso imposta i servizi ai quali possono accedere gli utenti remoti. Un firewall correttamente configurato, può incrementare notevolmente la sicurezza del sistema. Si raccomanda di configurare un firewall su tutti i sistemi Fedora con una connessione ad internet.
+ </div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">3.8.2.1. <span class="application"><strong>Srtumento di Amministrazione Firewall</strong></span></h4></div></div></div><div class="para">
+ Durante l'installazione di Fedora, nella schermata <span class="guilabel"><strong>Configurazione Firewall</strong></span> si può abilitare un firewall di base come pure autorizzare su particolari schede di rete, servizi di ingresso e porte.
+ </div><div class="para">
+ Dopo l'installazione, è possibile cambiare queste preferenze utilizzando lo strumento <span class="application"><strong>Amministrazione Firewall</strong></span>.
+ </div><div class="para">
+ Per avviare l'applicazione, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # system-config-firewall</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewall_config.png" width="444" alt="Srtumento di Amministrazione Firewall" /><div class="longdesc"><div class="para">
+ Configurazione del livello di sicurezza
+ </div></div></div></div><h6>Figura 3.10. <span class="application">Srtumento di Amministrazione Firewall</span></h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ <span class="application"><strong>Amministrazione Firewall</strong></span> configura solo un firewall di base. Se il sistema necessita di regole più complesse, fare riferimento alla <a class="xref" href="sect-Security_Guide-IPTables.html">Sezione 3.9, «IPTables»</a> contenente i dettagli sulla configurazione di regole <code class="command">iptables</code>.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>Indietro</strong>3.8. Firewall</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Avanti</strong>3.8.2.2. Abilitare e disabilitare il firewall</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
new file mode 100644
index 0000000..0e3a892
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.4. Filtraggi IPTables comuni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="3.8.3.3. Salvare e ripristinare le regole IPTables" /><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. Regole di FORWARD e NAT" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. Filtraggi IPTables comuni</h3></div></div></div><div class="para">
+ Uno degli aspetti più importanti della sicurezza di rete è impedire l'accesso alla LAN da parte di attaccanti. L'integrità della LAN può essere garantita impostando stringenti regole di firewall.
+ </div><div class="para">
+ Tuttavia, una policy impostata per bloccare tutti i pacchetti in ingresso, uscita e re-instradati, renderebbe del tutto impossibile a firewall/gateway e agli utenti interni alla LAN la comunicazione fra loro e con le risorse esterne.
+ </div><div class="para">
+ Quindi gli amministratori, per consentire ai propri utenti di usufruire delle funzioni e delle applicazioni di rete, devono necessariamente aprire determinate porte alla comunicazione.
+ </div><div class="para">
+ Per esempio, per consentire l'accesso alla porta numero 80 <span class="emphasis"><em>sul firewall</em></span>, aggiungere la seguente regola:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</pre><div class="para">
+ Ciò permette agli utenti di esplorare i siti Internet che comunicano sulla porta standard numero 80. Per consentire l'accesso a siti web sicuri (per esempio, https://www.example.com/), occorre abilitare l'accesso anche attraverso la porta numero 443, come di seguito riportato:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Quando si crea un insieme di regole di <code class="command">iptables</code>, l'ordine è importante.
+ </div><div class="para">
+ Se una regola specifica di scartare qualsiasi pacchetto proveniente dalla sottorete 192.168.100.1/24, e questa è seguita da una regola che specifica di accettare i pacchetti provenienti dall'indirizzo 192.168.100.13 (che si trova all'interno della sottorete), allora la seconda regola viene ignorata.
+ </div><div class="para">
+ Per accettare i pacchetti provenienti da 192.168.100.13, la regola relativa deve precedere la regola che scarta i pacchetti prevenienti dalla sottorete.
+ </div><div class="para">
+ Per inserire una regola in una specifica posizione di una catena esistente, usare l'opzione <code class="option">-I</code>. Per esempio:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT</pre><div class="para">
+ Questa è la prima regola nella catena INPUT ed autorizza il traffico di loopback sul dispositivo.
+ </div></div></div><div class="para">
+ Per accedere ai servizi remoti di una LAN si possono usare servizi sicuri come SSH che impiegano connessioni cifrate.
+ </div><div class="para">
+ Nel caso di risorse basate su PPP (come modem o router ISP), si usano accessi dial-up per circuire le barriere del firewall. Trattandosi di connessioni dirette, le connessioni via modem tipicamente si trovano dietro un firewall/gateway.
+ </div><div class="para">
+ Per utenti con connessioni a banda larga, comunque, si presentano dei casi particolari. Si può configurare <code class="command">iptables</code> in modo da accettare connessioni via SSH. Per esempio, le seguenti regole consentono l'accesso remoto via SSH:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+[root at myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT</pre><div class="para">
+ Queste due regole autorizzano l'accesso in entrata e in uscita da un nodo, quale può essere un PC connesso direttamente ad Internet o un firewall/gateway, ma impediscono l'accesso al servizio ai nodi dietro al firewall/gateway. Per consentire a tutta la LAN di accedere a questo servizio, si potrebbe usare un <acronym class="acronym">NAT</acronym> (<em class="firstterm">Network Address Translation</em>) insieme a regole di filtraggio, <code class="command">iptables</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Indietro</strong>3.8.3.3. Salvare e ripristinare le regole IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Avanti</strong>3.8.5. Regole di FORWARD e NAT</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
new file mode 100644
index 0000000..277ff43
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5. Regole di FORWARD e NAT</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="3.8.4. Filtraggi IPTables comuni" /><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="3.8.5.2. Prerouting" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-F
irewalls-Common_IPTables_Filtering.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. Regole di <code class="computeroutput">FORWARD</code> e <acronym class="acronym">NAT</acronym></h3></div></div></div><div class="para">
+ La maggior parte dei provider ISP offrono, ai propri clienti, solo un numero limitato di indirizzi pubblici IP.
+ </div><div class="para">
+ Per questo motivo, gli amministratori devono disporre di un metodo che senza far uso di indirizzi IP pubblici, consenta ai nodi della LAN di accedere ai servizi Internet ed il metodo più comune consiste nell'usare indirizzi IP privati.
+ </div><div class="para">
+ I router di soglia (come i firewall) ricevono da Internet le trasmissioni in ingresso e re-indirizzano i pacchetti al nodo LAN interessato. Allo stesso modo, i firewall/gateway possono anche re-indirizzare le richieste in uscita, da un nodo LAN al servizio Internet remoto.
+ </div><div class="para">
+ Questo re-indirizzamento del traffico di rete, a volte, potrebbe diventare una minaccia, specialmente con l'alta disponibilità dei moderni strumenti di cracking, in grado di <span class="emphasis"><em>imitare</em></span> gli indirizzi IP <span class="emphasis"><em>interni</em></span>, mascherando la macchina remota dell'attaccante come un nodo della LAN.
+ </div><div class="para">
+ Per impedire tutto ciò, <code class="command">iptables</code> fornisce policy di routing e di forwarding (instradamento e re-indirizzamento), che se adeguatamente implementate impediscono un uso anormale delle risorse di rete.
+ </div><div class="para">
+ La catena <code class="computeroutput">FORWARD</code> consente ad un amministratore di controllare il routing dei pacchetti all'interno della LAN. Per esempio, per consentire il re-indirizzamento sull'intera LAN (assumendo che al firewall/gateway sia assegnato un indirizzo IP interno, associato alla scheda eth1), si possono usare le seguenti regole:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
+[root at myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT</pre><div class="para">
+ Queste regole stabiliscono che i sistemi dietro al firewall/gateway possono accedere alla intera rete interna. Ossia il gateway trasferisce i pacchetti da un nodo della LAN al nodo di destinazione, passando tutti i pacchetti attraverso la scheda <code class="filename">eth1</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione, la policy IPv4 nei kernel Fedora disabilita il supporto al forwarding IP e ciò impedisce a sistemi Fedora di funzionare come router di soglia dedicati. Per abilitare il forwarding IP, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</pre><div class="para">
+ Questa modifica di configurazione, dura solo per la sessione corrente: non persiste dopo un riavvio della macchina o un riavvio dei servizi di rete. Per impostare permanentemente il forwarding IP, modificare il file <code class="filename">/etc/sysctl.conf</code> come indicato di seguito:
+ </div><div class="para">
+ Individuare la seguente riga:
+ </div><pre class="screen">net.ipv4.ip_forward = 0</pre><div class="para">
+ Modificarla come segue:
+ </div><pre class="screen">net.ipv4.ip_forward = 1</pre><div class="para">
+ Usare il seguente comando per abilitare le modifiche al file <code class="filename">sysctl.conf</code>:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -p /etc/sysctl.conf</pre></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading">3.8.5.1. Postrouting e mascheramento IP</h4></div></div></div><div class="para">
+ Per ora, l'impostazione del forwarding dei pacchetti via la scheda interna del firewall, consente ai nodi delle LAN di comunicare tra di loro ma essi non possono ancora comunicare esternamente, verso Internet.
+ </div><div class="para">
+ Per consentire ai nodi, con indirizzi IP privati, di comunicare con reti pubbliche esterne occorre configurare il firewall per il <em class="firstterm">mascheramento IP</em>, ossia mascherare le richieste provenienti dai nodi della LAN, con l'indirizzo IP della scheda di rete esterna del firewall (in questo caso, eth0):
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre><div class="para">
+ Questa regola usa la tabella di corrispondenza dei pacchetti, NAT (<code class="option">-t nat</code>) e specifica sulla scheda di rete esterna (<code class="option">-o eth0</code>), la catena POSTROUTING (<code class="option">-A POSTROUTING</code>).
+ </div><div class="para">
+ Quindi la regola POSTROUTING permette l'alterazione dell'indirizzo IP dei pacchetti mentre questi lasciano la scheda di rete esterna del firewall.
+ </div><div class="para">
+ Il target <code class="option">-j MASQUERADE</code> specifica di mascherare gli indirizzi IP privati con l'indirizzo IP esterno del firewall/gateway.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Indietro</strong>3.8.4. Filtraggi IPTables comuni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Avanti</strong>3.8.5.2. Prerouting</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
new file mode 100644
index 0000000..b48f84a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.7. IPTables e Connection Tracking</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="3.8.6. Software maliziosi e indirizzi IP spoofed" /><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="3.8.8. IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security
_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables e Connection Tracking</h3></div></div></div><div class="para">
+ E' possibile ispezionare e restringere l'accesso ai servizi, anche in base al loro <em class="firstterm">stato di connessione</em>. Un modulo all'interno di <code class="command">iptables</code> usa un metodo denominato <em class="firstterm">connection tracking</em> (tracciamento delle connessioni), per immagazzinare informazioni sulle connessioni in ingresso. Si può consentire o rifiutare l'accesso in base ai seguenti stati di connessione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — Un pacchetto che richiede una nuova connessione, come una richiesta HTTP
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — Un pacchetto che fa parte di una connessione esistente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — Un pacchetto che richiede una nuova connessione, ma che appartiene ad una connessione esistente. Per esempio, FTP usa la porta numero 21 per stabilire una connessione, ma i dati vengono trasmessi su una porta differente (tipicamente la porta 20).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — Un pacchetto che non fa parte di nessuna connessione della connection tracking.
+ </div></li></ul></div><div class="para">
+ Le funzioni di stato di <span class="emphasis"><em>connection tracking</em></span>, possono essere usate con qualsiasi protocollo di rete, anche con protocolli privi di stato (come UDP). Il seguente esempio mostra una regola che usa <span class="emphasis"><em>connection tracking</em></span>, trasferendo solo i pacchetti appartenenti ad una connessione <span class="emphasis"><em>ESTABLISHED e RELATED</em></span>:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Indietro</strong>3.8.6. Software maliziosi e indirizzi IP spoofed</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Avanti</strong>3.8.8. IPv6</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html
new file mode 100644
index 0000000..08c7860
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.8. IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="3.8.7. IPTables e Connection Tracking" /><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. Ulteriori risorse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-S
ecurity_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</h3></div></div></div><div class="para">
+ L'introduzione del nuovo Internet Protocol di futura generazione, l'IPv6, espande la limitazione degli indirizzi a 32bit di IPv4 (o IP). IPv6, infatti, supporta indirizzi a 128bit, e le reti compatibili con IPv6, presentano perciò una maggiore capacità di indirizzamento.
+ </div><div class="para">
+ Fedora supporta regole di firewall IPv6 usando Netfilter 6 e il comando <code class="command">ip6tables</code>. In Fedora 14, sia IPv4 sia IPv6, sono abilitati in modo predefinito
+ </div><div class="para">
+ La sintassi del comando <code class="command">ip6tables</code> è identica a <code class="command">iptables</code>, a parte il fatto che supporta indirizzi a 128bit. Per esempio, usare il seguente comando per abilitare connessioni SSH su un server di rete IPv6:
+ </div><pre class="screen">[root at myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT</pre><div class="para">
+ Per maggiori informazioni sulle reti IPv6, fare riferimento alla pagina web <a href="http://www.ipv6.org/">Welcome to the IPv6 Information Page! </a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Indietro</strong>3.8.7. IPTables e Connection Tracking</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Avanti</strong>3.8.9. Ulteriori risorse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
new file mode 100644
index 0000000..c43b50f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.6. Software maliziosi e indirizzi IP spoofed</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="3.8.5.3. DMZ e IPTables" /><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="3.8.7. IPTables e Connection Tracking" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. Software maliziosi e indirizzi IP spoofed</h3></div></div></div><div class="para">
+ Con <code class="command">iptables</code> si possono creare regole anche più elaborate per controllare l'accesso a specifiche sottoreti o anche a particolari nodi della LAN. E si può anche impedire che applicazioni o programmi sospetti, come trojan, worm e altri virus client/server contattino i loro server.
+ </div><div class="para">
+ Per esempio, alcuni trojan scansionano la rete alla ricerca di servizi attivi nel range di porte tra 31337 e 31340 (chiamate porte <span class="emphasis"><em>elite</em></span> nel gergo cracker).
+ </div><div class="para">
+ Dato che non esistono servizi legittimati che comunicano su queste porte non standard, bloccarle serve a ridurre la possibilità che nodi potenzialmente infetti sulla LAN, possano comunicare autonomamente, con i loro server remoti.
+ </div><div class="para">
+ Le seguenti regole, scartano tutto il traffico TCP che tenti di usare la porta 31337:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
+[root at myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP</pre><div class="para">
+ Si possono bloccare anche le connessioni esterne, che maliziosamente tentano di "imitare" (spoof) il range di indirizzi IP privati per intrufolarsi nella LAN.
+ </div><div class="para">
+ Per esempio, se la LAN usa il range 192.168.1.0/24, è possibile impostare una regola sulla scheda di rete esterna (connessa ad Internet, per esempio eth0), che scarti tutti i pacchetti con indirizzi IP nel range della LAN.
+ </div><div class="para">
+ Poichè per policy predefinita, si raccomanda di scartare i pacchetti re-indirizzati, qualsiasi indirizzo IP <span class="emphasis"><em>spoofed</em></span> proveniente dal dispositivo di rete esterno (eth0), viene a maggior ragione respinto.
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Esiste una differenza tra <code class="computeroutput">DROP</code> e <code class="computeroutput">REJECT</code> quando si tratta di regole <span class="emphasis"><em>aggiunte</em></span> in coda.
+ </div><div class="para">
+ <code class="computeroutput">REJECT</code> rifiuta l'accesso e ritorna un messaggio di <code class="computeroutput">connessione rifiutata</code> agli utenti che tentano di connettersi al servizio. Il comando <code class="computeroutput">DROP</code>, come lascia intendere il nome, scarta i pacchetti senza nessun messaggio.
+ </div><div class="para">
+ Gli amministratori possono scegliere a propria discrezione quando usare le due opzioni. Comunque, per evitare confusione e ripetuti tentavi di connessione da parte di utenti, si raccomanda di usare l'opzione <code class="computeroutput">REJECT</code>.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Indietro</strong>3.8.5.3. DMZ e IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Avanti</strong>3.8.7. IPTables e Connection Tracking</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html
new file mode 100644
index 0000000..0ba60ef
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3. Usare IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. Firewall" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="3.8.2.6. Attivare il servizio IPTables" /><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="3.8.3.2. Policy di base" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Using_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. Usare IPTables</h3></div></div></div><div class="para">
+ Il primo passo da fare per utilizzare <code class="command">iptables</code>, è avviare il servizio <code class="command">iptables</code>. Usare il seguente comando per avviare il servizio <code class="command">iptables</code>:
+ </div><pre class="screen">[root at myServer ~] # service iptables start</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Il servizio <code class="command">ip6tables</code> può essere disabilitato se si usa solo il servizio <code class="command">iptables</code>. Se si disattiva il servizio <code class="command">ip6tables</code>, ricordarsi di disattivare anche la rete IPv6. Non lasciare mai attivo un dispositivo di rete, senza il firewall corrispondente.
+ </div></div></div><div class="para">
+ Per avviare <code class="command">iptables</code> al boot di sistema, usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre><div class="para">
+ In tal caso, <code class="command">iptables</code> si avvia automaticamente nei runlevel 3, 4 o 5.
+ </div><div class="section" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax">3.8.3.1. Sintassi del comando iptables</h4></div></div></div><div class="para">
+ Il seguente esempio, illustra la sintassi di base del comando <code class="command">iptables</code>:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A <em class="replaceable"><code><chain></code></em> -j <em class="replaceable"><code><target></code></em></pre><div class="para">
+ L'opzione <code class="option">-A</code> specifica che la regola deve essere aggiunta alla <em class="firstterm"><chain></em> (catena). Ogni catena è costituita da una o più <em class="firstterm">rules</em> (regole) ed è perciò meglio nota come una <em class="firstterm">ruleset</em> (insieme di regole).
+ </div><div class="para">
+ Le tre catene preesistenti sono INPUT, OUTPUT e FORWARD. Queste catene sono permanenti e non possono essere eliminate. La catena specifica il punto in cui il pacchetto viene manipolato.
+ </div><div class="para">
+ L'opzione <code class="option">-j <em class="replaceable"><code><target></code></em></code> (obbiettivo), specifica un'azione ossia cosa fare se il pacchetto corrisponde alla regola. Esempi di target predefiniti sono ACCEPT, DROP e REJECT.
+ </div><div class="para">
+ Per maggiori informazioni su catene, opzioni e target disponibili, fare riferimento alle pagine di man su <code class="command">iptables</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Indietro</strong>3.8.2.6. Attivare il servizio IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Avanti</strong>3.8.3.2. Policy di base</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html
new file mode 100644
index 0000000..6498166
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8. Firewall</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="3.7.10.2. Siti utili su Kerberos" /><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. Configurazione di un firewall di base" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Firewalls" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Firewalls">3.8. Firewall</h2></div></div></div><div class="para">
+ La sicurezza nell'informazione comunemente è visto come un processo e non come un prodotto. Le implementazioni volte a garantire una sicurezza standard, solitamente impiegano dei meccanismi per il controllo degli accessi e per limitare le risorse di rete solo agli utenti autorizzati, identificabili e tracciabili. Fedora include molti strumenti per amministratori e ingegneri addetti alla sicurezza, utili per controllare gli accessi in ambito di rete.
+ </div><div class="para">
+ I firewall, figurano tra i componenti di base per una implementazione di rete sicura. Molti produttori di firewall commerciali, forniscono soluzioni per ogni livello di necessità: dai firewall per proteggere i PC di utenti domestici a quelli dedicati ai centri di elaborazioni dati. I firewall possono essere hardware a sè stanti, come i dispositivi realizzati da Cisco, Nokia e Sonicwall, oppure soluzioni software, come i firewall sviluppati da Checkpoint, McAfee e Symantec, per il mercato casalingo e aziendale.
+ </div><div class="para">
+ Oltre alla differenza fra firewall hardware e software, i firewall si distinguono anche nel loro modo di funzionare. La <a class="xref" href="sect-Security_Guide-Firewalls.html#tabl-Security_Guide-Firewalls-Firewall_Types">Tabella 3.2, «Tipi di firewall»</a> illustra tre tipi comuni di firewall e il loro funzionamento:
+ </div><div class="table" id="tabl-Security_Guide-Firewalls-Firewall_Types"><h6>Tabella 3.2. Tipi di firewall</h6><div class="table-contents"><table summary="Tipi di firewall" border="1"><colgroup><col width="10%" class="method" /><col width="30%" class="description" /><col width="30%" class="advantages" /><col width="30%" class="disadvantages" /></colgroup><thead><tr><th>
+ Metodo
+ </th><th>
+ Descrizione
+ </th><th>
+ Vantaggi
+ </th><th>
+ Svantaggi
+ </th></tr></thead><tbody><tr><td>
+ NAT
+ </td><td>
+ <em class="firstterm">NAT</em> (Network Address Translation), posiziona le sottoreti private dietro unico indirizzo IP pubblico o un limitato gruppo di indirizzi IP pubblici, mascherando tutte le richieste verso un'unica destinazione. Il kernel Linux presenta funzionalità NAT integrate tramite il sottosistema Netfilter.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Può essere configurato in modo trasparente alle macchine sulla LAN</td></tr><tr><td>· La protezione di macchine e servizi dietro uno o più indirizzi IP (esterni) semplifica i compiti di amministrazione</td></tr><tr><td>· Gli accessi in ingresso e in uscita dalla LAN possono essere configurati aprendo e chiudendo le porte sul firewall/gateway NAT</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Impossibile prevenire attività maliziose da parte di connessioni esterne al firewall</td></tr></table>
+
+ </td></tr><tr><td>
+ Filtro dei pacchetti
+ </td><td>
+ Un firewall di filtraggio dei pacchetti analizza tutti i pacchetti che passano attraverso la LAN. Può leggere e analizzare i pacchetti in base alle informazioni di intestazione, e filtrare i pacchetti secondo un insieme di regole programmabili implementate dall'amministratore. Il kernel Linux presenta funzionalità di filtraggio in modo nativo attraverso il sottosistema Netfilter.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Configurabile attraverso l'utlity <code class="command">iptables</code></td></tr><tr><td>· Non richiede nessuna configurazione sul lato client, poichè tutta l'attività di rete viene filtrata a livello router e non a livello applicazione</td></tr><tr><td>· Poichè i pacchetti non vengono trasmessi attraverso un proxy, le prestazioni di rete risultano più elevate grazie alla connessione diretta tra client ed host remoto</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· Impossibile filtrare i pacchetti per contenuto come avviene con un firewall proxy</td></tr><tr><td>· L'analisi dei pacchetti è a livello protocollo di trasmissione e non a livello applicazione</td></tr><tr><td>· Architetture di rete complesse possono rendere ardua la stesura delle regole di filtraggio, specialmente se combinate con <em class="firstterm">mascheramento IP</em> o sottoreti locali e con reti DMZ</td></tr></table>
+
+ </td></tr><tr><td>
+ Proxy
+ </td><td>
+ I firewall proxy filtrano tutte le richieste di un certo protocollo o tipo, dai client LAN ad una macchina proxy, che a nome del client le trasmette su Internet. Una macchina proxy agisce come un buffer fra utenti remoti maliziosi e i client della rete interna.
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· E' possibile controllare le applicazione e i protocolli in funzione all'esterno della LAN</td></tr><tr><td>· Alcuni server proxy mantengono una copia locale dei dati richiesti frequentemente invece di richiederli ogni volta su Internet. Ciò aiuta a ridurre il consumo di banda</td></tr><tr><td>· I servizi proxy possono registrare su file la loro attività (logging), permettendo un monitoraggio/controllo maggiore sull'utilizzo delle risorse di rete</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· I proxy spesso sono implementati per applicazioni specifiche (HTTP, Telnet, ecc.), oppure limitati ad un protocollo (la maggior parte dei proxy funziona solo con servizi TCP)</td></tr><tr><td>· Le applicazioni server non funzionano con i proxy, quindi per queste occorre usare una diversa forma di sicurezza</td></tr><tr><td>· I proxy possono diventare dei colli di bottiglia, in quanto tutto il traffico deve passare attraverso un intermediario</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter e IPTables</h3></div></div></div><div class="para">
+ Il kernel Linux fornisce un potente sottosistema di rete chiamato <em class="firstterm">Netfilter</em>. Netfilter è in grado di fornire filtraggio stateful o stateless, servizi NAT e mascheramento degli indirizzi IP. Inoltre può <em class="firstterm">alterare</em> le informazioni di intestazione dei pacchetti IP per il routing avanzato e gestire lo stato della connessione. Netfilter è controllato con lo strumento <code class="command">iptables</code>.
+ </div><div class="section" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview">3.8.1.1. Panoramica su IPTables</h4></div></div></div><div class="para">
+ La forza e la flessibilità di Netfilter si avvale di <code class="command">iptables</code>, uno strumento da terminale simile nella sintassi, al suo predecessore, <code class="command">ipchains</code>, sostituito da Netfilter/iptables a partire dal kernel 2.4.
+ </div><div class="para">
+ <code class="command">iptables</code> usa Netfilter per migliorare la connessione, l'ispezione e l'analisi della rete. Le caratteristiche di <code class="command">iptables</code> includono in una unica interfaccia da linea di comando logging avanzato, azioni <span class="emphasis"><em>pre- e post-routing</em></span>, <span class="emphasis"><em>network address translation</em></span> e <span class="emphasis"><em>port forwarding</em></span>.
+ </div><div class="para">
+ Questa sezione ha dato solo una breve descrizione di <code class="command">iptables</code>. Per informazioni più dettagliate, fare riferimento alla <a class="xref" href="sect-Security_Guide-IPTables.html">Sezione 3.9, «IPTables»</a>.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Indietro</strong>3.7.10.2. Siti utili su Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Avanti</strong>3.8.2. Configurazione di un firewall di base</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html
new file mode 100644
index 0000000..74f3988
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.6. Ulteriori risorse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="3.9.5. IPTables ed IPv6" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="3.9.6.2. Utili siti web su IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Secur
ity_Guide-IPTables-IPTables_and_IPv6.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">3.9.6. Ulteriori risorse</h3></div></div></div><div class="para">
+ Per altre informazioni sul filtraggio dei pacchetti con <code class="command">iptables</code> fare riferimneto alle seguenti risorse.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Firewalls.html">Sezione 3.8, «Firewall»</a> — E' un capitolo dedicato al ruolo dei firewall nell'ambito di una strategia di sicurezza globale con strategie per costruire regole di firewall.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation">3.9.6.1. Documentazione installata </h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man iptables</code> — Contiene una descrizione di <code class="command">iptables</code> con l'elenco completo dei targets, delle options e delle match extensions.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Indietro</strong>3.9.5. IPTables ed IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Avanti</strong>3.9.6.2. Utili siti web su IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
new file mode 100644
index 0000000..5cba024
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2. Opzioni di comando di IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="3.9.2.2. Opzioni di Comando" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Indie
tro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. Opzioni di comando di IPTables</h3></div></div></div><div class="para">
+ Le regole di filtraggio dei pacchetti si creano con il comando <code class="command">iptables</code>. I seguenti aspetti di ogni pacchetto sono spesso usati come criterio:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Type</em></span> — Specifica il tipo di pacchetti da filtrare.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Source/Destination</em></span> — Specifica i pacchetti da filtrare in base alla loro sorgente o destinazione.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Target</em></span> — Specifica il target (azione) da prendere sui pacchetti corrispondenti al criterio precedente.
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni su questi criteri, vedere la <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html">Sezione 3.9.2.4, «Match Option»</a> e la <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html">Sezione 3.9.2.5, «Opzioni target»</a>.
+ </div><div class="para">
+ Le opzioni usate con le regole di <code class="command">iptables</code> devono essere raggruppate in modo logico, in base allo scopo e alle condizioni della regola complessiva. Il resto di questa sezione spiega le opzioni più comuni usate con il comando <code class="command">iptables</code>.
+ </div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options">3.9.2.1. Struttura dei comandi iptabes</h4></div></div></div><div class="para">
+ Molti comandi <code class="command">iptables</code> hanno la seguente struttura:
+ </div><pre class="screen"><code class="computeroutput"> iptables [-t <em class="replaceable"><code><table-name></code></em>] <em class="replaceable"><code><command></code></em> <em class="replaceable"><code><chain-name></code></em> \ <em class="replaceable"><code><parameter-1></code></em> <em class="replaceable"><code><option-1></code></em> \ <em class="replaceable"><code><parameter-n></code></em> <em class="replaceable"><code><option-n></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><table-name></code></em> — Specifica la tabella a cui applicare la regola. Se non specificata si usa la tabella <code class="option">filter</code>.
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — Specifica l'azione da eseguire, come concatenare o eliminare una regola.
+ </div><div class="para">
+ <em class="replaceable"><code><chain-name></code></em> — Specifica la catena da modificare, creare o eliminare.
+ </div><div class="para">
+ <em class="replaceable"><code><parameter>-<option></code></em> — Parametri e relative opzioni che specificano come processare un pacchetto.
+ </div><div class="para">
+ La lunghezza e la complessità di un comando <code class="command">iptables</code> possono variare notevolmente, a seconda della situazione.
+ </div><div class="para">
+ Per esempio, un comando per rimuovere una regola da una catena può essere molto corto:
+ </div><div class="para">
+ <code class="command">iptables -D <em class="replaceable"><code><chain-name> <line-number></code></em></code>
+ </div><div class="para">
+ Al contrario, un comando che aggiunge una regola con una varietà di parametri e opzioni per filtrare i pacchetti di una sottorete, può risultare piuttosto lungo. Quando si costruiscono comandi <code class="command">iptables</code> è importante ricordare che alcuni parametri e opzioni possono richiedere ulteriori parametri e opzioni. Ciò produce un tipico effetto cascata: parametri che richiedono ulteriori parametri. Quindi perchè la regola costruita sia valida, occorre che ogni parametro e opzione della catena sia interamente soddisfatto.
+ </div><div class="para">
+ Digitare <code class="command">iptables -h</code> per visualizzare un elenco completo delle strutture dei comandi <code class="command">iptables</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Indietro</strong>3.9. IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Avanti</strong>3.9.2.2. Opzioni di Comando</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
new file mode 100644
index 0000000..90ca0ff
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.4. Script di controllo IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="3.9.3. Salvataggio delle regole IPTables" /><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="3.9.5. IPTables ed IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-I
PTables-Saving_IPTables_Rules.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. Script di controllo IPTables</h3></div></div></div><div class="para">
+ In Fedora, esistono due metodi di base per controllare <code class="command">iptables</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="application"><strong>Firewall Administration Tool</strong></span> (<code class="command">system-config-firewall</code>) — Interfaccia grafica per creare, attivare e salvare regole basilari per il firewall. Far riferimento a <a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">Sezione 3.8.2, «Configurazione di un firewall di base»</a> per maggiori informazioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/service iptables <em class="replaceable"><code><option></code></em></code> — Usato per manipolare varie funzionalità di <code class="command">iptables</code> tramite i suoi script di init. Le opzioni disponibili sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">start</code> — Se è stato configurato un firewall (ossia, esiste il file <code class="filename">/etc/sysconfig/iptables</code>), tutte le istanze di <code class="command">iptables</code> in esecuzione vengono arrestate e successivamente riavviate con il comando <code class="command">/sbin/iptables-restore</code>. Questa opzione funziona solo se non è caricato il modulo del kernel, <code class="command">ipchains</code>. Per verificare se il modulo è caricato, digitare come root il seguente comando:
+ </div><pre class="screen"><code class="command"> [root at MyServer ~]# lsmod | grep ipchains </code></pre><div class="para">
+ Se il comando non restituisce nessun output, vuol dire che il modulo non è stato caricato. In caso contrario usare il comando <code class="command">/sbin/rmmod</code> per rimuovere il modulo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">stop</code> — Se è in esecuzione un firewall, le regole di firewall in memoria sono scaricate insieme a tutti i moduli e ai componenti di iptables.
+ </div><div class="para">
+ Se nel file di configurazione <code class="filename">/etc/sysconfig/iptables-config</code> è stato modificato il valore della direttiva <code class="command">IPTABLES_SAVE_ON_STOP</code> dal valore predefinito (no) al valore <code class="command">yes</code>, le attuali regole sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le precedenti regole vengono salvate nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Per maggiori informazioni, vedere la <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Sezione 3.9.4.1, «File di configurazione degli script di controllo»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">restart</code> — Se è in esecuzione un firewall, le regole di firewall in memoria sono scaricate e il firewall è riavviato con le configurazioni presenti in <code class="filename">/etc/sysconfig/iptables</code>. Questa opzione funziona solo se il modulo del kernel <code class="command">ipchains</code> non è caricato.
+ </div><div class="para">
+ Se nel file di configurazione <code class="filename">/etc/sysconfig/iptables-config</code> è stato modificato il valore della direttiva <code class="command">IPTABLES_SAVE_ON_RESTART</code>, dal valore predefinito (no) al valore <code class="command">yes</code>, le attuali regole sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le precedenti regole vengono salvate nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Per maggiori informazioni, vedere la <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Sezione 3.9.4.1, «File di configurazione degli script di controllo»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">status</code> — Visualizza lo stato del firewall ed elenca tutte le regole attive.
+ </div><div class="para">
+ La configurazione predefinita per questa opzione è visualizzare gli indirizzi IP in formato numerico. Per la visualizzazione in formato nome dominio ed hostname, impostare nel file <code class="filename">/etc/sysconfig/iptables-config</code> il valore della direttiva <code class="command">IPTABLES_STATUS_NUMERIC</code> con il valore <code class="command">no</code>. Per maggiori informazioni sul file di configurazione <code class="filename">iptables-config</code>, vedere la <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">Sezione 3.9.4.1, «File di configurazione degli script di controllo»</a>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">panic</code> — Scarica tutte le regole di firewall. La policy di tutte le tabellle configurate viene impostata a <code class="command">DROP</code>.
+ </div><div class="para">
+ Questa opzione potrebbe essere utile quando si scopre che un server è compromesso. Piuttosto che spegnere o fisicamente diconnettere il sistema dalla rete si può usare questa opzione per fermare ogni traffico da/verso la rete, portando la macchina in uno stato ideale per analisi o altre investigazioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">save</code> — Salva le regole di firewall nel file <code class="filename">/etc/sysconfig/iptables</code> con il comando <code class="command">iptables-save</code>. Per maggiori informazioni, vedere la <a class="xref" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">Sezione 3.9.3, «Salvataggio delle regole IPTables»</a>.
+ </div></li></ul></div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ In IPv6 il controllo di netfilter avviene allo stesso modo come fin quì indicato, basta sostituire <code class="command">ip6tables</code> con <code class="command">iptables</code> nei comandi di <code class="command">/sbin/service</code>. Per maggiori informazioni su IPv6 e netfilter, vedere <a class="xref" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">Sezione 3.9.5, «IPTables ed IPv6»</a>.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">3.9.4.1. File di configurazione degli script di controllo</h4></div></div></div><div class="para">
+ Il comportamento degli init-script di <code class="command">iptables</code> è controllato dal file di configurazione <code class="filename">/etc/sysconfig/iptables-config</code>. Di seguto si riporta un elenco delle direttive contenute in questo file:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES</code> — All'avvio del firewall specifica una lista di moduli di <code class="command">iptables</code> da caricare. Questi possono includere componenti NAT e tracciatori di connessione.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES_UNLOAD</code> — Al riavvio o all'arresto del firewall tutti i moduli vengono scaricati. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Il valore predefinito. Usare questo valore al fine di garantire un corretto stato dopo un riavvio o arresto del firewall.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Usare questo valore soltanto se ci sono problemi nello scaricare i moduli.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_STOP</code> — All'arresto del firewall le regole correnti del firewall sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code>. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — All'arresto del firewall le regole esistenti sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le regole precedenti sono spostate nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Il valore predefinito. All'arresto del firewall le regole esistenti vengono perse.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_RESTART</code> — Al riavvio del firewall le regole correnti vengono salvate. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Al riavvio del firewall le regole esistenti sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e le regole precedenti vengono salvare nel file <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Il valore predefinito. Al riavvio del firewall le regole esistenti vengono perse.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_COUNTER</code> — Salva e ripristina i contatori di pacchetti e byte nelle regole di tutte le catene. Questa direttiva accetta i seguenti valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Salva i valori dei contatori.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Valore predefinito. I valori dei contatori vengono azzerati.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_STATUS_NUMERIC</code> — Visualizza gli indirizzi IP in formato numerico invece del formato basato su nomi (dominio ed hostname). Questa direttiva accetta due valori:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — Il valore predefinito. Restituisce gli indirizzi IP in formato numerico.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — Restituisce gli indirizzi in formato nome dominio ed hostname.
+ </div></li></ul></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Indietro</strong>3.9.3. Salvataggio delle regole IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Avanti</strong>3.9.5. IPTables ed IPv6</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html
new file mode 100644
index 0000000..63e819d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.5. IPTables ed IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="3.9.4. Script di controllo IPTables" /><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. Ulteriori risorse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide
-IPTables-IPTables_Control_Scripts.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-IPTables_and_IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables ed IPv6</h3></div></div></div><div class="para">
+ Il pacchetto <span class="application"><strong>iptables</strong></span> include il supporto per il protocollo Internet IPv6 di prossima generazione. Il comando usato per manipolare il netfilter IPv6 è <code class="command">ip6tables</code>.
+ </div><div class="para">
+ Le principali direttive di questo comando sono identiche a quelle del comando <code class="command">iptables</code>, ad eccezione della tabella <code class="command">nat</code> non ancora supportata. Ciò vuol dire che ad oggi non è possibile effettuare operazioni NAT (Network Address Translation), sugli indirizzi IPv6 come il mascheramento e il forwarding dei servizi.
+ </div><div class="para">
+ Le regole di <code class="command">ip6tables</code> sono salvate nel file <code class="filename">/etc/sysconfig/ip6tables</code> e le regole precedenti vengono salvate nel file <code class="filename">/etc/sysconfig/ip6tables.save</code>.
+ </div><div class="para">
+ Le opzioni di configurazione degli init-script si trovano nel file <code class="filename">/etc/sysconfig/ip6tables-config</code> e i nomi delle varie direttive variano di poco rispetto alle analoghe di <code class="command">iptables</code>.
+ </div><div class="para">
+ Per esempio, la direttiva <code class="command">IPTABLES_MODULES</code> del file <code class="filename">iptables-config</code> è equivalente alla direttiva <code class="command">IP6TABLES_MODULES</code> del file <code class="filename">ip6tables-config</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Indietro</strong>3.9.4. Script di controllo IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Avanti</strong>3.9.6. Ulteriori risorse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
new file mode 100644
index 0000000..f058913
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.3. Salvataggio delle regole IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="3.9.2.6. Elencare le opzioni" /><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="3.9.4. Script di controllo IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="
sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. Salvataggio delle regole IPTables</h3></div></div></div><div class="para">
+ Le regole create con il comando <code class="command">iptables</code> sono conservate in memoria. Se il sistema viene riavviato, prima del loro salvataggio, le regole <code class="command">iptables</code> vengono perse. Per rendere persistenti al riavvio del sistema, le regole di filtraggio dei pacchetti (netfilter) esse devono essere salvate: come root, lanciare il comando:
+ </div><pre class="screen"><code class="command">/usr/libexec/iptables.init save </code></pre><div class="para">
+ Il comando esegue lo script di init di <code class="command">iptables</code> che a sua volta esegue il programma <code class="command">/sbin/iptables-save</code>, scrivendo la configurazione di <code class="command">iptables</code> corrente nel file <code class="filename">/etc/sysconfig/iptables</code>. Il file <code class="filename">/etc/sysconfig/iptables</code> esistente è salvato come <code class="filename">/etc/sysconfig/iptables.save</code>.
+ </div><div class="para">
+ Al successivo riavvio del sistema, lo script di init di <code class="command">iptables</code> ri-applica le regole salvate in <code class="filename">/etc/sysconfig/iptables</code> usando il comando <code class="command">/sbin/iptables-restore</code>.
+ </div><div class="para">
+ Normalmente, è sempre una buona norma testare una nuova regola di <code class="command">iptables</code> prima di trasferirla nel file <code class="filename">/etc/sysconfig/iptables</code>; inoltre è possibile copiare le regole di <code class="command">iptables</code> da un file di un altro sistema. Ciò permette una rapida distribuzione delle regole di <code class="command">iptables</code> su più macchine.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Se si distribuisce il file <code class="filename">/etc/sysconfig/iptables</code> su altre macchine, per renderle effettive, riavviare il servizio iptables digitando il comando <code class="command">/sbin/service iptables restart</code>.
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Notare la differenza tra il comando <code class="command">iptables</code> <span class="emphasis"><em>command</em></span> (<code class="command">/sbin/iptables</code>), usato per manipolare tabelle e le relative catene, ed il comando <code class="command">iptables</code> <span class="emphasis"><em>service</em></span> (<code class="command">/sbin/iptables service</code>), usato per abilitare e disabilitare il servizio <code class="command">iptables</code> stesso.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Indietro</strong>3.9.2.6. Elencare le opzioni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Avanti</strong>3.9.4. Script di controllo IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html
new file mode 100644
index 0000000..3d5a7ea
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9. IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="3.8.9.3. Documentazione relativa" /><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. Opzioni di comando di IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-IPTables" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-IPTables">3.9. IPTables</h2></div></div></div><div class="para">
+ In Fedora sono inclusi avanzati strumenti di <em class="firstterm">packet filtering</em> (filtraggio dei pacchetti) — il processo che controlla il flusso dei pacchetti nello stack di rete del kernel a partire dal loro ingresso e fino al trasferimeto al nodo di destinazione. Le versioni del kernel precedenti alla 2.4, usavano regole <code class="command">ipchains</code> per filltrare i pacchetti suddividendo il filtraggio in passaggi successivi. Il kernel 2.4 ha introdotto <code class="command">iptables</code> (chiamato anche <em class="firstterm">netfilter</em>) che è simile a <code class="command">ipchains</code> ma che espande notevolmente l'analisi e il controllo sul filtraggio.
+ </div><div class="para">
+ Questo capitolo deliena le basi del filtraggio dei pacchetti spiegando le varie opzioni disponibili in <code class="command">iptables</code> e come preservare le regole impostate.
+ </div><div class="para">
+ Per istruzioni su come creare regole con <code class="command">iptables</code> e su come impostare un firewall basato su tali regole, fare riferimento alla <a class="xref" href="sect-Security_Guide-IPTables-Additional_Resources.html">Sezione 3.9.6, «Ulteriori risorse»</a>.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Il firewall predefinito nel kernel 2.4 e successivi, si basa su <code class="command">iptables</code> che non può essere usato in concomitanza con <code class="command">ipchains</code>. Quindi se <code class="command">ipchains</code> è attivo all'avvio del sistema, il kernel restituirà un errore indicando l'impossibilità di avviare <code class="command">iptables</code>.
+ </div><div class="para">
+ Le funzionalità di <code class="command">ipchains</code> non vengono influenzate da questo errore.
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables-Packet_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. Filtraggio pacchetti</h3></div></div></div><div class="para">
+ Il kernel Linux usa <span class="application"><strong>Netfilter</strong></span> per filtrare i pacchetti, autorizzando o meno il passaggio dei pacchetti nel sistema. Questa capacità è integrata nel kernel Linux e si basa su tre <em class="firstterm">tabelle</em> o <em class="firstterm">liste di regole</em>; esse sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">filter</code> — La tabella predefinita per gestire i pacchetti.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">nat</code> — La tabella usata per alterare i pacchetti che creano una nuova connessione e usata da <em class="firstterm">NAT</em> (<em class="firstterm">Network Address Translation</em>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">mangle</code> — La tabella usata per tipi specifici di alterazioni sui pacchetti.
+ </div></li></ul></div><div class="para">
+ Ogni tabella ha un gruppo di <em class="firstterm">catene</em> predefinite che corrispondono alle azioni eseguite da <code class="command">netfilter</code> sul pacchetto.
+ </div><div class="para">
+ Le catene predefinite della tabella <code class="option">filter</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Si applica ai pacchetti diretti all'host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Si applica ai pacchetti generati localmente.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Si applica ai pacchetti instradati attraverso l'host.
+ </div></li></ul></div><div class="para">
+ Le catene predefinite della tabella <code class="option">nat</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Altera i pacchetti in arrivo.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Altera i pacchetti generati localmente prima di inviarli all'esterno.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Altera i pacchetti prima di inviarli all'esterno.
+ </div></li></ul></div><div class="para">
+ Le catene predefinite della tabella <code class="option">mangle</code> sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — Altera i pacchetti diretti all'host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — Altera i pacchetti generati localmente prima di inviarli all'esterno.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — Altera i pacchetti instradati attraverso l'host.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — Altera i pacchetti in arrivo prima di instradarli.
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — Altera i pacchetti prima di inviarli all'esterno.
+ </div></li></ul></div><div class="para">
+ Ogni pacchetto ricevuto o inviato da un sistema Linux è controllato da almeno una tabella ed un pacchetto, prima di emergere dalla fine della catena, viene controllato dalle regole presenti nella tabella. Ogni regola ha il proprio formato e scopo, ma generalmente tutte con l'obiettivo di identificare il pacchetto e il particolare protocollo o servizio di rete e la sua provenienza o destinazione.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione, le regole di firewall sono salvate nei file <code class="filename">/etc/sysconfig/iptables</code> o <code class="filename">/etc/sysconfig/ip6tables</code>.
+ </div><div class="para">
+ Al boot di un sistema Linux, il servizio <code class="command">iptables</code> viene avviato prima di ogni servizio di DNS. Ciò significa che le regole di firewall possono riferirsi solo a indirizzi IP numerici (per esempio 192.168.0.1). Quindi eventuali nomi di dominio come host.example.com sono destinati inevitabilmente a sollevare errori.
+ </div></div></div><div class="para">
+ Quando un pacchetto viene intercettato o corrisponde ad una regola di una tabella, il sistema di packet filtering applica al pacchetto un <em class="firstterm">target</em> o azione. Se la regola specifica un target (azione) <code class="command">ACCEPT</code>, il pacchetto salta il resto dei controlli ed è autorizzato a proseguire verso la sua destinazione. Se la regola specifica un target (azione) <code class="command">DROP</code>, il pacchetto viene scartato senza inviare alcuna risposta all'host mittente. Se la regola specifica un'azione <code class="command">QUEUE</code>, il pacchetto è trasferito nello spazio utente. Se una regola specifica l'azione (opzionale) <code class="command">REJECT</code>, il pacchetto viene scartato e all'host mittente viene risposto con un messaggio di errore.
+ </div><div class="para">
+ Ogni catena ha una policy predefinita per i target (azioni) <code class="command">ACCEPT</code>, <code class="command">DROP</code>, <code class="command">REJECT</code> e <code class="command">QUEUE</code>. Se in una catena non esiste nessuna regola che si può applicare ad un pacchetto allora il pacchetto è soggetto alla policy predefinita.
+ </div><div class="para">
+ Il comando <code class="command">iptables</code> serve a configurare queste tabelle e all'occorrenza ad impostarne di nuove.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Indietro</strong>3.8.9.3. Documentazione relativa</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Avanti</strong>3.9.2. Opzioni di comando di IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
new file mode 100644
index 0000000..01273bd
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.4. Ulteriori moduli Match Option</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. Match Option" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="3.9.2.4.3. Protocollo ICMP" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="3.9.2.5. Opzioni target" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">3.9.2.4.4. Ulteriori moduli Match Option</h5></div></div></div><div class="para">
+ Altre match option sono disponibili nei moduli caricati dal comando <code class="command">iptables</code>.
+ </div><div class="para">
+ Per usare un modulo, caricare il modulo per nome usando l'opzione <code class="option">-m <em class="replaceable"><code><nome-del-modulo></code></em></code>.
+ </div><div class="para">
+ Per impostazione sono disponibili molti moduli. Si possono anche creare moduli personalizzati per aggiungere ulteriori funzionalità.
+ </div><div class="para">
+ Di seguito si riporta un elenco (parziale) dei moduli maggiormente usati:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ modulo <code class="option">limit</code> — Specifica quante volte applicare la regola.
+ </div><div class="para">
+ Assieme al "target" <code class="command">LOG</code>, il modulo <code class="option">limit</code> serve ad impedire che un flusso consistente di pacchetti possa riempire il file di log con messaggi ripetitivi o ad impedire di sovraccaricare il sistema.
+ </div><div class="para">
+ Per maggiori informazioni sul target <code class="command">LOG</code>, fare riferimento alla <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html">Sezione 3.9.2.5, «Opzioni target»</a>.
+ </div><div class="para">
+ Il modulo <code class="option">limit</code> presenta le seguenti opzioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--limit</code> — Imposta il numero massimo di corrispondenze per periodo, usando la coppia <code class="option"><em class="replaceable"><code><value>/<period></code></em></code>. Per esempio, specificando <code class="option">--limit 5/hour</code> si permettono cinque corrispondenze all'ora.
+ </div><div class="para">
+ Gli intervalli possono essere espressi in secondi, minuti, ore o giorni.
+ </div><div class="para">
+ Se non è specificato un numero o una stringa temporale si assume il valore predefinito <code class="option">3/hour</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--limit-burst</code> — Imposta il limite sul numero di pacchetti contemporanei gestiti dalla regola.
+ </div><div class="para">
+ Questa opzione è specificata con un intero e dovrebbe essere usata insieme all'opzione <code class="option">--limit</code>.
+ </div><div class="para">
+ Se non è specificato nessun valore, il valore predefinito è cinque (5).
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ modulo <code class="option">state</code> — Identifica lo stato di un pacchetto.
+ </div><div class="para">
+ Il modulo <code class="option">state</code> presenta le seguenti opzioni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--state</code> — Identifica un pacchetto con uno dei seguenti stati di connessione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — Il pacchetto fa parte di una connessione già instaurata. Questo stato è indispensabile per il mantenimento della connessione tra client e server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — Il pacchetto non fa parte di una connessione nota.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — Il pacchetto tenta di creare una nuova connessione o fa parte di una connessione bidirezionale non ancora vista. Questo stato è indispensabile per creare connessioni.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — Il pacchetto tenta di avviare una nuova connessione, legata in qualche mdo ad una connessione già esistente. Un esempio è il protocollo FTP che usa una connessione sulla porta 21 per il controllo del traffico ed una connessione separata sulla porta 20 per il trasferimento dei dati.
+ </div></li></ul></div><div class="para">
+ Questi stati di connessione possono essere usati in combinazione, separandoli con virgole come in <code class="option">-m state --state INVALID,NEW</code>.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ modulo <code class="option">mac</code> — Identifica l'indirizzo hardware MAC.
+ </div><div class="para">
+ Il modulo <code class="option">mac</code> presenta la seguente opzione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--mac-source</code> — Identifica i pacchetti spediti dall'indirizzo MAC della scheda di rete. Per escludere un indirizzo da una regola, usare il carattere punto esclamativo (<code class="option">!</code>) dopo l'opzione <code class="option">--mac-source</code>.
+ </div></li></ul></div></li></ul></div><div class="para">
+ Per altre opzioni disponibili con i moduli, fare riferimento alle pagine di man di <code class="command">iptables</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Indietro</strong>3.9.2.4.3. Protocollo ICMP</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Avanti</strong>3.9.2.5. Opzioni target</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
new file mode 100644
index 0000000..46a8dba
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.3. Protocollo ICMP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. Match Option" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="3.9.2.4.2. Protocollo UDP" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="3.9.2.4.4. Ulteriori moduli Match Option" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">3.9.2.4.3. Protocollo ICMP</h5></div></div></div><div class="para">
+ Per il protocollo ICMP (Internet Control Message Protocol) (<code class="option">-p icmp</code>) sono disponbili le seguenti match option:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--icmp-type</code> — Specifica il nome o il numero del tipo di ICMP. Per la lista dei nomi di ICMP validi usare il comando <code class="command">iptables -p icmp -h</code>.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Indietro</strong>3.9.2.4.2. Protocollo UDP</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Avanti</strong>3.9.2.4.4. Ulteriori moduli Match Option</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
new file mode 100644
index 0000000..f4656ae
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.2. Protocollo UDP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. Match Option" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. Match Option" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="3.9.2.4.3. Protocollo ICMP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">3.9.2.4.2. Protocollo UDP</h5></div></div></div><div class="para">
+ Queste sono le match option disponibili per il protocollo UDP (<code class="option">-p udp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — Specifica la porta di destinazione usando il nome del servizio, il numero o un range di numeri di porta. L'opzione <code class="option">--destination-port</code> è la versione estesa di <code class="option">--dport</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — Specifica la porta mittente usando il nome del servizio, il numero o un range di numeri di porta. L'opzione <code class="option">--source-port</code> è la versione estesa di <code class="option">--sport</code>.
+ </div></li></ul></div><div class="para">
+ Usando <code class="option">--dport</code> e <code class="option">--sport</code> per specificare un range di numeri, separare i due numeri con il carattere "due punti" (<code class="option">:</code>). Per esempio: <code class="option">-p udp --dport 3000:3200</code>. Il range di valori massimo è <code class="option">0:65535</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Indietro</strong>3.9.2.4. Match Option</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Avanti</strong>3.9.2.4.3. Protocollo ICMP</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html
new file mode 100644
index 0000000..6e33602
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.10. Ulteriori risorse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="3.7.9. Impostare autenticazioni cross realm" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="3.7.10.2. Siti utili su Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previou
s"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. Ulteriori risorse</h3></div></div></div><div class="para">
+ Per maggiori informazioni su Kerberos, fare riferimento alle seguenti risorse.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">3.7.10.1. Documentazione locale su Kerberos</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Kerberos V5 Installation Guide</em> e <em class="citetitle">Kerberos V5 System Administrator's Guide</em>, in formato PostScript ed HTML. Le guide si trovano nella directory <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code>, dove <em class="replaceable"><code><version-number></code></em> è la version del pacchetto <code class="command">krb5-server</code> installato.
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Kerberos V5 UNIX User's Guide</em>, in formato PostScript ed HTML. La guida si trova nella directory <code class="filename">/usr/share/doc/krb5-workstation-<em class="replaceable"><code><version-number></code></em>/</code>, in cui <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="command">krb5-workstation</code> installato.
+ </div></li><li class="listitem"><div class="para">
+ Pagine di man relative a Kerberos — Ci sono un buon numero di pagine man, che descrivono le varie applicazioni e i file di configurazione riguardanti una implementazione di Kerberos. Di seguito, si riporta un elenco delle più importanti pagine di man.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applicazioni Client</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kerberos</code> — Una introduzione al sistema Kerberos, in cui viene descritto come funzionano le credenziali, oltre a utili raccomandazioni su come ottenere e distruggere i ticket emessi da Kerberos. La parte finale della pagina di man, contiene i riferimenti ad ulteriori pagine.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kinit</code> — Descrive come usare questo comando per ottenere e memorizzare i ticket.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdestroy</code> — Descrive come usare questo comando per distruggere le credenziali Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man klist</code> — Descrive come usare questo comando per visualizzare le credenziali Kerberos memorizzate.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Applicazioni Amministrative</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kadmin</code> — Descrive come usare questo comando per amministrare il database Kerberos V5.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdb5_util</code> — Descrive come usare questo comando per creare ed effettuare operazioni amministrative di basso livello, sul database Kerberos V5.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">Applicazioni Server</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5kdc</code> — Descrive le opzioni disponibili da riga di comando per il KDC Kerberos V5.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kadmind</code> — Descrive le opzioni disponibili da riga di comando per l'AS Kerberos V5.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">File di Configurazione</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5.conf</code> — Descrive il formato e le opzioni disponibili, nel file di configurazione, per la libreria Kerberos V5.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdc.conf</code> — Descrive il formato e le opzioni disponibili, nel file di configurazione, per l'AS e il KDC Kerberos V5.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Indietro</strong>3.7.9. Impostare autenticazioni cross realm</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Avanti</strong>3.7.10.2. Siti utili su Kerberos</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
new file mode 100644
index 0000000..0cf7f38
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.6. Configurare un client Kerberos 5</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="3.7.5. Configurare un server Kerberos 5" /><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="3.7.7. Associazione tra Dominio e Realm" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Configurare un client Kerberos 5</h3></div></div></div><div class="para">
+ Impostare un client Kerberos 5 è meno complicato rispetto all'impostazione di un server. Come minimo, installare i pacchetti del client e fornire ogni client di un file di configurazione <code class="filename">krb5.conf</code>, valido. Sebbene <code class="command">ssh</code> e <code class="command">slogin</code> siano i metodi migliori per accedere da remoto ai client, nel caso esistessere ancora versioni kerberizzate di <code class="command">rsh</code> ed <code class="command">rlogin</code>, il loro utilizzo richiederebbe di apportare ulteriori modifiche ai file di configurazione.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Assicurarsi che il servizio di sincronizzazione del clock, tra il client Kerberos ed il KDC, funzioni correttamente. (Vedere la <a class="xref" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">Sezione 3.7.5, «Configurare un server Kerberos 5»</a>.) Inoltre prima di ogni configurazione, verificare che funzioni il DNS sul client Kerberos.
+ </div></li><li class="step"><div class="para">
+ Installare i pacchetti <code class="filename">krb5-libs</code> e <code class="filename">krb5-workstation</code> su tutte le macchine client. Fornire ogni macchina di un valido file <code class="filename">/etc/krb5.conf</code> (normalmente si può usare lo stesso file <code class="filename">krb5.conf</code> del KDC).
+ </div></li><li class="step"><div class="para">
+ Prima che una workstation del realm possa usare Kerberos, per autenticare gli utenti ai servizi <code class="command">ssh</code> o a versioni kerberizzate di <code class="command">rsh</code> o <code class="command">rlogin</code>, essa deve possedere il principal del proprio host, nel database di Kerberos. I server <code class="command">sshd</code>, <code class="command">kshd</code> e <code class="command">klogind</code> necessitano tutti di accedere alle chiavi del principal del servizio <span class="emphasis"><em>host</em></span>. Inoltre, per usare i servizi <code class="command">rsh</code> ed <code class="command">rlogin</code> kerberizzati, la workstation deve avere installato il pacchetto <code class="filename">xinetd</code>.
+ </div><div class="para">
+ Usando <code class="command">kadmin</code>, aggiungere sul KDC, un principal host per la workstation. In questo caso, l'istanza è l'hostname della workstation. Passare l'opzione <code class="command">-randkey</code> insieme al comando <code class="command">addprinc</code>, per creare il principal ed assegnarli una chiave casuale:
+ </div><pre class="screen">addprinc -randkey host/<em class="replaceable"><code>blah.example.com</code></em></pre><div class="para">
+ Una volta creato il principal, le chiavi possono essere estratte, eseguendo il comando <code class="command">kadmin</code> <span class="emphasis"><em>sulla workstation stessa</em></span>, seguito dal comando <code class="command">ktadd</code>:
+ </div><pre class="screen">ktadd -k /etc/krb5.keytab host/<em class="replaceable"><code>blah.example.com</code></em></pre></li><li class="step"><div class="para">
+ Per usare altri servizi kerberizzati, occorre dapprima avviarli. Di seguito si riporta una lista di alcuni comuni servizi kerberizzati e le istruzioni per abilitarli:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — OpenSSH usa GSS-API per autenticare gli utenti ai servizi, se client e server sono entrambi configurati con l'opzione <code class="option">GSSAPIAuthentication</code> abilitata. Se il client è configurato anche con l'opzione <code class="option">GSSAPIDelegateCredentials</code> abilitata, le credenziali utente vengono rese disponibili al sistema remoto.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rsh</code> e <code class="command">rlogin</code> — Per usare le versioni kerberizzate di <code class="command">rsh</code> ed <code class="command">rlogin</code>, abilitare <code class="command">klogin</code>, <code class="command">eklogin</code> e <code class="command">kshell</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">Telnet</code> — Per usare la versione kerberizzata di Telnet, abilitare <code class="command">krb5-telnet</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">FTP</code> — Per fornire accesso FTP, creare ed estrarre una chiave per il principal, impostando il root per il principal su <code class="computeroutput">ftp</code>. Assicurarsi di impostare l'instance con l'hostname completo del server FTP e poi abilitare <code class="command">gssftp</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IMAP</code> — Per usare un server IMAP kerberizzato v.5, occorre installare i pacchetti <code class="filename">cyrus-imap</code> e <code class="filename">cyrus-sasl-gssapi</code>. Quest'ultimo contiene i componenti Cyrus SASL che supportano l'autenticazione tramite GSS-API. Cyrus IMAP dovrebbe funzionare correttamente con Kerberos se l'utente <code class="command">cyrus</code> è in grado di trovare la chiave appropriata nel file <code class="filename">/etc/krb5.keytab</code>, ed il root per il principal è impostato su <code class="command">imap</code> (creato con <code class="command">kadmin</code>).
+ </div><div class="para">
+ Un'alternativa a <code class="filename">cyrus-imap</code> è data dal pacchetto <code class="filename">dovecot</code>, incluso anche in Fedora. Questo pacchetto contiene un server IMAP, ma per il momento senza alcun supporto per GSS-API e Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">CVS</code> — Per usare un server CVS kerberizzato, <code class="command">gserver</code> usa un principal con root impostato su <code class="computeroutput">cvs</code>; il resto è identico a <code class="command">pserver</code> di CVS.
+ </div></li></ul></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Indietro</strong>3.7.5. Configurare un server Kerberos 5</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Avanti</strong>3.7.7. Associazione tra Dominio e Realm</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
new file mode 100644
index 0000000..0ec6d19
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.5. Configurare un server Kerberos 5</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="3.7.4. Kerberos e PAM" /><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="3.7.6. Configurare un client Kerberos 5" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_G
uide-Kerberos-Kerberos_and_PAM.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Configurare un server Kerberos 5</h3></div></div></div><div class="para">
+ Quando si imposta Kerberos, installare dapprima il KDC. Se occorre impostare alcuni server slave, installare prima il master.
+ </div><div class="para">
+ Per configurare il primo KDC Kerberos, seguire i seguenti passaggi:
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Prima di configurare Kerberos, assicurarsi che il servizio di sincronizzazione del clock e il DNS, funzionino correttamente su tutti i client e server. Prestare particolare attenzione alla sincronizzazione dell'ora tra il server Kerberos e i suoi client. Se il server ed i client sono sfasati per più di cinque minuti, i client non possono autenticarsi presso il server. Questa sincronizzazione è necessaria in quanto impedisce ad un attaccante, che utilizzi un vecchio ticket, di mascherarsi come un utente fidato.
+ </div><div class="para">
+ Si consiglia di impostare un NTP (Network Time Protocol) anche se non si usa Kerberos. In Fedora è incluso nel pacchetto <code class="filename">ntp</code>. Per i dettagli su come impostare un server Network Time Protocol, fare riferimento al file <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code>, dove <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="filename">ntp</code> installato nel proprio sistema, o visitare il sito del progetto <a href="http://www.ntp.org">http://www.ntp.org</a>.
+ </div></li><li class="step"><div class="para">
+ Installare i pacchetti <code class="filename">krb5-libs</code>, <code class="filename">krb5-server</code> e <code class="filename">krb5-workstation</code>, sulla macchina che ospiterà il KDC. Questa macchina deve risultare molto sicura — se possibile, si dovrebbe eseguire esclusivamente il servizio KDC.
+ </div></li><li class="step"><div class="para">
+ Modificare il nome del realm e le associazioni tra domini e realm, nei file di configurazione <code class="filename">/etc/krb5.conf</code> e <code class="filename">/var/kerberos/krb5kdc/kdc.conf</code>. Per creare un semplice realm, sostituire le istanze di <em class="replaceable"><code>EXAMPLE.COM</code></em> e <em class="replaceable"><code>example.com</code></em> con il nome corretto del dominio — tenendo conto che il nome è "case sensitive" — e sostituire <em class="replaceable"><code>kerberos.example.com</code></em> con il nome del server KDC. Per convenzione, tutti i realm sono espressi con lettere maiuscole e tutti gli hostname e i domini in lettere minuscole. Per maggiori dettagli sui formati di questi file di configurazione, fare riferimento alle rispettive pagine di man.
+ </div></li><li class="step"><div class="para">
+ Creare il database usando l'utility da terminale, <code class="command">kdb5_util</code>:
+ </div><pre class="screen">/usr/kerberos/sbin/kdb5_util create -s</pre><div class="para">
+ Il comando <code class="command">create</code>, genera il database con le chiavi per il realm Kerberos. Lo switch <code class="command">-s</code>, invece, crea un file <em class="firstterm">stash</em> in cui è salvata la chiave del server master. Se il file <em class="firstterm">stash</em> non viene creato, il server Kerberos (<code class="command">krb5kdc</code>) richiede all'utente di inserire la password per il server master (usata per rigenerare la chiave), ad ogni suo avvio.
+ </div></li><li class="step"><div class="para">
+ Modificare il file <code class="filename">/var/kerberos/krb5kdc/kadm5.acl</code>. Questo file, usato dal comando <code class="command">kadmind</code>, determina i principal che hanno accesso amministrativo, con i relativi livelli, al database di Kerberos. Generalmente basta una semplice riga:
+ </div><pre class="screen">*/admin at EXAMPLE.COM *</pre><div class="para">
+ Gli utenti, generalmente, sono rappresentati nel database da un unico principal (con instanza <span class="emphasis"><em>NULL</em></span>, o vuota come <span class="emphasis"><em>joe at EXAMPLE.COM</em></span>). Con questa configurazione, gli utenti con un secondo principal con instanza <span class="emphasis"><em>admin</em></span> (per esempio, <span class="emphasis"><em>joe/admin at EXAMPLE.COM</em></span>) possono avere pieno controllo sul database Kerberos del realm.
+ </div><div class="para">
+ Dopo aver avviato il server, con il comando <code class="command">kadmind</code>, ogni utente può accedere ai suoi servizi eseguendo il comando <code class="command">kadmin</code> su un client o su un server del realm. Comunque, solo gli utenti elencati nel file <code class="filename">kadm5.acl</code>, possono modificare il contenuto del database, ad eccezione delle password.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ L'utility <code class="command">kadmin</code> comunica con il server <code class="command">kadmind</code>, ed usa Kerberos per l'autenticazione. Poichè, occorre il primo principal per effettuare una connessione con il server da amministrare, creare il principal con il comando <code class="command">kadmin.local</code>, specificatamente progettato per essere impiegato sullo stesso host del KDC e che non usa Kerberos per autenticazione.
+ </div></div></div><div class="para">
+ Per creare il primo principal, nel KDC, digitare il comando <code class="command">kadmin.local</code>:
+ </div><pre class="screen">/usr/kerberos/sbin/kadmin.local -q "addprinc <em class="replaceable"><code>username</code></em>/admin"</pre></li><li class="step"><div class="para">
+ Avviare Kerberos usando i seguenti comandi:
+ </div><pre class="screen">/sbin/service krb5kdc start
+/sbin/service kadmin start
+/sbin/service krb524 start</pre></li><li class="step"><div class="para">
+ Aggiungere i principal degli utenti, usando il comando <code class="command">addprinc</code> (dall'interfaccia di <code class="command">kadmin</code>). I comandi <code class="command">kadmin</code> e <code class="command">kadmin.local</code>, sono comandi da terminale che si interfaccano con il KDC. Una volta avviato il programma <code class="command">kadmin</code>, sono disponibili molti altri comandi simili ad <code class="command">addprinc</code>. Per maggiori informazioni su <code class="command">kadmin</code>, fare riferimento alla relative pagine di man.
+ </div></li><li class="step"><div class="para">
+ Verificare che il KDC emetta ticket. Per prima cosa, lanciare <code class="command">kinit</code> per ottenere un ticket e conservarlo in un credential cache. Poi, usare il comando <code class="command">klist</code> per visualizzare la lista delle credenziali in cache, e <code class="command">kdestroy</code> per rimuovere la lista e la credential cache.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per impostazione, <code class="command">kinit</code> tenta l'autenticazione usando lo stesso nome-utente dell'account di sistema (non del server Kerberos). Se il nome-utente non corrisponde ad un principal del database di Kerberos, <code class="command">kinit</code> segnala un messaggio d'errore. Per ovviare a questo problema, aggiungere a <code class="command">kinit</code> come argomento, il nome esatto del principal (<code class="command">kinit <em class="replaceable"><code><principal></code></em></code>).
+ </div></div></div></li></ol></div><div class="para">
+ Una volta completati questi passaggi, il server Kerberos dovrebbe essere attivo e funzionante.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Indietro</strong>3.7.4. Kerberos e PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Avanti</strong>3.7.6. Configurare un client Kerberos 5</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
new file mode 100644
index 0000000..ab0d639
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.7. Associazione tra Dominio e Realm</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="3.7.6. Configurare un client Kerberos 5" /><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="3.7.8. Impostare KDC secondari" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. Associazione tra Dominio e Realm</h3></div></div></div><div class="para">
+ Quando un client tenta di accedere ad un servizio di rete, esso conosce il nome del servizio (<span class="emphasis"><em>host</em></span>) ed il nome del server (<span class="emphasis"><em>foo.example.com</em></span>), ma poichè nella rete può esserci più di un realm, il client deve innanzittutto individuare il nome del realm in cui si trova il servizio.
+ </div><div class="para">
+ Per impostazione, il nome del realm coincide con il nome, in lettere maiuscole, del dominio DNS del server.
+ </div><div class="literallayout"><p>foo.example.org → EXAMPLE.ORG<br />
+ foo.example.com → EXAMPLE.COM<br />
+ foo.hq.example.com → HQ.EXAMPLE.COM<br />
+</p></div><div class="para">
+ In alcune configurazioni, ciò è sufficiente, ma in altre, il nome del realm derivato coincide con il nome di un realm inesistente. In queste situazioni, l'associazione tra il nome del dominio del server con il nome del suo realm, deve essere specificato nella sezione <span class="emphasis"><em>domain_realm</em></span> del file <code class="filename">krb5.conf</code>, nel sistema del client. Per esempio:
+ </div><pre class="screen">[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ La configurazione precedente specifica due associazioni. La prima specifica che ogni sistema nel dominio "example.com" appartiene al realm <span class="emphasis"><em>EXAMPLE.COM</em></span>. La seconda specifica che un sistema con il nome coincidente con "example.com" si trova nello stesso realm. (La distinzione tra un dominio e uno specifico host, è contrassegnata dalla presenza o assenza di un "." iniziale.) L'associazione può essere salvata anche direttamente nel server DNS.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Indietro</strong>3.7.6. Configurare un client Kerberos 5</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Avanti</strong>3.7.8. Impostare KDC secondari</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html
new file mode 100644
index 0000000..b832f1a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.3. Come funziona Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="3.7.2. Terminologia Kerberos" /><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="3.7.4. Kerberos e PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos
_Terminology.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-How_Kerberos_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Come funziona Kerberos</h3></div></div></div><div class="para">
+ Kerberos differisce dai tradizionali metodi di autenticazione basati su nome-utente/password. Infatti, invece di autenticare l'utente per ogni servizio, Kerberos usa un sistema di crittografia simmetrica e un terzo fidato (un KDC) per autenticare gli utenti ai vari servizi di rete. Quando un utente si autentica presso il KDC, il KDC restituisce, alla macchina dell'utente, un ticket specifico valido per la sessione ed ogni servizio kerberizzato cerca il ticket sulla macchina del client, invece di richiedere all'utente di autenticarsi con una password.
+ </div><div class="para">
+ Quando l'utente avvia una sessione su una workstation in una rete controllata da Kerberos, il suo principal viene trasmesso al KDC per una richiesta di TGT, da parte dell'Authentication Server. Questa richiesta può venir trasmessa dal programma di log-in o venir trasmessa dal programma <code class="command">kinit</code>, ad accesso avvenuto.
+ </div><div class="para">
+ A questo punto il KDC controlla il principal nel proprio database. Se il principal esiste, il KDC crea un TGT, che viene cifrato con la chiave dell'utente e restituito all'utente.
+ </div><div class="para">
+ Poi il programma di log-in o <code class="command">kinit</code>, decifra il TGT usando la chiave dell'utente, ottenuta dalla password dell'utente. Quindi la chiave dell'utente è usata soltanto sulla macchina del client e <span class="emphasis"><em>non</em></span> viene trasmessa nella rete.
+ </div><div class="para">
+ Sul TGT viene imposta una scadenza (usualmente tra dieci e ventiquattro ore), dopodichè viene conservato nella credential cache della macchina del client. La scadenza serve a limitare il periodo a disposizione di un eventuale attaccante, che sia entrato in possesso di un TGT compromesso. Una volta ottenuto il TGT, l'utente non deve re-inserire la propria password fino alla scadenza del TGT, a meno che non esca e rientri in una nuova sessione.
+ </div><div class="para">
+ Ogni volta che l'utente accede ad un servizio, il client usa il TGT per richiedere al TGS un nuovo ticket per quel determinato servizio. Il ticket è poi usato per autenticare l'utente al servizio.
+ </div><div class="warning"><div class="admonition_header"><h2>Avviso</h2></div><div class="admonition"><div class="para">
+ Il sistema Kerberos può essere compromesso se un utente si autentica presso un servizio non kerberizzato, trasmettendo una password in chiaro. L'utilizzo di un servizio non kerberizzato è fortemente scoraggiato. Tali servizi includono Telent ed FTP. L'utilizzo di altri protocolli cifrati, come i servizi sicuri SSH o SSL, comunque sono da preferirsi, sebbene non ideali.
+ </div></div></div><div class="para">
+ Quanto finora esposto, è soltanto una breve panoramica su come funziona l'autenticazione di Kerberos. Per maggiori informazioni fare riferimento ai link nella <a class="xref" href="sect-Security_Guide-Kerberos-Additional_Resources.html">Sezione 3.7.10, «Ulteriori risorse»</a>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per poter funzionare correttamente, Kerberos necessita dei seguenti servizi di rete:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Sincronizzazione approssimata del clock tra le macchine di rete.
+ </div><div class="para">
+ Nella rete dovrebbe essere configurato un programma di sincronizzazione del clock, come <code class="command">ntpd</code>. Per maggiori dettagli su come configurare un server Network Time Protocol, fare riferimento al file <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code>, dove <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="filename">ntp</code> installato.
+ </div></li><li class="listitem"><div class="para">
+ DNS (Domain Name Service)
+ </div><div class="para">
+ Assicurarsi che il DNS e gli host sulla rete siano correttamente configurati. Per maggiori informazioni, consultare <em class="citetitle">Kerberos V5 System Administrator's Guide</em> nella cartella <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em></code>, dove <em class="replaceable"><code><version-number></code></em> è la versione del pacchetto <code class="filename">krb5-server</code> installato.
+ </div></li></ul></div>
+
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Indietro</strong>3.7.2. Terminologia Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Avanti</strong>3.7.4. Kerberos e PAM</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html
new file mode 100644
index 0000000..17cdde7
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.2. Terminologia Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="3.7.3. Come funziona Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos.html"><strong>Indietro</strong></a
></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_Terminology"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Terminologia Kerberos</h3></div></div></div><div class="para">
+ Kerberos ha la propria terminologia per specificare i vari aspetti del servizio. Per capire il funzionamento di Kerberos, è importante conoscere il significato dei seguenti termini.
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Authentication Server (AS)</span></dt><dd><div class="para">
+ Un server di distribuzione di ticket che vengono rilasciati al client, per accedere ad un determinato servizio. Un AS risponde alle richieste dei client che non hanno o non hanno trasmesso le credenziali con una richiesta. Di solito è usato per accedere al server TGS (Ticket Granting Server), rilasciando un ticket TGT (Ticket Granting Ticket). Un server AS generalmente si trova sullo stesso host del KDC (Key Distribution Center).
+ </div></dd><dt class="varlistentry"><span class="term">testo cifrato</span></dt><dd><div class="para">
+ Dati crittati o non in chiaro
+ </div></dd><dt class="varlistentry"><span class="term">client</span></dt><dd><div class="para">
+ Una entità sulla rete (un utente, un host o una applicazione), che può ottenere un ticket da Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">credenziali</span></dt><dd><div class="para">
+ Un insieme di credenziali temporanee, che verificano l'identità di un client per un particolare servizio. Viene anche detto <span class="emphasis"><em>ticket</em></span>.
+ </div></dd><dt class="varlistentry"><span class="term">credential cache o file dei ticket</span></dt><dd><div class="para">
+ Un file contenente le chiavi per cifrare le comunicazioni tra l'utente ed i vari servizi. Kerberos 5 supporta una piattaforma per altri tipi di memorizzazione, come la memoria condivisa, ma i file sono maggiormente supportati.
+ </div></dd><dt class="varlistentry"><span class="term">funzione hash di cifratura</span></dt><dd><div class="para">
+ Una funzione hash usata per trasformare dati. I dati così manipolati, sono più sicuri rispetto ai dati originali, ma restano abbastanza semplici da decifrare da parte di un cracker esperto.
+ </div></dd><dt class="varlistentry"><span class="term">GSS-API</span></dt><dd><div class="para">
+ La GSS-API o Generic Security Service Application Program Interface (pubblicata da The Internet Engineering Task Force in RFC-2743), è un insieme di funzioni che offrono servizi di sicurezza. Questa API, mascherando il meccanismo sottostante, è usata da client e servizi per autenticazione reciproca. Se un servizio come cyrus-IMAP, usa GSS-API, allora esso può autenticarsi via Kerberos.
+ </div></dd><dt class="varlistentry"><span class="term">hash</span></dt><dd><div class="para">
+ Anche detto <em class="firstterm">valore hash</em>. E' un valore ottenuto passando una stringa ad una <em class="firstterm">funzione hash</em>. Questi valori sono tipicamente usati per essere sicuri che i dati trasmessi non siano stati manomessi.
+ </div></dd><dt class="varlistentry"><span class="term">funzione hash</span></dt><dd><div class="para">
+ Un modo per generare un "fingerprint" o firma su dei dati d'ingresso. Queste funzioni eseguono delle trasformazioni o alterazioni sui dati, producendo un <em class="firstterm">valore hash</em>.
+ </div></dd><dt class="varlistentry"><span class="term">chiave</span></dt><dd><div class="para">
+ I dati usati per cifrare o decifrare altri dati. I dati cifrati non possono essere decifrati senza la chiave appropriata o senza una straordinaria fortuna da parte del cracker.
+ </div></dd><dt class="varlistentry"><span class="term">Key Distribution Center (KDC)</span></dt><dd><div class="para">
+ Un servizio che invia ticket Kerberos e generalmente esegue sullo stesso host del TGS (Ticket Granting Server).
+ </div></dd><dt class="varlistentry"><span class="term">keytab (o tabella delle chiavi)</span></dt><dd><div class="para">
+ Un file contenente una lista in chiaro di <em class="firstterm">principal</em> e delle loro chiavi. Un server ottiene le chiavi necessarie dal file keytab invece di usare <code class="command">kinit</code>. Il file keytab predefinto è <code class="filename">/etc/krb5.keytab</code>. Il server d'amministrazione KDC, <code class="command">/usr/kerberos/sbin/kadmind</code>, è l'unico servizio che usa un altro file (esso usa <code class="filename">/var/kerberos/krb5kdc/kadm5.keytab</code>).
+ </div></dd><dt class="varlistentry"><span class="term">kinit</span></dt><dd><div class="para">
+ Il comando <code class="command">kinit</code> consente ad un principal già loggato di ottenere e memorizzare il TGT (Ticket Granting Ticket) iniziale. Per maggiori informazioni su <code class="command">kinit</code>, consultare le pagine di man relative.
+ </div></dd><dt class="varlistentry"><span class="term">principal (o nome del principal)</span></dt><dd><div class="para">
+ Il principal è il nome unico di un utente o servizio, abilitato ad autenticarsi presso Kerberos. Un principal segue la forma di <code class="computeroutput">root[/instance]@REALM</code>. Per un utente tipico, <code class="computeroutput">root</code> coincide con l'ID associato all'account utente. Il termine <code class="computeroutput">instance</code> è opzionale. Se il principal ha un <code class="computeroutput">instance</code>, esso viene separato dal <code class="computeroutput">root</code>, usando un carattere "forward slash" ("/"). Una stringa vuota ("") è considerata un <code class="computeroutput">instance</code> valido (differente dall'instance predefinito, <code class="computeroutput">NULL</code>), tuttavia il suo utilizzo può essere fonte di confusione. Tutti i principal di un realm hanno la propria chiave, derivata da una password se si tratta di utenti o impostata casualmente se si tratta di servizi.
+ </div></dd><dt class="varlistentry"><span class="term">realm</span></dt><dd><div class="para">
+ Una rete che usa Kerberos, composta da uno o più server KDC e un numero potenzialmente grande di client.
+ </div></dd><dt class="varlistentry"><span class="term">servizio</span></dt><dd><div class="para">
+ Un programma accessibile dalla rete.
+ </div></dd><dt class="varlistentry"><span class="term">ticket</span></dt><dd><div class="para">
+ Un insieme di credenziali temporanee che verificano l'identità di un client per un particolare servizio. Viene anche detto credenziali.
+ </div></dd><dt class="varlistentry"><span class="term">Ticket Granting Server (TGS)</span></dt><dd><div class="para">
+ Un server che distribuisce ticket per un servizio, girati agli utenti per accedere al servizio. Generalmente un TGS esegue sullo stesso host che ospita il KDC.
+ </div></dd><dt class="varlistentry"><span class="term">Ticket Granting Ticket (TGT)</span></dt><dd><div class="para">
+ Un ticket speciale che consente al client di ottenere ulteriori ticket senza dover inoltrare le richieste al KDC.
+ </div></dd><dt class="varlistentry"><span class="term">password non cifrata</span></dt><dd><div class="para">
+ Una password in chiaro o leggibile.
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos.html"><strong>Indietro</strong>3.7. Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Avanti</strong>3.7.3. Come funziona Kerberos</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
new file mode 100644
index 0000000..dfcb7ca
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.4. Kerberos e PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="3.7.3. Come funziona Kerberos" /><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="3.7.5. Configurare un server Kerberos 5" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos e PAM</h3></div></div></div><div class="para">
+ I servizi kerberizzati, in realtà, non fanno uso di PAM (Pluggable Authentication Modules) — questi servizi by-passano del tutto PAM. Comunque, installando il modulo <code class="filename">pam_krb5</code> (fornito con il pacchetto <code class="filename">pam_krb5</code>), le applicazioni che usano PAM possono far uso di Kerberos per l'autenticazione. Il pacchetto <code class="filename">pam_krb5</code> contiene alcuni file campione da cui è possibile configurare servizi come <code class="command">login</code> e <code class="command">gdm</code>, per autenticare gli utenti e per ottenere le credenziali iniziali da password. Se l'accesso ai server di rete avviene sempre tramite servizi kerberizzati o servizi che usano GSS-API, come IMAP, allora la rete può considerarsi ragionevolmente sicura.
+ </div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Gli amministratori dovrebbero vietare agli utenti di usare le password di Kerberos, per autenticarsi ai servizi di rete. Molti protocolli usati da questi servizi, non cifrano le password, vanificando i benefici del sistema Kerberos. Per esempio, non si dovrebbe consentire di accedere ai servizi Telnet, con la stessa password usata per autenticarsi presso Kerberos.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Indietro</strong>3.7.3. Come funziona Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Avanti</strong>3.7.5. Configurare un server Kerberos 5</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
new file mode 100644
index 0000000..0947d8f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.9. Impostare autenticazioni cross realm</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="3.7.8. Impostare KDC secondari" /><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. Ulteriori risorse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Ke
rberos-Setting_Up_Secondary_KDCs.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. Impostare autenticazioni cross realm</h3></div></div></div><div class="para">
+ Con autenticazione <span class="emphasis"><em>cross realm</em></span>, si indica la situazione in cui i client (tipicamente utenti), di un realm usano Kerberos per autenticarsi ai servizi appartenenti ad un diverso realm (tipicamente i servizi sono processi server in esecuzione su un particolare sistema).
+ </div><div class="para">
+ Nel caso più semplice, se un client di un realm di nome <code class="literal">A.EXAMPLE.COM</code>, vuole accedere ad un servizio del realm <code class="literal">B.EXAMPLE.COM</code>, entrambi i realm devono condividere una chiave per un principal di nome <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code>, ed entrame le chiavi devono possedere lo stesso <code class="literal">kvno</code> (key version number).
+ </div><div class="para">
+ Per fare questo, selezionare una password o passphrase molto robusta, e con il comando kadmin, creare un'istanza per il principal in entrambi i realm.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong></p></div><div class="para">
+ Usare il comando <code class="command">get_principal</code>, per verificare che entrambe le istanze abbiano identici <code class="literal">kvno</code>) e stesso tipo di cifratura.
+ </div><div class="important"><div class="admonition_header"><h2>Con il dump del Database, non funziona!</h2></div><div class="admonition"><div class="para">
+ Amministratori attenti alla sicurezza, potrebbero essere tentati di usare l'opzione <code class="literal">-randkey</code> del comando <code class="command">add_principal</code>, per assegnare una chiave casuale invece di usare una password; e poi effettuare un dump della nuova istanza, dal database del primo realm ed importarlo nel secondo. Ciò non funziona, a meno che non siano identiche le chiavi master nei database dei realm, poichè le chiavi contenute in un dump del database sono a loro volta cifrate con la chiave master.
+ </div></div></div><div class="para">
+ I client nel realm <code class="literal">A.EXAMPLE.COM</code> possono ora autenticarsi presso i servizi del realm <code class="literal">B.EXAMPLE.COM</code>. In altri termini, il realm <code class="literal">B.EXAMPLE.COM</code> si fida del realm <code class="literal">A.EXAMPLE.COM</code>, o più semplicemente <code class="literal">B.EXAMPLE.COM</code> si fida di <code class="literal">A.EXAMPLE.COM</code>.
+ </div><div class="para">
+ Ciò consente una conclusione importante: la fiducia cross-realm è per impostazione, unidirezionale. Il KDC del realm <code class="literal">B.EXAMPLE.COM</code> si fida dei client di <code class="literal">A.EXAMPLE.COM</code> autenticandoli ai servizi nel realm <code class="literal">B.EXAMPLE.COM</code>, ma questo fatto non dice nulla se i client nel realm <code class="literal">B.EXAMPLE.COM</code> siano fidati per autenticarsi ai servizi nel realm <code class="literal">A.EXAMPLE.COM</code>. Per stabilire la fiducia nell'altra direzione, entrambi i realm dovrebbero condividere una chiave per il servizio <code class="literal">krbtgt/A.EXAMPLE.COM at B.EXAMPLE.COM</code> (notare l'inversione dei due realm, rispetto all'esempio precedente).
+ </div><div class="para">
+ Se le relazioni di fiducia dirette, fossero l'unico metodo disponibile per fornire la fiducia fra realm, le reti contenenti realm multipli sarebbero molto difficili da impostare. Fortunatamente, la fiducia cross-realm è transitiva. Se i client di <code class="literal">A.EXAMPLE.COM</code> possono autenticarsi ai servizi di <code class="literal">B.EXAMPLE.COM</code> ed i client di <code class="literal">B.EXAMPLE.COM</code> possono autenticarsi ai servizi di <code class="literal">C.EXAMPLE.COM</code>, allora anche i client di <code class="literal">A.EXAMPLE.COM</code> possono autenticarsi ai servizi di <code class="literal">C.EXAMPLE.COM</code>, anche senza la fiducia diretta tra <code class="literal">C.EXAMPLE.COM</code> ed <code class="literal">A.EXAMPLE.COM</code>. Quindi, in una rete con realm multipli cui occorre dare fiducia reciproca, fare delle buone scelte iniziali sulle relazioni di fiducia da accordare, può contribuire a ridurre le complicazioni di configurazio
ne.
+ </div><div class="para">
+ Ora occorre affrontare il problema più comune: il sistema del client deve essere configurato in modo da poter dedurre il realm cui appartiene un servizio, e deve essere in grado di determinare, come ottenere le credenziali per i servizi nel realm.
+ </div><div class="para">
+ Innazitutto: il nome del principal, per un servizio offerto da un server in un realm, tipicamente ha la seguente struttura:
+ </div><div class="literallayout"><p>service/server.example.com at EXAMPLE.COM</p></div><div class="para">
+ In questo esempio, <span class="emphasis"><em>service</em></span> generalmente rappresenta il nome del protocollo (valori comuni possono essere <span class="emphasis"><em>ldap</em></span>, <span class="emphasis"><em>imap</em></span>, <span class="emphasis"><em>cvs</em></span> ed <span class="emphasis"><em>HTTP</em></span>), o l'<span class="emphasis"><em>host</em></span>; <span class="emphasis"><em>server.example.com</em></span> è il nome di dominio o FQDN del sistema su cui funziona il servizio, ed <code class="literal">EXAMPLE.COM</code> è il nome del realm.
+ </div><div class="para">
+ Per dedurre il realm a cui appartiene il servizio, i client molto spesso consultano il DNS o la sezione <code class="literal">domain_realm</code> nel file <code class="filename">/etc/krb5.conf</code>, associando un hostname (<span class="emphasis"><em>server.example.com</em></span>) o un nome di dominio (<span class="emphasis"><em>.example.com</em></span>) al nome del realm (<span class="emphasis"><em>EXAMPLE.COM</em></span>).
+ </div><div class="para">
+ Dopo aver individuato il realm cui appartiene un servizio, per ottenere le credenziali da usare per autenticarsi al servizio, il client deve determinare l'insieme dei realm da contattare e sapere in quale ordine contattarli.
+ </div><div class="para">
+ Ciò può avvenire in due modi.
+ </div><div class="para">
+ Il metodo predefinito, che non richiede esplicita configurazione, è di assegnare ai realm, i nomi di una gerarchia condivisa. Per esempio, si considerino i seguenti realm di nome <code class="literal">A.EXAMPLE.COM</code>, <code class="literal">B.EXAMPLE.COM</code> ed <code class="literal">EXAMPLE.COM</code>. Quando un client del realm <code class="literal">A.EXAMPLE.COM</code> tenta di autenticarsi presso un servizio di <code class="literal">B.EXAMPLE.COM</code>, per impostazione, tenta dapprima di ottenere le credenziali per il realm <code class="literal">EXAMPLE.COM</code>, e poi usando queste credenziali, di ottenere le credenziali per il realm <code class="literal">B.EXAMPLE.COM</code>.
+ </div><div class="para">
+ Il client, in questo scenario, tratta il nome del realm come un nome di DNS. In altre parole, il client rimuove ripetutamente i componenti dal proprio nome di realm, creando i nomi dei realm che si trovano in "cima" alla gerarchia, finchè non raggiunge un punto che si trova in "cima" al realm del servizio. A questo punto incomincia ad anteporre i componenti del nome del servizio, fino ad ottenere il realm del servizio. Ogni realm coinvolto nel processo è un altro "hop" (o salto).
+ </div><div class="para">
+ Per esempio, usando le credenziali in <code class="literal">A.EXAMPLE.COM</code>, un client vuole autenticarsi ad un servizio in <code class="literal">B.EXAMPLE.COM</code><code class="literal">A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> e <code class="literal">EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.COM at A.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> e <code class="literal">B.EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/B.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Un altro esempio: usando le credenziali in <code class="literal">SITE1.SALES.EXAMPLE.COM</code>, un client vuole autenticarsi ad un servizio in <code class="literal">EVERYWHERE.EXAMPLE.COM</code><code class="literal">SITE1.SALES.EXAMPLE.COM → SALES.EXAMPLE.COM → EXAMPLE.COM → EVERYWHERE.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">SITE1.SALES.EXAMPLE.COM</code> e <code class="literal">SALES.EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/SALES.EXAMPLE.COM at SITE1.SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">SALES.EXAMPLE.COM</code> e <code class="literal">EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.COM at SALES.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> e <code class="literal">EVERYWHERE.EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EVERYWHERE.EXAMPLE.COM at EXAMPLE.COM</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Un altro esempio, questa volta usando nomi di realm i cui nomi non hanno suffissi in comune (<code class="literal">DEVEL.EXAMPLE.COM</code> e <code class="literal">PROD.EXAMPLE.ORG</code><code class="literal">) DEVEL.EXAMPLE.COM → EXAMPLE.COM → COM → ORG → EXAMPLE.ORG → PROD.EXAMPLE.ORG </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">DEVEL.EXAMPLE.COM</code> e <code class="literal">EXAMPLE.COM</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.COM at DEVEL.EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> e <code class="literal">COM</code> condividono una chiave per <code class="literal">krbtgt/COM at EXAMPLE.COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">COM</code> e <code class="literal">ORG</code> condividono una chiave per <code class="literal">krbtgt/ORG at COM</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">ORG</code> e <code class="literal">EXAMPLE.ORG</code> condividono una chiave per <code class="literal">krbtgt/EXAMPLE.ORG at ORG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.ORG</code> e <code class="literal">PROD.EXAMPLE.ORG</code> condividono una chiave per <code class="literal">krbtgt/PROD.EXAMPLE.ORG at EXAMPLE.ORG</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Il metodo più complicato ma anche più flessibile, comporta la configurazione della sezione <code class="literal">capaths</code> nel file <code class="filename">/etc/krb5.conf</code>, permettendo ai client che hanno le credenziali per un realm di trovare il realm successivo nella catena, che eventualmente li autenticherà al server.
+ </div><div class="para">
+ L'interpretazione della sezione <code class="literal">capaths</code> è relativamente immediato: la voce iniziale nella sezione è il nome del realm in cui si trova il client. All'interno della sezione, si trovano elencati i realm intermedi, da cui il client deve ottenere le credenziali. Se non ci sono realm intermedi, si usa il valore ".".
+ </div><div class="para">
+ Ecco un esempio:
+ </div><div class="literallayout"><p> [capaths]<br />
+ A.EXAMPLE.COM = {<br />
+ B.EXAMPLE.COM = .<br />
+ C.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = C.EXAMPLE.COM<br />
+ }<br />
+<br />
+</p></div><div class="para">
+ Nell'esempio, i client nel realm <code class="literal">A.EXAMPLE.COM</code> possono ottenere le credenziali cross-realm per <code class="literal">B.EXAMPLE.COM</code>, direttamente dal KDC del realm <code class="literal">A.EXAMPLE.COM</code>.
+ </div><div class="para">
+ Se quei client vogliono contattare un servizio del realm <code class="literal">C.EXAMPLE.COM</code>, essi devono prima ottenere le credenziali dal realm <code class="literal">B.EXAMPLE.COM</code> (occorre che esista <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code>), e poi usare <code class="literal">queste</code> credenziali, per ottenere le credenzialli da usare nel realm <code class="literal">C.EXAMPLE.COM</code> (usando <code class="literal">krbtgt/C.EXAMPLE.COM at B.EXAMPLE.COM</code>).
+ </div><div class="para">
+ Se quei client vogliono contattare un servizio del realm <code class="literal">D.EXAMPLE.COM</code>, essi devono prima ottenere le credenziali dal realm <code class="literal">B.EXAMPLE.COM</code>, e poi quelle dal realm <code class="literal">C.EXAMPLE.COM</code>, prima di ottenere finalmente le credenziali da usare con il realm <code class="literal">D.EXAMPLE.COM</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Senza una sezione capath che indichi il contrario, Kerberos assume che la relazione di fiducia cross-realm, sia di tipo gerarchico.
+ </div><div class="para">
+ I client nel realm <code class="literal">A.EXAMPLE.COM</code> possono ottenere credenziali cross-realm, direttamente dal realm <code class="literal">B.EXAMPLE.COM</code>. Senza l'indicazione del ".", il client avrebbe provato ad usare una ricerca di tipo gerarchico; in questo caso:
+ </div><div class="literallayout"><p> A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM<br />
+<br />
+</p></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Indietro</strong>3.7.8. Impostare KDC secondari</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Avanti</strong>3.7.10. Ulteriori risorse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
new file mode 100644
index 0000000..3e7b642
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.8. Impostare KDC secondari</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="3.7.7. Associazione tra Dominio e Realm" /><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="3.7.9. Impostare autenticazioni cross realm" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. Impostare KDC secondari</h3></div></div></div><div class="para">
+ Per diverse ragioni, si potrebbe decidere di eseguire più KDC in un dato realm. In questo scenario, un KDC (il <span class="emphasis"><em>master KDC</em></span>) conserva una copia modificabile del database del realm ed esegue <code class="command">kadmind</code> (in qualità di <span class="emphasis"><em>admin server</em></span> del realm), ed uno o più KDC (<span class="emphasis"><em>slave KDC</em></span>) conservano copie locali in sola lettura del database, ed eseguono <code class="command">kpropd</code>.
+ </div><div class="para">
+ La procedura di propagazione master-slave assegna al master KDC il compito di replicare il suo database in un file temporaneo, per poi trasmetterlo a ciascuno dei suoi slave, i quali aggiornano in tal modo il contenuto della loro copia in sola lettura, ricevuta in precedenza, con il contenuto modificabile del master.
+ </div><div class="para">
+ Prima di procedere con l'impostazione di uno slave KDC, assicurarsi di copiare su ogni slave KDC i file <code class="filename">krb5.conf</code> e <code class="filename">kdc.conf</code> del master KDC.
+ </div><div class="para">
+ Avviare <code class="command">kadmin.local</code> da una shell di root, sul master KDC, ed usare il comando <code class="command">add_principal</code> per creare una nuova istanza del servizio <span class="emphasis"><em>host</em></span> sul master KDC, e poi usare il comando <code class="command">ktadd</code> per impostare simultaneamente una chiave casuale per il servizio e salvare la chiave nel file keytab predefinito, sul master. Questa chiave è usata dal comando <code class="command">kprop</code> per autenticazioni presso i server slave. Questa operazione va effettuata soltanto una volta, a prescindere dal numero di slave da installare.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin.local -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal root/admin at EXAMPLE.COM with password.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/masterkdc.example.com</code></strong>
+
+Principal "host/host/masterkdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/masterkdc.example.com</code></strong>
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ Avviare <code class="command">kadmin</code> da una shell di root sullo slave KDC, ed usare il comando <code class="command">add_principal</code> per creare una nuova istanza del servizio <span class="emphasis"><em>host</em></span> sullo slave KDC, e poi usare il comando <code class="command">ktadd</code> per impostare simultaneamente una chiave casuale per il servizio e salvare la chiave nel file keytab predefinito sullo slave. Questa chiave è usata dal servizio <code class="command">kpropd</code> per autenticare i client.
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -p jimbo/admin at EXAMPLE.COM -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal jimbo/admin at EXAMPLE.COM with password.
+
+<code class="prompt">Password for jimbo/admin at EXAMPLE.COM: </code>
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/slavekdc.example.com</code></strong>
+
+Principal "host/slavekdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/slavekdc.example.com at EXAMPLE.COM</code></strong>
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ Con il suo servizio chiavi, lo slave KDC potrebbe autenticare ogni client che vorrebbe connettersi. E, con un nuovo database di realm, non a tutti i client dovrebbe essere permesso di usufruire del servizio <code class="command">kprop</code> dello slave. Quindi, per limitare l'accesso, il servizio <code class="command">kprop</code> sullo slave KDC, accetta aggiornamenti solo per quei client i cui principal sono elencati nel file <code class="filename">/var/kerberos/krb5kdc/kpropd.acl</code>. Aggiungere a questo file, il nome del servizio host sul master KDC.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>echo host/masterkdc.example.com at EXAMPLE.COM > /var/kerberos/krb5kdc/kpropd.acl</code></strong></code></p></div><div class="para">
+ Una volta ricevuta una copia del database, lo slave KDC ha bisogno di conoscere la chiave, usata dal master, per cifrarlo. Se la chiave è conservata in un file <span class="emphasis"><em>stash</em></span> sul master KDC (tipicamente nel file <code class="filename">/var/kerberos/krb5kdc/.k5.REALM</code>), copiarlo sullo slave KDC usando un metodo sicuro, oppure creare un database fasullo e un identico file stash sullo slave KDC, usando il comando <code class="command">kdb5_util create -s</code> (il database fasullo verrà sovrascritto alla prima propagazione) e impiegando la stessa password.
+ </div><div class="para">
+ Assicurarsi che il firewall dello slave KDC permetta al master KDC di contattare lo slave sulla porta TCP 754 (<span class="emphasis"><em>krb5_prop</em></span>), ed avviare il servizio <code class="command">kprop</code>. Poi, verificare attentamente che il servizio <code class="command">kadmin</code> sia <span class="emphasis"><em>disabilitato</em></span>.
+ </div><div class="para">
+ A questo punto, effettuare un test manuale di propagazione del database, effettundo un <span class="emphasis"><em>dump</em></span> del database del realm sul KDC master, nel file predefinito <code class="filename">/var/kerberos/krb5kdc/slave_datatrans</code>, letto dal comando <code class="command">kprop</code>, e poi usare lo stesso comando per trasmettere il suo contenuto sullo slave KDC.
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>/usr/kerberos/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans</code></strong><code class="prompt">#</code> <strong class="userinput"><code>kprop slavekdc.example.com</code></strong></code></p></div><div class="para">
+ Con <code class="command">kinit</code>, verificare che un client, il cui file di configurazione <code class="filename">krb5.conf</code> nella lista dei KDC del realm, contiene soltanto il KDC slave, sia in grado di ricevere le credenziali iniziali dallo slave.
+ </div><div class="para">
+ Fatto ciò, creare uno script che effettui un <span class="emphasis"><em>dump</em></span> del database del realm ed esegua il comando <code class="command">kprop</code>, trasmettendo regolarmente il database ad ogni slave KDC; infine configurare il servizio <code class="command">cron</code> per la periodica esecuzione dello script.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Indietro</strong>3.7.7. Associazione tra Dominio e Realm</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Avanti</strong>3.7.9. Impostare autenticazioni cross realm</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html
new file mode 100644
index 0000000..4f79d3f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7. Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="3.6.5.3. Libri" /><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="3.7.2. Terminologia Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Kerberos" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Kerberos">3.7. Kerberos</h2></div></div></div><div class="para">
+ In un sistema di rete, le operazioni necessarie per garantire un livello di sicurezza e di integrità accettabile possono risultare piuttosto impegnative. Anche solo un'analisi per sapere quali servizi siano in esecuzione e in che modo siano utilizzati, può richiedere gli sforzi di alcuni amministratori.
+ </div><div class="para">
+ Inoltre, l'autenticazione degli utenti ai servizi di rete può essere rischiosa quando il metodo usato dal protocollo è intrinsecamente insicuro, come nel caso dei protocolli Telnet e FTP che inviano le password in rete senza cifratura.
+ </div><div class="para">
+ Kerberos è la maniera di soddisfare il bisogno di autenticazione dei protocolli che usano metodi spesso insicuri, contribuendo così ad aumentare la sicurezza globale della rete.
+ </div><div class="section" id="sect-Security_Guide-Kerberos-What_is_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Cos'è Kerberos?</h3></div></div></div><div class="para">
+ Kerberos è un protocollo di autenticazione di rete creato dal MIT e che utilizza un sistema di crittografia a chiave simmetrica<sup>[<a id="idm34703856" href="#ftn.idm34703856" class="footnote">14</a>]</sup>, senza richiedere alcun trasferimento di password.
+ </div><div class="para">
+ Di conseguenza, quando gli utenti si autenticano ai servizi che usano Kerberos, viene di fatto impedito ogni possibilità di intercettazione delle password da parte di attaccanti.
+ </div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">3.7.1.1. Vantaggi di Kerberos</h4></div></div></div><div class="para">
+ I principali servizi di rete usano schemi di autenticazione basati su password, in cui generalmente all'utente viene richiesto di farsi riconoscere con un nome utente e una password. Sfortunatamente, la trasmissione di queste informazioni di autenticazione, per molti servizi avviene in chiaro. Quindi perchè un tale schema sia sicuro, occorre che la rete sia inaccessibile dall'esterno e che tutti gli utenti ed i computer interni siano fidati.
+ </div><div class="para">
+ Ma anche nel caso di una rete interna fidata, nel momento in cui viene connessa ad Internet essa non può più considerarsi sicura: un attaccante che riesca ad accedere alla rete, potrebbe usare un semplice analizzatore di pacchetti o packet sniffer, per intercettare nome utente e password, compromettendo gli account utenti e l'integrità della intera rete.
+ </div><div class="para">
+ Il principale obbiettivo progettuale di Kerberos è eliminare la trasmissione in chiaro di password; quindi se correttamente configurato, Kerberos effettivamente elimina la minaccia dei packet sniffer.
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos">3.7.1.2. Svantaggi di Kerberos</h4></div></div></div><div class="para">
+ Anche se Kerberos aiuta a rimuovere comnuni e gravi minacce alla sicurezza, la sua implementazione, per una varietà di ragioni, può risultare complessa:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Migrare le password utenti da un database di password UNIX (standard), come <code class="filename">/etc/passwd</code> o <code class="filename">/etc/shadow</code> in un database di password Kerberos, può essere un'operazione tediosa, perchè al momento non esiste un meccanismo automatizzato. Fare riferimento alla Question 2.23 della Kerberos FAQ, al seguente link:
+ </div><div class="para">
+ <a href="http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html"> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a>
+ </div></li><li class="listitem"><div class="para">
+ Kerberos presenta solo una parziale compatibilità con il sistema PAM (Pluggable Authentication Modules), usato nei principali server Fedora. Per maggiori informazioni, vedere la <a class="xref" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">Sezione 3.7.4, «Kerberos e PAM»</a>.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos assume che ogni utente sia fidato, in un ambiente in cui generalmente l'utente e la rete non lo sono. Il suo obbiettivo principale è impedire il trasferimento in chiaro di password. Se un utente qualunque non autorizzato, riesce ad accedere ad uno degli host che distribuisce ticket, usati per l'autenticazione — denominato <em class="firstterm">KDC</em> (<em class="firstterm">Key Distribution Center</em>) — l'intero sistema di autenticazione Kerberos viene messo a rischio.
+ </div></li><li class="listitem"><div class="para">
+ Se si vuole che un'applicazione usi Kerberos, il codice sorgente dell'applicazione deve essere opportunamente modificato in modo da poter chiamare le librerie di Kerberos. Le applicazioni così adattate sono dette <em class="firstterm">Kerberos-aware</em> o <em class="firstterm">kerberizzate</em>. Per alcune applicazioni, ciò può essere problematico per motivi progettuali e dimensionali. Per altre applicazioni incompatibili, le modifiche devono essere fatte tenendo conto delle modalità di comunicazione tra server e client. Di nuovo, ciò potrebbe richiedere notevoli modifiche al codice originario. Le applicazioni closed-source che non supportano Kerberos per impostazione, sono spesso quelle più problematiche.
+ </div></li><li class="listitem"><div class="para">
+ Kerberos è una soluzione determinante/decisiva. Se usato in una rete, ogni password trasferita in chiaro ad un servizio non <em class="firstterm">kerberizzato</em>, diventa un rischio per la sicurezza. In tal caso, la rete non trae alcun vantaggio dall'uso di Kerberos. Quindi per rendere sicura una rete con Kerberos, <span class="emphasis"><em>tutte</em></span> le applicazioni client/server che trasmettono password in chiaro, devono essere <em class="firstterm">kerberizzate</em>.
+ </div></li></ul></div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm34703856" href="#idm34703856" class="para">14</a>] </sup>
+ Un sistema in cui sia il client sia il server condividono una chiave comune usata per cifrare/decifrare la comunicazione.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Indietro</strong>3.6.5.3. Libri</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Avanti</strong>3.7.2. Terminologia Kerberos</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
new file mode 100644
index 0000000..530f78a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.5. Link di interesse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. Cifratura disco con LUKS" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="4.2.3.4. Risultato finale" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. Archivi 7-Zip cifrati" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">4.2.3.5. Link di interesse</h4></div></div></div><div class="para">
+ Per ulteriori informazioni su LUKS o sulla cifratura di dischi rigidi in Fedora, fare riferimento ai seguenti link:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="https://code.google.com/p/cryptsetup/">LUKS - Linux Unified Key Setup</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="https://bugzilla.redhat.com/attachment.cgi?id=161912">HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive, pvmove, and a Fedora LiveCD</a>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Indietro</strong>4.2.3.4. Risultato finale</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Avanti</strong>4.2.4. Archivi 7-Zip cifrati</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
new file mode 100644
index 0000000..edf3448
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.3. Istruzioni passo passo</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. Cifratura disco con LUKS" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="4.2.3.2. Cifrare manualmente una Directory" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="4.2.3.4. Risultato finale" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">4.2.3.3. Istruzioni passo passo</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Accedere al runlevel 1: <code class="code">telinit 1</code>
+ </div></li><li class="listitem"><div class="para">
+ Riempire la partizione con dati casuali: <code class="code">scrub -p random /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Smontare la partizione <code class="filename">/home</code> esistente: <code class="code"> umount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ In caso di falllimento usare il comando <code class="code">fuser</code>, per trovare e terminare i processi che usano <code class="filename">/home</code>: <code class="code">fuser -mvk /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Verificare che la partizione /home sia stata smontata: <code class="code">cat /proc/mounts | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ Inizializzare la partizione: <code class="code">cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home</code>
+ </div></li><li class="listitem"><div class="para">
+ Aprire la partizione appena cifrata: <code class="code">cryptsetup luksOpen /dev/VG00/LV_home home</code>
+ </div></li><li class="listitem"><div class="para">
+ Verificare che esista la partizione: <code class="code">ls -l /dev/mapper | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ Creare un file system: <code class="code">mkfs.ext3 /dev/mapper/home</code>
+ </div></li><li class="listitem"><div class="para">
+ Montare la partizione: <code class="code">mount /dev/mapper/home /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Verificare che la partizione sia visibile: <code class="code">df -h | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ Aggiungere al file /etc/crypttab la seguente riga: <code class="code">home /dev/VG00/LV_home none</code>
+ </div></li><li class="listitem"><div class="para">
+ Modificare il file /etc/fstab eliminando la riga relativa a /home ed aggiungendo la riga <code class="code">/dev/mapper/home /home ext3 defaults 1 2</code>
+ </div></li><li class="listitem"><div class="para">
+ Controllare la correttezza della riga inserita in fstab digitando: <code class="code">mount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Ripristinare i contesti di SELinux predefiniti: <code class="code">/sbin/restorecon -v -R /home</code>
+ </div></li><li class="listitem"><div class="para">
+ Riavviare il sistema: <code class="code">shutdown -r now</code>
+ </div></li><li class="listitem"><div class="para">
+ La riga precedentemente inserita in <code class="filename">/etc/crypttab</code> (al passo 12), richiede di inserire al boot la passphrase di <code class="code">luks</code>.
+ </div></li><li class="listitem"><div class="para">
+ Accedere come root e ripristinare il backup.
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Indietro</strong>4.2.3.2. Cifrare manualmente una Directory</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Avanti</strong>4.2.3.4. Risultato finale</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
new file mode 100644
index 0000000..907ce04
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.4. Risultato finale</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. Cifratura disco con LUKS" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="4.2.3.3. Istruzioni passo passo" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="4.2.3.5. Link di interesse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p>
<ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">4.2.3.4. Risultato finale</h4></div></div></div><div class="para">
+ Congratulazioni, ora si ha una partizione completamente cifrata che protegge con sicurezza tutti i dati a riposo, ossia a sistema spento.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Indietro</strong>4.2.3.3. Istruzioni passo passo</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Avanti</strong>4.2.3.5. Link di interesse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
new file mode 100644
index 0000000..a30f72f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.2. Cifrare manualmente una Directory</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. Cifratura disco con LUKS" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. Cifratura disco con LUKS" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="4.2.3.3. Istruzioni passo passo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">4.2.3.2. Cifrare manualmente una Directory</h4></div></div></div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Questa procedura comporta la rimozione completa dei dati dalla partizione da cifrare: tutti i dati contenuti nella partizione andranno PERSIi! Prima di procedere, assicurarsi di salvare i dati contenenti informazioni importanti su un supporto esterno!
+ </div></div></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Questa procedura usa <span class="package">scrub</span> per distruggere i dati esistenti nella partizione e fornire una base casuale da usare per LUKS. Questa base è importante per prevenire certi attacchi alla crittografia. <span class="package">Scrub</span> non è pre-installato e deve esserlo per poterlo usare. In alternativa si potrebbe usare un altro generatore di numeri casuali per ottenere la stessa cosa.
+ </div></div></div><div class="para">
+ Di seguito, si spiega come cifrare una partizione in una versione di Fedora corrente (e in versioni precedenti fino a Fedora 9); in particolare come cifrare la partizione <code class="filename">/home</code> (con altre partizioni il procedimento rimane lo stesso).
+ </div><div class="para">
+ La seguente procedura cancella tutti i dati esistenti nella partizione: assicurarsi quindi, prima di iniziare, di aver adeguatamente salvato i propri dati importanti. Si richiede anche che sia presente una partizione separata per <code class="filename">/home</code> (p.e. /dev/VG00/LV_home). Inoltre tutti i comandi devono essere eseguiti come utente root. Se un qualche passaggio fallisce, non continuare ma risolvere il problema e riprendere la procedura soltanto a soluzione avvenuta.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Indietro</strong>4.2.3. Cifratura disco con LUKS</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Avanti</strong>4.2.3.3. Istruzioni passo passo</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
new file mode 100644
index 0000000..d422cf2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3. Cifratura disco con LUKS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. Dati in Movimento" /><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="4.2.2. Secure Shell" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="4.2.3.2. Cifrare manualmente una Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previo
us"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-LUKS_Disk_Encryption" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. Cifratura disco con LUKS</h3></div></div></div><div class="para">
+ Lo standard Linux Unified Key Setup (o LUKS) cifra partizioni di disco di un sistema Linux. Ciò può risultare particolarmente importante nel caso dei portatili e dei supporti rimovibili. Inolltre LUKS consente l'uso di più chiavi utente per la decifrazione di una chiave principale, usata per cifrare la partizione.
+ </div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">4.2.3.1. Implementazione di LUKS in Fedora</h4></div></div></div><div class="para">
+ Fedora 9 e le successive versioni, utilizzano LUKS per cifrare il file system. Per impostazione, l'opzione per cifrare il file system è disabilitata durante l'installazione di Fedora. Se il sistema viene installato con l'opzione di cifratura abilitata, allora ad ogni avvio del sistema verrà richiesto di inserire la frase di accesso (passphrase) per "sbloccare" la chiave di cifratura del disco. Se si decide di modificare la tabella di partizionamento predefinita, nelle impostazioni della tabella è possibile scegliere quali partizioni cifrare.
+ </div><div class="para">
+ In Fedora, l'implementazione predefinita di LUKS si basa su AES 128 con funzione di hash SHA256. Gli algoritmi di cifratura disponibili sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ AES - Advanced Encryption Standard - <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">AES - FIPS PUB 197</a>
+ </div></li><li class="listitem"><div class="para">
+ Twofish (Con blocco di cifratura da 128-bit)
+ </div></li><li class="listitem"><div class="para">
+ Serpent
+ </div></li><li class="listitem"><div class="para">
+ CAST-128 Encryption Algorithm - <a href="http://www.ietf.org/rfc/rfc2144.txt">RFC 2144</a>
+ </div></li><li class="listitem"><div class="para">
+ CAST-256 Encryption Algorithm - <a href="http://www.ietf.org/rfc/rfc2612.txt">RFC 2612</a>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Indietro</strong>4.2.2. Secure Shell</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Avanti</strong>4.2.3.2. Cifrare manualmente una Directory</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html
new file mode 100644
index 0000000..41788b3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.2. Controllo d'Accesso</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Campi Opzioni" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Campi Opzioni" /><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="3.6.2.2.3. Comandi di shell" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Access_Control"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">3.6.2.2.2. Controllo d'Accesso</h5></div></div></div><div class="para">
+ I campi opzione con la direttiva <code class="option">allow</code> o <code class="option">deny</code> posta alla fine di una regola, consentono esplicitamente di autorizzare o vietare host.
+ </div><div class="para">
+ Per esempio le seguenti due regole, autorizzano le connessioni SSH da <code class="systemitem">client-1.example.com</code>, mentre negano le identiche connessioni da <code class="systemitem">client-2.example.com</code>:
+ </div><pre class="screen">sshd : client-1.example.com : allow
+sshd : client-2.example.com : deny</pre><div class="para">
+ Quindi partendo da una regola base, il campo opzione consente di consolidare tutte le regole d'accesso in un singolo file: nel file <code class="filename">hosts.allow</code> o nel <code class="filename">hosts.deny</code>. Per alcuni amministratori tale metodo è una maniera semplice di organizzare le regole d'accesso.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Indietro</strong>3.6.2.2. Campi Opzioni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Avanti</strong>3.6.2.2.3. Comandi di shell</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html
new file mode 100644
index 0000000..8444fa4
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.4. Espansioni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Campi Opzioni" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="3.6.2.2.3. Comandi di shell" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="3.6.3. xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Expansions"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">3.6.2.2.4. Espansioni</h5></div></div></div><div class="para">
+ Le espansioni quando usate insieme alle direttive <code class="command">spawn</code> e <code class="command">twist</code>, forniscono informazioni su client, server e processi coinvolti.
+ </div><div class="para">
+ Di seguito si riporta un elenco di espansioni supportate:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">%a</code> — Restituisce l'indirizzo IP del client
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%A</code> — Restituisce l'indirizzo IP del server
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%c</code> — Restituisce varie informazioni sul client, come username e hostname, o username e indirizzo IP
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%d</code> — Restituisce il nome del processo
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%h</code> — Restituisce l'hostname (o l'IP, se l'hostname non è disponibile), del client
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%H</code> — Restituisce l'hostname (o l'IP, se l'hostname non è disponibile), del server
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%n</code> — Restituisce l'hostname del client. Se non è disponibile, viene restituito <code class="computeroutput">unknown</code>. Se l'hostname e l'indirizzo non coincidono, viene restituito <code class="computeroutput">paranoid</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%N</code> — Restituisce l'hostname del server. Se non è disponibile, viene restituito <code class="computeroutput">unknown</code>. Se l'hostname e l'indirizzo non coincidono, viene restituito <code class="computeroutput">paranoid</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%p</code> — Restituisce l'ID del processo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%s</code> — Restituisce varie informazioni sul server, come il processo demone e l'hostname o l'IP del server.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%u</code> — Restituisce lo username del client. Se non è disponibile, viene restituito <code class="computeroutput">unknown</code>.
+ </div></li></ul></div><div class="para">
+ Nel seguente esempio, si usa una espansione con il comando <code class="command">spawn</code>, per identificare l'host del client che viene registrato in un file di log speciale.
+ </div><div class="para">
+ Ogni tentativo di connessione al servizio SSH (<code class="systemitem">sshd</code>), da un host del dominio <code class="systemitem">example.com</code>, lancia il comando <code class="command">echo</code> che registra il tentativo, con l'hostname del client (usando l'espansione <code class="option">%h</code>), in un file speciale:
+ </div><pre class="screen">sshd : .example.com \
+ : spawn /bin/echo `/bin/date` access denied to %h>>/var/log/sshd.log \
+ : deny</pre><div class="para">
+ In modo analogo, le espansioni possono essere usate per personalizzare i messaggi inviati al client. Nel seguente esempio, i client che tentano di accedere ai servizi FTP dal dominio <code class="systemitem">example.com</code>, vengono informati di essere stati bloccati (banned) dal server:
+ </div><pre class="screen">vsftpd : .example.com \
+: twist /bin/echo "421 %h has been banned from this server!"</pre><div class="para">
+ Per una completa spiegazione delle espansioni, come pure sulle ulteriori opzioni di controllo d'accesso, fare riferimento alle pagine di man 5, relative a <code class="filename">hosts_access</code> (<code class="command">man 5 hosts_access</code>) ed alle pagine di man su <code class="filename">hosts_options</code>.
+ </div><div class="para">
+ Per maggiori informazioni sui TCP Wrapper, fare riferimento alla <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">Sezione 3.6.5, «Ulteriori risorse»</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Indietro</strong>3.6.2.2.3. Comandi di shell</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Avanti</strong>3.6.3. xinetd</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html
new file mode 100644
index 0000000..12a8e11
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.3. Comandi di shell</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Campi Opzioni" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="3.6.2.2.2. Controllo d'Accesso" /><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="3.6.2.2.4. Espansioni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Shell_Commands"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">3.6.2.2.3. Comandi di shell</h5></div></div></div><div class="para">
+ I campi opzione, attraverso le seguenti due direttive, permettono di avviare comandi di shell:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">spawn</code> — Avvia un comando di shell come un processo figlio. Questa direttiva può essere usata, per esempio, con il comando <code class="command">/usr/sbin/safe_finger</code> per ottenere maggiori informazioni sul client o per creare speciali file di log, usando il comando <code class="command">echo</code>.
+ </div><div class="para">
+ Nel seguente esempio, si registrano in un speciale file di log, i client del dominio <code class="systemitem">example.com</code> che tentano di accedere al servizio Telnet:
+ </div><pre class="screen">in.telnetd : .example.com \
+ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
+ : allow</pre></li><li class="listitem"><div class="para">
+ <code class="command">twist</code> — Sostituisce il servizio richiesto con il comando specificato. Questa direttiva è spesso usata per impostare trappole per intrusori (anche dette "honey pots"). Può essere usata anche per inviare messaggi ai client. La direttiva <code class="command">twist</code> deve essere inserita alla fine della regola.
+ </div><div class="para">
+ Nel seguente esempio, i client del dominio <code class="systemitem">example.com</code> che tentano di accedere al servizio FTP sono avvisati con un messaggio, usando il comando <code class="command">echo</code>:
+ </div><pre class="screen">vsftpd : .example.com \
+ : twist /bin/echo "421 This domain has been black-listed. Access denied!"</pre></li></ul></div><div class="para">
+ Per maggiori informazioni sulle opzioni dei comandi di shell, fare riferimento alle pagine di man relative a <code class="filename">hosts_options</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Indietro</strong>3.6.2.2.2. Controllo d'Accesso</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Avanti</strong>3.6.2.2.4. Espansioni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
new file mode 100644
index 0000000..70d27b2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.2. Control Flag</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. Formato del file di configurazione di PAM" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. Formato del file di configurazione di PAM" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="3.5.3.3. Module Name" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">3.5.3.2. Control Flag</h4></div></div></div><div class="para">
+ Tutti i moduli PAM quando vengono chiamati, danno un esito positivo o negativo. I flag di controllo, in base all'esito della chiamata, indicano a PAM cosa fare. I moduli possono essere impilati in un ordine particolare ed i flag determinano quanto sia rilevante un successo o fallimento di un dato modulo, nel processo di autenticazione dell'utente.
+ </div><div class="para">
+ Ci sono quattro flag di controllo predefiniti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">required</code> — Il risultato sul modulo deve essere positivo perchè l'autenticazione continui. Se il test fallisce in questo punto, l'utente non riceve alcuna notifica finchè non vengono completati tutti i test dei moduli che fanno riferimento all'interfaccia.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">requisite</code> — Il risultato sul modulo deve essere positivo perchè l'autenticazione continui. Comunque, se un test fallisce in questo punto, l'utente è immediatamente notificato con un messaggio che indica il primo test di modulo <code class="command">required</code> <span class="emphasis"><em>o</em></span> <code class="command">requisite</code> fallito.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sufficient</code> — Il risultato sul modulo viene ignorato in caso di fallimento. Inoltre, se il test di un modulo contrassegnato <code class="command">sufficient</code> ha successo <span class="emphasis"><em>e</em></span> nessun modulo precedente contrassegnato <code class="command">required</code> è fallito, allora non è richiesto nessun'altro test e l'utente è autenticato per il servizio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">optional</code> — Il risultato sul modulo viene ignorato. Un modulo contrassegnato con <code class="command">optional</code> non è rilevante per l'autenticazione, se esiste un'altra interfaccia che fa riferimento all'interfaccia stessa.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Non è critico l'ordine di chiamata dei moduli <code class="command">required</code>. Soltanto i flag <code class="command">sufficient</code> e <code class="command">requisite</code> fanno diventare importante l'ordine.
+ </div></div></div><div class="para">
+ Correntemente, è disponibile una nuova sintassi per i flag di controllo che consente un controllo più preciso su PAM.
+ </div><div class="para">
+ Le pagine di man su <code class="command">pam.d</code> e la documentazione su PAM nella directory <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code>, in cui <em class="replaceable"><code><version-number></code></em> è la versione di PAM sul proprio sistema, descrivono questa nuova sintassi in tutti i dettagli.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Indietro</strong>3.5.3. Formato del file di configurazione di PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Avanti</strong>3.5.3.3. Module Name</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
new file mode 100644
index 0000000..aa24a61
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.4. Module Arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. Formato del file di configurazione di PAM" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="3.5.3.3. Module Name" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="3.5.4. Un esempio di file di configurazione di PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">3.5.3.4. Module Arguments</h4></div></div></div><div class="para">
+ Durante la fase di autenticazione, PAM usa <em class="firstterm">argomenti</em> per passare informazioni ad un modulo.
+ </div><div class="para">
+ Per esempio il modulo <code class="filename">pam_userdb.so</code>, usa le informazioni contenute in un file di database Berkley DB, per autenticare l'utente. Il Berkley DB è un database open source incluso in molte applicazioni. Il modulo accetta un argomento <code class="filename">db</code> che specifica il database da usare.
+ </div><div class="para">
+ Di seguito si riporta una riga tipica relativa a un modulo <code class="filename">pam_userdb.so</code> in un file di configurazione di PAM. Il <em class="replaceable"><code><path-to-file></code></em> rappresenta il percorso completo al file di database Berkley DB:
+ </div><pre class="screen">auth required pam_userdb.so db=<em class="replaceable"><code><path-to-file></code></em></pre><div class="para">
+ Il passaggio di argomenti non validi, <span class="emphasis"><em>generalmente</em></span> non altera il successo o fallimento della chiamata del modulo PAM. Comunque in caso di fallimento, gli errori sono riportati nel file <code class="filename">/var/log/secure</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Indietro</strong>3.5.3.3. Module Name</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Avanti</strong>3.5.4. Un esempio di file di configurazione di PAM</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
new file mode 100644
index 0000000..d9c235f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.3. Module Name</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. Formato del file di configurazione di PAM" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="3.5.3.2. Control Flag" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="3.5.3.4. Module Arguments" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docume
ntation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">3.5.3.3. Module Name</h4></div></div></div><div class="para">
+ Il nome di un modulo consente a PAM di fare riferimento al modulo contenente la specifica interfaccia. Nelle precedenti versioni di Fedora, si usava indicare il percorso completo del modulo, nel file di configurazione di PAM. Inoltre, con la comparsa dei sistemi <em class="firstterm">multilib</em>, che utilizzano moduli PAM a 64 bit di <code class="filename">/lib64/security/</code>, il nome della directory viene omesso perchè l'applicazione è collegata alla versione <code class="filename">libpam</code> appropriata, in grado di localizzare la corretta versione del modulo.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Indietro</strong>3.5.3.2. Control Flag</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Avanti</strong>3.5.3.4. Module Arguments</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
new file mode 100644
index 0000000..7e4f1a7
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.6.2. Comuni direttive di pam_timestamp</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. Caching delle credenziali PAM ed Amministrative" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. Caching delle credenziali PAM ed Amministrative" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. Proprietario di PAM e di Dispositivo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"
/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">3.5.6.2. Comuni direttive di pam_timestamp</h4></div></div></div><div class="para">
+ Il modulo <code class="filename">pam_timestamp.so</code> accetta diverse direttive. Le seguenti sono le due opzioni più comunemente usate:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">timestamp_timeout</code> — Specifica il periodo di validità del file a marca temporale (in secondi). Il valore predefinito è 300 (5 minuti).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">timestampdir</code> — Specifica la directory in cui è salvato il file a marca temporale. Il valore predefinito è <code class="command">/var/run/sudo/</code>.
+ </div></li></ul></div><div class="para">
+ Vedere la <a class="xref" href="sect-Security_Guide-Firewalls-Additional_Resources.html#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Sezione 3.8.9.1, «Documentazione installata riguardante i firewall»</a>, per maggiori informazioni su come gestire il modulo <code class="filename">pam_timestamp.so</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Indietro</strong>3.5.6. Caching delle credenziali PAM ed Amministr...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Avanti</strong>3.5.7. Proprietario di PAM e di Dispositivo</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
new file mode 100644
index 0000000..930f220
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.7.2. Accesso alle Applicazioni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. Proprietario di PAM e di Dispositivo" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. Proprietario di PAM e di Dispositivo" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. Ulteriori risorse" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">3.5.7.2. Accesso alle Applicazioni</h4></div></div></div><div class="para">
+ Il <em class="firstterm">console user</em> ha anche accesso a certi programmi i cui utilizzi sono configurati nella directory <code class="filename">/etc/security/console.apps/</code>
+ </div><div class="para">
+ Questa directory contiene i file di configurazione che abilitano il <em class="firstterm">console user</em> ad eseguire certe applicazioni presenti nelle directory <code class="filename">/sbin</code> e <code class="filename">/usr/sbin</code>.
+ </div><div class="para">
+ Questi file di configurazione hanno lo stesso nome delle applicazioni di cui conservano le impostazioni.
+ </div><div class="para">
+ Un gruppo importante di applicazioni a cui ha accesso il <em class="firstterm">console user</em>, è costituito da quelle applicazioni che consento di spegnere o riavviare il sistema:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/halt</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/reboot</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/poweroff</code>
+ </div></li></ul></div><div class="para">
+ Poichè queste applicazioni sono supportate da PAM, il loro utilizzo richiede che sia chiamato il modulo <code class="filename">pam_console.so</code>.
+ </div><div class="para">
+ Per maggiori informazioni, fare riferimento alla <a class="xref" href="sect-Security_Guide-Firewalls-Additional_Resources.html#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">Sezione 3.8.9.1, «Documentazione installata riguardante i firewall»</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Indietro</strong>3.5.7. Proprietario di PAM e di Dispositivo</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Avanti</strong>3.5.8. Ulteriori risorse</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
new file mode 100644
index 0000000..0d73c1d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.8. Ulteriori risorse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="3.5.7.2. Accesso alle Applicazioni" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="3.5.8.2. Siti web utili su PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. Ulteriori risorse</h3></div></div></div><div class="para">
+ Le seguenti risorse spiegano ulteriormente i metodi da usare per configurare PAM. In aggiunta a queste, si consiglia di investigare i file di configurazione presenti nel sistema per meglio comprendere la loro struttura.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">3.5.8.1. Documentazione su PAM installata</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Pagine man relative a PAM — Sono disponibili diverse pagine di man sulle varie applicazioni e sui file di configurazione riguardanti PAM. Di seguito si riporta un elenco delle più importanti pagine di man:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">File di configurazione</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">pam</code> — Una buona introduzione a PAM con una spiegazione della struttura e degli impieghi dei file di configurazione di PAM.
+ </div><div class="para">
+ Notare che questa pagina di man, descrive sia il file <code class="filename">/etc/pam.conf</code> sia i singoli file di configurazione nella directory <code class="filename">/etc/pam.d/</code>. Per impostazione, Fedora usa file di configurazione individuali, in <code class="filename">/etc/pam.d/</code>, ignorando completamente <code class="filename">/etc/pam.conf</code> (anche se presente).
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_console</code> — Descrive lo scopo del modulo <code class="filename">pam_console.so</code>. Descrive anche la sintassi appropriata per ogni direttiva nel file di configurazione di PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.apps</code> — Descrive il formato e le opzioni disponibili nel file di configurazione <code class="filename">/etc/security/console.apps</code>, che specifica le applicazioni accessibili al <em class="firstterm">console user</em> assegnate da PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.perms</code> — Descrive il formato e le opzioni disponibili nel file di configurazione <code class="filename">/etc/security/console.perms</code>, che specifica i permessi assegnati da PAM al <em class="firstterm">console user</em>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_timestamp</code> — Descrive il modulo <code class="filename">pam_timestamp.so</code>.
+ </div></li></ul></div></dd></dl></div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em></code> — Contiene <em class="citetitle">System Administrators's Guide</em>, <em class="citetitle">Module Writers' Manual</em> e <em class="citetitle">Application Developers' Manual</em>, come pure una copia dello standard PAM, DCE-RFC 86.0, in cui <em class="replaceable"><code><version-number></code></em> è la versione di PAM.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/txts/README.pam_timestamp</code> — Contiene informazioni sul modulo <code class="filename">pam_timestamp.so</code>, in cui <em class="replaceable"><code><version-number></code></em> è la versione di PAM.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Indietro</strong>3.5.7.2. Accesso alle Applicazioni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Avanti</strong>3.5.8.2. Siti web utili su PAM</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
new file mode 100644
index 0000000..4483b60
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.5. Creare moduli PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="3.5.4. Un esempio di file di configurazione di PAM" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. Caching delle credenziali PAM ed Amministrative" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. Creare moduli PAM</h3></div></div></div><div class="para">
+ E' possibile creare o aggiungere in ogni momento, nuovi moduli PAM alle applicazioni che usano PAM.
+ </div><div class="para">
+ Per esempio, uno sviluppatore potrebbe sviluppare un metodo per generare password "usa e getta" e realizzare un modulo PAM di supporto. Poi, i programmi che usano PAM possono immediatamente usare il nuovo modulo ed il nuovo programma di generazione password, senza bisogno di ricompilazioni o di altre modifiche.
+ </div><div class="para">
+ Questo consente agli sviluppatori ed agli amministratori di mescolare insieme, come pure testare metodi di autenticazione su differenti programmi, senza bisogno di ricompilazione.
+ </div><div class="para">
+ La documentazione relativa alla realizzazione di moduli è inclusa nella directory <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code>, dove <em class="replaceable"><code><version-number></code></em> è la versione di PAM in uso nel sistema.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Indietro</strong>3.5.4. Un esempio di file di configurazione di PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Avanti</strong>3.5.6. Caching delle credenziali PAM ed Amministr...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
new file mode 100644
index 0000000..44d9b14
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3. Formato del file di configurazione di PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="3.5.2. File di configurazione di PAM" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="3.5.3.2. Control Flag" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. Formato del file di configurazione di PAM</h3></div></div></div><div class="para">
+ Ogni file di configurazione PAM contiene un gruppo di direttive strutturate come segue:
+ </div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em></pre><div class="para">
+ Ciascuno di questi elementi è spiegato nelle seguenti sezioni.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface">3.5.3.1. Module Interface</h4></div></div></div><div class="para">
+ Attaualmente sono disponibili quattro tipi di interfacce di moduli PAM. Ciascuna di esse corrisponde a un differente aspetto del processo di autenticazione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">auth</code> — Questa interfaccia autentica l'uso. Per esempio richiede e verifica la validità di una password. I moduli con questa interfaccia possono anche impostare credenziali, come l'appartenenza ad un gruppo o i ticket Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account</code> — Questa interfaccia verifica il permesso di accesso. Per esempio controlla la scadenza di un account o controlla il permesso di accesso in una data ora del giorno.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password</code> — Questa interfaccia è usata per modificare la password degli utenti.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">session</code> — Questa interfaccia configura e gestisce le sessioni. I moduli con questa interfaccia possono anche effettuare ulteriori operazioni necessarie in un accesso, come montare la home directory di un utente o rendere disponibile la casella di posta di un utente.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Un singolo modulo può presentare una o più interfacce. Per esempio <code class="filename">pam_unix.so</code> presenta tutte e quattro le interfacce.
+ </div></div></div><div class="para">
+ In un file di configurazione di PAM, l'interfaccia è il primo campo definito. Per esempio, una tipica riga in un file di configurazione è simile a questa:
+ </div><pre class="screen">auth required pam_unix.so</pre><div class="para">
+ Questa direttiva stabilisce di usare l'interfaccia <code class="command">auth</code> del modulo <code class="filename">pam_unix.so</code>.
+ </div><div class="section" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces">3.5.3.1.1. Impilare Module Interface</h5></div></div></div><div class="para">
+ Le direttive di interfaccia possono essere <span class="emphasis"><em>impilate</em></span>, ossia disposte una sull'altra, cosicchè più moduli possano essere usati per realizzare una certa finalità. Se il flag di controllo di un modulo ha il valore "sufficient" o "requisite" (sul significato di questi flag di controllo, fare riferimento alla <a class="xref" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html">Sezione 3.5.3.2, «Control Flag»</a>), allora ai fini del processo di autenticazione è importante l'ordine in cui i moduli sono disposti nella lista.
+ </div><div class="para">
+ La disposizione in pila permette ad un amministratore di specificare le condizioni necessarie da soddisfare, prima di avviare il processo di autenticazione. Per esempio il comando <code class="command">reboot</code>, generalmente usa diversi moduli impilati, come si può vedere nel suo file di configurazione PAM:
+ </div><pre class="screen">[root at MyServer ~]# cat /etc/pam.d/reboot
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_console.so
+#auth include system-auth
+account required pam_permit.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ La prima riga è un commento e non viene presa in considerazione.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth sufficient pam_rootok.so</code> — Questa riga usa il modulo <code class="filename">pam_rootok.so</code> che verifica se l'utente corrente è l'utente root, controllando che il suo UID sia 0. Se il test ha successo, gli altri moduli non vengono presi in considerazione e il comando eseguito. Se il test fallisce, viene preso in considerazione il modulo successivo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_console.so</code> — Questa riga usa il modulo <code class="filename">pam_console.so</code> che tenta di autenticare l'utente. Se l'utente è gia loggato in un terminale, <code class="filename">pam_console.so</code> controlla se nella directory <code class="filename">/etc/security/console.apps/</code> esiste un file con lo stesso nome del servizio (reboot). Se il file esiste, l'autenticazione ha successo ed il controllo passa al modulo successivo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">#auth include system-auth</code> — Questa riga è un commento e perciò non processata.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_permit.so</code> — Questa riga usa il modulo <code class="filename">pam_permit.so</code> che consente all'utente root o ad altro utente loggato in un terminale di riavviare il sistema.
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Indietro</strong>3.5.2. File di configurazione di PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Avanti</strong>3.5.3.2. Control Flag</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
new file mode 100644
index 0000000..a21bdf7
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.2. File di configurazione di PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. Formato del file di configurazione di PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. File di configurazione di PAM</h3></div></div></div><div class="para">
+ La directory <code class="filename">/etc/pam.d/</code> contiene i file di configurazione di PAM di ciascuna applicazione che usa PAM. Nelle precedenti versioni di PAM veniva usato il file <code class="filename">/etc/pam.conf</code>, ora deprecato ed usato unicamente su sistemi che non hanno la directory <code class="filename">/etc/pam.d/</code>.
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">3.5.2.1. File PAM del servizio</h4></div></div></div><div class="para">
+ Ogni applicazione o <em class="firstterm">servizio</em> che usi PAM, possiede un file nella directory <code class="filename">/etc/pam.d/</code>. Ciascun file di questa directory ha lo stesso nome del servizio di cui controlla l'accesso.
+ </div><div class="para">
+ Un programma che usa PAM è responsabile di definire il nome del servizio e di installare il proprio file di configurazione PAM nella directory <code class="filename">/etc/pam.d/</code>. Per esempio il programma <code class="command">login</code> definisce il suo nome di servizio come <code class="command">login</code> e installa il proprio file di configurazione PAM <code class="filename">/etc/pam.d/login</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Indietro</strong>3.5. Pluggable Authentication Modules (PAM)</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Avanti</strong>3.5.3. Formato del file di configurazione di PAM</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
new file mode 100644
index 0000000..11509cb
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.6. Caching delle credenziali PAM ed Amministrative</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="3.5.5. Creare moduli PAM" /><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="3.5.6.2. Comuni direttive di pam_timestamp" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. Caching delle credenziali PAM ed Amministrative</h3></div></div></div><div class="para">
+ In Fedora, un numero di strumenti amministrativi permette agli utenti di ottenere elevati privilegi per un periodo di cinque minuti, tramite il modulo <code class="filename">pam_timestamp.so</code>. E' importante capire il funzionamento di questo meccanismo, perchè un utente che si allontani da un terminale mentre <code class="filename">pam_timestamp.so</code> è ancora in vita, lascia la macchina aperta a manipolazioni da parte di chiunque possa fisicamente accedere al terminale incustodito.
+ </div><div class="para">
+ Nello schema di temporizzazione di PAM, l'applicazione di amministrazione grafica richiede all'utente di inserire la password di root. Ad autenticazione avvenuta, il modulo <code class="filename">pam_timestamp.so</code> crea un file a marca temporale. Per impostazione, il file viene creato nella directory <code class="filename">/var/run/sudo/</code>. Se il file esiste già, l'interfaccia non richiede la password. Infatti il modulo <code class="filename">pam_timestamp.so</code> sovrascrive il file a marca temporale esistente, riservando altri cinque minuti di accesso amministrativo all'utente.
+ </div><div class="para">
+ Si può controllare l'attuale stato del file a marca temporale, ispezionando il file <code class="filename">/var/run/sudo/<user></code>. Nell'uso desktop, il file rilevante è <code class="filename">unknown:root</code>. Se è presente e la sua marca temporale è inferiore a cinque minuti, le credenziali sono ancora valide.
+ </div><div class="para">
+ L'esistenza del file a marca temporale, è confermata da un'icona di autenticazione che appare nell'area di notifica del pannello.
+ </div><div class="figure" id="figu-Security_Guide-PAM_and_Administrative_Credential_Caching-The_Authentication_Icon"><div class="figure-contents"><div class="mediaobject"><img src="images/authicon.png" alt="L'Icona di Autenticazione" /><div class="longdesc"><div class="para">
+ Icona di Autenticazione
+ </div></div></div></div><h6>Figura 3.7. L'Icona di Autenticazione</h6></div><br class="figure-break" /><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File">3.5.6.1. Rimuovere il file a marca temporale</h4></div></div></div><div class="para">
+ Prima di lasciare incustodita una macchina in cui sia attiva una temporizzazione di PAM, si raccomanda di distruggere il file contenente la marca temporale. Per fare questo in un ambiente grafico, cliccare l'icona di autenticazione nel <span class="emphasis"><em>system tray</em></span>.
+ </div><div class="figure" id="figu-Security_Guide-Removing_the_Timestamp_File-Dismiss_Authentication_Dialog"><div class="figure-contents"><div class="mediaobject"><img src="images/auth-panel.png" width="444" alt="Rimuovere l'Autenticazione" /><div class="longdesc"><div class="para">
+ Rimuovere l'Autenticazione.
+ </div></div></div></div><h6>Figura 3.8. Rimuovere l'Autenticazione</h6></div><br class="figure-break" /><div class="para">
+ Occorre prestare attenzione ai seguenti aspetti del file a marca temporale di PAM:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Se l'accesso avviene da remoto usando <code class="command">ssh</code>, usare il comando <code class="command">/sbin/pam_timestamp_check -k root</code> per eliminare il file a marca temporale
+ </div></li><li class="listitem"><div class="para">
+ Occorre lanciare il comando <code class="command">/sbin/pam_timestamp_check -k root</code> dallo stesso terminale da cui è stata avviata l'applicazione privilegiata.
+ </div></li><li class="listitem"><div class="para">
+ Occorre essere loggati con l'account dell'utente che ha originariamente invocato il modulo <code class="filename">pam_timestamp.so</code>, per poter usare il comando <code class="command">/sbin/pam_timestamp_check -k</code>. Non accedere come utente root per eseguire questo comando.
+ </div></li><li class="listitem"><div class="para">
+ Se si vuole eliminare le credenziali sul desktop (senza usare l'cona <span class="guibutton"><strong>Dimentica Autorizzazione</strong></span>), usare il seguente comando:
+ </div><pre class="screen">/sbin/pam_timestamp_check -k root </dev/null >/dev/null 2>/dev/null</pre><div class="para">
+ Eventuali fallimenti del comando rimuovono soltanto le credenziali (se presenti) dal tty da cui è stato eseguito il comando.
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni sull'uso del comando <code class="command">pam_timestamp_check</code>, per eliminare il file a marca temporale, fare riferimento alle pagine di man relative a <code class="filename">pam_timestamp_check</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Indietro</strong>3.5.5. Creare moduli PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Avanti</strong>3.5.6.2. Comuni direttive di pam_timestamp</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
new file mode 100644
index 0000000..2ff236b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.7. Proprietario di PAM e di Dispositivo</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="3.5.6.2. Comuni direttive di pam_timestamp" /><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="3.5.7.2. Accesso alle Applicazioni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. Proprietario di PAM e di Dispositivo</h3></div></div></div><div class="para">
+ In Fedora, il primo utente che accede al terminale della macchina, può manipolare certi dispositivi ed effettuare certe operazioni normalmente pertinenti all'utente root. Tale controllo avviene tramite un modulo di PAM, denominato <code class="filename">pam_console.so</code>.
+ </div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">3.5.7.1. Il proprietario di Dispositivo</h4></div></div></div><div class="para">
+ Quando un utente accede ad un sistema Fedora, il modulo <code class="filename">pam_console.so</code> è chiamato da <code class="command">login</code> o dal programma d'accesso grafico usato, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span> o <span class="application"><strong>xdm</strong></span>. Se l'utente è il primo ad accedere ad una console fisica — riferito anche come <em class="firstterm">console user</em> — il modulo attribuisce all'utente il diritto di proprietà su una verietà di dispositivi normalmente attrbuiti all'utente root. Il <em class="firstterm">console user</em> rimane il proprietario di questi dispositivi fino al termine della sua ultima sessione locale. Una volta uscito, l'utente root torna ad essere il proprietario.
+ </div><div class="para">
+ I dispositivi interessati includono, ma non solo, schede audio, drive di dischetti e drive CD.
+ </div><div class="para">
+ Questa possibilità permette ad un utente locale di manipolare questi dispositivi, senza bisogno di accedere come utente root, semplificando così comuni compiti al <em class="firstterm">console user</em>.
+ </div><div class="para">
+ E' possibile modificare la lista dei dispositivi controllati dal modulo <code class="filename">pam_console.so</code>, modificando i seguenti file:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms.d/50-default.perms</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ Nei file indicati, si possono cambiare i permessi anche a dispositivi che non fanno parte della lista oppure si possono modificare le impostazioni predefinite. Piuttosto che modificare direttamente il file <code class="filename">50-default.perms</code>, si consiglia di creare un nuovo file (per esempio <code class="filename"><em class="replaceable"><code>xx</code></em>-name.perms</code>), in cui inserire le modifiche richieste. Il nome del nuovo file predefinito, deve iniziare con un numero maggiore di 50 (per esempio, <code class="filename">51-default.perms</code>). In questo modo il sistema PAM non terrà conto del file predefinito <code class="filename">50-default.perms</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se il file di configurazione del gestore dello schermo, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span> o <span class="application"><strong>xdm</strong></span> è stato modificato per consentire l'accesso da remoto <span class="emphasis"><em>e</em></span> l'host è configurato per eseguire al runlevel 5, allora si raccomanda di modificare le direttive <code class="command"><console></code> e <code class="command"><xconsole></code>, nel file <code class="filename">/etc/security/console.perms</code> con i seguenti valori:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0
+<xconsole>=:0\.[0-9] :0</pre><div class="para">
+ Ciò serve ad impedire ad utenti remoti di accedere ai dispositivi ed alle applicazioni riservate della macchina.
+ </div><div class="para">
+ Se il file di configurazione del gestore dello schermo, è stato modificato per permettere l'accesso da remoto <span class="emphasis"><em>e</em></span> l'host è stato configurato per eseguire ad un qualsiaisi runlevel multi-utente diverso da 5, si raccomanda di rimuovere completamente la direttiva <code class="command"><xconsole></code> e di modificare la direttiva <code class="command"><console></code> con il seguente valore:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]*</pre></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Indietro</strong>3.5.6.2. Comuni direttive di pam_timestamp</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Avanti</strong>3.5.7.2. Accesso alle Applicazioni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
new file mode 100644
index 0000000..2946e63
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.4. Un esempio di file di configurazione di PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="3.5.3.4. Module Arguments" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="3.5.5. Creare moduli PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. Un esempio di file di configurazione di PAM</h3></div></div></div><div class="para">
+ Di seguito si riporta un esempio di file di configurazione di PAM:
+ </div><pre class="screen">#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_unix.so nullok
+auth required pam_nologin.so
+account required pam_unix.so
+password required pam_cracklib.so retry=3
+password required pam_unix.so shadow nullok use_authtok
+session required pam_unix.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ La prima riga è un commento, contrasseganta dal carattere "cancelletto" (<code class="command">#</code>) posto all'inizio della riga.
+ </div></li><li class="listitem"><div class="para">
+ Le righe comprese tra la seconda e la quarta impilano tre moduli per autenticare l'accesso.
+ </div><div class="para">
+ <code class="command">auth required pam_securetty.so</code> — Questo modulo controlla che il tty su cui l'utente si sta loggando sia presente nel file <code class="filename">/etc/securetty</code>, <span class="emphasis"><em>se</em></span> l'utente tenta di accedere come root.
+ </div><div class="para">
+ Se il tty non è presente, ogni tentativo di accedere come root fallisce con un messaggio <code class="computeroutput">Login errato</code>.
+ </div><div class="para">
+ <code class="command">auth required pam_unix.so nullok</code> — Questo modulo richiede all'utente una password e poi confronta la password usando le informazioni presenti nel file <code class="filename">/etc/passwd</code> e se esiste, nel file <code class="filename">/etc/shadow</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'argomento <code class="command">nullok</code> indica al modulo <code class="filename">pam_unix.so</code> di permettere l'uso di pasword vuote.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_nologin.so</code> — Questo modulo controlla se esiste il file <code class="filename">/etc/nologin</code>. Se il file esiste e l'utente non è l'utente root, l'autenticazione fallisce.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ In questo esempio, vengono controllati tutti e tre i moduli <code class="command">auth</code>, anche in caso di fallimento nel primo modulo. In tale situazione l'utente non sa a quale stadio sia fallita l'autenticazione, ed anche per un attaccante diventa più gravoso capire come crackare il sistema.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_unix.so</code> — Questo modulo verifica l'account. Per esempio verifica se è abilitata l'illegibilità delle password e l'interfaccia account del modulo <code class="filename">pam_unix.so</code> controlla la scedenza dell'account o se l'utente ha modificato la password nel periodo indicato.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_cracklib.so retry=3</code> — Se una password è scaduta, il componente relativo al modulo <code class="filename">pam_cracklib.so</code> richiede di inserire una nuova password. E poi verifica che la nuova password sia abbastanza robusta.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'argomento <code class="command">retry=3</code> specifica che se la verifica fallisce una prima volta, l'utente ha altre due possbilità per creare una password robusta.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_unix.so shadow nullok use_authtok</code> — Questa riga indica che per cambiare la password utente, occorre usare l'interfaccia <code class="command">password</code> del modulo <code class="filename">pam_unix.so</code>.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'argomento <code class="command">shadow</code> indica che il modulo crea password illegibili durante l'aggiornamento di una password.
+ </div></li><li class="listitem"><div class="para">
+ L'argomento <code class="command">nullok</code> indica che il modulo permette all'utente di cambiare la propria password da una <span class="emphasis"><em>vuota</em></span> (una password vuota indica un account bloccato).
+ </div></li><li class="listitem"><div class="para">
+ L'ultimo argomento su questa riga, <code class="command">use_authtok</code>, è un esempio dell'importanza dell'ordinamento in una pila di moduli PAM. Questo argomento indica di non richiedere di inserire una nuova password. Infatti, si accetta qualsiasi password accettata da un modulo precedente. In questo caso tutte le nuove password devono superare la verifica del modulo <code class="filename">pam_cracklib.so</code> che garantisce password sicure.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">session required pam_unix.so</code> — La riga finale indica all'interfaccia della sessione del modulo <code class="filename">pam_unix.so</code> di gestire la sessione. Questo modulo registra nel file <code class="filename">/var/log/secure</code> il nome utente e il tipo di servizio, all'inizio ed alla fine di ogni sessione. Questo modulo può essere integrato con altri moduli di sessione per ulteriori funzionalità.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Indietro</strong>3.5.3.4. Module Arguments</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Avanti</strong>3.5.5. Creare moduli PAM</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
new file mode 100644
index 0000000..ec85008
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Yubikey-Web_Sites.html" title="3.4.2. Autenticazione ai siti web con la Yubikey" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="3.5.2. File di configurazione di PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</h2></div></div></div><div class="para">
+ I programmi che autorizzano l'accesso ad un sistema, usano l'<em class="firstterm">autenticazione</em> per verificare l'identità degli utenti (autenticazione, vuol dire, stabilire che un utente è chi dice di essere).
+ </div><div class="para">
+ Nel passato, ogni programmi aveva un proprio modo per autenticare gli utenti. Con Fedora molti programmi sono stati configurati per usare un meccanismo di autenticazione centralizzato, denominato <acronym class="acronym">PAM</acronym> (Pluggable Authentication Modules).
+ </div><div class="para">
+ PAM presenta un architettura modulare, offrendo all'amministratore un alto grado di flessibilità per impostare le policy di autenticazione nel sistema.
+ </div><div class="para">
+ Nella maggior parte dei casi, il file di configurazione predefinito risulta pressochè sufficiente per una applicazione che usa PAM. Altre volte, risulta invece necessario editare un file PAM di configurazione. Poichè errori di configurazione possono compromettere la sicurezza del sistema, è importante capire la strutture di questi file prima di apportare qualsiasi modifica. Per maggiori informazioni, fare riferimento alla <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">Sezione 3.5.3, «Formato del file di configurazione di PAM»</a>.
+ </div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. Vantaggi di PAM</h3></div></div></div><div class="para">
+ PAM presenta i seguenti vantaggi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ uno schema di autenticazione comune che può essere usato in un'ampia varietà di applicazioni.
+ </div></li><li class="listitem"><div class="para">
+ significativa flessibilità e controllo sull'autenticazione, sia per gli amministratori sia per gli sviluppatori di applicazioni.
+ </div></li><li class="listitem"><div class="para">
+ una singola libreria completamente documentata, che permette agli sviluppatori di scrivere programmi senza bisogno di creare i propri schemi di autenticazione.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Indietro</strong>3.4.2. Autenticazione ai siti web con la Yubikey</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Avanti</strong>3.5.2. File di configurazione di PAM</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
new file mode 100644
index 0000000..5589838
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Utilizzo di LUKS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="Capitolo 6. Installazione sicura" /><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="Capitolo 6. Installazione sicura" /><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="Capitolo 7. Manutenzione del software" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href=
"chap-Security_Guide-Secure_Installation.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. Utilizzo di LUKS</h2></div></div></div><div class="para">
+ A partire da Fedora 9 l'implementazione del sistema di cifratura del disco, <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">LUKS</a> (Linux Unified Key Setup), è diventato più semplice. Durante il processo di installazione l'utente ha la possibilità di cifrare le proprie partizioni. L'utente deve fornire una passphrase che sarà la chiave per sbloccare la chiave di cifratura usata per rendere più sicuri i dati della partizione.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>Indietro</strong>Capitolo 6. Installazione sicura</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Avanti</strong>Capitolo 7. Manutenzione del software</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html
new file mode 100644
index 0000000..ccd86f0
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.2. Accesso anonimo</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Proteggere FTP" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Proteggere FTP" /><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="3.2.6.3. Account utenti" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_
Guide-Server_Security-Securing_FTP.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-Anonymous_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">3.2.6.2. Accesso anonimo</h4></div></div></div><div class="para">
+ La directory <code class="filename">/var/ftp/</code> attiva l'account anonimo.
+ </div><div class="para">
+ Il modo più semplice per creare la directory è di installare il pacchetto <code class="filename">vsftpd</code>. Il pacchetto crea una directory per utenti anonimi e configura in sola lettura la directory.
+ </div><div class="para">
+ Per impostazione, gli utenti anonimi non possono scrivere in nessuna directory.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se si abilita l'accesso anonimo al server FTP, prestare attenzione a dove sono salvati i dati sensibili.
+ </div></div></div><div class="section" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">3.2.6.2.1. Upload anonimo</h5></div></div></div><div class="para">
+ Per consentire ad utenti anonimi di inviare file sul server, si raccomanda di creare una directory in sola scrittura in <code class="filename">/var/ftp/pub/</code>.
+ </div><div class="para">
+ Ecco la procedura; digitare il comando:
+ </div><pre class="screen">mkdir /var/ftp/pub/upload</pre><div class="para">
+ Poi, modificare i permessi in modo che gli utenti anonimi non possano vedere (o sfogliare) il contenuto della directory:
+ </div><pre class="screen">chmod 730 /var/ftp/pub/upload</pre><div class="para">
+ Un listato <span class="emphasis"><em>long format</em></span> della directory apparirebbe così:
+ </div><pre class="screen">drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload</pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Gli amministratori che permettono ad utenti anonimi di leggere e scrivere in directory, spesso scoprono che i loro server diventano repository di software pirata.
+ </div></div></div><div class="para">
+ Poi, aggiungere la seguente riga al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">anon_upload_enable=YES</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Indietro</strong>3.2.6. Proteggere FTP</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Avanti</strong>3.2.6.3. Account utenti</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
new file mode 100644
index 0000000..e9d341c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.4. Usare TCP Wrapper per il controllo degli accessi</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Proteggere FTP" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="3.2.6.3. Account utenti" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Proteggere Sendmail" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect
-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">3.2.6.4. Usare TCP Wrapper per il controllo degli accessi</h4></div></div></div><div class="para">
+ Consultare la <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">Sezione 3.2.1.1, «Aumentare la sicurezza con TCP Wrapper»</a>, per controllare gli accessi al servizio FTP usando TCP Wrapper.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Indietro</strong>3.2.6.3. Account utenti</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Avanti</strong>3.2.7. Proteggere Sendmail</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html
new file mode 100644
index 0000000..de15aaf
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.3. Account utenti</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Proteggere FTP" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="3.2.6.2. Accesso anonimo" /><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="3.2.6.4. Usare TCP Wrapper per il controllo degli accessi" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">3.2.6.3. Account utenti</h4></div></div></div><div class="para">
+ Poichè FTP trasmette username e password in chiaro, è una buona norma vietare agli utenti l'accesso al server, con i loro account.
+ </div><div class="para">
+ Per disabilitare tutti gli account, aggiungere la seguente direttiva al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">local_enable=NO</pre><div class="section" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts">3.2.6.3.1. Restringere gli account utenti</h5></div></div></div><div class="para">
+ Per disabilitare gli accessi FTP ad utenti o gruppi specifici, come l'utente root e quelli con privilegi <code class="command">sudo</code>, si può usare un file di autenticazione PAM, come descritto nella <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">Sezione 3.1.4.2.4, «Disabilitare l'account root usando PAM»</a>. Il file di configurazione PAM relativo a <code class="command">vsftpd</code> è <code class="filename">/etc/pam.d/vsftpd</code>.
+ </div><div class="para">
+ E' anche possibile disabilitare gli account direttamente all'interno di ciascun servizio.
+ </div><div class="para">
+ Per disabilitare un account specifico, aggiungere lo username nel fie <code class="filename">/etc/vsftpd.ftpusers</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Indietro</strong>3.2.6.2. Accesso anonimo</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Avanti</strong>3.2.6.4. Usare TCP Wrapper per il controllo degli...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
new file mode 100644
index 0000000..6cb54c0
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.2. Attenzione agli errori sintattici</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Proteggere NFS" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Proteggere NFS" /><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="3.2.4.3. Non usare l'opzione no_root_squash" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="prev
ious"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">3.2.4.2. Attenzione agli errori sintattici</h4></div></div></div><div class="para">
+ Il server NFS determina i file system da esportare e verso quali host, consultando il file <code class="filename">/etc/exports</code>. Prestare molta attenzione a non aggiungere spazi durante la modifica del file.
+ </div><div class="para">
+ Per esempio, la seguente riga nel file <code class="filename">/etc/exports</code>, condivide la directory <code class="command">/tmp/nfs/</code> con l'host <code class="command">bob.example.com</code> con permessi read/write.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com(rw)</pre><div class="para">
+ Invece a causa dello spazio dopo l'hostname, la seguente riga nel file <code class="filename">/etc/exports</code>, condivide la directory con l'host <code class="computeroutput">bob.example.com</code> in sola lettura, e la condivide con <span class="emphasis"><em>tutti gli altri</em></span> in lettura/scrittura.
+ </div><pre class="screen">/tmp/nfs/ bob.example.com (rw)</pre><div class="para">
+ E' una buona norma verificare ogni condivisione NFS configurata, usando il comando <code class="command">showmount</code>:
+ </div><pre class="screen">showmount -e <em class="replaceable"><code><hostname></code></em></pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Indietro</strong>3.2.4. Proteggere NFS</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Avanti</strong>3.2.4.3. Non usare l'opzione no_root_squash</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
new file mode 100644
index 0000000..02b0d79
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.3. Non usare l'opzione no_root_squash</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Proteggere NFS" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="3.2.4.2. Attenzione agli errori sintattici" /><link rel="next" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html" title="3.2.4.4. Configurazione di firewall in NFS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docna
v"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">3.2.4.3. Non usare l'opzione <code class="command">no_root_squash</code></h4></div></div></div><div class="para">
+ Per impostazione, le condivisioni NFS modificano l'utente root nell'utente <code class="command">nfsnobody</code>, un account utente senza privilegi. Il risultato è che il proprietario di tutti i file creati da root diventa <code class="command">nfsnobody</code>, impedendo l'avvio di programmi setuid.
+ </div><div class="para">
+ Se si usa l'opzione <code class="command">no_root_squash</code>, un utente root remoto può modificare ogni file nel sistema condiviso e lasciare applicazioni malevoli, come trojan, che potrebbero essere inavvertitamente eseguiti da ignari utenti.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Indietro</strong>3.2.4.2. Attenzione agli errori sintattici</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Avanti</strong>3.2.4.4. Configurazione di firewall in NFS</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html
new file mode 100644
index 0000000..64703b6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.4. Configurazione di firewall in NFS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Proteggere NFS" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="3.2.4.3. Non usare l'opzione no_root_squash" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="3.2.5. Proteggere HTTP Apache" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cla
ss="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">3.2.4.4. Configurazione di firewall in NFS</h4></div></div></div><div class="para">
+ Le porte usate da NFS sono assegnate dinamicamente da rcpbind, che potrebbe causare problemi durante la creazione delle regole di firewall. Per semplificare il processo, usare il file <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> per specificare le porte da usare:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">MOUNTD_PORT</code> — Porta TCP e UDP per mountd (rpc.mountd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">STATD_PORT</code> — Porta TCP e UDP per lo stato (rpc.statd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_TCPPORT</code> — Porta TCP per nlockmgr (rpc.lockd)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_UDPPORT</code> — Porta UDP per nlockmgr (rpc.lockd)
+ </div></li></ul></div><div class="para">
+ I numeri di porta specificati non devono essere usati da altri servizi. Configurare il firewall per autorizzare le porte specificate, insieme alla porte UDP e TCP 2049 (NFS).
+ </div><div class="para">
+ Usare il comando <code class="command">rpcinfo -p</code> sul server NFS per vedere le porte e i programmi RPC usati.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Indietro</strong>3.2.4.3. Non usare l'opzione no_root_squash</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Avanti</strong>3.2.5. Proteggere HTTP Apache</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
new file mode 100644
index 0000000..480e615
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.4. Assegnare porte statiche ed usare regole iptables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Proteggere NIS" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="3.2.3.3. Modificare il file /var/yp/securenets" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="3.2.3.5. Usare autenticazioni Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">3.2.3.4. Assegnare porte statiche ed usare regole iptables</h4></div></div></div><div class="para">
+ A tutti i servizi NIS si possono assegnare porte specifiche, ad eccezione di <code class="command">rpc.yppasswdd</code> — il demone che permette agli utenti di modificare le password di accesso. Assegnando porte ai due demoni NIS, <code class="command">rpc.ypxfrd</code> e <code class="command">ypserv</code>, si possono creare regole di firewall, per proteggere ulteriormente i demoni NIS da potenziali intrusori.
+ </div><div class="para">
+ Per fare ciò, aggiungere la seguenti righe al file <code class="filename">/etc/sysconfig/network</code>:
+ </div><pre class="screen">YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"</pre><div class="para">
+ Per rinforzare la sicurezza, si possono poi essere usate le seguenti regole di iptables, che specificano le porte e la rete su cui il server resta in ascolto:
+ </div><pre class="screen">iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROP
+iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP</pre><div class="para">
+ Con queste impostazioni, il server, a prescindere dal protocollo, accetta connessioni sulle porte 834 e 835 solo dalla rete 192.168.0.0/24.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per maggiori informazioni sull'implementazione di firewall con comandi iptables, fare riferimento alla <a class="xref" href="sect-Security_Guide-Firewalls.html">Sezione 3.8, «Firewall»</a>.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Indietro</strong>3.2.3.3. Modificare il file /var/yp/securenets</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Avanti</strong>3.2.3.5. Usare autenticazioni Kerberos</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
new file mode 100644
index 0000000..c9ae280
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.3. Modificare il file /var/yp/securenets</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Proteggere NIS" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="3.2.3.2. Usare una Password come Nome Dominio e Hostname" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="3.2.3.4. Assegnare porte statiche ed usare regole iptables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/imag
es/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">3.2.3.3. Modificare il file <code class="filename">/var/yp/securenets</code></h4></div></div></div><div class="para">
+ Se il file <code class="filename">/var/yp/securenets</code> è vuoto o non esiste (come capita dopo una installazione predefinita), NIS è in ascolto su tutte le reti. Quindi, una delle prime operazioni da fare è di inserire nel file, coppie di netmask/network, in modo che <code class="command">ypserv</code> risponda solo alle richieste provenienti dalle reti specificate.
+ </div><div class="para">
+ Di seguito si riporta un esempio da un file <code class="filename">/var/yp/securenets</code>:
+ </div><pre class="screen">255.255.255.0 192.168.0.0</pre><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Non avviare mai un server NIS senza prima aver creato un file <code class="filename">/var/yp/securenets</code> adeguato.
+ </div></div></div><div class="para">
+ Questa tecnica, tuttavia, non offre protezione da un attacco di tipo IP spoofing, ma serve a limitare le reti servite da NIS.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Indietro</strong>3.2.3.2. Usare una Password come Nome Dominio e H...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Avanti</strong>3.2.3.4. Assegnare porte statiche ed usare regole...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
new file mode 100644
index 0000000..b383179
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.5. Usare autenticazioni Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Proteggere NIS" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="3.2.3.4. Assegnare porte statiche ed usare regole iptables" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. Proteggere NFS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">3.2.3.5. Usare autenticazioni Kerberos</h4></div></div></div><div class="para">
+ La cosa importante da considerare quando si usa NIS per autenticazione, è che ogni volta che un utente accede ad una macchina, la password hash dal file <code class="filename">/etc/shadow</code> è trasmessa in chiaro sulla rete. Se un intrusore riesce ad intrufolarsi nel dominio NIS e ad intercettare il traffico di rete, egli potrebbe carpire username e password hash. In un tempo ragionevole, un programma di crack di password potrebbe indovinare password deboli e l'attaccante ottenere un valido account d'accesso.
+ </div><div class="para">
+ Poichè Kerberos usa chiavi cifrate, le password hash non sono mai trasmesse sulla rete, rendendo il sistema molto più sicuro. Per maggiori informazioni su Kerberos, vedere la <a class="xref" href="sect-Security_Guide-Kerberos.html">Sezione 3.7, «Kerberos»</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Indietro</strong>3.2.3.4. Assegnare porte statiche ed usare regole...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Avanti</strong>3.2.4. Proteggere NFS</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
new file mode 100644
index 0000000..c3eab39
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.2. Usare una Password come Nome Dominio e Hostname</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Proteggere NIS" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Proteggere NIS" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="3.2.3.3. Modificare il file /var/yp/securenets" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">3.2.3.2. Usare una Password come Nome Dominio e Hostname</h4></div></div></div><div class="para">
+ Se l'utente conosce il nome di dominio e il nome di DNS del server NIS, ogni macchina del dominio NIS può ottenere, con opportuni comandi, informazioni dal server senza bisogno di autenticazione.
+ </div><div class="para">
+ Per esempio, se un utente connette un portatile alla rete o riesce ad accedere alla rete dall'esterno (ed a manomettere (spoof) un indirizzo IP interno), con il seguente comando potrebbe rivelare il contenuto del file <code class="command">/etc/passwd</code>:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> passwd</pre><div class="para">
+ Se l'attaccante è in grado di accedere come root, potrebbe ottenere il file <code class="command">/etc/shadow</code> con il comando:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> shadow</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Se si usa Kerberos, il file <code class="command">/etc/shadow</code> non è salvato in un NIS.
+ </div></div></div><div class="para">
+ Per rendere più arduo ad un attaccante, l'accesso alle informazioni NIS, creare una stringa random per l'hostnome del DNS, come <code class="filename">o7hfawtgmhwg.domain.com</code> ed analogamente per il nome di dominio NIS, usando una stringa differente.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Indietro</strong>3.2.3. Proteggere NIS</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Avanti</strong>3.2.3.3. Modificare il file /var/yp/securenets</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
new file mode 100644
index 0000000..80724ca
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2.2. Proteggere portmap con iptables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Proteggere Portmap" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Proteggere Portmap" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. Proteggere NIS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">3.2.2.2. Proteggere portmap con iptables</h4></div></div></div><div class="para">
+ Per ulteriormente restringere l'accesso al servizio <code class="command">portmap</code>, è una buona idea aggiungere regole iptables al server e restringere l'accesso a reti specifiche.
+ </div><div class="para">
+ Di seguito si riportano due comandi iptables. Il primo consente connessioni TCP dalla rete 192.168.0.0/24 alla porta 111 (usata dal servizio <code class="command">portmap</code>). Il secondo consente connessioni TCP da localhost (necessario al servizio <code class="command">sgi_fam</code> usato da <span class="application"><strong>Nautilus</strong></span>), alla stessa porta. Tutti gli altri pacchetti vengono scartati.
+ </div><pre class="screen">iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
+iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT</pre><div class="para">
+ Analogamente, per limitare il traffico UDP, usare il comando:
+ </div><pre class="screen">iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per maggiori informazioni sull'implementazione di firewall con comandi iptables, fare riferimento alla <a class="xref" href="sect-Security_Guide-Firewalls.html">Sezione 3.8, «Firewall»</a>.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Indietro</strong>3.2.2. Proteggere Portmap</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Avanti</strong>3.2.3. Proteggere NIS</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
new file mode 100644
index 0000000..51ac6e2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7.3. Utenti di sola posta elettronica</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Proteggere Sendmail" /><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="3.2.7.2. NFS e Sendamil" /><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="3.2.8. Controllare le porte in ascolto" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav">
<li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">3.2.7.3. Utenti di sola posta elettronica</h4></div></div></div><div class="para">
+ Per impedire che utenti locali possano attaccare il server Sendmail, sarebbe meglio limitare l'accesso al server solo tramite un programma di posta. Gli account di shell sul mail server non dovrebbero essere permessi e tutte le shell degli utenti, nel file <code class="filename">/etc/passwd</code>, dovrebbero essere impostate su <code class="command">/sbin/nologin</code> (con la possibile eccezione dell'utente root).
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Indietro</strong>3.2.7.2. NFS e Sendamil</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Avanti</strong>3.2.8. Controllare le porte in ascolto</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
new file mode 100644
index 0000000..d6bec23
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7.2. NFS e Sendamil</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Proteggere Sendmail" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Proteggere Sendmail" /><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="3.2.7.3. Utenti di sola posta elettronica" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">3.2.7.2. NFS e Sendamil</h4></div></div></div><div class="para">
+ Non porre mai la directory di coda delle mail, <code class="filename">/var/spool/mail/</code> su un volume condiviso NFS.
+ </div><div class="para">
+ Poichè NFSv2 ed NFSv3 non usano alcun controllo sugli ID degli utenti e dei gruppi, due o più utenti potrebbero risultare con lo stesso ID, e ricevere e leggere le mail reciproche.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Con NFSv4 che usa Kerberos, questo non è il caso, in quanto il modulo <code class="filename">SECRPC_GSS</code> del kernel, non fa uso di autenticazioni basate su ID. Comunque rimane valida la considerazione di <span class="emphasis"><em>non</em></span> porre la directory di coda delle mail su volumi condivisi NFS.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Indietro</strong>3.2.7. Proteggere Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Avanti</strong>3.2.7.3. Utenti di sola posta elettronica</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html
new file mode 100644
index 0000000..a938f2c
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5. Aggiornamenti di sicurezza</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Capitolo 1. Panoramica sulla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Rischi e Attacchi comuni" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html" title="1.5.2. Verificare la firma dei pachetti" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="
previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Security_Updates" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Aggiornamenti di sicurezza</h2></div></div></div><div class="para">
+ Se viene scoperto una vulnerabilità di sicurezza, il software colpito deve essere aggiornato per ridurre qualsiasi rischio connesso. Se il software fa parte di un pacchetto di Fedora, correntemente supportato, Fedora si impegna a rilasciare, prima possibile, gli aggiornamenti di correzione. Spesso, gli avvisi su un problema di sicurezza si accompagnano con una patch (una porzione di codice che risolve il problema). Questa patch, una volta applicata al pacchetto e testata, viene poi rilasciata come aggiornamento di correzione. Altre volte, quando un avviso non include una patch, lo sviluppatore lavora insieme con il manutentore del software per risolvere il problema. Poi una volta risolto, il pacchetto viene testato e rilasciato come aggiornamento di correzione.
+ </div><div class="para">
+ Se viene rilasciato un aggiornamento di correzione per il software in uso, si raccomanda di applicare l'aggiornamento prima possibile, in modo da ridurre la potenziale vulnerabilità del sistema.
+ </div><div class="section" id="sect-Security_Guide-Security_Updates-Updating_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Aggiornare i pacchetti</h3></div></div></div><div class="para">
+ Quando si aggiorna un sistema, è importante scaricare gli aggiornamenti da una sorgente fidata. Un attaccante può facilmente ricompilare un pacchetto con lo stesso numero di versione di quello che si suppone risolva il problema, ma con un'azione differente sulla sicurezza, per poi rilasciarlo su Internet. Anche usando misure di sicurezza, come la verifica dell'integrità dei file, non ci si accorgerebbe della minaccia presente nel pacchetto contraffatto. Quindi, è molto importante scaricare gli RPM soltanto da sorgenti fidate, come Fedora, e controllare la firma del pacchetto per verificarne l'integrità.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Fedora include una conveniente icona nel pannello del desktop, che si allerta quando è disponibile un aggiornamento per il sistema Fedora.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Indietro</strong>1.4. Rischi e Attacchi comuni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Avanti</strong>1.5.2. Verificare la firma dei pachetti</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html
new file mode 100644
index 0000000..7e12773
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6. Proteggere FTP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="3.2.5. Proteggere HTTP Apache" /><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="3.2.6.2. Accesso anonimo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_FTP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. Proteggere FTP</h3></div></div></div><div class="para">
+ <em class="firstterm">FTP</em> (<abbr class="abbrev">File Transfer Protocol</abbr>) è un vetusto protocollo TCP progettato per il trasferimento di file. Poichè tutte le transazioni con il server, inclusa l'autenticazione, sono in chiaro, FTP è considerato un protocollo non sicuro e perciò richiede opportune configurazioni.
+ </div><div class="para">
+ Fedora offre tre server FTP
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">gssftpd</code> — Un demone FTP che non trasmette informazioni di autenticazioni, basato su <code class="command">xinetd</code> e controllato da Kerberos.
+ </div></li><li class="listitem"><div class="para">
+ <span class="application"><strong>Red Hat Content Accelerator</strong></span> (<code class="command">tux</code>) — Un server web dello spazio kernel con capacità FTP.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">vsftpd</code> — Un servizio FTP a sè stante orientato alla sicurezza.
+ </div></li></ul></div><div class="para">
+ Di seguito si indicano le linee guida per impostare un servizio FTP, <code class="command">vsftpd</code>.
+ </div><div class="section" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner">3.2.6.1. Greeting Banner FTP</h4></div></div></div><div class="para">
+ Prima di inviare le proprie credenziali di accesso (username e password), gli utenti vengono salutati con un banner di benvenuto. Per impostazione, il banner include informazioni sulla versione usata, che potrebbero essere maliziosamente usate da un cracker, note le vulnerabilità di sistema.
+ </div><div class="para">
+ Per modificare le impostazioni del banner, aggiungere la seguente direttiva al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">ftpd_banner=<em class="replaceable"><code><insert_greeting_here></code></em></pre><div class="para">
+ Sostituire <em class="replaceable"><code><insert_greeting_here></code></em> nella direttiva precedente con il messaggio di benvenuto.
+ </div><div class="para">
+ Per banner su più righe, conviene usare un file banner. Per semplificare la gestione di banner multipli, posizionare tutti i banner in una directory denominata <code class="filename">/etc/banners/</code>. In questo esempio, il file banner per connessioni FTP è <code class="filename">/etc/banners/ftp.msg</code>. Ecco un esempio di file banner:
+ </div><pre class="screen">######### # Hello, all activity on ftp.example.com is logged. #########</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Come specificato nella <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Sezione 3.2.1.1.1, «TCP Wrapper e Connection Banner»</a>, non occorre iniziare ogni riga del file con <code class="command">220</code>.
+ </div></div></div><div class="para">
+ Per fare riferimento a questo file banner, aggiungere la seguente direttiva al file <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
+ </div><pre class="screen">banner_file=/etc/banners/ftp.msg</pre><div class="para">
+ Usando i TCP Wrapper, come descritto nella <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">Sezione 3.2.1.1.1, «TCP Wrapper e Connection Banner»</a>, è possibile inviare ulteriori banner alle connessioni in entrata.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Indietro</strong>3.2.5. Proteggere HTTP Apache</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Avanti</strong>3.2.6.2. Accesso anonimo</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html
new file mode 100644
index 0000000..34bdcac
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4. Proteggere NFS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="3.2.3.5. Usare autenticazioni Kerberos" /><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="3.2.4.2. Attenzione agli errori sintattici" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_NFS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. Proteggere NFS</h3></div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ La versione NFSv4 inclusa in Fedora, non richiede più il servizio <code class="command">portmap</code>, come illustrato nella <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html">Sezione 3.2.2, «Proteggere Portmap»</a>. In tutte le versioni di NFS, il traffico viene trasmesso usando TCP e non più UDP. Inoltre NFSv4 ora include autenticazioni utente e di gruppo basati su Kerberos, parte integrante del modulo <code class="filename">RPCSEC_GSS</code> del kernel. Si includono informazioni anche su <code class="command">portmap</code>, giacchè Fedora supporta sia NFSv2 sia NFSv3 che utilizzano <code class="command">portmap</code>.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">3.2.4.1. Pianificare attentamente la rete</h4></div></div></div><div class="para">
+ Ora che NFSv4 usa Keberos per trasmettere le informazioni (cifrate), è importante che il servizio venga correttamente configurato dietro un firewall o su una porzione di rete. NFSv2 ed NFSv3 continuano a trasmettre i dati in chiaro e di ciò va tenuto conto. Una accurata progettazione di rete, che tenga conto di ciò, aiuta a prevenire falle di sicurezza.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Indietro</strong>3.2.3.5. Usare autenticazioni Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Avanti</strong>3.2.4.2. Attenzione agli errori sintattici</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html
new file mode 100644
index 0000000..c00ed47
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3. Proteggere NIS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="3.2.2.2. Proteggere portmap con iptables" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="3.2.3.2. Usare una Password come Nome Dominio e Hostname" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_NIS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. Proteggere NIS</h3></div></div></div><div class="para">
+ <em class="firstterm">NIS</em> o <acronym class="acronym">Network Information Service</acronym>, è un servizio RPC denominato <code class="command">ypserv</code>, usato insieme a <code class="command">portmap</code> e ad altri servizi per distribuire username, password ed altre informazioni sensibili agli host registrati nel dominio.
+ </div><div class="para">
+ Un server NIS è costituito da varie applicazioni. Esse sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.yppasswdd</code> — Denominato servizio <code class="command">yppasswdd</code>, questo demone permette agli utenti di modificare la propria passowrd NIS.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.ypxfrd</code> — Denominato servizio <code class="command">ypxfrd</code>, questo demone è responsabile del trasferimento delle informazioni sensibili NIS nella rete.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/yppush</code> — Questa applicazione propaga le modifiche apportate nei database NIS ai server NIS.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/ypserv</code> — E' il demone del server NIS.
+ </div></li></ul></div><div class="para">
+ Secondo gli attuali standard di sicurezza, NIS è sostanzialmente poco sicuro. Esso non presenta alcun meccanismo di autenticazione degli host, trasmettendo tutte le informazioni senza alcuna cifratura, incluse le password hash. Di conseguenza, si richiede estrema attenzione alla configurazione di una rete che usi NIS. Come se non bastasse, ciò è ulteriormente complicato da una configurazione predefinita di NIS inerentemente poco sicura.
+ </div><div class="para">
+ Si raccomanda quindi, a chiunque voglia implementare un server NIS, di rendere prima di tutto sicuro il servizio <code class="command">portmap</code>, come indicato nella <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html">Sezione 3.2.2, «Proteggere Portmap»</a>, e successivamente risolvere al meglio i seguenti problemi, come la pianificazione della rete.
+ </div><div class="section" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network">3.2.3.1. Pianificare attentamente la rete</h4></div></div></div><div class="para">
+ Poichè NIS trasmette informazioni sensibili senza usare alcuna cifratura, è importante che il servizio esegua dietro un firewall e su una rete segmentata e fidata. Se tali informazioni si trovano a transitare su una rete non fidata, essi sono a rischio di intercettazione. Una progettazione attenta della rete può aiutare a prevenire falle irrimediabili di sicurezza.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Indietro</strong>3.2.2.2. Proteggere portmap con iptables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Avanti</strong>3.2.3.2. Usare una Password come Nome Dominio e H...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html
new file mode 100644
index 0000000..a41e568
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2. Proteggere Portmap</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="3.2.2.2. Proteggere portmap con iptables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security_Guide-Server_Security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_Portmap"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Proteggere Portmap</h3></div></div></div><div class="para">
+ Il servizio <code class="command">portmap</code> è un demone di assegnamento dinamico di porte per servizi RPC, come NIS e NFS. Può assegnare un esteso range di porte, ma presenta un meccanismo di autenticazione piuttosto debole e perciò è piuttosto difficile da rendere sicuro.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ L'implementazione di una policy di sicurezza in <code class="command">portmap</code> è indispensabile solo con le versioni v2 e v3 di NFS, giacchè la versione v4 non fa più uso di <code class="command">portmap</code>. Se si ha intenzione di implementare un server NFSv2 o NFSv3, allora occorre usare <code class="command">portmap</code> e seguire le seguenti indicazioni.
+ </div></div></div><div class="para">
+ Se si eseguono servizi RPC, seguire le seguenti regole di base.
+ </div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers">3.2.2.1. Proteggere portmap con TCP Wrapper</h4></div></div></div><div class="para">
+ Data la sua mancanza di una forma di autenticazione integrata, per limitare l'accesso di reti ed host al servizio <code class="command">portmap</code>, è importante usare TCP Wrapper.
+ </div><div class="para">
+ Inoltre, per limitare l'accesso al servizio, usare <span class="emphasis"><em>soltanto</em></span> indirizzi IP. Evitare di usare hostname, giacchè essi possono venir contraffatti da DNS fasulli e da altri metodi.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>Indietro</strong>3.2. Server Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Avanti</strong>3.2.2.2. Proteggere portmap con iptables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html
new file mode 100644
index 0000000..e616f2a
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7. Proteggere Sendmail</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="3.2.6.4. Usare TCP Wrapper per il controllo degli accessi" /><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="3.2.7.2. NFS e Sendamil" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class
="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Proteggere Sendmail</h3></div></div></div><div class="para">
+ Sendmail è un MTA (Mail Transfer Agent) che usa SMTP (Simple Mail Transfer Protocol) per trasferire posta elettronica tra altri MTA ed ai client di posta. Sebbene molti MTA siano capaci di cifrare le comunicazioni, la maggior parte di essi non lo sono, perciò spedire posta elettronica su una rete pubblica è considerato una forma di comunicazione inerentemente non sicura.
+ </div><div class="para">
+ A chiunque sia desideroso di implemetare un server Sendmail, si raccomanda di seguire le seguenti indicazioni.
+ </div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">3.2.7.1. Limitare un attacco tipo DoS</h4></div></div></div><div class="para">
+ Data la natura dei messaggi di posta elettronica, un attaccante potrebbe molto facilmente sovraccaricare il server inondandolo con flussi ininterrotti di messaggi (fllooding), causando un Denial of Service (DoS). Impostando i limiti alle seguenti direttive, presenti nel file <code class="filename">/etc/mail/sendmail.mc</code>, si limita il rischio legato a tali attacchi.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">confCONNECTION_RATE_THROTTLE</code> — Il numero di connessioni al secondo accettate dal server. Per impostazione, Sendmail non presenta un limite al numero di connessioni. Se viene impostato un limite ed esso viene superato, le future connessioni vengono ritardate.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_DAEMON_CHILDREN</code> — Il numero massimo di processi (child) generati dal processo server (parent). Per impostazione, Sendmail non assegna alcun limite al numero di processi child. Se viene impostato un limite e superato, le future connessioni vengono ritardate.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMIN_FREE_BLOCKS</code> — Il numero minimo di blocchi che devono rimanere liberi perchè il server continui a ricevere mail. Il valore predefinito è 100.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_HEADERS_LENGTH</code> — La dimensione massima, in byte, per l'intestazione (header) del messaggio.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_MESSAGE_SIZE</code> — La dimensione massima, in byte, per un singolo messaggio.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Indietro</strong>3.2.6.4. Usare TCP Wrapper per il controllo degli...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Avanti</strong>3.2.7.2. NFS e Sendamil</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
new file mode 100644
index 0000000..77439f6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.5. Proteggere HTTP Apache</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html" title="3.2.4.4. Configurazione di firewall in NFS" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. Proteggere FTP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
ef="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Proteggere HTTP Apache</h3></div></div></div><div class="para">
+ Il server HTTP Apache è uno dei servizi più stabili e sicuri distribuiti con Fedora. Un gran numero di opzioni e tecniche sono disponibili per rendere sicuro il server HTTP Apache — troppe per essere analizzate tutte quì con la necessaria dovizia. La seguente sezione spiega brevemente, buone pratiche di utilizzo del server HTTP Apache.
+ </div><div class="para">
+ Verificare sempre che gli script in esecuzione sul sistema funzionino correttamente, <span class="emphasis"><em>prima </em></span> di renderli effettivi in sistemi di produzione. Inoltre, assicurarsi che soltanto l'utente root abbia permessi di scrittura nelle directory contenente script o CGI. Per fare ciò eseguire i seguenti comandi, come root:
+ </div><div class="orderedlist"><ol><li class="listitem"><pre class="screen">chown root <em class="replaceable"><code><directory_name></code></em></pre></li><li class="listitem"><pre class="screen">chmod 755 <em class="replaceable"><code><directory_name></code></em></pre></li></ol></div><div class="para">
+ Gli amministratori di sistema dovrebbero prestare la massima attenzione nell'uso delle seguenti direttive, configurabili in <code class="filename">/etc/httpd/conf/httpd.conf</code>:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><code class="option">FollowSymLinks</code></span></dt><dd><div class="para">
+ La direttiva è abilitata per impostazione; prestare la dovuta attenzione a non creare link simbolici al root document del server web. Per esempio, sarebbe una pessima idea creare un link simbolico a <code class="filename">/</code>.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">Indexes</code></span></dt><dd><div class="para">
+ La direttiva è abilitata per impostazione, ma potrebbe non essere desiderabile. Per impedire ai visitatori di sfogliare i file sul server, disabilitare questa direttiva.
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">UserDir</code></span></dt><dd><div class="para">
+ La direttiva <code class="option">UserDir</code>, è disabilitata per impostazione perchè può confermare la presenza di un account nel sistema. Per consentire la visualizzazione della directory di un utente, usare le seguenti direttive:
+ </div><pre class="screen">UserDir enabled
+UserDir disabled root</pre><div class="para">
+ Queste direttive consentono la navigazione nelle directory degli utenti, esclusa la directory <code class="filename">/root/</code>. Per aggiungere altre directory da disabilitare, aggiungere gli account utenti, separati da spazio, alla riga <code class="option">UserDir disabled</code>.
+ </div></dd></dl></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Non rimuovere la direttiva <code class="option">IncludesNoExec</code>. Per impostazione, il modulo <em class="firstterm">SSI</em> (<abbr class="abbrev">Server-Side Includes</abbr>) non può eseguire comandi. Si raccomanda di non cambiare questa impostazione a meno che non sia strettamente necessario, poichè potrebbe abilitare un attaccante ad eseguire comandi.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>Indietro</strong>3.2.4.4. Configurazione di firewall in NFS</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Avanti</strong>3.2.6. Proteggere FTP</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
new file mode 100644
index 0000000..be41275
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.8. Controllare le porte in ascolto</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. Server Security" /><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="3.2.7.3. Utenti di sola posta elettronica" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Secu
rity_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. Controllare le porte in ascolto</h3></div></div></div><div class="para">
+ Dopo aver configurato i servizi di rete, diventa di primaria importanza prestare la dovuta attenzione alle porte effettivamente in ascolto sulle interfacce di rete. Ogni porta aperta è un rischio di intrusione.
+ </div><div class="para">
+ Esistono due approcci di base per elencare le porte in ascolto. Quello meno affidabile è interrogare lo stack di rete usando comandi come <code class="command">netstat -an</code> o <code class="command">lsof -i</code>. Il metodo è poco affidabile, in quanto questi programmi non si connettono alla macchina dalla rete, ma controllano i servizi in esecuzione sul sistema. Per questo motivo, queste applicazioni sono frequenti obbiettivi degli attaccanti. I cracker, in genere, nascondono le tracce dei loro interventi sulle porte che sono riusciti ad aprire, sostituendo <code class="command">netstat</code> e <code class="command">lsof</code> con proprie versioni modificate.
+ </div><div class="para">
+ Un metodo più affidabile per controllare le porte aperte, è usare uno scanner come <code class="command">nmap</code>.
+ </div><div class="para">
+ Il seguente comando digitato in un terminale, determina le porte in ascolto su connessioni TCP:
+ </div><pre class="screen">nmap -sT -O localhost</pre><div class="para">
+ L'uscita del comando assomiglia a:
+ </div><pre class="screen">Starting Nmap 5.21 ( http://nmap.org ) at 2010-07-08 19:00 CEST
+Nmap scan report for localhost (127.0.0.1)
+Host is up (0.00016s latency).
+Not shown: 1711 closed ports
+PORT STATE SERVICE
+22/tcp open ssh
+25/tcp open smtp
+111/tcp open rpcbind
+113/tcp open auth
+631/tcp open ipp
+834/tcp open unknown
+2601/tcp open zebra
+32774/tcp open sometimes-rpc11
+Device type: general purpose
+Running: Linux 2.6.X
+OS details: Linux 2.6.32.14-127.fc12.i686.PAE
+Network Distance: 0 hops
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 16.44 seconds</pre><div class="para">
+ L'output mostra i servizi in esecuzione. Nell'esempio, un sospetto potrebbe venire sul servizio <span class="emphasis"><em>unknown</em></span> in esecuzione sulla porta TCP 834. Per controllare se le porta è associata alla lista ufficiale dei servizi noti, si lancia il comando:
+ </div><pre class="screen">cat /etc/services | grep 834</pre><div class="para">
+ Nel caso dell'esempio non si ha alcun output. Quindi, nonostante la porta faccia parte di un range di porte riservate (0 - 1023), e la sua apertura richiederebbe il permesso di root, essa non è associata ad alcun servizio noto.
+ </div><div class="para">
+ Allora, si prova ad ottenere alcune informazioni sulla porta, usando il comando <code class="command">netstat</code> o <code class="command">lsof</code>. Per controllare la porta 834 con <code class="command">netstat</code>, si digita:
+ </div><pre class="screen">netstat -anp | grep 834</pre><div class="para">
+ Il comando restituisce il seguente output:
+ </div><pre class="screen">tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind</pre><div class="para">
+ La scoperta fatta con <code class="command">netstat</code> che la porta è aperta, è abbastanza rassicurante, poichè un cracker che apra furtivamente una porta non ne permetterebbe la rivelazione con questo comando. Inoltre, l'opzione <code class="option">[p]</code> rivela l'ID del processo (PID) che ha aperto la porta. In questo caso la porta appartiene a <code class="command">ypbind</code> (<abbr class="abbrev">NIS</abbr>) che è un servizio <abbr class="abbrev">RPC</abbr> gestito insieme al servizio <code class="command">portmap</code>.
+ </div><div class="para">
+ L'uscita del comando <code class="command">lsof</code> sarebbe molto simile al precedente, giacchè anch'esso è in grado di collegare le porte aperte ai servizi:
+ </div><pre class="screen">lsof -i | grep 834</pre><div class="para">
+ La porzione di output rilevante per il nostro esempio è:
+ </div><pre class="screen">ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)</pre><div class="para">
+ Questi strumenti rivelano una grande quantità di informazioni sullo stato dei servizi in esecuzione. Essi sono flessibili ed offrono una varietà di informazioni sui servizi e la configurazione di rete. Per maggiori informazioni vedere le pagine di man relative a <code class="command">lsof</code>, <code class="command">netstat</code>, <code class="command">nmap</code>, e <code class="filename">services</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Indietro</strong>3.2.7.3. Utenti di sola posta elettronica</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Avanti</strong>3.3. Single Sign-on (SSO)</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html
new file mode 100644
index 0000000..062d8c7
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Server Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Proteggere Portmap" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a access
key="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Server_Security" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Server_Security">3.2. Server Security</h2></div></div></div><div class="para">
+ Quando un sistema è impiegato come un server su una rete pubblica, esso diventa un potenziale obbiettivo degli attaccanti. Consolidare il sistema e bloccare i servizi non necessari sono le operazioni che ogni buon amministratore deve effettuare.
+ </div><div class="para">
+ Di seguito si riassumono alcuni utili suggerimenti di validità generale:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Mantenere tutti i servizi aggiornati
+ </div></li><li class="listitem"><div class="para">
+ Usare protocolli sicuri (per quanto possibile)
+ </div></li><li class="listitem"><div class="para">
+ Offrire soltanto un tipo di servizio per macchina (per quanto possibile)
+ </div></li><li class="listitem"><div class="para">
+ Controllare attentamente tutti i servizi alla ricerca di attività sospette
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. Proteggere i servizi con TCP Wrapper e xinetd</h3></div></div></div><div class="para">
+ <em class="firstterm">TCP Wrapper</em> offrono controllo d'accesso ad una varietà di servizi. La maggior parte dei servizi di rete come SSH, Telent ed FTP usano TCP Wrapper che si interpongono a guardia tra una richiesta di servizio e il servizio stesso.
+ </div><div class="para">
+ I vantaggi offerti dai TCP Wrapper aumentano se usati in congiunzione con <code class="command">xinetd</code>, un super server che garantisce ulteriore controllo su accessi, logging, binding, redirection e utilizzo delle risorse.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ E' una buona idea usare anche regole di firewall, iptable, per creare ridondanza nell'ambito dei controlli d'accesso. Per maggiori informazioni sull'implementazione di firewall con i comandi iptable, fare riferimento alla <a class="xref" href="sect-Security_Guide-Firewalls.html">Sezione 3.8, «Firewall»</a>.
+ </div></div></div><div class="para">
+ Di seguito si illustrano alcune opzioni di sicurezza di base.
+ </div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">3.2.1.1. Aumentare la sicurezza con TCP Wrapper</h4></div></div></div><div class="para">
+ TCP Wrapper non solo negano l'accesso ai servizi. Questa sezione mostra come usare i TCP Wrapper per trasmettere connection banner, avvisi d'attacco da parte di host e migliorare le funzionalità di log. Per maggiori informazioni sui TCP Wrappers ed il corrispondente linguaggio, fare riferimento alle pagine man relative a <code class="filename">hosts_options</code>.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">3.2.1.1.1. TCP Wrapper e Connection Banner</h5></div></div></div><div class="para">
+ La visualizzazione di un banner durante la connessione ad un servizio, può rivelarsi un buon deterrente nei confronti di potenziali attaccanti, in quanto segnala la vigilanza dell'amministratore. Si possono anche selezionare le informazioni di sistema da pubblicare. Per implementare un banner TCP Wrapper per un servizio, usare l'opzione <code class="option">banner</code>.
+ </div><div class="para">
+ L'esempio implementa un banner per il servizio <code class="command">vsftpd</code>. Iniziare, creando un file banner. Esso può essere salvato in una directory qualunque, l'importante è che abbia lo stesso nome del servizio. Per l'esempio, il file è <code class="filename">/etc/banners/vsftpd</code> con il seguente contenuto:
+ </div><pre class="screen">220-Hello, %c
+220-All activity on ftp.example.com is logged.
+220-Inappropriate use will result in your access privileges being removed.</pre><div class="para">
+ Il token <code class="command">%c</code> presenta una varietà di informazioni sul client, come il nome utente e l'hostname o il nome utente e l'indirizzo IP, per rendere la connessione abbastanza intimidatoria.
+ </div><div class="para">
+ Per visualizzare il banner sulle richieste in corso, aggiungere la seguente riga al file <code class="filename">/etc/hosts.allow</code>:
+ </div><pre class="screen"><code class="command"> vsftpd : ALL : banners /etc/banners/ </code></pre></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings">3.2.1.1.2. TCP Wrapper e avvisi di attacco</h5></div></div></div><div class="para">
+ Nel caso si siano scoperti uno o più host condurre un attacco contro il server, i TCP Wrapper possono essere configurati in modo da avvisare l'amministratore in caso di attacchi successivi, usando la direttiva <code class="command">spawn</code>.
+ </div><div class="para">
+ Di seguito si assume che un cracker dalla rete 206.182.68.0/24 stia tentando un attacco. Per impedire ogni connessione dalla rete incriminata e salvare i log dei tentativi di attacco in un file speciale, inserire la riga seguente nel file <code class="filename">/etc/hosts.deny</code>:
+ </div><pre class="screen"><code class="command"> ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert </code></pre><div class="para">
+ Il token <code class="command">%d</code> indica il nome del servizio obbiettivo dell'attacco.
+ </div><div class="para">
+ Per consentire la connessione, inserire la direttiva <code class="command">spawn</code> nel file <code class="filename">/etc/hosts.allow</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Poichè la direttiva <code class="command">spawn</code> esegue anche comandi di shell, è una buona regola creare un particolare script che avvisi l'amministratore o che esegua una serie di comandi, ogniqualvolta un particolare client tenta di connettersi al server.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">3.2.1.1.3. TCP Wrapper e messaggi di log </h5></div></div></div><div class="para">
+ Se occorre tenere traccia di certe particolari connessioni, il livello di log del servizio corrispondente può essere elevato usando l'opzione <code class="command">severity</code>.
+ </div><div class="para">
+ In questo esempio si assume che chiunque tenti di connettersi alla porta 23 (la porta Telnet) di un server FTP, debba essere considerato un potenziale cracker. Per questa situazione, sostituire il flag <code class="command">info</code> con <code class="command">emerg</code> nel file di log, e vietare la connessione.
+ </div><div class="para">
+ Inserire quindi la seguente linea nel file <code class="filename">/etc/hosts.deny</code>:
+ </div><pre class="screen"><code class="command"> in.telnetd : ALL : severity emerg </code></pre><div class="para">
+ In questo caso si usa la SyslogFacility <code class="command">authpriv</code>, elevando la priorità dal valore predefinito <code class="command">info</code> a <code class="command">emerg</code>, che invia i messaggi di log direttamente alla console.
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd">3.2.1.2. Aumentare la sicurezza con xinetd</h4></div></div></div><div class="para">
+ Questa sezione spiega come usare <code class="command">xinetd</code> per impostare un <span class="emphasis"><em>trap service</em></span> e per controllare i livelli di risorse disponibili per un servizio. Limitare le risorse ai servizi può contribuire a contrastare gli attacchi <acronym class="acronym">DoS</acronym> (<em class="firstterm">Denial of Service</em>). Fare riferimento alle pagine di man relative a <code class="command">xinetd</code> e <code class="filename">xinetd.conf</code>, per una lista di opzioni disponibili.
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap">3.2.1.2.1. Impostare un Trap</h5></div></div></div><div class="para">
+ Una caratteristica importante di <code class="command">xinetd</code> è la possibilità di inserire gli host, cui si vuole negare l'accesso ai servizi, in una lista <code class="filename">nera</code>. Agli host della lista è vietato, per un certo periodo di tempo o fino al successivo riavvio di <code class="command">xinetd</code>, di accedere ai servizi gestiti da <code class="command">xinetd</code>. Per fare ciò, occorre usare l'attributo <code class="command">SENSOR</code>. Si tratta di un modo semplice per bloccare gli host che scansionano le porte del server.
+ </div><div class="para">
+ Il primo passo da fare per impostare un <code class="command">SENSOR</code>, è scegliere un servizio che si presume non venga utilizzato. Per questo esempio si fa riferimento a Telnet.
+ </div><div class="para">
+ Nel file <code class="filename">/etc/xinetd.d/telnet</code> modificare la riga <code class="option">flags</code> come indicato di seguito:
+ </div><pre class="screen">flags = SENSOR</pre><div class="para">
+ Aggiungere la seguente riga:
+ </div><pre class="screen">deny_time = 30</pre><div class="para">
+ L'impostazione vieta ogni tentativo di connessione verso la porta, per trenta minuti. Altri possibili valori per l'attributo <code class="command">deny_time</code> sono FOREVER e NEVER. Il primo mantiene il divieto fino al successivo riavvio di <code class="command">xinetd</code>; il secondo permette la connessione senza alcun divieto.
+ </div><div class="para">
+ Infine, l'ultima riga:
+ </div><pre class="screen">disable = no</pre><div class="para">
+ L'impostazione abilita il trap.
+ </div><div class="para">
+ Anche se l'utilizzo di <code class="option">SENSOR</code> è un buon metodo per rilevare e bloccare le connessioni da host indesiderati, esso presenta due svantaggi:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Esso non funziona nel caso di scansioni nascoste.
+ </div></li><li class="listitem"><div class="para">
+ Un attaccante che scopra un <code class="option">SENSOR</code> in esecuzione, potrebbe avviare un attacco DoS contro altri host fidati e, falsificando i loro indirizzi IP, connettersi alla porta.
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources">3.2.1.2.2. Controllare le risorse server</h5></div></div></div><div class="para">
+ Un'altra importante caratteristica di <code class="command">xinetd</code> è la sua capacità di limitare le risorse dei servizi controllati.
+ </div><div class="para">
+ Per fare ciò usare le seguenti direttive:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">cps = <number_of_connections> <wait_period></code> — Limita il tasso di connessioni, specificando:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><number_of_connections></code> — Il numero di connessioni per secondo da gestire. Se il tasso di connessioni supera questo valore, il servizio viene temporaneamente disabilitato. Il valore predefinito è 50.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><wait_period></code> — Dopo una disabilitazione, il tempo di attesa, in secondi, prima di ri-abilitare il servizio. Il valore predefinito è 10.
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">instances = <number_of_connections></code> — Specifica il numero totale di connessioni consentite ad un servizio. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">per_source = <number_of_connections></code> — Specifica per ciascun host, il numero di connessioni consentite ad un servizio. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_as = <number[K|M]></code> — Specifica la quantità di memoria che il servizio può occupare in KB o MB. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_cpu = <number_of_seconds></code> — Specifica il periodo in secondi, dedicato al servizio dalla CPU. La direttiva accetta sia un valore intero sia <code class="command">UNLIMITED</code>.
+ </div></li></ul></div><div class="para">
+ Attraverso queste direttive si può prevenire che un singolo servizio, controllato da <code class="command">xinetd</code>, possa sovraccaricare il sistema, causando un DoS.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Indietro</strong>Capitolo 3. Proteggere la rete locale</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Avanti</strong>3.2.2. Proteggere Portmap</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
new file mode 100644
index 0000000..507e5e3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.5. Configurare Firefox ad usare Kerberos con SSO</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="3.3.4. Come funziona l'accesso via Smart Card" /><link rel="next" href="sect-Security_Guide-Yubikey.html" title="3.4. Yubikey" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Secu
rity_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Configurare Firefox ad usare Kerberos con SSO</h3></div></div></div><div class="para">
+ E' possibile configurare Firefox ad usare Kerberos con SSO. Perchè questa funzionalità operi correttamente, occorre configurare il browser in modo da inviare le credenziali Kerberos al <abbr class="abbrev">KDC</abbr> appropriato. Il seguente paragrafo descriverà i passi necessari per una corretta configurazione.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Per visualizzare le attuali opzioni di configurazione, nella barra degli indirizzi di Firefox digitare <strong class="userinput"><code>about:config</code></strong>.
+ </div></li><li class="listitem"><div class="para">
+ Nel campo <span class="guilabel"><strong>Filter</strong></span>, digitare <strong class="userinput"><code>negotiate</code></strong> per restringere la lista delle opzioni.
+ </div></li><li class="listitem"><div class="para">
+ Fare doppio click sull'opzione <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span>, per visualizzare la finestra di dialogo <span class="emphasis"><em>Inserimento stringa</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ Inserire il nome del dominio entro cui si richiede di essere autenticati, per esempio <em class="replaceable"><code>example.com</code></em>.
+ </div></li><li class="listitem"><div class="para">
+ Ripetere i passi precedenti con il campo <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span>, usando lo stesso nome di dominio.
+ </div><div class="para">
+ <div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Si può lasciare vuoto questo campo, giacchè autorizza il passaggio dei ticket Kerberos, che non è richiesto.
+ </div><div class="para">
+ Se queste due opzioni di configurazione non sono elencate, si sta usando una versione di Firefox troppo vecchia, per cui si consiglia di effettuare un up-grade.
+ </div></div></div>
+
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Configuring_Firefox_for_SSO_with_Kerberos"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firefox_kerberos_SSO.png" width="444" alt="Configurazione di Firefox per SSO con Kerberos" /><div class="longdesc"><div class="para">
+ Configurazione di Firefox per SSO con Kerberos
+ </div></div></div></div><h6>Figura 3.6. Configurazione di Firefox per SSO con Kerberos</h6></div><br class="figure-break" /><div class="para">
+ A questo punto occorre assicurarsi di avere i ticket Kerberos. In un terminale, digitare <code class="command">kinit</code> per recuparare i ticket. Per visualizzare la lista dei ticket disponibili, digitare <code class="command">klist</code>. Di seguito si mostra un esempio di utilizzo di questi comandi:
+ </div><pre class="screen">[user at host ~] $ kinit
+Password for user at EXAMPLE.COM:
+
+[user at host ~] $ klist
+Ticket cache: FILE:/tmp/krb5cc_10920
+Default principal: user at EXAMPLE.COM
+
+Valid starting Expires Service principal
+10/26/06 23:47:54 10/27/06 09:47:54 krbtgt/USER.COM at USER.COM
+ renew until 10/26/06 23:47:54
+
+Kerberos 4 ticket cache: /tmp/tkt10920
+klist: You have no tickets cached</pre><div class="section" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting">3.3.5.1. Risoluzione problemi</h4></div></div></div><div class="para">
+ Se si sono seguiti i passaggi di configurazione indicati ma il processo di autenticazione non funziona, è possibile attivare in modalità verbosa, i messaggi del processo di autenticazione. In tal modo è possibile individuare la causa del problema. Per abilitare la modalità verbosa, seguire i seguenti passaggi:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Chiudere tutte le istanze di Firefox.
+ </div></li><li class="listitem"><div class="para">
+ Aprire un terminale e digitare i seguenti comandi:
+ </div><pre class="screen">export NSPR_LOG_MODULES=negotiateauth:5
+export NSPR_LOG_FILE=/tmp/moz.log</pre></li><li class="listitem"><div class="para">
+ Riavviare Firefox <span class="emphasis"><em>dal terminale</em></span> e visitare il sito che precedentemente dava problemi di autenticazione. I vari messaggi saranno registrati in <code class="filename">/tmp/moz.log</code>, dove una loro analisi potrà fornire una soluzione al problema. Per esempio:
+ </div><pre class="screen">-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
+-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
+No credentials cache found</pre><div class="para">
+ Nel caso sovraindicato non si hanno i ticket Kerberos, per cui occorre eseguire <code class="command">kinit</code>.
+ </div></li></ol></div><div class="para">
+ Se <code class="command">kinit</code> esegue con successo sulla propria macchina, ma l'autenticazione non riesce, allora nel file di log comparirà qualcosa del genere:
+ </div><pre class="screen">-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
+-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
+Server not found in Kerberos database</pre><div class="para">
+ Generalmente ciò indica un problema di configurazione di Kerberos. Assicurarsi che, siano esatte, le impostazioni nella sezione [domain_realm] del file <code class="filename">/etc/krb5.conf</code>. Per esempio:
+ </div><pre class="screen">.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ Se il file di log è vuoto, probabilmente si è dietro un proxy, il quale elimina le intestazioni HTTP necessarie per il processo di autenticazione. Un modo per raggirare il problema, consiste nel connettersi al server usando HTTPS, che permette alla richiesta di passare senza modificazioni. Quindi procedere alla fase di debug, ricorrendo come suggerito al file di log.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Indietro</strong>3.3.4. Come funziona l'accesso via Smart Card</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey.html"><strong>Avanti</strong>3.4. Yubikey</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
new file mode 100644
index 0000000..6816620
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.2. Primo utilizzo di una nuova Smart Card</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="3.3.3. Come funziona la registrazione di una Smart Card" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. Primo utilizzo di una nuova Smart Card</h3></div></div></div><div class="para">
+ Prima di poter usare la smart card sul proprio sistema e avvantaggiarsi delle possibilità di sicurezza offerte da questa tecnologia, occorre effettuare alcune installazioni e configurazioni, come descritto di seguito.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Questo paragrafo offre una descrizione generale su come iniziare ad usare la propria smart card. Per informazioni più dettagliate consultare "Red Hat Certificate System Enterprise Security Client Guide".
+ </div></div></div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Accedere con le proprie credenziali (nome/password) Kerberos.
+ </div></li><li class="step"><div class="para">
+ Assicurarsi che sia installato il pacchetto <code class="filename">nss-tools</code>.
+ </div></li><li class="step"><div class="para">
+ Scaricare ed installare i propri certificati. Usare il seguente comando per installare il root CA certificate:
+ </div><pre class="screen">certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i ./ca_cert_in_base64_format.crt</pre></li><li class="step"><div class="para">
+ Verificare che siano installati i seguenti pacchetti: esc, pam_pkcs11, coolkey, ifd-egate, ccid, gdm, authconfig, ed authconfig-gtk.
+ </div></li><li class="step"><div class="para">
+ Abilitare l'accesso via Smart Card
+ </div><ol class="a"><li class="step"><div class="para">
+ Nel menu di GNOME, selezionare Sistema->Amministrazione->Autenticazione.
+ </div></li><li class="step"><div class="para">
+ Inserire, quando richiesto, la password di root.
+ </div></li><li class="step"><div class="para">
+ Nella finestra di Configurazione dell'Autenticazione, selezionare la scheda <span class="guilabel"><strong>Autenticazione</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Spuntare la checkbox <span class="guilabel"><strong>Abilitare il supporto per Smart Card</strong></span>.
+ </div></li><li class="step"><div class="para">
+ Cliccare sul bottone <span class="guibutton"><strong>Configura Smart Card...</strong></span> per modificare le impostazioni di Smartcard:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Richiedere smart card, per accedere</strong></span> — Disabilitare la checkbox. Una volta effettuato l'accesso con la smart card, si può abilitare questa opzione per impedire l'accesso senza una smart card.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>In caso di rimozione</strong></span> — Una volta effettuato l'accesso, questa opzione imposta alcuni eventi legati alla rimozione della smart card. Le opzioni possibili sono:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Blocca</strong></span> — La rimozione della smart card provoca il blocco dello schermo.
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Ignora</strong></span> — La rimozione della smart card non provoca alcun effetto.
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </div></li></ol></li><li class="step"><div class="para">
+ Se occorre abilitare <abbr class="abbrev">OCSP</abbr> (Online Certificate Status Protocol), aprire il file <code class="filename">/etc/pam_pkcs11/pam_pkcs11.conf</code> e individuare la riga contenente la seguente opzione:
+ </div><div class="para">
+ <code class="command">enable_ocsp = false;</code>
+ </div><div class="para">
+ Modificare come indicato di seguito:
+ </div><div class="para">
+ <code class="command">enable_ocsp = true;</code>
+ </div></li><li class="step"><div class="para">
+ Registrare la smart card
+ </div></li><li class="step"><div class="para">
+ Se si usa una card CAC, occorre completare i seguenti passaggi:
+ </div><ol class="a"><li class="step"><div class="para">
+ Come utente root, creare un file denominato <code class="filename">/etc/pam_pkcs11/cn_map</code>.
+ </div></li><li class="step"><div class="para">
+ Al file <code class="filename">cn_map</code> appena creato, aggiungere la riga seguente:
+ </div><div class="para">
+ <em class="replaceable"><code>MY.CAC_CN.123454</code></em> -> <em class="replaceable"><code>myloginid</code></em>
+ </div><div class="para">
+ dove, <em class="replaceable"><code>MY.CAC_CN.123454</code></em> è il Common Name sulla propria card CAC e <em class="replaceable"><code>myloginid</code></em> è il proprio UID di accesso.
+ </div></li></ol></li><li class="step"><div class="para">
+ Logout
+ </div></li></ol></div><div class="section" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting">3.3.2.1. Risoluzione problemi</h4></div></div></div><div class="para">
+ In caso di problemi con la smart card, per localizzare la causa del problema provare ad usare il seguente comando (smart card registrata ed inserita nel lettore):
+ </div><pre class="screen">pklogin_finder debug</pre><div class="para">
+ Il comando <code class="command">pklogin_finder</code> in modalità debug, cerca di recuperare la validità dei certificati e di verificare se uno UID sia associato ad uno dei certificati presenti nella card.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Indietro</strong>3.3. Single Sign-on (SSO)</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Avanti</strong>3.3.3. Come funziona la registrazione di una Smar...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
new file mode 100644
index 0000000..abe2fd1
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.3. Come funziona la registrazione di una Smart Card</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="3.3.2. Primo utilizzo di una nuova Smart Card" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="3.3.4. Come funziona l'accesso via Smart Card" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Sit
e" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. Come funziona la registrazione di una Smart Card</h3></div></div></div><div class="para">
+ Le smart card vengono <em class="firstterm">registrate</em> nel momento in cui ricevono un certificato firmato da un <abbr class="abbrev">CA</abbr> (Autorità di Certificazione). Il processo involve diversi passaggi, descritti di seguito:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ L'utente inserisce la propria smart card in un lettore nei pressi della macchina. Questo evento è intercettato da <abbr class="abbrev">ESC</abbr> (Enterprise Security Client).
+ </div></li><li class="listitem"><div class="para">
+ Sul desktop dell'utente viene visualizzata la pagina di registrazione. L'utente inserisce le necessarie informazioni, dopodichè il sistema contatta il <abbr class="abbrev">TPS</abbr> (Token Processing System) e il <abbr class="abbrev">CA</abbr>.
+ </div></li><li class="listitem"><div class="para">
+ Il <abbr class="abbrev">TPS</abbr> registra la smart card usando un certificato firmato dal <abbr class="abbrev">CA</abbr>.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Enrollment_Works-How_Smart_Card_Enrollment_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLoginEnrollment.png" width="444" alt="Come funziona la registrazione di una Smart Card" /><div class="longdesc"><div class="para">
+ Funzionamento della registrazione di una Smart Card.
+ </div></div></div></div><h6>Figura 3.4. Come funziona la registrazione di una Smart Card</h6></div><br class="figure-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Indietro</strong>3.3.2. Primo utilizzo di una nuova Smart Card</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Avanti</strong>3.3.4. Come funziona l'accesso via Smart Card</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
new file mode 100644
index 0000000..baef6e3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.4. Come funziona l'accesso via Smart Card</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="3.3.3. Come funziona la registrazione di una Smart Card" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="3.3.5. Configurare Firefox ad usare Kerberos con SSO" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. Come funziona l'accesso via Smart Card</h3></div></div></div><div class="para">
+ Questo paragrafo offre una breve panoramica sul processo di accesso usando smart card.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Quando l'utente inserisce la propria smart card nel lettore, l'evento è intercettato da PAM che chiede di inserire il PIN utente.
+ </div></li><li class="listitem"><div class="para">
+ Quindi, il sistema controlla i certificati attuali dell'utente e verifica la loro validità. Il certificato è successivamente associato all'UID dell'utente.
+ </div></li><li class="listitem"><div class="para">
+ Infine il KDC conferma e autorizza l'accesso.
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Login_Works-How_Smart_Card_Login_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLogin.png" width="444" alt="Come funziona l'accesso via Smart Card" /><div class="longdesc"><div class="para">
+ Funzionamento dell'accesso via Smart Card
+ </div></div></div></div><h6>Figura 3.5. Come funziona l'accesso via Smart Card</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Non è possibile accedere al sistema con una card non registrata anche se formattata: per accedere al sistema, occorre possedere una card che sia formattata e registrata.
+ </div></div></div><div class="para">
+ Vedere la <a class="xref" href="sect-Security_Guide-Kerberos.html">Sezione 3.7, «Kerberos»</a> e la <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">Sezione 3.5, «Pluggable Authentication Modules (PAM)»</a>, per maggiori informazioni su Kerberos e <acronym class="acronym">PAM</acronym>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Indietro</strong>3.3.3. Come funziona la registrazione di una Smar...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Avanti</strong>3.3.5. Configurare Firefox ad usare Kerberos con ...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html
new file mode 100644
index 0000000..af1adff
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Single Sign-on (SSO)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="3.2.8. Controllare le porte in ascolto" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="3.3.2. Primo utilizzo di una nuova Smart Card" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Single_Sign_on_SSO" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. Introduzione</h3></div></div></div><div class="para">
+ La funzionalità SSO di Fedora serve a ridurre il numero di autenticazioni richieste agli utenti Fedora. La maggior parte delle applicazioni sfruttano gli stessi meccanismi di autenticazione ed autorizzazione, cosicchè una volta loggati in Fedora, gli utenti non devono reinserire la loro password. Queste applicazioni sono illustrate più avanti.
+ </div><div class="para">
+ Inoltre, gli utenti possono accedere alle loro macchine anche in assenza di una connessione di rete (<em class="firstterm">modalità offline</em>), oppure in condizioni di connessioni inaffidabili, per esempio in accessi wireless. In quest'ultimo caso, il livello dei servizi risulterà leggermente degradato.
+ </div><div class="section" id="sect-Security_Guide-Introduction-Supported_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Applications">3.3.1.1. Applicazioni supportate</h4></div></div></div><div class="para">
+ Di seguito si elencano le applicazioni che attualmente supportano lo schema di accesso unificato in Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Login
+ </div></li><li class="listitem"><div class="para">
+ Salvaschermo
+ </div></li><li class="listitem"><div class="para">
+ Firefox e Thunderbird
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">3.3.1.2. Meccanismi di autenticazione supportati</h4></div></div></div><div class="para">
+ Fedora correntemente supporta i seguenti meccanismi di autenticazione:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Login via nome/password Kerberos
+ </div></li><li class="listitem"><div class="para">
+ Login via Smart Card
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Smart_Cards"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Smart_Cards">3.3.1.3. Smart Card supportate</h4></div></div></div><div class="para">
+ Fedora è stato testato con il lettore e le smart-card Cyberflex, ma anche altre smart-card conformi alle specifiche Java card 2.1.1 e Global Platform 2.0.1 dovrebbero operare correttamente, come ogni lettore che sia supportato dalla piattaforma PCSC.
+ </div><div class="para">
+ Fedora è stato testato anche con lo standard Common Access Cards (CAC) (n.d.t. impiegato principalmente negli U.S.A. dal DoD). Il lettore supportato per CAC è l'SCM SCR 331 USB.
+ </div><div class="para">
+ Fedora supporta anche smart card Gemalto Cyberflex Access 64k v2, conformi con gli standard DER SHA-1 configurati come in PKCSI v2.1. Queste smart card ora usano lettori che si conformano alle norme CCID (Chip/Smart Card Interface Devices).
+ </div></div><div class="section" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">3.3.1.4. Vantaggi di Single Sign-on di Fedora</h4></div></div></div><div class="para">
+ Oggigiorno, esistono numerosi meccanismi di sicurezza che utilizzano una varietà di protocolli e di <span class="emphasis"><em>credential store</em></span>. Tra questi si ricordano SSL, SSH, IPsec e Kerberos. L'SSO di Fedora si propone di unificare questi schemi. Ciò non vuol dire sostituire Keberos con certificazioni X.509v3, quanto unificarli in modo da ridurre il carico di gestione sia agli utenti che agli amministratori.
+ </div><div class="para">
+ Per raggiungere questo obbiettivo Fedora:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Presenta, in ogni sistema operativo, una singola istanza condivisa delle librerie di criptazione NSS.
+ </div></li><li class="listitem"><div class="para">
+ Include il Sistema di Certficazione ESC (Enterprise Security Client), con il sistema operativo base. L'applicazione ESC intercetta gli eventi relativi all'inserzione delle samrt card. Se una smart card, conforme al Sistema di Certificazione usato in Fedora viene inserita nel sistema, ESC visualizza una interfaccia grafica istruendo l'utente su come registrare la smart card.
+ </div></li><li class="listitem"><div class="para">
+ Unifica Kerberos e NSS in modo che gli utenti che accedono al sistema usando una smart card, possano ottenere anche una credenziale Kerberos (in modo da poter accedere a file server ed altri servizi).
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Indietro</strong>3.2.8. Controllare le porte in ascolto</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Avanti</strong>3.3.2. Primo utilizzo di una nuova Smart Card</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
new file mode 100644
index 0000000..49d831d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.4. Installare pacchetti firmati da repository fidati</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Capitolo 7. Manutenzione del software" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="7.3. Regolare gli aggiornamenti automatici" /><link rel="next" href="chap-Security_Guide-CVE.html" title="Capitolo 8. Common Vulnerabilities and Exposures" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-CVE.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. Installare pacchetti firmati da repository fidati</h2></div></div></div><div class="para">
+ I pacchetti software sono resi pubblici attraverso repository. Tutti i repository fidati supportano la firma dei pacchetti che usa la tecnologia a chiave pubblca per garantire che i pacchetti pubblicati nel repository non abbiano subito manomissioni dal momento della loro firma. Ciò serve a evitare di installare software che potrebbe essere stato maliziosamente alterato in seguito alla sua pubblicazione.
+ </div><div class="para">
+ Usare troppi repository, repository non fidati o repository con pacchetti privi di firma aumenta il rischio di introdurre nel proprio sistema, codice malizioso o vulnerabile. Aggiungere con prudenza i repository al gestore del software <span class="application"><strong>yum</strong></span>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Indietro</strong>7.3. Regolare gli aggiornamenti automatici</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-CVE.html"><strong>Avanti</strong>Capitolo 8. Common Vulnerabilities and Exposures</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
new file mode 100644
index 0000000..7f6b4c2
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. Regolare gli aggiornamenti automatici</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Capitolo 7. Manutenzione del software" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="7.2. Pianificare e configurare gli aggiornamenti di sicurezza" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="7.4. Installare pacchetti firmati da repository fidati" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img s
rc="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. Regolare gli aggiornamenti automatici</h2></div></div></div><div class="para">
+ Fedora è configurata per applicare gli aggiornamenti su base giornaliera. Per modificare questa impostazione occorre aprire la finestra <span class="guimenuitem"><strong>Preferenze di aggiornamento</strong></span>. E' possibile impostare ogni quanto tempo controllare la disponibilità di aggiornamenti, il tipo di aggiornamenti da applicare e se avvisare o meno della disponibilità di aggiornamenti.
+ </div><div class="para">
+ In GNOME, i controlli per gli aggiornamenti si trovano selezionando <code class="code">Sistema -> Preferenze -> Aggiornamento Software</code>. In KDE, si trovano selezionando: <code class="code">Applications -> Settings -> Software Updates</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Indietro</strong>7.2. Pianificare e configurare gli aggiornamenti ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Avanti</strong>7.4. Installare pacchetti firmati da repository f...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
new file mode 100644
index 0000000..54e3247
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Pianificare e configurare gli aggiornamenti di sicurezza</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Capitolo 7. Manutenzione del software" /><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="Capitolo 7. Manutenzione del software" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="7.3. Regolare gli aggiornamenti automatici" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentatio
n Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. Pianificare e configurare gli aggiornamenti di sicurezza</h2></div></div></div><div class="para">
+ Il software in generale contiene bug. Spesso, questi bug possono risultare in una vulnerabilità tale da esporre il sistema agli attacchi di utenti maliziosi. I sistemi non aggiornati con patch di sicurezza sono una causa comune di intrusione. Si dovrebbe pianificare di installare, con regolarità, patch di siucrezza per rimuovere tali vulnerabilità.
+ </div><div class="para">
+ Per gli utenti domestici gli aggiornamenti di sicurezza dovrebbero essere installati appena possibile. Configurare l'installazione automatica degli aggiornamenti di sicurezza è un modo per evitare di dimenticarsene, anche se talvolta può comportare il rischio che si possano creare conflitti con la configurazione o altri software nel sistema.
+ </div><div class="para">
+ Per gli utenti business o gli utenti domestici con esperienza, gli aggiornamenti di siucrezza dovrebbero essere testati e programmati. Ulteriori misure a protezione del sistema dovrebbero essere prese durante il periodo tra il rilascio delle patch e la loro installazione. Queste misure dipenderanno dal rischio effettivo della vulnerabilità e potrebbero includere regole di firewall aggiuntive, l'uso di firewall esterni o modifche alle impostazioni software.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Indietro</strong>Capitolo 7. Manutenzione del software</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Avanti</strong>7.3. Regolare gli aggiornamenti automatici</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
new file mode 100644
index 0000000..859deec
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2. Campi Opzioni</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. File di configurazione di TCP Wrapper" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. File di configurazione di TCP Wrapper" /><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="3.6.2.2.2. Controllo d'Accesso" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" a
lt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">3.6.2.2. Campi Opzioni</h4></div></div></div><div class="para">
+ L'implementazione in Fedora dei TCP Wrapper, oltre alle regole di base per specificare permessi o divieti d'accesso, supporta estensioni al linguaggio di controllo usando <em class="firstterm">option fields</em>. Usando questi campi, si può modificare il livello dei messaggi di log, consolidare il controllo ed avviare comandi di shell.
+ </div><div class="section" id="sect-Security_Guide-Option_Fields-Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">3.6.2.2.1. Logging</h5></div></div></div><div class="para">
+ I campi opzione permettono di modificare il comportamento e il livello di priorità dei messaggi di log di una regola, usando la direttiva <code class="option">severity</code>.
+ </div><div class="para">
+ Nel seguente esempio, i messaggi di log per le connessioni dal dominio <code class="systemitem">example.com</code> e dirette verso il demone SSH, sono registrate nella facility predefinita <code class="option">authpriv</code> (non essendo specificato un valore per la facility), di <code class="option">syslog</code> con priorità <code class="option">emerg</code>:
+ </div><pre class="screen">sshd : .example.com : severity emerg</pre><div class="para">
+ E' anche possibile specificare una facility usando l'opzione <code class="option">severity</code>. Il seguente esempio registra i messaggi di log di ogni connessione SSH dal dominio <code class="systemitem">example.com</code> nella facility <code class="option">local0</code> con priorità <code class="option">alert</code>:
+ </div><pre class="screen">sshd : .example.com : severity local0.alert</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Perchè l'esempio funzioni, occorre che il demone <code class="systemitem">syslogd</code> sia configurato per registare i messaggi di log nella facility <code class="command">local0</code>. Per maggiori informazioni sulla configurazione di messaggi di log non predefiniti, vedere le pagine di man su <code class="filename">syslog.conf</code>.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Indietro</strong>3.6.2. File di configurazione di TCP Wrapper</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Avanti</strong>3.6.2.2.2. Controllo d'Accesso</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
new file mode 100644
index 0000000..be23f87
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5. Ulteriori risorse</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrapper e xinetd" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="3.6.4.3.4. Opzioni per gestire le risorse" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="3.6.5.2. Utili siti su TCP Wrapper" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. Ulteriori risorse</h3></div></div></div><div class="para">
+ Maggiori informazioni sui TCP Wrapper e <code class="systemitem">xinetd</code> sono disponibili nella documentazione installata nel sistema e su Internet.
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">3.6.5.1. Documentazione su TCP Wrapper installata</h4></div></div></div><div class="para">
+ La documentazione installata nel proprio sistema, è un buon punto da cui ottenere informazioni su ulteriori opzioni di configurazione per TCP Wrapper, <code class="systemitem">xinetd</code> e controllo d'accesso.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/tcp_wrappers-<em class="replaceable"><code><version></code></em>/</code> — Questa directory contiene un file <code class="filename">README</code> che spiega il funzionamento dei TCP Wrapper e i vari rischi relativi alla manomissione (spoofing) degli hostname e degli indirizzi IP degli host.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/xinetd-<em class="replaceable"><code><version></code></em>/</code> — Questa directory contiene un file <code class="filename">README</code> che spiega vari aspetti del controllo d'accesso e un file <code class="filename">sample.conf</code> con vari spunti per modificare i file di configurazione dei servizi, nella directory <code class="filename">/etc/xinetd.d/</code>.
+ </div></li><li class="listitem"><div class="para">
+ Pagine di man su TCP Wrapper e <code class="systemitem">xinetd</code> — Esistono un certo numero di pagine di man, dedicate alle varie applicazioni e ai vari file di configurazione rigurdanti TCP Wrapper e <code class="systemitem">xinetd</code>. Di seguito si riportano le più importanti:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applicazioni server</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man xinetd</code> — Le pagine di man su <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">File di configurazione</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man 5 hosts_access</code> — Le pagine di man sui file di controllo d'accesso di TCP Wrapper.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man hosts_options</code> — Le pagine di man su option field di TCP Wrapper.
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man xinetd.conf</code> — Le pagine man con l'elenco delle opzioni di configurazione di <code class="systemitem">xinetd</code>.
+ </div></li></ul></div></dd></dl></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Indietro</strong>3.6.4.3.4. Opzioni per gestire le risorse</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Avanti</strong>3.6.5.2. Utili siti su TCP Wrapper</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
new file mode 100644
index 0000000..d67a218
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2. File di configurazione di TCP Wrapper</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrapper e xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrapper e xinetd" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. Campi Opzioni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. File di configurazione di TCP Wrapper</h3></div></div></div><div class="para">
+ Per determinare se un client può connettersi ad un servizio, i TCP Wrapper fanno riferimento ai seguenti due file, comunemente denominati file degli <em class="firstterm">host access</em>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.allow</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.deny</code>
+ </div></li></ul></div><div class="para">
+ Quando un servizio TCP-Wrapped riceve una richiesta da un client, il sistema effettua i seguenti passaggi:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Fa referimento a <code class="filename">/etc/hosts.allow</code>.</em></span> — Il servizio TCP-wrapped scorre in sequenza il file <code class="filename">/etc/hosts.allow</code>, applicando la prima regola definita per il servizio. Se esiste una regola compatibile, la connessione viene autorizzata; altrimenti continua con il passaggio successivo.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Fa referimento a <code class="filename">/etc/hosts.deny</code>.</em></span> — Il servizio TCP-wrapped scorre in sequenza il file <code class="filename">/etc/hosts.deny</code>. Se esiste una regola compatibile, la connessione viene negata; altrimenti autorizza l'accesso al servizio.
+ </div></li></ol></div><div class="para">
+ Di seguito si riportano alcune importanti considerazioni sull'utilizzo dei TCP Wrapper :
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Poichè le regole di accesso elencate in <code class="filename">hosts.allow</code> sono applicate per prima, esse hanno la precedenza sulle regole specificate in <code class="filename">hosts.deny</code>. Quindi, se l'accesso ad un servizio è permesso secondo <code class="filename">hosts.allow</code>, una eventuale regola di divieto presente in <code class="filename">hosts.deny</code> viene ignorata.
+ </div></li><li class="listitem"><div class="para">
+ Le regole in ciascun file sono lette dalla cima verso il basso, e la prima regola trovata è l'unica che viene applicata. Quindi è rilevante l'ordine d'inserimento.
+ </div></li><li class="listitem"><div class="para">
+ L'accesso al servizio è garantito, se i file non esistono o se in entrambi i file non esiste alcuna regola per il servizio.
+ </div></li><li class="listitem"><div class="para">
+ I servizi TCP-wrapped non caricano in memoria (in cache) le regole dei file d'accesso, perciò ogni modifica apportata ai file <code class="filename">hosts.allow</code> o <code class="filename">hosts.deny</code> ha effetto immediato, senza bisogno di riavviare i servizi.
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Se l'ultima riga di un file d'accesso non termina con un carattere di ritorno a capo (newline, ossia premendo il tasto <span class="keycap"><strong>Invio</strong></span>), l'ultima regola nel file fallisce restituendo un messaggio di errore in <code class="filename">/var/log/messages</code> e <code class="filename">/var/log/secure</code>. Lo stesso accade per una regola suddivisa su più righe che non terminano con il carattere backslash (\). Il seguente esempio illustra una porzione di un messaggio di log relativo ad una regola che fallisce a causa delle circostanze citate:
+ </div><pre class="screen">warning: /etc/hosts.allow, line 20: missing newline or line too long</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules">3.6.2.1. Formattare le Regole di Accesso</h4></div></div></div><div class="para">
+ Il formato è identico per entrambi i file <code class="filename">/etc/hosts.allow</code> e <code class="filename">/etc/hosts.deny</code>. Ogni regola deve trovarsi sulla propria linea. Le linee vuote o che iniziano con il carattere diesis o cancelletto (#) vengono ignorate.
+ </div><div class="para">
+ Ogni regola usa il seguente formato base per controllare l'accesso ai servizi di rete:
+ </div><pre class="screen"><em class="replaceable"><code><daemon list></code></em>: <em class="replaceable"><code><client list></code></em> [: <em class="replaceable"><code><option></code></em>: <em class="replaceable"><code><option></code></em>: ...]</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="replaceable"><code><daemon list></code></em> — Un elenco di nomi di processo (<span class="emphasis"><em>non</em></span> nomi di servizio), separati da virgole o il termine riservato <code class="option">ALL</code>. L'elenco accetta anche operatori, garantendo una grande flessibilità d'utilizzo (<a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Operators">Sezione 3.6.2.1.4, «Operatori»</a>).
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><client list></code></em> — Un elenco di hostname, indirizzi IP, pattern speciali o termini riservati, separati da virgole, che identificano gli host interessati dalla regola. L'elenco accetta anche operatori (<a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Operators">Sezione 3.6.2.1.4, «Operatori»</a>).
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><option></code></em> — Un'azione opzionale o un elenco di azioni da eseguire, separate da virgole, all'intercettazione di una regola. Il campo option supporta espansioni, comandi di shell, permette/autorizza l'accesso e permette di modificare il comportamento dei messaggi di log.
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Maggiori informazioni sui termini indicati, si trovano in altre sezioni di questa Guida:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Wildcards">Sezione 3.6.2.1.1, «Wildcards»</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Patterns">Sezione 3.6.2.1.2, «Pattern»</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Option_Fields-Expansions.html">Sezione 3.6.2.2.4, «Espansioni»</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html">Sezione 3.6.2.2, «Campi Opzioni»</a>
+ </div></li></ul></div></div></div><div class="para">
+ Di seguito si riporta un esempio di una semplice regola d'accesso:
+ </div><pre class="screen">vsftpd : .example.com</pre><div class="para">
+ Questa regola indica di controllare le connessioni provenienti dagli host del dominio <code class="systemitem">example.com</code> e dirette verso il demone FTP (<code class="systemitem">vsftpd</code>). Se la regola si trova nel file <code class="filename">hosts.allow</code>, la connessione viene accettata. Se invece si trova in <code class="filename">hosts.deny</code>, la connessione viene rifiutata.
+ </div><div class="para">
+ L'esempio successivo è leggermente più complesso, accettando due opzioni:
+ </div><pre class="screen">sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny</pre><div class="para">
+ Notare la presenza del carattere backslash (\) davanti ad ogni opzione. L'uso del backslash evita che una regola fallisca, a causa della sua lunghezza per un errore sintattico.
+ </div><div class="para">
+ Questa regola stabilisce di intercettare ogni host del dominio <code class="systemitem">example.com</code> che tenti una connessione con il demone SSH (<code class="systemitem">sshd</code>), nel qual caso, il comando <code class="command">echo</code> trascrive ora e data del tentativo nel file di log specificato e la connessione viene impedita. Poichè si usa la direttiva opzionale <code class="command">deny</code>, questa regola vieta l'acceso anche se si trova nel file <code class="filename">hosts.allow</code>. Per un analisi più dettagliata sulle opzioni disponibili, vedere la <a class="xref" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html">Sezione 3.6.2.2, «Campi Opzioni»</a>.
+ </div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards">3.6.2.1.1. Wildcards</h5></div></div></div><div class="para">
+ I termini riservati o wildcard, permettono ai TCP Wrapper di intercettare più facilmente gruppi di demoni o host. Essi sono impiegati frequentemente nel campo della lista dei client di una regola.
+ </div><div class="para">
+ I termini riservati sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ALL</code> — Intercetta tutto. Può essere usato sia nelle lista dei demoni sia in quella dei client.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">LOCAL</code> — Intercetta tutti gli host il cui hostname non contiene un punto (.), come localhost.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">KNOWN</code> — Intercetta tutti gli host di cui si conosce l'hostname e l'indirizzo o l'utente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">UNKNOWN</code> — Intercetta tutti gli host di cui si non conosce l'hostname o l'indirizzo o l'utente.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PARANOID</code> — Intercetta tutti gli host il cui hostname non corrisponde all'indirizzo host.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ I termini <code class="option">KNOWN</code>, <code class="option">UNKNOWN</code> e <code class="option">PARANOID</code> dovrebbero essere impiegati con attenzione, poichè il loro corretto funzionamento si basa su server DNS. Ogni fallimento nella risoluzione di un nome impedisce ad utenti legittimati di ottenere l'accesso al servizio richiesto.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Patterns"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Patterns">3.6.2.1.2. Pattern</h5></div></div></div><div class="para">
+ I pattern possono essere usati nel campo della lista dei client, per specificare gruppi di client.
+ </div><div class="para">
+ Di seguito si riporta una elenco di pattern comuni:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Hostname che iniziano con un punto (.)</em></span> — Ponendo un punto davanti ad un hostname, si intercettano tutti gli host che condividono le stesse componenti del nome. Il seguente esempio si applica ad ogni host del dominio <code class="systemitem">example.com</code>:
+ </div><pre class="screen">ALL : .example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Indirizzo IP con un punto (.) finale </em></span> — Inserendo un punto finale ad un indirizzo IP si intercettano tutti gli host che condividono lo stesso gruppo numerico iniziale dell'indirizzo IP. Il seguente esempio si applica a tutti gli host della rete <code class="systemitem">192.168.x.x</code>:
+ </div><pre class="screen">ALL : 192.168.</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Coppia indirizzo-IP/netmask</em></span> — Le netmask possono essere usate come pattern per controllare gli accessi di un particolare gruppo di indirizzi IP. Per esempio la riga seguente si applica ad ogni host che rientri nel range di indirizzi <code class="systemitem">192.168.0.0</code> - <code class="systemitem">192.168.1.255</code>:
+ </div><pre class="screen">ALL : 192.168.0.0/255.255.254.0</pre><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Se si opera nello spazio di indirizzamento IPv4, non si può usare la coppia indirizzo/lunghezza-del-prefisso (<em class="firstterm">prefixlen</em>) (in notazione <abbr class="abbrev">CIDR</abbr>). Soltanto le regole IPv6 possono avvalersi di questo formato.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Coppia [IPv6 address]/prefixlen</em></span> — Le coppie [net]/prefixlen possono essere usate come pattern per controllare l'accesso di un particolare gruppo di indirizzi IPv6. Il seguente esempio si applica ad ogni host, con un indirizzo compreso tra <code class="systemitem">3ffe:505:2:1::</code> e <code class="systemitem">3ffe:505:2:1:ffff:ffff:ffff:ffff</code>:
+ </div><pre class="screen">ALL : [3ffe:505:2:1::]/64</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>L'asterisco (*)</em></span> — I caratteri asterisco possono essere usati per intercettare interi gruppi di hostname o indirizzi IP, purchè non siano mescolati in una lista di client, contenenti altri tipi di pattern. Il seguente esempio si applica ad ogni host del dominio <code class="systemitem">example.com</code>:
+ </div><pre class="screen">ALL : *.example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Lo slash (/)</em></span> — Se una lista di client inizia con uno slash, esso viene trattato come un nome di file. Ciò è molto utile quando occorre specificare un gran numero di host. Il seguente esempio riguarda il file <code class="filename">/etc/telnet.hosts</code>:
+ </div><pre class="screen">in.telnetd : /etc/telnet.hosts</pre></li></ul></div><div class="para">
+ Esistono anche altri pattern, di uso meno frequente. Per maggiori informazioni, fare riferimento alle pagine di man 5, relative a <code class="filename">hosts_access</code>.
+ </div><div class="warning"><div class="admonition_header"><h2>Attenzione</h2></div><div class="admonition"><div class="para">
+ Prestare molta attenzione a quando si usano hostname e nomi di dominio. Gli attaccanti possono usare una varietà di trucchi per ingannare il server DNS. Inoltre, l'errato funzionamento del DNS impedisce anche agli utenti autorizzati di usare i servizi di rete. Si raccomanda quindi di usare, quando possibile, indirizzi IP.
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers">3.6.2.1.3. Portmap e TCP Wrapper</h5></div></div></div><div class="para">
+ L'implementazione di TCP Wrapper per <code class="command">portmap</code> non supporta l'host look-up (risoluzione di un IP da un hostname), perciò <code class="command">portmap</code> non può usare l'hostname per identificare l'host. Di conseguenza, le regole di controllo di portmap nei file <code class="filename">hosts.allow</code> o <code class="filename">hosts.deny</code> devono usare indirizzi IP o il termine riservato <code class="option">ALL</code>, per specificare gli host.
+ </div><div class="para">
+ Inoltre, le modifiche alle regole di controllo in <code class="command">portmap</code> non hanno effetto immediato, ma occorre riavviare il servizio <code class="command">portmap</code> perchè le modifiche abbiano effetto.
+ </div><div class="para">
+ Servizi ampiamente usati come NIS ed NFS, dipendono da <code class="command">portmap</code> per poter funzionare: si tenga conto di queste limitazioni.
+ </div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Operators"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Operators">3.6.2.1.4. Operatori</h5></div></div></div><div class="para">
+ Attualmente, le regole di controllo accettano un solo operatore, <code class="option">EXCEPT</code>. Può essere usato sia nell'elenco dei demoni di una regola sia in quello dei client.
+ </div><div class="para">
+ L'operatore <code class="option">EXCEPT</code> permette di includere nell'ambito di una regola specifiche eccezioni, estendendo/restringendo il suo campo d'azione.
+ </div><div class="para">
+ Nel seguente esempio, gli host del dominio <code class="systemitem">example.com</code> escluso <code class="systemitem">cracker.example.com</code>, possono connettersi a tutti i servizi:
+ </div><pre class="screen">ALL: .example.com EXCEPT cracker.example.com</pre><div class="para">
+ In quest'altro esempio, estratto da un file <code class="filename">hosts.allow</code>, i client della rete <code class="systemitem">192.168.0.<em class="replaceable"><code>x</code></em></code> possono usare tutti i servizi, escluso FTP:
+ </div><pre class="screen">ALL EXCEPT vsftpd: 192.168.0.</pre><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per questioni pratiche, si consiglia un uso moderato dell'operatore <code class="option">EXCEPT</code>, onde evitare agli amministratori (colleghi) di ricercare <span class="emphasis"><em>anche</em></span> gli host esclusi dall'operatore <code class="option">EXCEPT</code>, tra quelli autorizzati e quelli non autorizzati.
+ </div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Indietro</strong>3.6. TCP Wrapper e xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Avanti</strong>3.6.2.2. Campi Opzioni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
new file mode 100644
index 0000000..7f92fde
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.3. xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrapper e xinetd" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="3.6.2.2.4. Espansioni" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. File di configuratione di xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</h3></div></div></div><div class="para">
+ Il demone <code class="systemitem">xinetd</code> è un <em class="firstterm">super servizio</em> TCP-wrapped, che controlla gli accessi in un sotto-gruppo di servizi di uso comune come FTP, IMAP e Telnet. Fornisce anche, per servizi specifici, opzioni di configurazione per controllo d'accesso, messaggi di log, binding, redirection e per l'utilizzo delle risorse.
+ </div><div class="para">
+ Quando un client tenta di connettersi ad un servizio di rete controllato da <code class="systemitem">xinetd</code>, il super servizio prende la richiesta e controlla le regole imposte dal TCP Wrapper.
+ </div><div class="para">
+ Se l'accesso è consentito, successivamente <code class="systemitem">xinetd</code> controlla che la connessione sia permessa dalle proprie regole d'accesso. Inoltre controlla se il servizio possa allocare più risorse di quelle consentite e se infranga una qualche regola.
+ </div><div class="para">
+ Se sono soddisfatte tutte queste condizioni (ossia, è consentito l'accesso; il servizio non supera le risorse allocabili; ed il servizio di rete non infrange nessuna regola), allora <code class="systemitem">xinetd</code> avvia una istanza del servizio di rete, passando il controllo della connessione al servizio di rete. Una volta stabilita la connessione, <code class="systemitem">xinetd</code> termina la propria partecipazione alla comunicazione tra client e server.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Indietro</strong>3.6.2.2.4. Espansioni</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Avanti</strong>3.6.4. File di configuratione di xinetd</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
new file mode 100644
index 0000000..8465be6
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4. File di configuratione di xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrapper e xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="3.6.3. xinetd" /><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="3.6.4.2. La directory /etc/xinetd.d/" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a ac
cesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. File di configuratione di xinetd</h3></div></div></div><div class="para">
+ I file di configurazione di <code class="systemitem">xinetd</code> sono i seguenti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> — Il file di configurazione globale di <code class="systemitem">xinetd</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> — La directory con tutti i file di servizio specifici.
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File">3.6.4.1. Il file /etc/xinetd.conf</h4></div></div></div><div class="para">
+ Il file <code class="filename">/etc/xinetd.conf</code> contiene le impostazioni di configurazione generale dei serivizi controllati da <code class="systemitem">xinetd</code>. Esso viene letto al primo avvio di <code class="systemitem">xinetd</code>, perciò ogni variazione alla configurazione richiede il riavvio di <code class="systemitem">xinetd</code>. Di seguito si riporta un estratto di un file <code class="filename">/etc/xinetd.conf</code>:
+ </div><pre class="screen">defaults
+{
+ instances = 60
+ log_type = SYSLOG authpriv
+ log_on_success = HOST PID
+ log_on_failure = HOST
+ cps = 25 30
+}
+includedir /etc/xinetd.d</pre><div class="para">
+ Le righe controllano i seguenti aspetti di <code class="systemitem">xinetd</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">instances</code> — Specifica il numero massimo di richieste simultanee processate da <code class="systemitem">xinetd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_type</code> — Specifica di usare la facility di log <code class="command">authpriv</code> che invia i messaggi di log nel file <code class="filename">/var/log/secure</code>. Aggiungendo una direttiva del tipo <code class="option">FILE /var/log/xinetdlog</code>, <code class="systemitem">xinetd</code> crea un file di log specifico di nome <code class="filename">xinetdlog</code> nella directory <code class="filename">/var/log/</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_success</code> — Specifica di registrare tutte le connessioni riuscite. Per impostazione, sono registrati l'indirizzo IP dell'host remoto e l'ID di processo del servizio richiesto.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Specifica di registrare le connessioni non riuscite o negate.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — Specifica di accettare al massimo 25 connessioni al secondo per servizio. Superato il limite, il servizio viene fermato per 30 secondi.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">includedir</code> <code class="filename">/etc/xinetd.d/</code> — Specifica di includere le opzioni dichiarate nei file di configurazione dei servizi, contenuti nella directory <code class="filename">/etc/xinetd.d/</code>. (Vedere la <a class="xref" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html">Sezione 3.6.4.2, «La directory /etc/xinetd.d/»</a>).
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Spesso, le impostazioni <code class="option">log_on_success</code> e <code class="option">log_on_failure</code>, nel file <code class="filename">/etc/xinetd.conf</code>, vengono influenzate dai file di configurazione dei servizi specifici. Quindi, un file di log di un dato servizio può risultare molto più ricco di informazioni di quanto richiesto dalle sole impostazioni di <code class="filename">/etc/xinetd.conf</code>. Per maggiori informazioni, vedere la <a class="xref" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html#sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">Sezione 3.6.4.3.1, «Opzioni di log»</a>.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Indietro</strong>3.6.3. xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Avanti</strong>3.6.4.2. La directory /etc/xinetd.d/</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html
new file mode 100644
index 0000000..a1cd091
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6. TCP Wrapper e xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="3.5.8.2. Siti web utili su PAM" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. File di configurazione di TCP Wrapper" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a
></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrapper e xinetd</h2></div></div></div><div class="para">
+ Controllare l'accesso ai servizi di rete, è una delle operazioni di sicurezza più importanti che un amministratore di server deve fronteggiare. E Fedora offre diversi strumenti al riguardo. Per esempio, un firewall basato su regole <code class="command">iptables</code> che filtra i pacchetti indesiderati, nell'ambito dello stack di rete del kernel; <em class="firstterm">TCP Wrapper</em> che aggiungono un ulteriore livello di protezione definendo gli host autorizzati/non autorizzati a connettersi ai servizi di rete, "<span class="emphasis"><em>wrapped</em></span>". Un esempio di servizio <span class="emphasis"><em>wrapped</em></span> (avvolto, coperto), è il <span class="emphasis"><em>super server</em></span> <code class="systemitem">xinetd</code>. Il servizio è detto <span class="emphasis"><em>super server</em></span> perchè controlla le connessioni in un insieme ristretto di servizi, raffinando ulteriormente il controllo d'accesso.
+ </div><div class="para">
+ La <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services">Figura 3.9, «Controllo d'accesso ai servizi di rete»</a> schematizza il funzionamento complessivo degli strumenti a protezione dei servizi di rete.
+ </div><div class="figure" id="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"><div class="figure-contents"><div class="mediaobject"><img src="images/tcp_wrap_diagram.png" alt="Controllo d'accesso ai servizi di rete" /><div class="longdesc"><div class="para">
+ Exhibit A: Flowchart di Access Control ai Network Services
+ </div></div></div></div><h6>Figura 3.9. Controllo d'accesso ai servizi di rete</h6></div><br class="figure-break" /><div class="para">
+ Questo capitolo si concentra sul ruolo dei TCP Wrapper e di <code class="systemitem">xinetd</code> nel controllare l'accesso ai servizi di rete e mostra come impiegare questi strumenti per migliorare sia i messaggi di log sia la gestione dei servizi controllati. Per informazioni sull'uso di firewall, con regole <code class="command">iptables</code>, fare riferimento alla <a class="xref" href="sect-Security_Guide-IPTables.html">Sezione 3.9, «IPTables»</a>.
+ </div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrapper</h3></div></div></div><div class="para">
+ Il pacchetto TCP Wrapper (<code class="filename">tcp_wrappers</code>) viene installato automaticamente in ogni sistema Fedora e fornisce controlli d'accesso basati su host. Il componente principale del pacchetto è costituito dalla libreria <code class="filename">libwrap.a</code>. In termini generali, un servizio TCP-Wrapped è un servizio compilato usando la libreria <code class="filename">libwrap.a</code>
+ </div><div class="para">
+ Quando si effettua una connessione ad un servizio TCP-Wrapped, il servizio dapprima fa riferimento ai file d'accesso degli host (<code class="filename">/etc/hosts.allow</code> e <code class="filename">/etc/hosts.deny</code>), verificando se il client è autorizzato a connettersi. Poi, nella maggior parte dei casi, usa il demone syslog (<code class="systemitem">syslogd</code>) per registrare il nome del client ed il servizio richiesto nel file <code class="filename">/var/log/secure</code> o <code class="filename">/var/log/messages</code>.
+ </div><div class="para">
+ Se il client è autorizzato, TCP Wrapper rilascia il controllo della connessione al servizio, senza alcuna ulteriore interposizione nella comunicazione tra client e server.
+ </div><div class="para">
+ Oltre al controllo d'accesso e al logging, TCP Wrapper durante la fase di connessione, ossia prima di negare o passare il controllo al servizio, può eseguire comandi d'interazione con il client.
+ </div><div class="para">
+ Poichè i TCP Wrapper sono un valore aggiunto per l'arsenale di strumenti a disposizione di ogni amministratore, i principali servizi di rete in Fedora sono linkati alla libreria <code class="filename">libwrap.a</code>. Tra di essi figurano <code class="systemitem">/usr/sbin/sshd</code>, <code class="command">/usr/sbin/sendmail</code> e <code class="systemitem">/usr/sbin/xinetd</code>.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Per verificare se un servizio è linkato alla libreria <code class="filename">libwrap.a</code>, come utente root digitare il comando:
+ </div><pre class="screen">ldd <binary-name> | grep libwrap</pre><div class="para">
+ Sostituire <em class="replaceable"><code><binary-name></code></em> con il nome del servizio di rete.
+ </div><div class="para">
+ Se il comando restituisce un output vuoto, allora il servizio <span class="emphasis"><em>non</em></span> è linkato.
+ </div><div class="para">
+ Di seguito si riporta l'output di un servizio (<code class="systemitem">/usr/sbin/sshd</code>) linkato:
+ </div><pre class="screen">[root at myServer ~]# ldd /usr/sbin/sshd | grep libwrap
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
+[root at myServer ~]#</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">3.6.1.1. Vantaggi dei TCP Wrapper</h4></div></div></div><div class="para">
+ Un TCP Wrapper fornisce i seguenti vantaggi rispetto ad altre tecniche di controllo dei servizi di rete:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Transparenza nei confronti sia del client sia del servizio di rete wrapped</em></span> — Sia il client sia il servizio wrapped sono inconsapevoli dell'impiego di TCP wrapper. Gli utenti legittimati vengono connessi al servizio, mentre quelli non legittimati vengono bloccati.
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gestione centralizzata di protocolli multipli</em></span> — I TCP Wrapper operano in maniera indipendente dai servizi e consentono, a molte applicazioni server, di condividere un insieme comune di file di configurazione di controllo d'accesso, semplificando la gestione.
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Indietro</strong>3.5.8.2. Siti web utili su PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Avanti</strong>3.6.2. File di configurazione di TCP Wrapper</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
new file mode 100644
index 0000000..5a2214f
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.3. Amministrazione negligente</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Minacce alla sicurezza server" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.2.3.2. Servizi privi di patch" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.2.3.4. Servizi intrinsecamente insicuri" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.2.3.3. Amministrazione negligente</h4></div></div></div><div class="para">
+ Gli amministratori che trascurano di correggere i loro sistemi, sono la prima grande minaccia per la sicurezza dei loro server. Secondo l'istituto <em class="firstterm">SANS</em> o SysAdmin, Audit, Network, Security Institute, la causa primaria che rende vulnerabile la sicurezza di un computer è <span class="emphasis"><em>assegnare a personale impreparato la gestione della sicurezza e non fornire le risorse necessarie per l'addestramento</em></span>. <sup>[<a id="idm28984608" href="#ftn.idm28984608" class="footnote">10</a>]</sup> Ciò vale sia per gli amministratori senza esperienza sia per quelli troppo sicuri di sè o poco motivati.
+ </div><div class="para">
+ Alcuni amministratori trascurano di applicare patch a server e workstation, altri di controllare i messaggi di log provenienti dal kernel o dal traffico di rete. Un altro errore comune si ha quando si lasciano invariate ai loro valori predefiniti, le password o le chiavi di acceso ai servizi. Per esempio, alcuni database hanno delle password di amministrazione predefinite, perchè si presume che l'amministratore cambi questa password immediatamente dopo l'installazione. Se un amministratore di database dimentica di cambiare questa password, anche un cracker inesperto usando una password predefinita a tutti nota, sarà in grado di guadagnare i privilegi di amministrazione sul database. Questi sono solo alcuni esempi di come una amministrazione poco attenta possa portare alla compromissione dei server.
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm28984608" href="#idm28984608" class="para">10</a>] </sup>
+ http://www.sans.org/resources/errors.php
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Indietro</strong>1.2.3.2. Servizi privi di patch</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Avanti</strong>1.2.3.4. Servizi intrinsecamente insicuri </a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
new file mode 100644
index 0000000..60174ee
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.4. Servizi intrinsecamente insicuri</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Minacce alla sicurezza server" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.2.3.3. Amministrazione negligente" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. Minacce alla sicurezza di workstation e PC di casa" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org
"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.2.3.4. Servizi intrinsecamente insicuri </h4></div></div></div><div class="para">
+ Anche l'organizzazione più scrupolosa può diventare vittima di vulnerabilità, se i servizi di rete scelti sono intrinsecamente non sicuri. Per esempio, esistono molti servizi che sono sviluppati con l'assunzione che siano usati in reti fidate; quindi questa assunzione crolla nel momento in cui il servizio diventa disponibile su Internet — che è una rete intrinsecamente non fidata.
+ </div><div class="para">
+ Una categoria di servizi di rete insicuri sono quelli che richiedono l'autenticazione con username e password non cifrate. Telnet ed FTP sono due di tali servizi. Se uno sniffer di pacchetti si trova a monitorare il traffico, tra l'utente remoto e un tale servizio, esso può facilmente intercettare username e password.
+ </div><div class="para">
+ Per loro natura, questi servizi possono molto facilmente cadere vittima di ciò che gli esperti di sicurezza definiscono con il termine, attacco <em class="firstterm">man-in-the-middle</em>. In questo tipo di attacco, un cracker una volta sabotato un name server, dirotta tutto il traffico sulla sua macchina. Quando l'utente apre una sessione remota con il server, la macchina dell'attaccante rimane trasparente, e silenziosamente situato <span class="emphasis"><em>in mezzo</em></span> tra il servizio remoto e l'iconsapevole utente, può intercettare tutto il traffico. In questo modo, un cracker è in grado di carpire password e altri dati importanti, a insaputa del server e dell'utente.
+ </div><div class="para">
+ Un'altra categoria di servizi insicuri includono NFS (Nework File Systems) e NIS (Network Information Services), sviluppati esplicitamente per l'impiego in LAN ma il cui uso, sfortunatamente, si è esteso alle WAN (per gli utenti remoti). NFS, per impostazione predefinita, non ha alcun meccanismo di autenticazione o sicurezza configurato per prevenire, da parte di un cracker, il montaggio del NFS e il conseguente accesso al suo contenuto. Anche NIS contiene informazioni, come password e permessi sui file, salvati in un file di testo ASCII in chiaro o (DBM ASCII-derived), che devono essere accessibili ad ogni computer della rete. Un cracker che riesce ad accedere al database può quindi scoprire ogni account utente sulla rete, incluso quello dell'amministratore.
+ </div><div class="para">
+ Per impostazione predefinita, Fedora viene rilasciata con tutti questi servizi disattivati. Si tenga presente che nel caso occorra usare questi servizi, la loro accurata configurazione può risultare piuttosto critica. Per maggiori informazioni sulla configurazione ottimale dei servizi, fare riferimento alla <a class="xref" href="sect-Security_Guide-Server_Security.html">Sezione 3.2, «Server Security»</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Indietro</strong>1.2.3.3. Amministrazione negligente</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Avanti</strong>1.2.4. Minacce alla sicurezza di workstation e PC...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
new file mode 100644
index 0000000..62fcfb3
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.2. Servizi privi di patch</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Minacce alla sicurezza server" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. Minacce alla sicurezza server" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.2.3.3. Amministrazione negligente" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.2.3.2. Servizi privi di patch</h4></div></div></div><div class="para">
+ Molte applicazioni server incluse in una installazione predefinita, risultano robuste ed ampiamente testate. Essendo state impiegate in ambienti di produzione per molti anni, il loro codice è stato estesamente rivisto e molti bug individuati e risolti.
+ </div><div class="para">
+ Tuttavia, non esiste software perfetto e c'è sempre spazio per ulteriori rifiniture. Inoltre, il software più recente, spesso non sempre è rigorosamente testato come ci si aspetterebbe, vuoi perchè appena arrivato negli ambienti di produzione vuoi perchè non così comune come altre applicazioni server.
+ </div><div class="para">
+ Gli amministratori di sistema insieme agli sviluppatori, spesso scoprono falle di vulnerabilità nelle applicazioni server e pubblicano le informazioni relative alla sicurezza, su mailing list come <a href="http://www.securityfocus.com">Bugtraq</a> o su siti come <a href="http://www.cert.org">Computer Emergency Response Team (CERT)</a>. Sebbene questi meccanismi siano un metodo efficace per avvisare la comunità sui problemi di sicurezza, rimane comunque una responsabilità dell'amministratore provvedere a correggere reattivamente il proprio sistema. Ciò è particolarmente rilevante, in quanto anche i cracker hanno accesso ai suddetti servizi di informazione sulla sicurezza, ed useranno tali informazioni per attaccare i sistemi non corretti con ogni mezzo possibile. Quindi, in ottica di una maggiore sicurezza, a un amministratore di sistema si richiede vigilanza, tracciatura costante dei bug e appropriata manutenzione.
+ </div><div class="para">
+ Per maggiori informazioni su come tenere aggiornato un sistema, vedere la <a class="xref" href="sect-Security_Guide-Security_Updates.html">Sezione 1.5, «Aggiornamenti di sicurezza»</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Indietro</strong>1.2.3. Minacce alla sicurezza server</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Avanti</strong>1.2.3.3. Amministrazione negligente</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
new file mode 100644
index 0000000..6419529
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.4.2. Applicazioni client vulnerabili</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. Minacce alla sicurezza di workstation e PC di casa" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. Minacce alla sicurezza di workstation e PC di casa" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Analisi della vulnerabilità" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproj
ect.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.2.4.2. Applicazioni client vulnerabili</h4></div></div></div><div class="para">
+ Anche se un amministratore ha configurato e reso sicuro un server in maniera corretta, ciò non significa che un accesso remoto, da parte di un utente, sia sicuro. Per esempio, se il server permette l'accesso attraverso una rete pubblica, ai servizi Telnet od FTP, un attaccante potrebbe intercettare la username e la password trasmesse in chiaro, e quindi usare tali informazioni per accedere alla workstation dell'utente remoto.
+ </div><div class="para">
+ Anche quando si usano protocolli sicuri come SSH, un utente remoto può essere vulnerabile a certi attacchi, se le applicazioni client non sono aggiornate. Per esempio, i client SSH della versione v.1, sono vulnerabili ad un attacco X-forwarding, da parte di server SSH maliziosi. Una volta connesso al server, l'attaccante può tranquillamente intercettare attraverso la rete, ogni tasto digitato od ogni click del mouse del client. Questo problema è stato risolto nella versione v.2 del protocollo SSH; in quasto caso è un compito dell'utente sapere quali applicazioni soffrono di quali vulnerabilità ed aggiornarle, se necessario.
+ </div><div class="para">
+ Nella <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">Sezione 3.1, «Workstation Security»</a>, si discute in maggior dettaglio i passi che amministratori ed utenti dovrebbero seguire, per limitare la vulnerabilità delle proprie workstation.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Indietro</strong>1.2.4. Minacce alla sicurezza di workstation e PC...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Avanti</strong>1.3. Analisi della vulnerabilità</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html
new file mode 100644
index 0000000..6a2ea99
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.4. Applicare i cambiamenti</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. Aggiornamenti di sicurezza" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html" title="1.5.3. Installare pacchetti firmati" /><link rel="next" href="chap-Security_Guide-Basic_Hardening.html" title="Capitolo 2. Guida base all'hardening" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Basic_Hardening.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. Applicare i cambiamenti</h3></div></div></div><div class="para">
+ Dopo aver scaricato ed installato gli aggiornamenti di correzione e di sicurezza, è importante chiudere e riavviare qualsiasi software oggetto di aggiornamento. Ciò ovviamente dipende dal tipo di software aggiornato. La seguente lista mostra le varie categorie di software e indica come usare la versione aggiornata.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ In generale, il riavvio del sistema resta il modo più sicuro che garantisce che si stia usando la versione appena aggiornata; comunque il riavvio non sempre è richiesto o disponibile all'amministratore.
+ </div></div></div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">Applicazioni</span></dt><dd><div class="para">
+ Le applicazioni dello spazio utente sono tutti quei programmi avviabili da un utente. Solitamente, tali applicazioni sono usate soltanto quando un utente, uno script o una utilty automatizzata le avvia e non persistono per lunghi periodi di tempo.
+ </div><div class="para">
+ Una volta aggiornata un'applicazione, chiudere ogni istanza dell'applicazione presente nel sistema e riavviare l'applicazione in modo da usare la versione aggiornata.
+ </div></dd><dt class="varlistentry"><span class="term">Kernel</span></dt><dd><div class="para">
+ Il kernel è il nucleo centrale del sistema operativo Fedora. Esso gestisce l'accesso alla memoria, il processore, le periferiche e organizza tra loro i vari componenti citati.
+ </div><div class="para">
+ Data la sua centralità, il kernel non può essere riavviato senza riavviare la macchina. Perciò, una versione aggiornata del kernel non può essere usata se non si riavvia la macchina.
+ </div></dd><dt class="varlistentry"><span class="term">Librerie condivise</span></dt><dd><div class="para">
+ Le librerie condivise sono pezzi di codice, come <code class="filename">glibc</code>, usate da applicazioni e servizi. Le applicazioni che utilizzano una libreria condivisa, di solito caricano il codice condiviso durante l'inizializzazione dell'applicazione, perciò le applicazioni che usano una libreria che è stata aggiornata devono essere chiuse e riavviate.
+ </div><div class="para">
+ Per determinare quali applicazioni sono collegate ad una libreria, usare il comando <code class="command">lsof</code> come indicato:
+ </div><pre class="screen"><code class="command">lsof /lib/libwrap.so*</code></pre><div class="para">
+ Il comando restituisce un elenco di tutti i programmi in esecuzione che usano involucri (wrapper) TCP per il controllo d'accesso. Perciò, tutti i programmi in elenco devono essere fermati e riavviati nel caso in cui il pacchetto <code class="filename">tcp_wrappers</code> venga aggiornato.
+ </div></dd><dt class="varlistentry"><span class="term">Servizi SysV</span></dt><dd><div class="para">
+ I servizi SysV sono programmi server persistenti, avviati durante il processo di boot. Esempi di Servizi SysV includono <code class="command">sshd</code>, <code class="command">vsftpd</code>, e <code class="command">xinetd</code>.
+ </div><div class="para">
+ Poichè questi servizi, generalmente persistono in memoria dopo il boot, ogni servizio SysV aggiornato deve essere fermato e riavviato. Ciò può essere fatto usando <span class="application"><strong>Sistema > Amministrazione > Servizi</strong></span>, oppure eseguendo il comando <code class="command">/sbin/service</code>, da una shell di root, come indicato di seguito:
+ </div><pre class="screen"><code class="command">/sbin/service <em class="replaceable"><code><service-name></code></em> restart</code></pre><div class="para">
+ Nel precedente esempio, sostituire <em class="replaceable"><code><service-name></code></em> con il nome del servizio, per esempio <code class="command">sshd</code>.
+ </div></dd><dt class="varlistentry"><span class="term">Servizi <code class="command">xinetd</code></span></dt><dd><div class="para">
+ I servizi controllati dal super servizio <code class="command">xinetd</code> sono in esecuzione soltanto se è attiva una connessione. Esempi di servizi controllati da <code class="command">xinetd</code> includono Telnet, IMAP e POP3.
+ </div><div class="para">
+ Poichè nuove istanze di questi servizi sono avviati da <code class="command">xinetd</code> ogni volta che viene ricevuta una nuova richiesta, le connessioni che si attivano dopo un aggiornamento sono gestite dal software aggiornato. Invece, le connessioni attive precedenti all'aggiornamento continuano ad essere gestite dalla versione precedente.
+ </div><div class="para">
+ Per arrestare (kill) le vecchie istanze di un servizio controllato da <code class="command">xinetd</code>, aggiornare il pacchetto del servizio e poi arrestare tutti i processi in esecuzione. Per sapere se il processo è in esecuzione usare il comando <code class="command">ps</code> e poi il comando <code class="command">kill</code> o <code class="command">killall</code>, per arrestare tutte le istanze correnti del servizio
+ </div><div class="para">
+ Per esempio, se viene rilasciato un aggiornamento di sicurezza per il pacchetto <code class="filename">imap</code>, aggiornare il pacchetto e poi eseguire il seguente comando in una shell di root:
+ </div><pre class="screen"><code class="command">ps -aux | grep imap</code></pre><div class="para">
+ Questo comando restituisce tutte le sessioni IMAP attive. Le sessioni individuali possono essere chiuse con il seguente comando:
+ </div><pre class="screen"><code class="command">kill <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ Se con il precedente comando la sessione non si chiude, usare allora il seguente comando:
+ </div><pre class="screen"><code class="command">kill -9 <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ Nei precedenti esempi, sostituire <em class="replaceable"><code><PID></code></em> con l'ID del processo (l'ID del processo si trova nella seconda colonna del comando <code class="command">ps</code>), della sessione IMAP.
+ </div><div class="para">
+ Per chiudere tutte le sessione IMAP attive, eseguire il comando:
+ </div><pre class="screen"><code class="command">killall imapd</code></pre></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Indietro</strong>1.5.3. Installare pacchetti firmati</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Basic_Hardening.html"><strong>Avanti</strong>Capitolo 2. Guida base all'hardening</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html
new file mode 100644
index 0000000..a2ceb19
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.3. Installare pacchetti firmati</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. Aggiornamenti di sicurezza" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html" title="1.5.2. Verificare la firma dei pachetti" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html" title="1.5.4. Applicare i cambiamenti" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. Installare pacchetti firmati</h3></div></div></div><div class="para">
+ L'installazione di molti pacchetti (esclusi quelli del kernel), si esegue con il seguente comando
+ </div><pre class="screen"><code class="command">rpm -Uvh /tmp/updates/*.rpm</code></pre><div class="para">
+ Per i pacchetti del kernel usare il seguente comando:
+ </div><pre class="screen"><code class="command">rpm -ivh /tmp/updates/<em class="replaceable"><code><kernel-package></code></em></code><code class="command">sshd</code>.</pre><div class="para">
+ Sostituire<em class="replaceable"><code><kernel-package></code></em> con il pacchetto RPM del kernel.
+ </div><div class="para">
+ Una volta riavviata la macchina, usare il nuovo kernel; il vecchio kernel può essere rimosso, con il seguente comando:
+ </div><pre class="screen"><code class="command">rpm -e <em class="replaceable"><code><old-kernel-package></code></em></code></pre><div class="para">
+ Sostituire <em class="replaceable"><code><old-kernel-package></code></em> con il pacchetto RPM del kernel da rimuovere.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Non è strettamente necessario rimuovere il vecchio kernel. Il gestore di boot, GRUB, permette di avere kernel multipli, selezionabili da un menu nella fase di boot.
+ </div></div></div><div class="important"><div class="admonition_header"><h2>Importante</h2></div><div class="admonition"><div class="para">
+ Prima di installare una correzione di sicurezza, leggere le istruzioni nell'avviso di correzione allegato alla patch e poi procedere come indicato. Per istruzioni generali su come applicare le modifiche, in un aggiornamento di correzione, fare riferimento alla <a class="xref" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">Sezione 1.5.4, «Applicare i cambiamenti»</a>.
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>Indietro</strong>1.5.2. Verificare la firma dei pachetti</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>Avanti</strong>1.5.4. Applicare i cambiamenti</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html
new file mode 100644
index 0000000..88a56eb
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.2. Verificare la firma dei pachetti</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. Aggiornamenti di sicurezza" /><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. Aggiornamenti di sicurezza" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html" title="1.5.3. Installare pacchetti firmati" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security_Guide-Security_Updates.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. Verificare la firma dei pachetti</h3></div></div></div><div class="para">
+ Tutti i pacchetti di Fedora sono firmati con la chiave <em class="firstterm">GPG</em> di Fedora. GPG sta per GNU Privacy Guard o GnuPG, ossia un software libero usato per assicurare l'autenticità dei file distribuiti. Per esempio, una chiave privata (segreta) sigilla il pacchetto mentre la chiave pubblica apre e verifica il pacchetto. Se la chiave pubblica, distribuita da Fedora, non corrisponde con la chiave privata durante la verifica di RPM, il pacchetto potrebbe essere stato alterato e perciò non è attendibile.
+ </div><div class="para">
+ L'utility RPM, presente in Fedora, prova a verificare la firma GPG di un pacchetto RPM, prima di procedere alla sua installazione. Se la firma GPG di Fedora non è stata installata, installarla da un repository sicuro, per esempio da un DVD di installazione di Fedora.
+ </div><div class="para">
+ Supponendo che il disco sia montato su <code class="filename">/mnt/cdrom</code>, usare il seguente comando per importare la firma nel <em class="firstterm">keyring</em> (un database di chiavi fidate presenti nel sistema):
+ </div><pre class="screen"><code class="command">rpm --import /mnt/cdrom/RPM-GPG-KEY</code></pre><div class="para">
+ Per visualizzare l'elenco di tutte le chiavi installate, per la verifica RPM, eseguire il comando:
+ </div><pre class="screen"><code class="command">rpm -qa gpg-pubkey*</code></pre><div class="para">
+ L'output sarà qualcosa di simile:
+ </div><pre class="screen"><code class="computeroutput">gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ Per visualizzare i dettagli di una chiave, usare il comando <code class="command">rpm -qi</code> seguito dall'output del comando precedente, come indicato di seguito:
+ </div><pre class="screen"><code class="command">rpm -qi gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ E' molto importante verificare la firma dei file RPM, prima di procedere all'installazione, per essere sicuri che non sinao stati alterati. Per verificare tutti i pacchetti scaricati, eseguire il seguente comando:
+ </div><pre class="screen"><code class="command">rpm -K /tmp/updates/*.rpm</code></pre><div class="para">
+ Per ciascun pacchetto, se la chiave GPG viene verificata con successo, il comando restituisce <code class="computeroutput">gpg OK</code>. Diversamente, assicurarsi di usare la chiave pubblica di Fedora e verificare la sorgente da cui sono stati scaricati i pacchetti. I pacchetti che non superano la verifica GPG non dovrebbero essere installati, poichè potrebbero essere stati alterati da terze parti.
+ </div><div class="para">
+ Dopo aver verificato la chiave GPG e scaricato tutti i pacchetti di correzione, procedere con l'installazione come utente root.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Security_Updates.html"><strong>Indietro</strong>1.5. Aggiornamenti di sicurezza</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>Avanti</strong>1.5.3. Installare pacchetti firmati</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
new file mode 100644
index 0000000..273d02d
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3.2. Policy di base</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Usare IPTables" /><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Usare IPTables" /><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="3.8.3.3. Salvare e ripristinare le regole IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="prev
ious"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">3.8.3.2. Policy di base</h4></div></div></div><div class="para">
+ Stabilire una policy per il firewall di base serve da fondamenta su cui costruire delle regole più dettagliate.
+ </div><div class="para">
+ Ogni catena di <code class="command">iptables</code> è costituita da una policy predefinita e da zero o più regole che complessivamente definiscono le regole per il firewall.
+ </div><div class="para">
+ La policy predefinita di una catena può essere DROP o ACCEPT. Gli amministratori accorti di solito implementano una policy predefinita di DROP e autorizzano solo particolari pacchetti, sulla base di un'analisi caso-per-caso. Per esempio, le seguenti policy bloccano tutti i pacchetti in ingresso e in uscita da un gateway:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P INPUT DROP
+[root at myServer ~ ] # iptables -P OUTPUT DROP</pre><div class="para">
+ Si raccomanda inoltre di vietare qualsiasi <em class="firstterm">forward</em> di pacchetti (cioè traffico di rete che deve essere re-indirizzato dal firewall al nodo di destinazione), per limitare l'esposizione involontaria ad Internet dei client interni. Per fare ciò, usare la seguente regola:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P FORWARD DROP</pre><div class="para">
+ Una volta impostate le policy predefinite per una catena, si possono creare e salvare ulteriori regole, secondo i propri requisiti di rete e di sicurezza.
+ </div><div class="para">
+ Le seguenti sezioni descrivono come salvare le regole iptables e illustrano come implementare le regole per la costruzione del proprio firewall.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Indietro</strong>3.8.3. Usare IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Avanti</strong>3.8.3.3. Salvare e ripristinare le regole IPTables</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
new file mode 100644
index 0000000..805c8ab
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3.3. Salvare e ripristinare le regole IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. Usare IPTables" /><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="3.8.3.2. Policy di base" /><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="3.8.4. Filtraggi IPTables comuni" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">3.8.3.3. Salvare e ripristinare le regole IPTables</h4></div></div></div><div class="para">
+ I cambiamenti a <code class="command">iptables</code> se non vengono opportunamente salvati, restano transitori: se si riavvia il sistema o se il servizio <code class="command">iptables</code> viene riavviato, le regole appena create/modificate vengono automaticamente scaricate e resettate. Per salvare le regole in modo permanente, occorre usare il seguente comando:
+ </div><pre class="screen">[root at myServer ~ ] # service iptables save</pre><div class="para">
+ Le regole sono salvate nel file <code class="filename">/etc/sysconfig/iptables</code> e vengono applicate all'avvio del servizio o al riavvio della macchina.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Indietro</strong>3.8.3.2. Policy di base</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Avanti</strong>3.8.4. Filtraggi IPTables comuni</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
new file mode 100644
index 0000000..1093bb9
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.2. Analisi e Test</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Analisi della vulnerabilità" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Analisi della vulnerabilità" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. Valutazione degli strumenti" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="p
revious"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. Analisi e Test</h3></div></div></div><div class="para">
+ L'analisi della vulnerabilità può essere svolta in due modalità: <em class="firstterm">Dall'esterno</em> e <em class="firstterm">Dall'interno</em>.
+ </div><div class="para">
+ Quando si fa un'analisi di vulnerabilità dall'esterno, si tenta di compromettere il sistema dall'esterno. E' il punto di vista del cracker che non facendo parte della propria attività produttiva, si trova all'esterno. Si vede ciò che vede il cracker — indirizzi di routing pubblici, i sistemi presenti sulla <em class="firstterm">DMZ</em>, le interfacce esterne del firewall ed altro. DMZ sta per "zona demilitarizzata", corrispondente ad un computer o ad una piccola sottorete che si trova tra una rete interna fidata, come una LAN privata e una rete esterna non fidata, come Internet. Solitamente, una DMZ possiede dispositivi che accedono ad Internet, come server Web (HTTP), server FTP, server mail (SMTP) e server DNS.
+ </div><div class="para">
+ Quando si fa un'analisi dall'interno, in un certo senso si è avvantaggiati, giacchè ci si trova all'interno e si gode della condizione di fiducia. Questo è il punto di vista che si acquista una volta loggati nel proprio sistema e che hanno anche i propri collaboratori all'interno della rete fidata. Si vedono server di stampa, file server, database ed altre risorse.
+ </div><div class="para">
+ Tra le due modalità di analisi esistono nette differenze. All'interno della rete fidata si hanno maggiori privilegi di chiunque altro si trovi all'esterno. E ancora oggi, in molte organizzazioni, la sicurezza è vista come una intrusione dall'esterno, per cui viene configurata come se si volessse mantenere gli intrusori all'esterno. Molto poco viene fatto per proteggere le risorse interne (come firewall dipartimentali, controlli d'accesso sugli utenti, procedure d'autenticazione per accedere alle risorse interne ed altro). Solitamente, ci sono molte più risorse da analizzare in un'analisi interna piochè i principali sistemi si trovano all'interno. Una volta che si è fuori dall'organizzazione, si passa in uno stato non fidato. I sistemi e le risorse disponibili dall'esterno spesso sono molto limitate.
+ </div><div class="para">
+ Si consideri la differenza tra analisi della vulnerabilità e <em class="firstterm">test di penetrazione </em>. Si pensi all'analisi di vulnerabilità come il primo passo per un test di penetrazione. L'informazione raccolta durante l'analisi viene usata per fare il test. Mentre l'analisi viene svolta per controllare la presenza di falle e potenziali vulnerabilità, il test di penetrazione praticamente ne verifica la loro pericolosità.
+ </div><div class="para">
+ Analizzare le infrastrutture di rete è un processo dinamico. Anche la sicurezza dell'informazione e dei sistemi è un processo dinamico. Eseguendo un'analisi, si possono intercettare sia falsi positivi che falsi negativi.
+ </div><div class="para">
+ Gli amministratori addetti alla sicurezza sono tanto validi quanto gli strumenti che usano e di cui sono a conoscenza. Si provi, per esempio, ad utlizzare uno degli strumenti di analisi disponibili, effettuando una verifica sul proprio sistema e quasi sicuramente si individueranno dei falsi positivi. Sia che si tratti di problemi nel programma o di un errore di utilizzo, l'effetto resta lo stesso. Lo strumento rileva vulnerabilità che in realtà non esistono (il falso positivo); o peggio ancora, non intercetta alcuna vulnerabilità che invece esiste (il falso negativo).
+ </div><div class="para">
+ Quindi, ora che è stata definita la distinzione tra analisi della vulnerabilità e test di penetrazione, e la natura dei potenziali falsi negativi/positivi, in analisi future, prima di avviare un test di penetrazione, si rivedano attentamente i punti di vulnerabilità trovati.
+ </div><div class="warning"><div class="admonition_header"><h2>Avvertimento</h2></div><div class="admonition"><div class="para">
+ Tentare di sfruttare le vulnerabilità in un sistema di produzione può avere effetti negativi sulla produttività ed efficenza dell'intero sistema e della rete.
+ </div></div></div><div class="para">
+ La seguente lista esamina alcuni benefici ricavabili da un'analisi di vulnerabilità:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Crea un'attenzione proattiva verso la sicurezza informatica
+ </div></li><li class="listitem"><div class="para">
+ Individua potenziali falle prima dei cracker
+ </div></li><li class="listitem"><div class="para">
+ Consente di mantenere il sistema aggiornato e ben funzionante
+ </div></li><li class="listitem"><div class="para">
+ Promuove la crescita ed aiuta a sviluppare l'esperienza del team
+ </div></li><li class="listitem"><div class="para">
+ Abbatte le perdite economiche e la pubblicità negativa
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology">1.3.2.1. Stabilre una metodologia</h4></div></div></div><div class="para">
+ Per individuare gli strumenti da usare in un'analisi di vulnerabilità, può essere utile stabilire una metodologia di analisi della vulnerabilità. Sfortunatamente, al momento non esiste una metodologia predefinita o standardizzata; ad ogni modo, il buon senso e una buona pratica possono essere una guida sufficiente.
+ </div><div class="para">
+ <span class="emphasis"><em>Qual'è l'obbiettivo? Si sta controllando un solo server o l'intera rete con tutti i suoi sistemi? Siamo all'interno o all'esterno della nostra organizzazione?</em></span> Le risposte a queste domande sono importanti perchè aiutano a stabilire non solo quali strumenti usare ma anche come usarli.
+ </div><div class="para">
+ Per saperne di più su come stabilire una metodologia, fare riferimento ai seguenti siti:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">The Open Source Security Testing Methodology Manual</em> (OSSTMM): <a href="http://www.isecom.org/osstmm/"> http://www.isecom.org/osstmm </a>
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">The Open Web Application Security Project</em>: <a href="http://www.owasp.org/">http://www.owasp.org/ </a>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Indietro</strong>1.3. Analisi della vulnerabilità</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Avanti</strong>1.3.3. Valutazione degli strumenti</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
new file mode 100644
index 0000000..9188681
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3. Valutazione degli strumenti</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. Analisi della vulnerabilità" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.3.2. Analisi e Test" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.3.3.2. Nessus" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acces
skey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. Valutazione degli strumenti</h3></div></div></div><div class="para">
+ Un'analisi inizia dalle informazioni raccolte da un qualche strumento. Quando si analizza una intera rete conviene dapprima crearsi una mappa, per sapere gli host che sono in esecuzione. Una volta localizzati, si esamini ogni host, individualmente. La loro analisi richiederà, probabilmente, altri strumenti. Sapere quali strumenti usare può essere il passo più cruciale in un'analisi di vulnerabilità.
+ </div><div class="para">
+ Proprio come nella vita di tutti i giorni, esistono molti strumenti differenti che svolgono lo stesso lavoro. La stessa situazione si ha quando si affronta un'analisi di vulnerabilità. Esistono strumenti specifici per i sistemi operativi, le applicazioni ed anche per le reti (a seconda del protocollo usato). Alcuni sono free, altri no. Alcuni strumenti sono intuitivi e facili da usare, altri sono critpici e scarsamente documentati ma con proprietà che altri non hanno.
+ </div><div class="para">
+ Trovare gli strumenti giusti può essere piuttosto scoraggiante all'inizio e un po' d'esperienza può contare molto. Se possibile, impostare un sistema di test e si provino più strumenti possibile, notando i punti di forza e debolezza di ciascuno. Di ogni strumento si legga il README o le pagine man relative. Si cerchi anche su Internet articoli, guide passo-passo, o mailing-list dedicate allo strumento.
+ </div><div class="para">
+ Gli strumenti elencati sono solo un piccolo campione di quelli disponibili.
+ </div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap">1.3.3.1. Scansione degli Host con Nmap</h4></div></div></div><div class="para">
+ Nmap è uno strumento incluso in Fedora che può essere usato per determinare il layout di una rete. Nmap è disponibile da molti anni ed è probabilmente lo strumento più usato per raccogliere informazioni. Una notevole pagina man provvede a fornire una dettagliata descrizione sul suo uso e le sue opzioni. Gli amministratori possono usare Nmap su una rete per individuare gli host presenti ed aprire le porte di questi sistemi.
+ </div><div class="para">
+ Nmap è uno strumento molto adatto per un'analisi di vulnerabilità. Esso è in grado di creare una mappa di tutti gli host all'interno della rete e, passando un opzione, è possibile conoscere anche il sistema operativo in esecuzione su un particolare host. Nmap è un buon punto di partenza per creare una policy che usi servizi sicuri e blocchi quelli non utilizzati.
+ </div><div class="section" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap">1.3.3.1.1. Usare Nmap</h5></div></div></div><div class="para">
+ Nmap può essere avviato da un terminale con il comando <code class="command">nmap</code>, seguito dall'hostname o dall' indirizzo IP della macchina di cui si vuole eseguire una scansione.
+ </div><pre class="screen"><code class="command">nmap foo.example.com</code></pre><div class="para">
+ I risultati di una scansione base (che potrebbe durare anche un paio di minuti, dipendendo da dove sia localizzato l'host e da altre condizioni di rete), dovrebbero essere qualcosa di simile:
+ </div><pre class="screen">
+Starting Nmap 4.68 ( http://nmap.org )
+Interesting ports on foo.example.com:
+Not shown: 1710 filtered ports
+PORT STATE SERVICE
+22/tcp open ssh
+53/tcp open domain
+70/tcp closed gopher
+80/tcp open http
+113/tcp closed auth</pre><div class="para">
+ Nmap testa le più comuni porte di comunicazione in attesa o ascolto di servizi. Questa informazione può aiutare un amministratore a chiudere servizi non necessari o inutilizzati.
+ </div><div class="para">
+ Per maggiori informazioni sull'uso di Nmap, fare riferimento alla homepage ufficiale, al seguente URL:
+ </div><div class="para">
+ <a href="http://www.insecure.org/"> http://www.insecure.org/ </a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Indietro</strong>1.3.2. Analisi e Test</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Avanti</strong>1.3.3.2. Nessus</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html
new file mode 100644
index 0000000..713c10b
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Analisi della vulnerabilità</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Capitolo 1. Panoramica sulla Sicurezza" /><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.2.4.2. Applicazioni client vulnerabili" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.3.2. Analisi e Test" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Vulnerability_Assessment" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.3. Analisi della vulnerabilità</h2></div></div></div><div class="para">
+ Con a disposizione una buona dose di tempo, risorse e motivazione, un cracker può sabotare quasi ogni sistema. Alla fine di una giornata, tutte le procedure e tecnologie di sicurezza correntemente disponibili, non possono garantire che tutti i sistemi siano completamente salvi da intrusioni. I router aiutano a proteggere i gateway da Internet. I firewall aiutano a proteggere il confine della rete. I VPN (Virtual Private Networks) fanno passare i dati, in modo sicuro, in un flusso criptato. I sistemi anti-intrusione avvisano in caso di attività maliziose. Tuttavia, il successo di ciascuna di queste tecnologie dipende da un certo numero di variabili, tra cui:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ L'esperienza dello staff responsabile della configurazione, monitoraggio e mantenimento delle tecnologie.
+ </div></li><li class="listitem"><div class="para">
+ L'abiilità di coreggere ed aggiornare rapidamente ed efficacemente, servizi e kernel
+ </div></li><li class="listitem"><div class="para">
+ L'abilità dei responsabili di mantenere una vigilanza continua sulla rete.
+ </div></li></ul></div><div class="para">
+ Data la natura dinamica dei sistemi e delle tecnologie dell'informazione, rendere sicure le proprie risorse, può essere piuttosto complesso. A causa di questa complessità, risulta spesso difficile trovare degli esperti in tutti i settori del sistema. Se in un'azienda è possibile avere del personale con conoscenze generali in molte aree della sicurezza informatica, tuttavia, risulta difficile mantenere uno staff d'alto livello che sia esperto in ogni area. Questo perchè ciascuna area della sicurezza informatica richiede una attenzione costante e la sicurezza informatica risulta essere in continua evoluzione.
+ </div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. Pensare come il nemico</h3></div></div></div><div class="para">
+ Si supponga di dover amministrare una rete aziendale. La rete generalmente comprende vari sistemi operativi, applicazioni, server, monitor di rete, firewall, sistemi anti-intrusione ed altro. Ora si immagini di provare a tenere aggiornati tutti questi sistemi. Vista la complessità dei software e delle reti attuali, gli attacchi e i bug sono una certezza. Mantenere al passo una intera rete con correzioni ed aggiornamenti, può essere una <span class="emphasis"><em>impresa</em></span> in una grande organizzazione con sistemi etrogenei.
+ </div><div class="para">
+ Si combini la richiesta di esperienza con il compito di essere al passo, ed inevitabilmente si verificheranno incidenti, i sistemi saranno compromessi, i dati corrotti ed i servizi interrotti.
+ </div><div class="para">
+ Per migliorare le tecnologie relative alla sicurezza ed aiutare a proteggere i sistemi, le reti e i dati, occorre pensare come un cracker e valutare la sicurezza del proprio sistema, verificandone i punti di debolezza. Una valutazione preventiva della vulnerabilità del sistema e delle risorse di rete può rivelare potenziali problemi, che possono essere risolti prima che si verifichi un attacco.
+ </div><div class="para">
+ Una valutazione della vulnerabilità è una verifica interna della sicurezza della rete e del sistema, i cui risultati indicano la confidenzialità, l'integrità e la disponibilità della rete (vedere la <a class="xref" href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">Sezione 1.1.1.3, «Standardizzare la Sicurezza»</a>). Tipicamente, la valutazione inizia con una fase di ricognizione, durante la quale sono raccolti importanti dati riguardanti i sistemi e le risorse disponibili. Questa, porta alla fase di "readiness", in cui l'intero sistema è controllato in tutti i suoi punti di vulnerabilità. Essa culmina con la fase di reporting, in cui le vulnerabilità sono classificate in categorie di rischio alto, medio e basso; successivamente, si studiano i metodi per aumentare la sicurezza (o mitigare il rischio di vulnerabilità).
+ </div><div class="para">
+ Se si facesse una valutazione di vulnerabilità della propria abitazione, si controllerebbero tutte le porte di casa per assicurarsi che siano chiuse e sicure. Si controllerebbero anche tutte le finestre, assicurandosi che siano chiuse e serrate. Lo stesso avviene con i sistemi, le reti e i dati informatici. Gli utenti maliziosi sono i ladri e i vandali dei dati. Occorre focalizzarsi sui loro strumenti, la loro mentalità e le loro motivazioni per poter reagire prontamente alle loro azioni.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Indietro</strong>1.2.4.2. Applicazioni client vulnerabili</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Avanti</strong>1.3.2. Analisi e Test</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html
new file mode 100644
index 0000000..1b139b9
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4.2. Autenticazione ai siti web con la Yubikey</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-Yubikey.html" title="3.4. Yubikey" /><link rel="prev" href="sect-Security_Guide-Yubikey.html" title="3.4. Yubikey" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey.html"><strong>In
dietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-Yubikey-Web_Sites"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Web_Sites">3.4.2. Autenticazione ai siti web con la Yubikey</h3></div></div></div><div class="para">
+ Al di fuori dello scopo di questa guida Yubikey consente di autenticarsi sui siti web supportando questo metodo di autenticazione. Questi siti web normalmente supportano i server di autenticazione Yubico, ma alcuni potrebbero essere impostati in modo simile al sistema centralizzato di autenticazione. Yubico fornisce anche servizi OpenID che possono essere utilizzati con alcuni siti web.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey.html"><strong>Indietro</strong>3.4. Yubikey</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Avanti</strong>3.5. Pluggable Authentication Modules (PAM)</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html
new file mode 100644
index 0000000..3a9b3e0
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4. Yubikey</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Capitolo 3. Proteggere la rete locale" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="3.3.5. Configurare Firefox ad usare Kerberos con SSO" /><link rel="next" href="sect-Security_Guide-Yubikey-Web_Sites.html" title="3.4.2. Autenticazione ai siti web con la Yubikey" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Avanti</strong></a></li></ul><div xml:lang="it-IT" class="section" id="sect-Security_Guide-Yubikey" lang="it-IT"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Yubikey">3.4. Yubikey</h2></div></div></div><div class="para">
+ Yubikey è un token di autenticazione hardware che utilizza software open source per operare. Questo token è un semplice dispositivo USB che compare come una tastiera sul computer. Il singolo tasto sul token fornisce una password usa e getta (OTP) che ad ogni pressione può essere usata per autenticare un utente. Attualmente sono presenti molte implementazioni di questa soluzione che saranno descritte in seguito.
+ </div><div class="section" id="sect-Security_Guide-Yubikey-Centralized_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. Utilizzo di Yubikey con un server centralizzato</h3></div></div></div><div class="para">
+ Un modulo PAM è già presente nei repository di Fedora che consente l'autenticazione dei computer che possono contattare un server di autenticazione. Il server può essere sia impostato a livello dominio, oppure si può usare il server Yubico. Questo metodo di autenticazione è una grande soluzione aziendale dove più utenti possono richiedere l'accesso a molti computer sul dominio. I seguenti passaggi descrivono il setup.
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Installare <span class="package">pam_yubico</span>
+ </div></li><li class="step"><div class="para">
+ Per due fattori di autenticazione aprire <code class="filename">/etc/pam.d/gdm-password</code> e trovare la seguente linea:
+ </div><div class="para">
+ <code class="command">auth substack password-auth </code>
+ </div><div class="para">
+ Su una nuova linea dopo la precedente aggiungere:
+ </div><div class="para">
+ <code class="command">auth sufficient pam_yubico.so id=16</code>
+ </div></li><li class="step"><div class="para">
+ Per usare in modo semplice il token yubikey senza la password rimuovere la prima linea dal precedente passaggio e sostituirla con la seconda.
+ </div></li><li class="step"><div class="para">
+ Trovare il token yubikey dal primo yubikey che si vuole aggiungere. Questa operazione può essere fatta guardando ai primi 12 caratteri di qualsiasi OTP oppure visitare <a href="http://radius.yubico.com/demo/Modhex_Calculator.php"><em class="citetitle">http://radius.yubico.com/demo/Modhex_Calculator.php</em></a> e copiare la stringa Modhex codificata dopo aver inserito un OTP nel box di testo della pagina.
+ </div></li><li class="step"><div class="para">
+ Aggiungere il yubikey dell'utente al file di configurazione. Ciò può essere fatto sia globalmente in <code class="filename">/etc/yubikey_mapping</code> oppure da utenti individuali in <code class="filename">~/.yubico/authorized_yubikeys</code>. Con la seguente sintassi:
+ </div><div class="para">
+ <code class="command">username:yubikey_token:another_yubikey_token</code>
+ </div></li><li class="step"><div class="para">
+ Eseguire il logout, quando si tenta di riaccedere si dovrebbe richiedere o la password oppure l'OTP yubikey o entrambi a seconda di come è stato configurato il sistema.
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ Viene richiesta una connessione al server di autenticazione oppure non si verifica una corretta autenticazione. Ciò potrebbe essere dannoso in un sistema che non possiede una connessione ad internet costante.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Indietro</strong>3.3.5. Configurare Firefox ad usare Kerberos con ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>Avanti</strong>3.4.2. Autenticazione ai siti web con la Yubikey</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
new file mode 100644
index 0000000..a4f4928
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3. Modificare i file di configurazione di xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. File di configuratione di xinetd" /><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="3.6.4.2. La directory /etc/xinetd.d/" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="3.6.4.3.2. Opzioni per il controllo d'accesso" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">3.6.4.3. Modificare i file di configurazione di xinetd</h4></div></div></div><div class="para">
+ I servizi protetti da <code class="systemitem">xinetd</code> dispongono di una serie di direttive. Questa sezione illustra quelle maggiormente usate.
+ </div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">3.6.4.3.1. Opzioni di log</h5></div></div></div><div class="para">
+ Le seguenti opzioni di log sono impiegabili sia in <code class="filename">/etc/xinetd.conf</code> sia nei file di configurazione della directory <code class="filename">/etc/xinetd.d/</code> per i particolari servizi.
+ </div><div class="para">
+ Le opzioni di logging più comunemente usate sono:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ATTEMPT</code> — Registra un tentativo di connessione fallito (<code class="option">log_on_failure</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DURATION</code> — Registra per quanto tempo è stato usato il servizio (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">EXIT</code> — Registra lo stato d'uscita o il segnale di interruzione del servizio (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">HOST</code> — Registra l'indirizzo IP dell'host remoto (<code class="option">log_on_failure</code> e <code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PID</code> — Registra l'ID del processo server (<code class="option">log_on_success</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">USERID</code> — Registra l'utente remoto secondo il metodo definito in RFC 1413 per i servizi stream multi-thread (<code class="option">log_on_failure</code> e <code class="option">log_on_success</code>).
+ </div></li></ul></div><div class="para">
+ Per l'elenco completo delle opzioni di log, fare riferimento alle pagine di man relative a <code class="filename">xinetd.conf</code>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Indietro</strong>3.6.4.2. La directory /etc/xinetd.d/</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Avanti</strong>3.6.4.3.2. Opzioni per il controllo d'accesso</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
new file mode 100644
index 0000000..bdae079
--- /dev/null
+++ b/public_html/it-IT/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.2. La directory /etc/xinetd.d/</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-it-IT-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="Guida alla Sicurezza" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. File di configuratione di xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. File di configuratione di xinetd" /><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. Modificare i file di configurazione di xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Indietro</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Avanti</strong></a></li></ul><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">3.6.4.2. La directory /etc/xinetd.d/</h4></div></div></div><div class="para">
+ La directory <code class="filename">/etc/xinetd.d/</code> contiene i file di configurazione di tutti i servizi gestiti da <code class="systemitem">xinetd</code>. Analogamente a <code class="filename">xinetd.conf</code>, questa directory è letta al primo avvio di <code class="systemitem">xinetd</code>. Ogni modifica ai file di configurazione richiede il riavvio di <code class="systemitem">xinetd</code>.
+ </div><div class="para">
+ Il formato dei file in <code class="filename">/etc/xinetd.d/</code> usa le stesse convenzioni del file <code class="filename">/etc/xinetd.conf</code>. Il motivo principale che porta ad avere file di configurazione distinti per servizio è di rendere i servizi meno soggetti ad influenze reciproche e di facilitare la loro configurazione.
+ </div><div class="para">
+ Per meglio comprendere la struttura interna di questi file, si consideri il file <code class="filename">/etc/xinetd.d/krb5-telnet</code>:
+ </div><pre class="screen">service telnet
+{
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ disable = yes
+}</pre><div class="para">
+ Le linee controllano vari aspetti del servizio <code class="command">telnet</code>:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">service</code> — Specifica il nome del servizio, generalmente uno dei servizi presenti nel file <code class="filename">/etc/services</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">flags</code> — Imopsta un attributo sulla connessione. Per esempio l'attributo <code class="option">REUSE</code> specifica di riusare il socket per una connessione Telnet.
+ </div><div class="note"><div class="admonition_header"><h2>Nota</h2></div><div class="admonition"><div class="para">
+ L'uso del flag <code class="option">REUSE</code> è deprecato. Tutti i servizi ora usano implicitamente il flag <code class="option">REUSE</code>.
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">socket_type</code> — Imposta il tipo di socket, in questo caso <code class="option">stream</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">wait</code> — Specifica se il servizio è single-thread (<code class="option">yes</code>) o multi-thread (<code class="option">no</code>).
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">user</code> — Specifica l'ID utente che ha avviato il processo.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">server</code> — Specifica l'eseguibile da avviare.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — Specifica i parametri dei messaggi di log di <code class="option">log_on_failure</code>, integrando quelli già definiti in <code class="filename">xinetd.conf</code>.
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">disable</code> — Specifica se il servizio è disabilitato (<code class="option">yes</code>) o abilitato (<code class="option">no</code>).
+ </div></li></ul></div><div class="para">
+ Per maggiori informazioni sulle opzioni disponibili, consultare le pagine di man relative a <code class="filename">xinetd.conf</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Indietro</strong>3.6.4. File di configuratione di xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>Risali</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Partenza</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Avanti</strong>3.6.4.3. Modificare i file di configurazione di x...</a></li></ul></body></html>
diff --git a/public_html/it-IT/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf b/public_html/it-IT/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf
new file mode 100644
index 0000000..a64e986
Binary files /dev/null and b/public_html/it-IT/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf differ
diff --git a/public_html/it-IT/Site_Statistics.html b/public_html/it-IT/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/it-IT/Site_Statistics.html
+++ b/public_html/it-IT/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/it-IT/opds-Community_Services_Infrastructure.xml b/public_html/it-IT/opds-Community_Services_Infrastructure.xml
index b4da3c3..2300b39 100644
--- a/public_html/it-IT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/it-IT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora.xml b/public_html/it-IT/opds-Fedora.xml
index 68ea605..68a7a7e 100644
--- a/public_html/it-IT/opds-Fedora.xml
+++ b/public_html/it-IT/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Guida alla Sicurezza</title>
+ <id>http://docs.fedoraproject.org/it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>it-IT</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>Guida alla protezione di Fedora Linux
+</summary>
+ <content type="text">La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Masterizzare immagini ISO su disco</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-it-IT.epub</id>
<!--author>
diff --git a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
index 7edfa00..67d0340 100644
--- a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Documentazione Collaboratori Fedora</title>
<subtitle>Documentazione Collaboratori Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Core.xml b/public_html/it-IT/opds-Fedora_Core.xml
index dc22e80..04b03e9 100644
--- a/public_html/it-IT/opds-Fedora_Core.xml
+++ b/public_html/it-IT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
index 99fd5db..ea3fd53 100644
--- a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds.xml b/public_html/it-IT/opds.xml
index df5d0f1..83cab58 100644
--- a/public_html/it-IT/opds.xml
+++ b/public_html/it-IT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/it-IT/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/it-IT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Documentazione Collaboratori Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/it-IT/toc.html b/public_html/it-IT/toc.html
index 2039143..40a206f 100644
--- a/public_html/it-IT/toc.html
+++ b/public_html/it-IT/toc.html
@@ -98,6 +98,20 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed">
+ <a class="type" href="Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html/Security_Guide/index.html'"><span class="book">Guida alla Sicurezza</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types" onclick="work=0;">
+ <a class="type" href="./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub" >epub</a>
+ <a class="type" href="./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf" onclick="window.top.location='./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -137,7 +151,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -182,7 +196,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -876,7 +890,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -976,7 +990,7 @@
<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -1076,7 +1090,7 @@
<a class="type" href="../en-US/./Fedora/9/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/9/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/9/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.9.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.User_Guide.types');">
@@ -1185,7 +1199,7 @@
<a class="type" href="../en-US/./Fedora/8/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/8/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/8/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/8/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/8/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.8.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.8.User_Guide.types');">
@@ -1290,7 +1304,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1554,7 +1568,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1694,7 +1708,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub b/public_html/ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub
new file mode 100644
index 0000000..8559908
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..d7dc3f2
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/common.css
@@ -0,0 +1,1528 @@
+* {
+ widows: 2 !important;
+ orphans: 2 !important;
+}
+
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+ line-height: 1.29em;
+}
+
+body {
+ background-color: white;
+ margin:0 auto;
+ font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+ font-size:12px;
+ max-width:55em;
+ color:black;
+}
+
+body.toc_embeded {
+ /*for web hosting system only*/
+ margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+ /*for web hosting system only*/
+ border-style:none;
+ position:fixed;
+ width:290px;
+ height:99.99%;
+ top:0;
+ left:0;
+ z-index: 100;
+ border-style:none;
+ border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+ margin-left: 3em;
+}
+
+iframe.notoc {
+ border-style:none;
+ border: none;
+ padding: 0em;
+ position:fixed;
+ width: 21px;
+ height: 29px;
+ top: 0px;
+ left:0;
+ overflow: hidden;
+ margin: 0em;
+ margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+ margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+ display:block;
+ width:24em;
+ height:99%;
+ position:fixed;
+ overflow:auto;
+ top:0px;
+ left:0px;
+ padding-left:1em;
+ background-color:#EEEEEE;
+}
+
+.toc {
+ line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+ margin-top:1em;
+}
+
+.toc .part {
+ margin-top:1em;
+ display:block;
+}
+
+span.glossary,
+span.appendix {
+ display:block;
+ margin-top:0.5em;
+}
+
+div {
+ padding-top:0px;
+}
+
+div.section {
+ padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+ padding-top:0px;
+ margin-top:0.3em;
+ padding-bottom:0px;
+ margin-bottom:1em;
+}
+
+/*Links*/
+a {
+ outline: none;
+}
+
+a:link {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#3366cc;
+}
+
+a:visited {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#003366;
+}
+
+div.longdesc-link {
+ float:right;
+ color:#999;
+}
+
+.toc a, .qandaset a {
+ font-weight:normal;
+ border:none;
+}
+
+.toc a:hover, .qandaset a:hover
+{
+ border-bottom: 1px dotted;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+ color: #336699;
+ margin-top: 0em;
+ margin-bottom: 0em;
+ background-color: transparent;
+ page-break-inside: avoid;
+ page-break-after: avoid;
+}
+
+h1 {
+ font-size:2.0em;
+}
+
+.titlepage h1.title {
+ font-size: 3.0em;
+ padding-top: 1em;
+ text-align:left;
+}
+
+.book > .titlepage h1.title {
+ text-align:center;
+}
+
+.article > .titlepage h1.title {
+ text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+ text-align:center;
+}
+
+.producttitle {
+ margin-top: 0em;
+ margin-bottom: 0em;
+ font-size: 3.0em;
+ font-weight: bold;
+ background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+ color: white;
+ text-align: center;
+ padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+ margin-top: 1em;
+ text-align: center;
+}
+
+.section h1.title {
+ font-size: 1.6em;
+ padding: 0em;
+ color: #336699;
+ text-align: left;
+ background: white;
+}
+
+h2 {
+ font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+.appendix h2 {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+
+
+h3 {
+ font-size:1.3em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+h4 {
+ font-size:1.1em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+
+h5 {
+ font-size:1em;
+}
+
+h6 {
+ font-size:1em;
+}
+
+h5.formalpara {
+ font-size:1em;
+ margin-top:2em;
+ margin-bottom:.8em;
+}
+
+.abstract h6 {
+ margin-top:1em;
+ margin-bottom:.5em;
+ font-size:2em;
+}
+
+/*element rules*/
+hr {
+ border-collapse: collapse;
+ border-style:none;
+ border-top: 1px dotted #ccc;
+ width:100%;
+ margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+ display:inline;
+ padding:0em;
+}
+
+.languages li a {
+ padding:0em .5em;
+ text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+ display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+ color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+ color:black;
+}
+
+ul.languages {
+ display:block;
+ background-color:#eee;
+ padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+ position:relative;
+}
+
+.versions li {
+ width:100%;
+ clear:both;
+ display:block;
+}
+
+a.version {
+ font-size:2em;
+ text-decoration:none;
+ width:100%;
+ display:block;
+ padding:1em 0em .2em 0em;
+ clear:both;
+}
+
+a.version:before {
+ content:"Version";
+ font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+ color:#666;
+}
+
+a.version:focus, a.version:hover {
+ color:black;
+}
+
+.books {
+ display:block;
+ position:relative;
+ clear:both;
+ width:100%;
+}
+
+.books li {
+ display:block;
+ width:200px;
+ float:left;
+ position:relative;
+ clear: none ;
+}
+
+.books .html {
+ width:170px;
+ display:block;
+}
+
+.books .pdf {
+ position:absolute;
+ left:170px;
+ top:0px;
+ font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+ color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+ color:#000;
+}
+
+.books li a {
+ text-decoration:none;
+}
+
+.books li a:hover {
+ color:black;
+}
+
+/*products*/
+.products li {
+ display: block;
+ width:300px;
+ float:left;
+}
+
+.products li a {
+ width:300px;
+ padding:.5em 0em;
+}
+
+.products ul {
+ clear:both;
+}
+
+/*revision history*/
+.revhistory {
+ display:block;
+}
+
+.revhistory table {
+ background-color:transparent;
+ border-color:#fff;
+ padding:0em;
+ margin: 0;
+ border-collapse:collapse;
+ border-style:none;
+}
+
+.revhistory td {
+ text-align :left;
+ padding:0em;
+ border: none;
+ border-top: 1px solid #fff;
+ font-weight: bold;
+}
+
+.revhistory .simplelist td {
+ font-weight: normal;
+}
+
+.revhistory .simplelist {
+ margin-bottom: 1.5em;
+ margin-left: 1em;
+}
+
+.revhistory table th {
+ display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+ clear:both;
+ text-align: center;
+}
+
+h3.author {
+ margin: 0em;
+ padding: 0em;
+ padding-top: 1em;
+}
+
+.authorgroup h4 {
+ padding: 0em;
+ margin: 0em;
+ padding-top: 1em;
+ margin-top: 1em;
+}
+
+.author,
+.editor,
+.translator,
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
+}
+
+.othercredit h3 {
+ padding-top: 1em;
+}
+
+
+.othercredit {
+ margin:0em;
+ padding:0em;
+}
+
+.releaseinfo {
+ clear: both;
+}
+
+.copyright {
+ margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+ margin-bottom:1em;
+ border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+ border-bottom:1px dotted #ccc;
+}
+
+.question {
+ font-weight:bold;
+}
+
+.answer .data, .question .data {
+ padding-left: 2.6em;
+}
+
+.answer label, .question label {
+ float:left;
+ font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+ color: #0000ff;
+}
+
+.perl_BaseN {
+ color: #007f00;
+}
+
+.perl_BString {
+ color: #5C3566;
+}
+
+.perl_Char {
+ color: #ff00ff;
+}
+
+.perl_Comment {
+ color: #FF00FF;
+}
+
+
+.perl_DataType {
+ color: #0000ff;
+}
+
+
+.perl_DecVal {
+ color: #00007f;
+}
+
+
+.perl_Error {
+ color: #ff0000;
+}
+
+
+.perl_Float {
+ color: #00007f;
+}
+
+
+.perl_Function {
+ color: #007f00;
+}
+
+
+.perl_IString {
+ color: #5C3566;
+}
+
+
+.perl_Keyword {
+ color: #002F5D;
+}
+
+
+.perl_Operator {
+ color: #ffa500;
+}
+
+
+.perl_Others {
+ color: #b03060;
+}
+
+
+.perl_RegionMarker {
+ color: #96b9ff;
+}
+
+
+.perl_Reserved {
+ color: #9b30ff;
+}
+
+
+.perl_String {
+ color: #5C3566;
+}
+
+
+.perl_Variable {
+ color: #0000ff;
+}
+
+
+.perl_Warning {
+ color: #0000ff;
+}
+
+/*Lists*/
+ul {
+ padding-left:1.6em;
+ list-style-image:url(../images/dot.png);
+ list-style-type: circle;
+}
+
+ul ul {
+ list-style-image:url(../images/dot2.png);
+ list-style-type: circle;
+}
+
+ol {
+ list-style-image:none;
+ list-style-type: decimal;
+}
+
+ol ol {
+ list-style-type: lower-alpha;
+}
+
+ol.arabic {
+ list-style-type: decimal;
+}
+
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
+dt {
+ font-weight:bold;
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+dd {
+ margin:0em;
+ margin-left:2em;
+ padding-top:0em;
+ padding-bottom: 1em;
+}
+
+li {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.4em;
+}
+
+li p, li div.para {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+ display:block;
+ margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+ display:inline;
+ margin:0em;
+}
+
+.figure img {
+ display:block;
+ margin:0;
+ page-break-inside: avoid;
+}
+
+.figure .title {
+ margin:0em;
+ margin-bottom:2em;
+ padding:0px;
+}
+
+/*document modes*/
+.confidential {
+ background-color:#900;
+ color:White;
+ padding:.5em .5em;
+ text-transform:uppercase;
+ text-align:center;
+}
+
+.longdesc-link {
+ display:none;
+}
+
+.longdesc {
+ display:none;
+}
+
+.prompt {
+ padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+ font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight: bold;
+ white-space: nowrap;
+}
+
+.example {
+ background-color: #ffffff;
+ border-left: 3px solid #aaaaaa;
+ padding-top: 1em;
+ padding-bottom: 0.1em;
+}
+
+.example h6 {
+ padding-left: 10px;
+}
+
+.example-contents {
+ padding-left: 10px;
+ background-color: #ffffff;
+}
+
+.example-contents .para {
+/* padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput,
+.option {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+.replaceable {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+ font-weight: inherit;
+}
+
+pre {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ display:block;
+ background-color: #f5f5f5;
+ color: #000000;
+ border: 1px solid #aaaaaa;
+ margin-bottom: 0.3em;
+ padding:.5em 1em;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+ font-size: 0.9em;
+}
+
+pre .replaceable,
+pre .keycap {
+}
+
+code {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+/* white-space: nowrap;*/
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-weight:bold;
+}
+
+.parameter code {
+ display: inline;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+ content:url(../images/warning.png);
+ padding-left: 5px;
+}
+
+div.note:before {
+ content:url(../images/note.png);
+ padding-left: 5px;
+}
+
+div.important:before {
+ content:url(../images/important.png);
+ padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+ color: black;
+ margin: 0em;
+ padding: 0em;
+ background: none;
+ background-color: white;
+ margin-bottom: 1em;
+ border-bottom: 1px solid #aaaaaa;
+ page-break-inside: avoid;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+ margin: 0em;
+ padding: 0em;
+ color: #eeeeec;
+ padding-top: 0px;
+ padding-bottom: 0px;
+ height: 1.4em;
+ line-height: 1.4em;
+ font-size: 1.4em;
+ display:inline;
+}
+
+div.admonition_header {
+ clear: both;
+ margin: 0em;
+ padding: 0em;
+ margin-top: -3.3em;
+ padding-left: 58px;
+ line-height: 1.0em;
+ font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+ background: url(../images/red.png) top left repeat-x;
+ background-color: #590000;
+}
+
+div.note div.admonition_header {
+ background: url(../images/green.png) top right repeat-x;
+ background-color: #597800;
+}
+
+div.important div.admonition_header {
+ background: url(../images/yellow.png) top right repeat-x;
+ background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+ padding: 0em;
+ margin: 0em;
+}
+
+div.admonition {
+ border: none;
+ border-left: 1px solid #aaaaaa;
+ border-right: 1px solid #aaaaaa;
+ padding:0em;
+ margin:0em;
+ padding-top: 1.5em;
+ padding-bottom: 1em;
+ padding-left: 2em;
+ padding-right: 1em;
+ background-color: #eeeeec;
+ -moz-border-radius: 0px;
+ -webkit-border-radius: 0px;
+ border-radius: 0px;
+}
+
+/*Page Title*/
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
+}
+
+#title a.left{
+ display:inline;
+ border:none;
+}
+
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
+ padding-bottom:1em;
+}
+
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+ margin-top:.7em;
+}
+
+/*Table*/
+div.table {
+ page-break-inside: avoid;
+}
+
+table {
+ border:1px solid #6c614b;
+ width:100%;
+ border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+ border-style: none;
+}
+
+table th {
+ text-align:left;
+ background-color:#6699cc;
+ padding:.3em .5em;
+ color:white;
+}
+
+table td {
+ padding:.15em .5em;
+}
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
+ margin-top:0em;
+ padding-top:0em;
+ display:inline;
+}
+
+th, td {
+ border-style:none;
+ vertical-align: top;
+ border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+ border: none;
+}
+
+table table td {
+ border-bottom:1px dotted #aaa;
+ background-color:white;
+ padding:.6em 0em;
+}
+
+table table {
+ border:1px solid white;
+}
+
+td.remarkval {
+ color:#444;
+}
+
+td.fieldval {
+ font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+ color:white;
+ font-weight:bold;
+ background-color:#999;
+ width:120px;
+}
+
+td.remarkval {
+ width:230px;
+}
+
+td.tname {
+ font-weight:bold;
+}
+
+th.dbfield {
+ width:120px;
+}
+
+th.dbtype {
+ width:70px;
+}
+
+th.dbdefault {
+ width:70px;
+}
+
+th.dbnul {
+ width:70px;
+}
+
+th.dbkey {
+ width:70px;
+}
+
+span.book {
+ margin-top:4em;
+ display:block;
+ font-size:11pt;
+}
+
+span.book a{
+ font-weight:bold;
+}
+span.chapter {
+ display:block;
+ margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+ border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+ content:" ";
+}
+
+#breadcrumbs {
+ color:#900;
+ padding:3px;
+ margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+ margin-left:0;
+ padding-left:0;
+ display:inline;
+ border:none;
+}
+
+#breadcrumbs ul li {
+ margin-left:0;
+ padding-left:2px;
+ border:none;
+ list-style:none;
+ display:inline;
+}
+
+#breadcrumbs ul li:before {
+ content:"\0020 \0020 \0020 \00BB \0020";
+ color:#333;
+}
+
+/*index*/
+.glossary h3,
+.index h3 {
+ font-size: 2em;
+ color:#aaa;
+ margin:0em;
+}
+
+.indexdiv {
+ margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+ color:#444;
+ padding-top:.5em;
+}
+
+.glossary dl dl dt,
+.index dl dl dt {
+ color:#777;
+ font-weight:normal;
+ padding-top:0em;
+}
+
+.index dl dl dt:before {
+ content:"- ";
+ color:#ccc;
+}
+
+/*changes*/
+.footnote {
+ font-size: .7em;
+ margin:0em;
+ color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+ color:#999;
+ margin:0em;
+ padding:0em;
+ line-height: .4em;
+ font-size: 1em;
+ padding-left:0em;
+}
+
+.footnote {
+ position:relative;
+}
+
+.footnote sup {
+ color:#e3dcc0;
+ position:absolute;
+ left: .4em;
+}
+
+.footnote sup a:link,
+.footnote sup a:visited {
+ color:#92917d;
+ text-decoration:none;
+}
+
+.footnote:hover sup a {
+ text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+ padding-left:2em;
+}
+
+.footnote a:link,
+.footnote a:visited {
+ color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+ margin-top:3em;
+ page-break-inside: avoid;
+}
+
+div.preface {
+ page-break-inside: avoid;
+}
+
+div.section {
+ margin-top:1em;
+ page-break-inside: auto;
+}
+
+div.note .replaceable,
+div.important .replaceable,
+div.warning .replaceable,
+div.note .keycap,
+div.important .keycap,
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+ border:none;
+ text-decoration:none;
+ font-weight:normal;
+}
+
+.docnav {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ position:relative;
+ width:100%;
+ padding-bottom:2em;
+ padding-top:1em;
+ border-top:1px dotted #ccc;
+}
+
+.docnav li {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ display:inline;
+ font-size:.8em;
+}
+
+.docnav li:before {
+ content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+ position:absolute;
+ top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+ margin:0em 1.5em;
+}
+
+.docnav li.previous {
+ left:0px;
+ text-align:left;
+}
+
+.docnav li.next {
+ right:0px;
+ text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+ height:22px;
+ display:block;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+.docnav li.next a strong {
+ background: url(../images/stock-go-forward.png) top right no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-right:28px;
+ font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+ background: url(../images/stock-go-back.png) top left no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-left:28px;
+ padding-right:0.5em;
+ font-size:1.2em;
+}
+
+.docnav li.home a strong {
+ background: url(../images/stock-home.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav li.up a strong {
+ background: url(../images/stock-go-up.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+ color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+ color:black;
+}
+
+.docnav a {
+ max-width: 10em;
+ overflow:hidden;
+}
+
+.docnav a:link strong {
+ text-decoration:none;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+ul.docnav {
+ margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.reports li{
+ margin:0em;
+ padding:0em;
+}
+
+.reports li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.reports dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+ max-width:57em ;
+ padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+ display:block;
+ float:left;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ height:1em;
+}
+
+div.progress span {
+ height:1em;
+ float:left;
+}
+
+div.progress span.translated {
+ background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+ background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.results li{
+ margin:0em;
+ padding:0em;
+}
+
+.results li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.results h2, .results h3 {
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+ -moz-border-radius:11px;
+ -webkit-border-radius:11px;
+ border-radius: 11px;
+ page-break-inside: avoid;
+}
+
+.example {
+ -moz-border-radius:0px;
+ -webkit-border-radius:0px;
+ border-radius: 0px;
+ page-break-inside: avoid;
+}
+
+.package, .citetitle {
+ font-style: italic;
+}
+
+.titlepage .edition {
+ color: #336699;
+ background-color: transparent;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ font-weight: bold;
+ text-align: center;
+}
+
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
+}
+
+
+.strikethrough {
+ text-decoration: line-through;
+}
+
+.underline {
+ text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+ padding: 0em;
+ margin: 0em;
+ width: 12pt;
+ display: inline;
+ vertical-align: middle;
+}
+
+.stepalternatives {
+ list-style-image: none;
+ list-style-type: none;
+}
+
+
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css
new file mode 100644
index 0000000..bf38ebb
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/default.css
@@ -0,0 +1,3 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..057be29
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,51 @@
+a:link {
+ color:#0066cc;
+}
+
+a:hover, a:active {
+ color:#003366;
+}
+
+a:visited {
+ color:#6699cc;
+}
+
+
+h1 {
+ color:#3c6eb4
+}
+
+.producttitle {
+ background: #3c6eb4 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+ color:#3c6eb4;
+}
+
+
+h2,h3,h4,h5,h6 {
+ color:#3c6eb4;
+}
+
+table {
+ border:1px solid #3c6eb4;
+}
+
+table th {
+ background-color:#3c6eb4;
+}
+
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+.revhistory table th {
+ color:#3c6eb4;
+}
+
+.titlepage .edition {
+ color: #3c6eb4;
+}
+
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css
new file mode 100644
index 0000000..773d8ae
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/css/print.css
@@ -0,0 +1,16 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
+
+#tocframe {
+ display: none;
+}
+
+body.toc_embeded {
+ margin-left: 30px;
+}
+
+.producttitle {
+ color: #336699;
+}
+
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..c21d7a3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/1.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..a2b3903
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..15b81da
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/10.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..af015ab
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..2fcc2dd
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/11.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..cb82b70
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..edebe20
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/12.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..3b6d822
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..ec48cef
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/13.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..226e461
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..33d5637
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/14.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..5aaa3a3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..f1a4eb2
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/15.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..f51dd96
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2839"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2841"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..d38a155
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/16.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..cb7e2f5
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d83e898
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/17.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..5d6f0ad
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..9e39de4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/18.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..9ea672c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..9eeedfb
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/19.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..80d1d09
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..ff9cc57
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/2.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..8e94260
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b28b4aa
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/20.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..409ac6e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..eda952c
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/21.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..7bc03af
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..90b14b0
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/22.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..fe086f6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..8b35a74
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/23.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..f17ec29
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..6041b02
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/24.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..42a5333
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..ecb15e6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/25.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..a8d4672
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..4b2f560
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/26.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..3cf00ec
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..ecf058e
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/27.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..c8d6440
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..e64efb2
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/28.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..5acce93
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..dbbca1b
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/29.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..507dd44
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..4febe43
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/3.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..5e87e1f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..f4ffb14
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/30.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..434e663
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..0b29e87
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/31.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..08c3f2d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..a4740a3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/32.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..aa099c3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..f23ccea
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/33.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..fce979c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..7e2ab31
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/34.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..c67f8ec
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..02118e3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/35.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..da7780a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..30f4fdf
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/36.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..348549a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..6174706
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/37.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..7bc04d9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..161661d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/38.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..ec2ad98
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..2d46b24
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/39.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..664ffdd
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..9b9dd88
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/4.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..bc06c73
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..fe2a68f
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/40.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..5a94d1b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..f239fb6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/5.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..82fb03d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..18866e6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/6.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..e2f62af
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+ id="path2846"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..52c3a18
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/7.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..a43460f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+ id="path2832"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..8a8cb21
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/8.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..2c82d3f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..0ae412f
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/9.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..b0f04c4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png
new file mode 100644
index 0000000..2333a6d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/bkgrnd_greydots.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png
new file mode 100644
index 0000000..c235534
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/bullet_arrowblue.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..79d0a80
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png
new file mode 100644
index 0000000..36a6859
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/dot.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png
new file mode 100644
index 0000000..40aff92
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/dot2.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/green.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..a2aad24
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..e8fe7a4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..f7bd972
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..f7594a3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/important.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..2d33045
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/important.svg
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="important.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/important.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2611">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="681"
+ inkscape:window-width="738"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2613" />
+ </defs>
+ <g
+ transform="matrix(0.4626799,0,0,0.4626799,-5.2934127,-3.3160376)"
+ id="g5485">
+ <path
+ d="M 29.97756,91.885882 L 55.586992,80.409826 L 81.231619,91.807015 L 78.230933,63.90468 L 96.995009,43.037218 L 69.531053,37.26873 L 55.483259,12.974592 L 41.510292,37.311767 L 14.064204,43.164717 L 32.892392,63.97442 L 29.97756,91.885882 z"
+ id="path6799"
+ style="fill:#f3de82;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.536215,56.538729 L 55.48324,12.974601 L 41.51028,37.311813 L 55.536215,56.538729 z"
+ id="path6824"
+ style="opacity:0.91005291;fill:#f9f2cb;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 78.241135,63.937979 L 96.976198,43.044318 L 55.57947,56.614318 z"
+ id="use6833"
+ style="opacity:1;fill:#d0bc64;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 55.667994,80.684281 L 81.379011,91.931065 L 55.523838,56.869126 z"
+ id="use6835"
+ style="opacity:1;fill:#e0c656;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 13.877363,43.200977 L 32.640089,64.069652 L 55.283346,56.742618 z"
+ id="use6831"
+ style="opacity:1;fill:#d1ba59;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 55.32792,80.684281 L 29.616903,91.931065 L 55.472076,56.869126 z"
+ id="use6837"
+ style="opacity:1;fill:#d2b951;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 96.976198,43.044318 L 69.504294,37.314027 L 55.57947,56.614318 z"
+ id="path7073"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 81.379011,91.931065 L 78.214821,64.046881 L 55.523838,56.869126 z"
+ id="path7075"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 41.341708,37.434209 L 13.877363,43.200977 L 55.283346,56.742618 z"
+ id="path7077"
+ style="opacity:1;fill:#f6e59d;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 29.616903,91.931065 L 32.781093,64.046881 L 55.472076,56.869126 z"
+ id="path7079"
+ style="opacity:1;fill:#f3df8b;fill-opacity:1;enable-background:new" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png
new file mode 100644
index 0000000..66a3104
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/logo.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..d6c4518
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/note.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..70e43b6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/note.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="note.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/note.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata16">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="1024"
+ inkscape:window-width="1205"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="22.217181"
+ inkscape:cy="20"
+ inkscape:window-x="334"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective18" />
+ </defs>
+ <g
+ transform="matrix(0.468275,0,0,0.468275,-5.7626904,-7.4142703)"
+ id="layer1">
+ <g
+ transform="matrix(0.115136,0,0,0.115136,9.7283,21.77356)"
+ id="g8014"
+ style="enable-background:new">
+ <g
+ id="g8518"
+ style="opacity:1">
+ <path
+ d="M -2512.4524,56.33197 L 3090.4719,56.33197 L 3090.4719,4607.3813 L -2512.4524,4607.3813 L -2512.4524,56.33197 z"
+ transform="matrix(0.1104659,-2.3734892e-2,2.2163258e-2,0.1031513,308.46782,74.820675)"
+ id="rect8018"
+ style="fill:#ffe680;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ <g
+ transform="matrix(0.5141653,-7.1944682e-2,7.1944682e-2,0.5141653,146.04015,-82.639785)"
+ id="g8020">
+ <path
+ d="M 511.14114,441.25315 C 527.3248,533.52772 464.31248,622.82928 370.39916,640.71378 C 276.48584,658.59828 187.23462,598.29322 171.05095,506.01865 C 154.86728,413.74408 217.8796,324.44253 311.79292,306.55803 C 405.70624,288.67353 494.95747,348.97858 511.14114,441.25315 z"
+ id="path8022"
+ style="opacity:1;fill:#e0c96f;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(1.2585415,-0.2300055,0.2168789,1.1867072,-248.76141,68.254424)"
+ id="path8024"
+ style="opacity:1;fill:#c00000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 358.5625,281.15625 C 348.09597,281.05155 337.43773,281.94729 326.71875,283.90625 C 240.96686,299.57789 183.37901,377.92385 198.15625,458.78125 C 209.70749,521.98673 262.12957,567.92122 325.40625,577.5625 L 357.25,433.6875 L 509.34375,405.875 C 509.14405,404.58166 509.0804,403.29487 508.84375,402 C 495.91366,331.24978 431.82821,281.88918 358.5625,281.15625 z"
+ id="path8026"
+ style="opacity:1;fill:#b60000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 294.2107,361.9442 L 282.79367,370.38482 L 261.73414,386.13346 C 253.13706,404.40842 254.3359,423.7989 259.7176,444.39774 C 273.6797,497.83861 313.42636,523.96124 369.50989,517.58957 C 398.21848,514.32797 424.51832,504.67345 440.64696,484.15958 L 469.89512,447.48298 L 294.2107,361.9442 z"
+ id="path8028"
+ style="fill:#750000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.09999999;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-78.013985,79.234385)"
+ id="path8030"
+ style="opacity:1;fill:#d40000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-69.306684,71.273294)"
+ id="path8032"
+ style="opacity:1;fill:#e11212;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/red.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png
new file mode 100644
index 0000000..a73afdf
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/shade.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png
new file mode 100644
index 0000000..a18f7c4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/shine.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..d320f26
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..1ee5a29
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..1cd7332
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..122536d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..d5182b4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..e8fd52b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="220"
+ height="70"
+ id="svg6180">
+ <defs
+ id="defs6182" />
+ <g
+ transform="translate(-266.55899,-345.34488)"
+ id="layer1">
+ <path
+ d="m 316.7736,397.581 c 0,0 0,0 -20.53889,0 0.3327,4.45245 3.92157,7.77609 8.70715,7.77609 3.38983,0 6.31456,-1.39616 8.64094,-3.65507 0.46553,-0.46679 0.99726,-0.59962 1.59519,-0.59962 0.79781,0 1.59561,0.39932 2.12692,1.06388 0.3327,0.46553 0.53216,0.99726 0.53216,1.52857 0,0.73118 -0.3327,1.52857 -0.93106,2.12734 -2.7919,2.99052 -7.51086,4.98503 -12.16403,4.98503 -8.44149,0 -15.22074,-6.77967 -15.22074,-15.22158 0,-8.44149 6.58022,-15.22074 15.02171,-15.22074 8.37529,0 14.62323,6.51317 14.62323,15.08749 0,1.26418 -1.12924,2.12861 -2.39258,2.12861 z m -12.23065,-11.76512 c -4.45329,0 -7.51085,2.92473 -8.17499,7.17731 10.03626,0 16.35083,0 16.35083,0 -0.59836,-4.05355 -3.78874,-7.17731 -8.17584,-7.17731 z"
+ id="path11"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 375.46344,410.80807 c -8.44106,0 -15.22074,-6.77968 -15.22074,-15.22159 0,-8.44149 6.77968,-15.22074 15.22074,-15.22074 8.44234,0 15.22159,6.77925 15.22159,15.22074 -4.2e-4,8.44149 -6.77968,15.22159 -15.22159,15.22159 z m 0,-24.65992 c -5.31688,0 -8.77377,4.25427 -8.77377,9.43833 0,5.18364 3.45689,9.43833 8.77377,9.43833 5.31731,0 8.77504,-4.25469 8.77504,-9.43833 -4.2e-4,-5.18406 -3.45773,-9.43833 -8.77504,-9.43833 z"
+ id="path13"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 412.66183,380.36574 c -4.45963,0 -7.40966,1.319 -10.01391,4.62956 l -0.24036,-1.53995 0,0 c -0.20198,-1.60743 -1.57326,-2.84926 -3.23382,-2.84926 -1.80139,0 -3.26206,1.459 -3.26206,3.26081 0,0.003 0,0.005 0,0.008 l 0,0 0,0.003 0,0 0,23.40712 c 0,1.79464 1.46194,3.25743 3.257,3.25743 1.79465,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-12.56209 c 0,-5.71621 4.98502,-8.57432 10.23613,-8.57432 1.59519,0 2.85726,-1.32953 2.85726,-2.92515 0,-1.59561 -1.26207,-2.85726 -2.85768,-2.85726 z"
+ id="path15"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 447.02614,395.58648 c 0.0666,-8.17541 -5.78326,-15.22074 -15.222,-15.22074 -8.44192,0 -15.28779,6.77925 -15.28779,15.22074 0,8.44191 6.64684,15.22159 14.68985,15.22159 4.01434,0 7.62682,-2.06621 9.23846,-4.22518 l 0.79359,2.01434 0,0 c 0.42589,1.13177 1.5176,1.93717 2.7978,1.93717 1.65001,0 2.98756,-1.33671 2.99009,-2.98545 l 0,0 0,-7.80687 0,0 0,-4.1556 z m -15.222,9.43833 c -5.31773,0 -8.77419,-4.25469 -8.77419,-9.43833 0,-5.18406 3.45604,-9.43833 8.77419,-9.43833 5.3173,0 8.77419,4.25427 8.77419,9.43833 0,5.18364 -3.45689,9.43833 -8.77419,9.43833 z"
+ id="path17"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 355.01479,368.3337 c 0,-1.7938 -1.46194,-3.18997 -3.25659,-3.18997 -1.79422,0 -3.25743,1.39659 -3.25743,3.18997 l 0,17.1499 c -1.66097,-3.05756 -5.25026,-5.11786 -9.50495,-5.11786 -8.64052,0 -14.42336,6.51318 -14.42336,15.22074 0,8.70757 5.98229,15.22159 14.42336,15.22159 3.76555,0 7.03057,-1.55429 8.98587,-4.25554 l 0.72317,1.83428 c 0.44782,1.25912 1.64917,2.16024 3.06051,2.16024 1.78621,0 3.24984,-1.45435 3.24984,-3.24815 0,-0.005 0,-0.009 0,-0.0139 l 0,0 0,-38.95128 -4.2e-4,0 z m -15.22116,36.69111 c -5.31731,0 -8.70715,-4.25469 -8.70715,-9.43833 0,-5.18406 3.38984,-9.43833 8.70715,-9.43833 5.31773,0 8.70714,4.0544 8.70714,9.43833 0,5.38309 -3.38941,9.43833 -8.70714,9.43833 z"
+ id="path19"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 287.21553,365.34023 c -0.59414,-0.0877 -1.19966,-0.13198 -1.80097,-0.13198 -6.73118,0 -12.20746,5.4767 -12.20746,12.20788 l 0,3.8132 -3.98903,0 c -1.46237,0 -2.65908,1.19671 -2.65908,2.65781 0,1.46321 1.19671,2.93738 2.65908,2.93738 l 3.98819,0 0,20.46004 c 0,1.79464 1.46236,3.25743 3.25658,3.25743 1.79507,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-20.46004 4.40986,0 c 1.46194,0 2.65823,-1.47417 2.65823,-2.93738 0,-1.46152 -1.19629,-2.65823 -2.65823,-2.65823 l -4.40733,0 0,-3.8132 c 0,-3.13852 2.55323,-6.11469 5.69175,-6.11469 0.28294,0 0.56757,0.0211 0.84672,0.062 1.78031,0.26355 3.4358,-0.54269 3.70019,-2.32342 0.2627,-1.77904 -0.96606,-3.43538 -2.74594,-3.69935 z"
+ id="path21"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 482.01243,363.57426 c 0,-10.06788 -8.16108,-18.22938 -18.22897,-18.22938 -10.06282,0 -18.22179,8.15475 -18.22854,18.21631 l -4.2e-4,-4.2e-4 0,14.1071 4.2e-4,4.2e-4 c 0.005,2.28463 1.85832,4.13409 4.14463,4.13409 0.007,0 0.0127,-8.4e-4 0.0194,-8.4e-4 l 0.001,8.4e-4 14.07083,0 0,0 c 10.06409,-0.004 18.22138,-8.16276 18.22138,-18.22812 z"
+ id="path25"
+ style="fill:#294172" />
+ <path
+ d="m 469.13577,349.66577 c -4.72528,0 -8.55576,3.83049 -8.55576,8.55577 0,0.002 0,0.004 0,0.006 l 0,4.52836 -4.51444,0 c -8.5e-4,0 -8.5e-4,0 -0.001,0 -4.72528,0 -8.55576,3.81193 -8.55576,8.53678 0,4.72528 3.83048,8.55577 8.55576,8.55577 4.72486,0 8.55534,-3.83049 8.55534,-8.55577 0,-0.002 0,-0.004 0,-0.006 l 0,-4.54733 4.51444,0 c 8.5e-4,0 0.001,0 0.002,0 4.72486,0 8.55534,-3.79296 8.55534,-8.51781 0,-4.72528 -3.83048,-8.55577 -8.55534,-8.55577 z m -8.55576,21.63483 c -0.004,2.48998 -2.02446,4.50811 -4.51571,4.50811 -2.49378,0 -4.53426,-2.02193 -4.53426,-4.5157 0,-2.49421 2.04048,-4.55366 4.53426,-4.55366 0.002,0 0.004,4.2e-4 0.006,4.2e-4 l 3.86971,0 c 0.001,0 0.002,-4.2e-4 0.003,-4.2e-4 0.35209,0 0.63799,0.28505 0.63799,0.63715 0,4.2e-4 -4.2e-4,8.4e-4 -4.2e-4,0.001 l 0,3.92284 -4.2e-4,0 z m 8.55534,-8.5448 c -0.001,0 -0.003,0 -0.004,0 l -3.87223,0 c -8.4e-4,0 -0.002,0 -0.002,0 -0.35252,0 -0.63757,-0.28506 -0.63757,-0.63758 l 0,-4.2e-4 0,-3.90343 c 0.004,-2.49083 2.02
446,-4.50854 4.51571,-4.50854 2.49378,0 4.53468,2.02193 4.53468,4.51613 4.2e-4,2.49336 -2.04048,4.53384 -4.53426,4.53384 z"
+ id="path29"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 460.58001,362.7558 0,-4.52836 c 0,-0.002 0,-0.004 0,-0.006 0,-4.72528 3.83048,-8.55577 8.55576,-8.55577 0.71685,0 1.22623,0.0805 1.88952,0.25469 0.96774,0.25385 1.75796,1.04618 1.75838,1.96922 4.2e-4,1.11575 -0.80919,1.92621 -2.0194,1.92621 -0.57642,0 -0.78473,-0.11048 -1.62892,-0.11048 -2.49125,0 -4.51149,2.01771 -4.51571,4.50854 l 0,3.90385 0,4.2e-4 c 0,0.35252 0.28505,0.63758 0.63757,0.63758 4.3e-4,0 0.001,0 0.002,0 l 2.96521,0 c 1.10521,0 1.99747,0.88467 1.99832,1.99283 0,1.10816 -0.89353,1.99114 -1.99832,1.99114 l -3.60489,0 0,4.54733 c 0,0.002 0,0.004 0,0.006 0,4.72485 -3.83048,8.55534 -8.55534,8.55534 -0.71684,0 -1.22623,-0.0805 -1.88952,-0.25469 -0.96774,-0.25343 -1.75838,-1.04618 -1.7588,-1.9688 0,-1.11575 0.80919,-1.92663 2.01982,-1.92663 0.576,0 0.78473,0.11048 1.6285,0.11048 2.49125,0 4.51191,-2.01771 4.51613,-4.50811 0,0 0,-3.92368 0,-3.9241 0,-0.35168 -0.2859,-0.63673 -0.63799,-0.63673 -4.3e-4,0 -8.5e-4,0 -0.002,0 l -2.96521,-4.2e-4 c -1.10521,0 -1.
99831,-0.88214 -1.99831,-1.9903 -4.3e-4,-1.11533 0.90238,-1.99367 2.01939,-1.99367 l 3.58339,0 0,0 z"
+ id="path31"
+ style="fill:#ffffff" />
+ <path
+ d="m 477.41661,378.55292 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="text6223"
+ style="fill:#294172;enable-background:new" />
+ </g>
+ <path
+ d="m 181.98344,61.675273 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="path2391"
+ style="fill:#294172;enable-background:new" />
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..ce09951
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..5f2612c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="warning.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/warning.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2482">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="910"
+ inkscape:window-width="1284"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2484" />
+ </defs>
+ <g
+ transform="matrix(0.4536635,0,0,0.4536635,-5.1836431,-4.6889387)"
+ id="layer1">
+ <g
+ transform="translate(2745.6887,-1555.5977)"
+ id="g8304"
+ style="enable-background:new">
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.8233528,8.9983906e-3,-8.9983906e-3,0.8233528,-1398.5561,740.7914)"
+ id="path8034"
+ style="opacity:1;fill:#efd259;fill-opacity:1;stroke:#efd259;stroke-opacity:1" />
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.6467652,7.0684723e-3,-7.0684723e-3,0.6467652,-1675.7492,927.16391)"
+ id="path8036"
+ style="opacity:1;fill:#a42324;fill-opacity:1;stroke:#a42324;stroke-opacity:1" />
+ <path
+ d="M -2686.7886,1597.753 C -2686.627,1596.5292 -2686.5462,1595.6987 -2686.5462,1595.218 C -2686.5462,1593.1637 -2688.0814,1592.0711 -2690.9899,1592.0711 C -2693.8985,1592.0711 -2695.4336,1593.12 -2695.4336,1595.218 C -2695.4336,1595.961 -2695.3528,1596.7914 -2695.1912,1597.753 L -2692.929,1614.4491 L -2689.0508,1614.4491 L -2686.7886,1597.753"
+ id="path8038"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ <path
+ d="M -2690.9899,1617.8197 C -2693.6124,1617.8197 -2695.8118,1619.9346 -2695.8118,1622.6416 C -2695.8118,1625.3486 -2693.6124,1627.4635 -2690.9899,1627.4635 C -2688.2829,1627.4635 -2686.168,1625.264 -2686.168,1622.6416 C -2686.168,1619.9346 -2688.2829,1617.8197 -2690.9899,1617.8197"
+ id="path8040"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ </g>
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..0ead5af
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/SCLogin.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/SCLogin.png
new file mode 100644
index 0000000..5bdef58
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/SCLogin.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png
new file mode 100644
index 0000000..2809b32
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/SCLoginEnrollment.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/auth-panel.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/auth-panel.png
new file mode 100644
index 0000000..6335d2f
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/auth-panel.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/authicon.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/authicon.png
new file mode 100644
index 0000000..e397b63
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/authicon.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png
new file mode 100644
index 0000000..1dbf27d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-firefox_kerberos_SSO.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png
new file mode 100644
index 0000000..6abd4b0
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-firewall_config.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png
new file mode 100644
index 0000000..4a236a7
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_host2host.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png
new file mode 100644
index 0000000..e49a5c1
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_local.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png
new file mode 100644
index 0000000..5457d97
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-ipsec_n_to_n_remote.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-service_config.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-service_config.png
new file mode 100644
index 0000000..71b4c21
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-service_config.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png
new file mode 100644
index 0000000..9527476
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-user_pass_groups.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png
new file mode 100644
index 0000000..54ccc33
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/fed-user_pass_info.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/icon.svg b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/icon.svg
new file mode 100644
index 0000000..c471a60
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/icon.svg
@@ -0,0 +1,3936 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
+ xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg3017"
+ sodipodi:version="0.32"
+ inkscape:version="0.44+devel"
+ sodipodi:docname="book.svg"
+ sodipodi:docbase="/home/andy/Desktop">
+ <metadata
+ id="metadata489">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="480"
+ inkscape:window-width="858"
+ inkscape:pageshadow="0"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ inkscape:zoom="1"
+ inkscape:cx="16"
+ inkscape:cy="15.944056"
+ inkscape:window-x="0"
+ inkscape:window-y="33"
+ inkscape:current-layer="svg3017" />
+ <defs
+ id="defs3019">
+ <linearGradient
+ id="linearGradient2381">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop2383" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop2385" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="XMLID_1758_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop3903" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3905" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3890" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3892" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1755_">
+ <use
+ id="use3874"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3877" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3879" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3881" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3883" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="XMLID_1754_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop3863" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop3865" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop3867" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop3869" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop3851" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3853" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1751_">
+ <use
+ id="use3837"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3840" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3842" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3844" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3846" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="XMLID_1750_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3830" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3832" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3818" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3820" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="XMLID_1748_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3803" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3805" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3807" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3809" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="XMLID_2275_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9947" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9949" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9951" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9953" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_2273_">
+ <use
+ id="use9933"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="XMLID_2274_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9936" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9938" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9940" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9942" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="XMLID_2272_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9917" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9919" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9921" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9923" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleInM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(-0.4,-0.4)"
+ style="fill:#5c5c4f"
+ id="path3197" />
+ </marker>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="XMLID_3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#bfbfbf;stop-opacity:1"
+ offset="0"
+ id="stop20103" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop20105" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="linearGradient36592"
+ xlink:href="#XMLID_3298_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="XMLID_3297_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop20096" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20098" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="linearGradient36595"
+ xlink:href="#XMLID_3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="XMLID_3296_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#0f6124;stop-opacity:1"
+ offset="0"
+ id="stop20087" />
+ <stop
+ style="stop-color:#219630;stop-opacity:1"
+ offset="1"
+ id="stop20089" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#219630" />
+ </linearGradient>
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="linearGradient36677"
+ xlink:href="#XMLID_3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="XMLID_3295_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20076" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.5"
+ id="stop20078" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20080" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="linearGradient36604"
+ xlink:href="#XMLID_3295_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="XMLID_3294_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop20069" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20071" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="linearGradient36607"
+ xlink:href="#XMLID_3294_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="XMLID_3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20056" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20058" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20060" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20062" />
+ <stop
+ style="stop-color:#c2c2c2;stop-opacity:1"
+ offset="0.5"
+ id="stop20064" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C2C2C2" />
+ </linearGradient>
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="linearGradient36610"
+ xlink:href="#XMLID_3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="XMLID_3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20043" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20045" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20047" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20049" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20051" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="linearGradient36613"
+ xlink:href="#XMLID_3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleOutM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(0.4,0.4)"
+ style="fill:#5c5c4f;fill-rule:evenodd;stroke-width:1pt;marker-start:none"
+ id="path3238" />
+ </marker>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="XMLID_3457_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="stop8309" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8311" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="stop8313" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#B2B2B2" />
+ </linearGradient>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="lg1997"
+ xlink:href="#XMLID_3457_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="XMLID_3456_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="stop8300" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8302" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8304" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="lg2000"
+ xlink:href="#XMLID_3456_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="XMLID_3455_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8291" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.69999999"
+ id="stop8293" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8295" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.7"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="lg2003"
+ xlink:href="#XMLID_3455_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ id="lg63694">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop63696" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop63698" />
+ </linearGradient>
+ <linearGradient
+ x1="458"
+ y1="483"
+ x2="465.20001"
+ y2="271.39999"
+ id="lg2006"
+ xlink:href="#lg63694"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(6.3e-2,0,0,6.3e-2,-1.3,-9.8)" />
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="XMLID_3453_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8271" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0.2"
+ id="stop8273" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8275" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="lg2009"
+ xlink:href="#XMLID_3453_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="XMLID_3449_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8232" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8234" />
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="1"
+ id="stop8236" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#ECD600" />
+ </linearGradient>
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="lg2016"
+ xlink:href="#XMLID_3449_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8219" />
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8221" />
+ <stop
+ style="stop-color:#c96b00;stop-opacity:1"
+ offset="0.89999998"
+ id="stop8223" />
+ <stop
+ style="stop-color:#9a5500;stop-opacity:1"
+ offset="1"
+ id="stop8225" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.9"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#9A5500" />
+ </radialGradient>
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="rg2020"
+ xlink:href="#XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.513992,0,0,2.347576,-689.1621,-378.5717)" />
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="XMLID_3447_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="0"
+ id="stop8204" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8206" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8208" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="lg2026"
+ xlink:href="#XMLID_3447_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop8197" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="1"
+ id="stop8199" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFF95E" />
+ </radialGradient>
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="rg2029"
+ xlink:href="#XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.7,0,0,1.7,-457.5,-266.8)" />
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="XMLID_3445_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8184" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8186" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8188" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8190" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8192" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="lg2032"
+ xlink:href="#XMLID_3445_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="XMLID_3444_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8171" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8173" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8175" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8177" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8179" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="lg2035"
+ xlink:href="#XMLID_3444_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="379.70001"
+ y1="167.89999"
+ x2="383.89999"
+ y2="172.89999"
+ id="lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16159" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16161" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s16163" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="379.60001"
+ y1="167.8"
+ x2="383.79999"
+ y2="172"
+ id="lg6416"
+ xlink:href="#lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.622156,0.623859,-0.623859,2.62182,-882.9706,-673.7921)" />
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="s16152" />
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="1"
+ id="s16154" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg6453"
+ xlink:href="#lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="0"
+ id="s16145" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="s16147" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#E5E5E5"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg6456"
+ xlink:href="#lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <radialGradient
+ cx="347.29999"
+ cy="244.5"
+ r="5.1999998"
+ fx="347.29999"
+ fy="244.5"
+ id="lg4282_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#333;stop-opacity:1"
+ offset="0"
+ id="s16135" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s16137" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0"
+ id="s16111" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.60000002"
+ id="s16113" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="1"
+ id="s16115" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.6" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg6467"
+ xlink:href="#lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16100" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.40000001"
+ id="s16102" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0.89999998"
+ id="s16104" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16106" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.9" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg6465"
+ xlink:href="#lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="307.79999"
+ y1="395.20001"
+ x2="313.79999"
+ y2="413.60001"
+ id="lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16091" />
+ <stop
+ style="stop-color:#fcd72f;stop-opacity:1"
+ offset="0.40000001"
+ id="s16093" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16095" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="306.5"
+ y1="393"
+ x2="309"
+ y2="404"
+ id="lg6400"
+ xlink:href="#lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="352.10001"
+ y1="253.60001"
+ x2="348.5"
+ y2="237.8"
+ id="lg4276_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16077" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16079" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s16057" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.80000001"
+ id="s16059" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="s16061" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.8" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg6463"
+ xlink:href="#lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16048" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16050" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16052" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg6461"
+ xlink:href="#lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16041" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16043" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="5.6e-003" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg6381"
+ xlink:href="#lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="348.39999"
+ y1="247.39999"
+ x2="354.10001"
+ y2="242"
+ id="lg4271_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s16025" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.40000001"
+ id="s16027" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="s16029" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#000000"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg4270_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16007" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16009" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg6459"
+ xlink:href="#lg4270_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)" />
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="XMLID_2708_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop75318" />
+ <stop
+ style="stop-color:#fffcea;stop-opacity:1"
+ offset="1"
+ id="stop75320" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#FFFCEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="lg1907"
+ xlink:href="#XMLID_2708_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="XMLID_2707_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffdea0;stop-opacity:1"
+ offset="0"
+ id="stop75305" />
+ <stop
+ style="stop-color:#ffd89e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75307" />
+ <stop
+ style="stop-color:#ffd79e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75309" />
+ <stop
+ style="stop-color:#dbaf6d;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75311" />
+ <stop
+ style="stop-color:#6f4c24;stop-opacity:1"
+ offset="1"
+ id="stop75313" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.3" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6F4C24"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="lg1910"
+ xlink:href="#XMLID_2707_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="58"
+ y1="73.199997"
+ x2="44.5"
+ y2="19"
+ id="XMLID_2704_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)">
+ <stop
+ style="stop-color:#d4a96c;stop-opacity:1"
+ offset="0.5"
+ id="stop75284" />
+ <stop
+ style="stop-color:#dcb273;stop-opacity:1"
+ offset="0.60000002"
+ id="stop75286" />
+ <stop
+ style="stop-color:#f0ca87;stop-opacity:1"
+ offset="0.80000001"
+ id="stop75288" />
+ <stop
+ style="stop-color:#ffdc96;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75290" />
+ <stop
+ style="stop-color:#c18a42;stop-opacity:1"
+ offset="1"
+ id="stop75292" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C18A42"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="XMLID_2703_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0"
+ id="stop75268" />
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0.40000001"
+ id="stop75270" />
+ <stop
+ style="stop-color:#c0aa94;stop-opacity:1"
+ offset="1"
+ id="stop75272" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.4" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C0AA94"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="lg1916"
+ xlink:href="#XMLID_2703_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="224.31"
+ y1="19.450001"
+ x2="214.33"
+ y2="11.46"
+ id="XMLID_419_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#404040;stop-opacity:1"
+ offset="0"
+ id="s1903" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1905" />
+ <stop
+ style="stop-color:#e9e9e9;stop-opacity:1"
+ offset="1"
+ id="s1907" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E9E9E9" />
+ </linearGradient>
+ <linearGradient
+ x1="221.84"
+ y1="32.779999"
+ x2="212.2"
+ y2="20.27"
+ id="lg1988"
+ xlink:href="#XMLID_419_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1900"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s1902" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s1906" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.33" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D3D3D3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="234.81"
+ y1="33.279999"
+ x2="228.27"
+ y2="33.279999"
+ id="lg1908"
+ xlink:href="#lg1900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="XMLID_416_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#575757;stop-opacity:1"
+ offset="0"
+ id="s1874" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1876" />
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1"
+ offset="1"
+ id="s1878" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#D3D3D3" />
+ </linearGradient>
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1991"
+ xlink:href="#XMLID_416_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.1,0,0,1.1,-54.33,-75.4)">
+ <stop
+ style="stop-color:#c9ffc9;stop-opacity:1"
+ offset="0"
+ id="stop29201" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="stop29203" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#23A11F" />
+ </radialGradient>
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="radialGradient5711"
+ xlink:href="#x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.23,0,0,1.23,-709.93,-245.02)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5722"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="x5002_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29134" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.2"
+ id="stop29136" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="stop29138" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.20"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#999999" />
+ </linearGradient>
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="lg5725"
+ xlink:href="#x5002_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29157" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29159" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="lg5728"
+ xlink:href="#x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="x5003_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="stop29143" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="stop29145" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E5E5E5" />
+ </linearGradient>
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5732"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29124" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29126" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="lg5735"
+ xlink:href="#x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="XMLID_2433_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d6d6d6;stop-opacity:1"
+ offset="0"
+ id="71615" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71617" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="lg1952"
+ xlink:href="#XMLID_2433_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.98,0,0,0.98,2.88,2.75)">
+ <stop
+ style="stop-color:#d2d2d2;stop-opacity:1"
+ offset="0.19"
+ id="71592" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.44999999"
+ id="71594" />
+ <stop
+ style="stop-color:#c7c7c7;stop-opacity:1"
+ offset="0.60000002"
+ id="71596" />
+ <stop
+ style="stop-color:#b9b9b9;stop-opacity:1"
+ offset="0.74000001"
+ id="71598" />
+ <stop
+ style="stop-color:#a4a4a4;stop-opacity:1"
+ offset="0.86000001"
+ id="71600" />
+ <stop
+ style="stop-color:#8a8a8a;stop-opacity:1"
+ offset="0.95999998"
+ id="71602" />
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="1"
+ id="71604" />
+ <a:midPointStop
+ offset="0.19"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="0.8"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#808080" />
+ </radialGradient>
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="radialGradient2331"
+ xlink:href="#XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-276.62,-121.54)" />
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="XMLID_2430_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b5d8ff;stop-opacity:1"
+ offset="0"
+ id="71582" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="71584" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#000000" />
+ </linearGradient>
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="lg2820"
+ xlink:href="#XMLID_2430_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="XMLID_2429_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0"
+ id="71564" />
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0.25"
+ id="71566" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="0.44"
+ id="71568" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71570" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.25"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.44"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="lg2818"
+ xlink:href="#XMLID_2429_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.851,0,0,0.849,69.297,51.658)">
+ <stop
+ style="stop-color:#23468e;stop-opacity:1"
+ offset="0"
+ id="stop10972" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10974" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </radialGradient>
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="rg5791"
+ xlink:href="#lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.858,0,0,0.857,-511.7,9.02)" />
+ <linearGradient
+ x1="616.112"
+ y1="76.247002"
+ x2="588.14099"
+ y2="60.742001"
+ id="lg3497_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#01326e;stop-opacity:1"
+ offset="0"
+ id="stop10962" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10964" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg3496_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop10950" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10952" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg5794"
+ xlink:href="#lg3496_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg3495_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10941" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10943" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10945" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg5771"
+ xlink:href="#lg3495_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.615,-43.098)" />
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg3494_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10932" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10934" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10936" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg5774"
+ xlink:href="#lg3494_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.616,-43.098)" />
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="g3302_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#005e00;stop-opacity:1"
+ offset="0"
+ id="s6504" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="s6506" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#23A11F"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="lg5851"
+ xlink:href="#g3302_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s6483" />
+ <stop
+ style="stop-color:#eee;stop-opacity:1"
+ offset="0.17"
+ id="s6485" />
+ <stop
+ style="stop-color:#e3e3e3;stop-opacity:1"
+ offset="0.34"
+ id="s6487" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.50999999"
+ id="s6489" />
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1"
+ offset="0.67000002"
+ id="s6491" />
+ <stop
+ style="stop-color:#919191;stop-opacity:1"
+ offset="0.83999997"
+ id="s6493" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6495" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.71" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="lg5855"
+ xlink:href="#g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,103.123)" />
+ <clipPath
+ id="g3299_">
+ <use
+ id="use6469"
+ x="0"
+ y="0"
+ width="1005.92"
+ height="376.97"
+ xlink:href="#g101_" />
+ </clipPath>
+ <radialGradient
+ cx="1189.9301"
+ cy="100.05"
+ r="40.400002"
+ fx="1189.9301"
+ fy="100.05"
+ id="g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,-8.46e-2,0,0.34,394.16,137.13)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6472" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s6474" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#000000"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1199.74"
+ cy="97.150002"
+ r="40.400002"
+ fx="1199.74"
+ fy="97.150002"
+ id="rg5860"
+ xlink:href="#g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.409,-0.107,0,0.429,-451.489,113.149)" />
+ <linearGradient
+ x1="796.38"
+ y1="67.580002"
+ x2="781.28003"
+ y2="58.549999"
+ id="g3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#4c8bca;stop-opacity:1"
+ offset="0"
+ id="s6462" />
+ <stop
+ style="stop-color:#b7e9ff;stop-opacity:1"
+ offset="1"
+ id="s6464" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B7E9FF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6448" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6450" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="lg5890"
+ xlink:href="#g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)" />
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(0,70.17)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6439" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.51999998"
+ id="s6441" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6443" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.52" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="lg5866"
+ xlink:href="#g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,28.6)" />
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="g3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6412" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6414" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="lg5871"
+ xlink:href="#g3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="g3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="s6403" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.28"
+ id="s6405" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6407" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.28" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="lg5874"
+ xlink:href="#g3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,137.29)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6380" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="s6382" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="lg5878"
+ xlink:href="#g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,113.351)" />
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6371" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6373" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="rg5881"
+ xlink:href="#g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,0,0,0.36,238.56,86.87)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6362" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.63999999"
+ id="s6364" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6366" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.64" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="rg5884"
+ xlink:href="#g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.408,0,0,0.448,-638.943,49.495)" />
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6347" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.38999999"
+ id="s6349" />
+ <stop
+ style="stop-color:#b1b1b1;stop-opacity:1"
+ offset="0.75"
+ id="s6351" />
+ <stop
+ style="stop-color:#aaa;stop-opacity:1"
+ offset="0.88"
+ id="s6353" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.97000003"
+ id="s6355" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6357" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.39" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.87" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="rg5887"
+ xlink:href="#g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <pattern
+ patternTransform="matrix(0.592927,0,0,0.592927,78,462)"
+ id="cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-365.3146,-513.505)"
+ id="g3047">
+ id="path2858" />
+ <path
+ inkscape:label="#path2854"
+ sodipodi:nodetypes="czzzz"
+ style="fill:#e3dcc0"
+ id="path3060"
+ d="M 390.31462,529.50504 C 390.31462,534.47304 386.28262,538.50504 381.31462,538.50504 C 376.34662,538.50504 372.31462,534.47304 372.31462,529.50504 C 372.31462,524.53704 376.34662,520.50504 381.31462,520.50504 C 386.28262,520.50504 390.31462,524.53704 390.31462,529.50504 z " />
+</g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.733751,0,0,0.733751,67,367)"
+ id="dark-cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-408.0946,-513.505)"
+ id="dark-cream-spot"
+ inkscape:label="#g3043">
+ <path
+ sodipodi:nodetypes="czzzz"
+ style="fill:#c8c5ac"
+ d="M 433.09458,529.50504 C 433.09458,534.47304 429.06258,538.50504 424.09458,538.50504 C 419.12658,538.50504 415.09458,534.47304 415.09458,529.50504 C 415.09458,524.53704 419.12658,520.50504 424.09458,520.50504 C 429.06258,520.50504 433.09458,524.53704 433.09458,529.50504 z "
+ id="path2953" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.375,0,0,0.375,379,400)"
+ id="white-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-484.3997,-513.505)"
+ id="white-spot"
+ inkscape:label="#g3035">
+ <path
+ style="opacity:0.25;fill:white"
+ id="path3033"
+ d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+ sodipodi:nodetypes="czzzz" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.455007,0,0,0.455007,-5e-5,1.9e-5)"
+ id="black-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-448.3997,-513.505)"
+ id="black-spot"
+ inkscape:label="#g3039">
+ <path
+ sodipodi:nodetypes="czzzz"
+ d="M 473.39967,529.50504 C 473.39967,534.47304 469.36767,538.50504 464.39967,538.50504 C 459.43167,538.50504 455.39967,534.47304 455.39967,529.50504 C 455.39967,524.53704 459.43167,520.50504 464.39967,520.50504 C 469.36767,520.50504 473.39967,524.53704 473.39967,529.50504 z "
+ id="path2961"
+ style="opacity:0.25;fill:black" />
+ </g>
+ </pattern>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="linearGradient17334"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17336" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17338" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17340" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17342" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5112"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.6461"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#16336E" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="linearGradient17426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop17428" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17430" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="linearGradient17434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17436" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17438" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17440" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17442" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="0.4213"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A6100C" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17709"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17711"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17713"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17715"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17717"
+ xlink:href="#XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17721"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17723"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17418" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17420" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <defs
+ id="defs9929">
+ <path
+ d="M 489.21,209.35 L 485.35,203.63 C 483.63,204.25 473.47,208.93 471.5,210.18 C 470.57,210.77 470.17,211.16 469.72,212.48 C 470.93,212.31 471.72,212.49 473.42,213.04 C 473.26,214.77 473.24,215.74 473.57,218.2 C 474.01,216.88 474.41,216.49 475.34,215.9 C 477.33,214.65 487.49,209.97 489.21,209.35 z "
+ id="XMLID_960_" />
+ </defs>
+ <clipPath
+ id="clipPath17448">
+ <use
+ id="use17450"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17452"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17454" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17456" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17458" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17460" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17463"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17465" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17467" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17469" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17471" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17807"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17810"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17812"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17814"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17816"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17818"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17349" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17351" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#96BAD6" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop17381" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17383" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17862"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,-166.1427,-0.18283)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17864"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3859">
+ <polygon
+ points="465.54,213.52 481.94,217.46 482.74,216.71 487.46,198.05 471.08,194.07 470.26,194.83 465.54,213.52 "
+ id="XMLID_343_" />
+ </defs>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="linearGradient17389"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop17391" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop17393" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop17395" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop17397" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17400">
+ <use
+ id="use17402"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17406" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17408" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17410" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17412" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17882"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3826">
+ <polygon
+ points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
+ id="XMLID_338_" />
+ </defs>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="linearGradient17357"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17359" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17361" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17364">
+ <use
+ id="use17366"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17370" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17372" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17374" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17376" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient2387"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5105"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5145"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient2381"
+ id="linearGradient2371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398" />
+ </defs>
+ <g
+ transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
+ id="g5089">
+ <path
+ d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
+ transform="translate(282.8327,227.1903)"
+ style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
+ id="path5091" />
+ <rect
+ width="27.85074"
+ height="29.369793"
+ rx="1.1414107"
+ ry="1.1414107"
+ x="286.96509"
+ y="227.63805"
+ style="fill:#032c87"
+ id="rect5093" />
+ <path
+ d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
+ style="fill:white"
+ id="rect5095" />
+ <path
+ d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
+ style="fill:#a70000;fill-opacity:1;stroke-width:2"
+ id="path5097" />
+ <rect
+ width="25.241802"
+ height="29.736675"
+ rx="0.89682275"
+ ry="0.89682275"
+ x="290.73544"
+ y="220.92249"
+ style="fill:#809cc9"
+ id="rect5099" />
+ <path
+ d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
+ transform="matrix(0.499065,-0.866565,0,1,0,0)"
+ style="fill:#4573b3;fill-opacity:1"
+ id="rect5101" />
+ <path
+ d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
+ style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
+ id="path5103" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png
new file mode 100644
index 0000000..281afd6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/n-t-n-ipsec-diagram.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png
new file mode 100644
index 0000000..38ee5ea
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/images/tcp_wrap_diagram.png differ
diff --git a/public_html/ja-JP/Fedora/18/html-single/Security_Guide/index.html b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/index.html
new file mode 100644
index 0000000..d3704e7
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html-single/Security_Guide/index.html
@@ -0,0 +1,4442 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>ã»ãã¥ãªãã£ã¬ã¤ã</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><meta name="description" content="Fedora ã»ãã¥ãªãã£ã¬ã¤ãã¯ããã¼ã«ã«ã¾ãã¯ãªã¢ã¼ãããã®ä¾µå
¥ã侵害ããã³æªæã®ããæ´»åã«å¯¾ãã¦ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã¨ãµã¼ãã¼ãã»ãã¥ã¢ã«ããããã»ã¹ã¨ãã©ã¯ãã£ã¹ã«ã¤ãã¦ãFedora ã®ã¦ã¼ã¶ã¼ãå¦ç¿ããæ¯æ´ãããããã«è¨è¨ããã¦ãã¾ããFedora Linux ã«ç¦ç¹ãåããã¦ããããã¹ã¦ã® Linux ã·ã¹ãã ã«å¯¾ãã¦æå¹ãªæ¦å¿µãæè¡ã詳細ã«èª¬æãããã¨ã§ã¯ããã¾ãã
ãFedora ã»ãã¥ãªãã£ã¬ã¤ãã¯ãã¼ã¿ã»ã³ã¿ã¼ãä»äºå ´ããã³èªå®
ç¨ã«å®å
¨ãªã³ã³ãã¥ã¼ãã£ã³ã°ç°å¢ãæ§ç¯ãããã¨ã«é¢é£ããè¨ç»ã¨ãã¼ã«ã詳細ã«èª¬æãã¾ããé©åãªç¥èãè¦æããã³ãã¼ã«ãç¨ãã¦ãLinux ãå®è¡ãã¦ããã·ã¹ãã ãå®å
¨ã«æ©è½ãã¦ããã¤å¤ãã®ä¸è¬çãªä¾µå
¥ã侵害æ¹æ³ããå®å
¨ã«ãããã¨ãã§ãã¾ãã" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="ja-JP" class="book" id="idm107593088" lang="ja-JP"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora</span> <span class="productnumber">18</span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm107593088" class="title">セキュリティガイド<
/h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">Fedora Linux をセキュアにするためのガイド</h2></div><p class="edition">エディッション 18.0.1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ <span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
+
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="ja-JP" class="authorgroup" lang="ja-JP"><div class="author"><h3 class="author"><span class="surname">Fuller</span> <span class="firstname">Johnray</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">Ha</span> <span class="firstname">John</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">O'Brien</span> <span class="firstname">David</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email">
<a class="email" href="mailto:daobrien at redhat.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="surname">Ligas</span> <span class="firstname">Adam</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a
class="email" href="mailto:gent86 at fedoraproject.org">gent86 at fedoraproject.org</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm68136352" class="legalnotice"><h1 class="legalnotice">法律上の通知</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2007-2012 Fedora Project Contributors.
+ </div><div class="para">
+ The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+ </div><div class="para">
+ Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+ </div><div class="para">
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+ </div><div class="para">
+ For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+ </div><div class="para">
+ <span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+ </div><div class="para">
+ <span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+ </div><div class="para">
+ <span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+ </div><div class="para">
+ <span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+ </div><div class="para">
+ All other trademarks are the property of their respective owners.
+ </div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>概要</h6><div class="para">
+ Fedora セキュリティガイドは、ローカルまたはリモートからの侵入、侵害および悪意のある活動に対してワークステーションとサーバーをセキュアにするプロセスとプラクティスについて、Fedora のユーザーが学習する支援をするために設計されています。Fedora Linux に焦点を合わせており、すべての Linux システムに対して有効な概念や技術を詳細に説明することではありません。Fedora セキュリティガイドはデータセンター、仕事場および自宅用に安全なコンピューティング環境を構築することに関連する計画とツールを詳細に説明します。適切な知識、警戒およびツールを用いて、Linux を実行しているシステムが完全に機能して、かつ多くの一般的な侵入や侵害方法から安全にすることができます。
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#pref-Security_Guide-Preface">序文</a></span></dt><dd><dl><dt><span class="section"><a href="#idm68203488">1. 表記方法</a></span></dt><dd><dl><dt><span class="section"><a href="#idm91726240">1.1. 印刷における表記方法</a></span></dt><dt><span class="section"><a href="#idm71357040">1.2. 引用における表記方法</a></span></dt><dt><span class="section"><a href="#idm103519120">1.3. 注記および警告</a></span></dt></dl></dd><dt><span class="section"><a href="#idm92595712">2. フィードバック</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Security_Overview">1. セキュリティの概要</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. セキュリティのイントロダクション</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-In
troduction_to_Security-What_is_Computer_Security">1.1.1. ã³ã³ãã¥ã¼ã¿ã¼ã»ã»ãã¥ãªãã£ã¨ã¯ï¼</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. ã»ãã¥ãªãã£ã»ã³ã³ããã¼ã«</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. çµè«</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. æ»æè
ã¨èå¼±æ§</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. ããã«ã¼ã®ç°¡åãªæ´å²</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. ãããã¯ã¼ã¯ã»ã»ã
ã¥ãªãã£ã¸ã®è
å¨</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. ãµã¼ãã¼ã»ã»ãã¥ãªãã£ã¸ã®è
å¨</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã¨ãã¼ã PC ã®ã»ãã¥ãªãã£ã¸ã®è
å¨</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment">1.3. èå¼±æ§ã®ã¢ã»ã¹ã¡ã³ã</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. æµã®ãããªèã</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. ã¢ã»ã¹ã¡ã³ãã¨ãã¹ãã®å®ç¾©</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vu
lnerability_Assessment-Evaluating_the_Tools">1.3.3. ツールの評価</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1.4. 一般的なエクスプロイトと攻撃</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. セキュリティ・アップデート</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. パッケージの更新</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. 署名されたパッケージの検証</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. 署名されたパッケージのインストール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. 変更の適用</a></s
pan></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Basic_Hardening">2. 基本強化ガイド</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. 基本原則</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. これはなぜ重要なのでしょうか?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. 物理セキュリティ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. これはなぜ重要なのでしょうか?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. 他に何ができるでしょうか?</a></span></dt><dt><span class="section"><a href="#sect-Security
_Guide-Basic_Hardening-Networking">2.6. ネットワーク</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. ソフトウェアの最新化維持</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Services">2.8. サービス</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Securing_Your_Network">3. ネットワークのセキュア化</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">3.1. ワークステーションのセキュリティ</a></span></dt><
dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. ワークステーションのセキュリティの評価</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS とブートローダのセキュリティ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. パスワードのセキュリティ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. 管理的コントロール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. 利用可能なネットワーク・サービス</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. パーソナル・ファイ
アウォール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. セキュリティ強化したコミュニケーション・ツール</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">3.2. サーバのセキュリティ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. TCP Wrappers と xinetd を用いたサービスのセキュア化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Portmap のセキュア化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. NIS のセキュア化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. NFS のセキュア化</a></span></d
t><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Apache HTTP Server のセキュア化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. FTP のセキュア化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Sendmail のセキュア化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. リッスンしているポートの確認</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. 概要</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2.
新しいスマートカードの開始方法</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. スマートカードの登録はどのように動作しますか</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. スマートカードのログインはどのように動作しますか</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Yubikey">3.4. YubiKey</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. センター・サーバーを用いた YubiKey の使用</a></span></dt><dt><span class="section"><a href="#sect-Secur
ity_Guide-Yubikey-Web_Sites">3.4.2. YubiKey を用いたウェブサイトの認証</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. PAM の利点</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM 設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM 設定ファイルの形式</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. サンプル PAM 設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Securi
ty_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. PAM モジュールの作成</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM と管理クレディンシャルのキャッシュ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM とデバイスの所有</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers と xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide
-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers の設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd 設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Kerberos">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Kerberos とは何でしょうか?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos の用語</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerb
eros_Works">3.7.3. Kerberos はどのように動作しますか</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos と PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Kerberos 5 サーバーの設定</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Kerberos 5 クライアントの設定</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. ドメイン-レルムのマッピング</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. セカンダリ KDC のセットアップ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. クロス・レルム認証のセットアップ</a><
/span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. 追å ã®ãªã½ã¼ã¹</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">3.8. ãã¡ã¤ã¢ã¦ã©ã¼ã«</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter 㨠IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. åºæ¬çãªãã¡ã¤ã¢ã¦ã©ã¼ã«ã®è¨å®</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. IPTables ã®ä½¿ç¨</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. ä¸è¬ç㪠IPTables ãã£ã«ã¿</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> ãã
ã³ <acronym class="acronym">NAT</acronym> ã«ã¼ã«</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. æªæã®ããã½ããã¦ã§ã¢ã¨å½è£
ããã IP ã¢ãã¬ã¹</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables ã¨ã³ãã¯ã·ã§ã³è¿½è·¡</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. 追å ã®ãªã½ã¼ã¹</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. ãã±ããã»ãã£ã«ã¿ãªã³ã°</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_
Options_for_IPTables">3.9.2. IPTables のコマンド・オプション</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. IPTables ルールの保存</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables 制御スクリプト</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">3.9.6. 追加のリソース</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Encryption">4. 暗号化</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">4.1. 静止しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encrypt
ion">4.1.1. 完全なディスク暗号化</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. ファイルベースの暗号化</a></span></dt></dl></dd><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">4.2. 動作しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS ディスク暗号化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip 暗号化アーカイブ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">4.2.
5. GNU Privacy Guard (GnuPG) の使用</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-General_Principles_of_Information_Security">5. 情報セキュリティの一般原則</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. ヒント、ガイドおよびツール</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Secure_Installation">6. セキュアなインストール</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. ディスク・パーティション</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. LUKS パーティション暗号化の利用</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-Software_Maintenance">7. ソ
フトウェアのメンテナンス</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. 最小限のソフトウェアのインストール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. セキュリティ・アップデートの計画と設定</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. 自動更新の調整</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. よく知られたリポジトリからの署名されたパッケージのインストール</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-CVE">8. 共通脆弱性識別子 CVE</a></span></dt><dd><dl><dt><sp
an class="section"><a href="#sect-Security_Guide-CVE-yum_plugin">8.1. YUM プラグイン</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. yum-plugin-security の使い方</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Security_Guide-References">9. 参考資料</a></span></dt><dt><span class="appendix"><a href="#chap-Security_Guide-Encryption_Standards">A. 暗号の標準</a></span></dt><dd><dl><dt><span class="section"><a href="#idm70220496">A.1. 同期式の暗号</a></span></dt><dd><dl><dt><span class="section"><a href="#idm72409184">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="#idm79640928">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section"><a href="#idm88821296">A.2. 公開鍵暗号</a></span></dt><dd><dl><dt><span class="section"><a href="#idm98829024">A.2.1. Diffie-Hellman</a></span></dt><dt><span
class="section"><a href="#idm12199664">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="#idm96109120">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="#idm67320000">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="#idm87972224">A.2.5. Cramer-Shoup 暗号システム</a></span></dt><dt><span class="section"><a href="#idm56441328">A.2.6. ElGamal 暗号</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Publican-Revision_History">B. 改訂履歴</a></span></dt></dl></div><div xml:lang="ja-JP" class="preface" id="pref-Security_Guide-Preface" lang="ja-JP"><div class="titlepage"><div><div><h1 class="title">序文</h1></div></div></div><div xml:lang="ja-JP" class="section" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm68203488">1. 表記方法</h2></div></div></div><div class="para">
+ 本ガイドは特定の単語や語句を強調したり、 記載内容の特定部分に注意を引かせる目的で次のような表記方法を使用しています。
+ </div><div class="para">
+ PDF版 および印刷版では、 <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> セットから採用した書体を使用しています。 ご使用のシステムに Liberation Fonts セットがインストールされている場合、 HTML 版でもこのセットが使用されます。 インストールされていない場合は代替として同等の書体が表示されます。 注記: Red Hat Enterprise Linux 5 およびそれ以降のバージョンにはデフォルトで Liberation Fonts セットが収納されます。
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm91726240">1.1. 印刷における表記方法</h3></div></div></div><div class="para">
+ 特定の単語や語句に注意を引く目的で 4 種類の表記方法を使用しています。 その表記方法および適用される状況は以下の通りです。
+ </div><div class="para">
+ <code class="literal">等幅の太字</code>
+ </div><div class="para">
+ シェルコマンド、ファイル名、パスなどシステムへの入力を強調するために使用しています。またキー配列やキーの組み合わせを強調するのにも使用しています。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ 現在作業中のディレクトリ内のファイル <code class="filename">my_next_bestselling_novel</code> の内容を表示させるには、 シェルプロンプトで <code class="command">cat my_next_bestselling_novel</code> コマンドを入力してから <span class="keycap"><strong>Enter</strong></span> を押してそのコマンドを実行します。
+ </div></blockquote></div><div class="para">
+ 上記にはファイル名、シェルコマンド、キーが含まれています。 すべて等幅の太字で表されているため文中内で見分けやすくなっています。
+ </div><div class="para">
+ キーが 1 つの場合と複数のキーの組み合わせになる場合を区別するため、 その組み合わせを構成するキー同士をハイフンでつないでいます。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ <span class="keycap"><strong>Enter</strong></span> を押してコマンドを実行します。
+ </div><div class="para">
+ 1 番目の仮想ターミナルに切り替えるは、 <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F2</strong></span> を押します。 X-Windows セッションに戻るには、 <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> を押します。
+ </div></blockquote></div><div class="para">
+ 最初の段落では押すべき 1 つのキーを特定して強調しています。 次の段落では同時に押すべき 3 つのキーの組み合わせが 2 種類ありそれぞれ強調されています。
+ </div><div class="para">
+ ソースコードの説明では 1 段落内で提示されるクラス名、 メソッド、 関数、 変数名、 戻り値を上記のように <code class="literal">等幅の太字</code> で表示します。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ ファイル関連のクラス群はファイルシステムに対しては <code class="classname">filesystem</code>、 ファイルには <code class="classname">file</code>、 ディレクトリには <code class="classname">dir</code> をそれぞれ含みます。 各クラスは個別に関連する権限セットを持っています。
+ </div></blockquote></div><div class="para">
+ <span class="application"><strong>プロポーショナルの太字</strong></span>
+ </div><div class="para">
+ アプリケーション名、 ダイアログボックスのテキスト、ラベル付きボタン、 チェックボックスとラジオボタンのラベル、 メニュータイトルとサブメニュータイトルなどシステム上で見られる単語や語句を表します。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ メインメニューバーから <span class="guimenu"><strong>システム > 個人設定 > マウス</strong></span> の順で選択し <span class="application"><strong>マウスの個人設定</strong></span> を起動します。 <span class="guilabel"><strong>ボタン</strong></span> タブ内で <span class="guilabel"><strong>左ききのマウス</strong></span> チェックボックスをクリックしてから <span class="guibutton"><strong>閉じる</strong></span> をクリックしマウスの主要ボタンを左から右に切り替えます (マウスを左ききの人が使用するのに適した設定にする)。
+ </div><div class="para">
+ <span class="application"><strong>gedit</strong></span> ファイルに特殊な文字を挿入する場合は、 メインメニューバーから <span class="guimenu"><strong>アプリケーション > アクセサリ > 文字マップ</strong></span> の順で選択します。 次に <span class="application"><strong>文字マップ</strong></span> メニューバーから <span class="guimenu"><strong>検索 > 検索…</strong></span> と選択して <span class="guilabel"><strong>検索</strong></span> フィールド内にその文字名を入力し <span class="guibutton"><strong>次</strong></span> をクリックします。 探している文字が <span class="guilabel"><strong>文字表</strong></span> 内で強調表示されます。 この強調表示された文字をダブルクリックすると <span class="guilabel"><strong>コピーするテキスト</strong></span> フィールド内に置かれるので次に <span class="guibutton"><st
rong>コピー</strong></span> ボタンをクリックします。 ここでドキュメントに戻り <span class="application"><strong>gedit</strong></span> メニューバーから <span class="guimenu"><strong>編集 > 貼り付け</strong></span> を選択します。
+ </div></blockquote></div><div class="para">
+ 上記には、 アプリケーション名、 システム全体のメニュー名と項目、 アプリケーション固有のメニュー名、 GUI インタフェースで見られるボタンやテキストがあります。 すべてプロポーショナルの太字で表示されているため文中内で見分けやすくなっています。
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>等幅の太字で且つ斜体</code></em></code> または <span class="application"><strong><em class="replaceable"><code>プロポーショナルの太字で且つ斜体</code></em></strong></span>
+ </div><div class="para">
+ 等幅の太字やプロポーショナルの太字はいずれであっても斜体の場合は置換可能なテキストか変化するテキストを示します。 斜体は記載されている通りには入力しないテキスト、あるいは状況に応じて変化する出力テキストを表します。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ ssh を使用してリモートマシンに接続するには、 シェルプロンプトで <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> と入力します。 リモートマシンが <code class="filename">example.com</code> であり、 そのマシンで使用しているユーザー名が john なら <code class="command">ssh john at example.com</code> と入力します。
+ </div><div class="para">
+ <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> コマンドは指定したファイルシステムを再マウントします。 例えば、 <code class="filename">/home</code> ファイルシステムを再マウントするコマンドは <code class="command">mount -o remount /home</code> になります。
+ </div><div class="para">
+ 現在インストールされているパッケージのバージョンを表示するには、 <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code> コマンドを使用します。 結果として次を返してきます、 <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>。
+ </div></blockquote></div><div class="para">
+ 上記の太字斜体の単語 — username、 domain.name、 file-system、 package、 version、 release に注目してください。 いずれもコマンドを発行するときに入力するテキスト用のプレースホルダーかシステムにより出力されるテキスト用のプレースホルダーになっています。
+ </div><div class="para">
+ タイトル表示のような標準的な使用の他、 斜体は新しい重要な用語が初めて出現する場合にも使用されます。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Publican は <em class="firstterm">DocBook</em> の発行システムです。
+ </div></blockquote></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm71357040">1.2. 引用における表記方法</h3></div></div></div><div class="para">
+ 端末の出力とソースコード一覧は、視覚的に周囲の文から区別されています。
+ </div><div class="para">
+ 端末に送信される出力は <code class="computeroutput">mono-spaced roman</code> (等幅の Roman) にセットされるので以下のように表示されます。
+ </div><pre class="screen">books Desktop documentation drafts mss photos stuff svn
+books_tests Desktop1 downloads images notes scripts svgs</pre><div class="para">
+ ソースコードの一覧も <code class="computeroutput">mono-spaced roman</code> (等幅の Roman) でセットされますが、以下のように強調表示されます。
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+
+<span class="perl_Keyword">import</span> javax.naming.InitialContext;
+
+<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> ExClient
+{
+ <span class="perl_Keyword">public</span> <span class="perl_DataType">static</span> <span class="perl_DataType">void</span> <span class="perl_Function">main</span>(String args[])
+ <span class="perl_Keyword">throws</span> Exception
+ {
+ InitialContext iniCtx = <span class="perl_Keyword">new</span> InitialContext();
+ Object ref = iniCtx.<span class="perl_Function">lookup</span>(<span class="perl_String">"EchoBean"</span>);
+ EchoHome home = (EchoHome) ref;
+ Echo echo = home.<span class="perl_Function">create</span>();
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Created Echo"</span>);
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
+ }
+}</pre></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm103519120">1.3. 注記および警告</h3></div></div></div><div class="para">
+ 情報が見過ごされないよう 3 種類の視覚的なスタイルを使用して注意を引いています。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 注記は説明している部分に対するヒントや近道あるいは代替となる手段などになります。注記を無視しても悪影響はありませんが知っておくと便利なコツを見逃すことになるかもしれません。
+ </div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ 重要ボックスは見逃しやすい事項を詳細に説明しています。現在のセッションにのみ適用される設定上の変更点、 更新を適用する前に再起動が必要なサービスなどがあります。重要ボックスを無視してもデータを喪失するような結果にはなりませんがイライラ感やフラストレーションが生じる可能性があります。
+ </div></div></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 警告は無視しないでください。警告を無視するとデータを喪失する可能性が非常に高くなります。
+ </div></div></div></div></div><div xml:lang="ja-JP" class="section" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm92595712">2. フィードバック</h2></div></div></div><a id="idm92594560" class="indexterm"></a><div class="para">
+ 本ガイドに誤植を見つけられた場合や本ガイドの改善案をお持ちの場合はぜひお知らせください。 Bugzilla <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a> にて、 Product には <span class="application"><strong>Fedora.</strong></span> を選びレポートの提出をお願いいたします。
+ </div><div class="para">
+ バグレポートを提出される場合は、 そのガイドの識別子となる <em class="citetitle">security-guide</em> を必ず明記して頂くようお願いします。
+ </div><div class="para">
+ ドキュメントに関する改善のご意見についてはできるだけ具体的にお願いいたします。 エラーを発見された場合は、 セクション番号および該当部分の前後の文章も含めてご報告頂くと照合が容易になります。
+ </div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Security_Overview" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第1章 セキュリティの概要</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security">1.1. セキュリティのイントロダクション</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. コンピューター・セキュリティとは?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. セキュリティ・コントロール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. 結論</a></span></dt><
/dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. 攻撃者と脆弱性</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. ハッカーの簡単な歴史</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. ネットワーク・セキュリティへの脅威</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. サーバー・セキュリティへの脅威</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Vulnerabi
lity_Assessment">1.3. 脆弱性のアセスメント</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. 敵のような考え</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. アセスメントとテストの定義</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. ツールの評価</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Common_Exploits_and_Attacks">1.4. 一般的なエクスプロイトと攻撃</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates">1.5. セキュリティ・アップデート</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. パッケージの更新</a></span></dt><dt>
<span class="section"><a href="#sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. 署名されたパッケージの検証</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. 署名されたパッケージのインストール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. 変更の適用</a></span></dt></dl></dd></dl></div><div class="para">
+ ビジネスの経営および個人情報の記録のために、パワフルかつネットワーク化されたコンピューターに依存してきているため、すべての産業はネットワークとコンピューターのセキュリティの実践を中心として組成されてきています。企業は、運用している組織の要求事項を適合させるために、適切にシステムを監査して、ソリューションを仕立てるために、セキュリティ専門家の知識とスキルを求めるようになってきています。多くの組織は実際にますます変化が激しくなるので、労働者がローカルまたはリモートで会社の IT リソースへアクセスするとともに、セキュアなコンピューティング環境に対するニーズはより明確になってきています。
+ </div><div class="para">
+ 不幸にも、多くの組織(および個人ユーザー)はセキュリティを、結果論や増大するパワーにより見落とすプロセス、生産性および予算的な懸念としてみなしています。適切なセキュリティの導入は、しばしば事後に賛成されます — 認可されない侵入者がすでに占拠した <span class="emphasis"><em>後で</em></span>。セキュリティ専門家は、インターネットのような信頼されないネットワークにサイトを接続する前に適切な対策をとることは、侵入者に多くの試みを挫折させる効果的な方法であるということに賛成します。
+ </div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Introduction_to_Security" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. セキュリティのイントロダクション</h2></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. コンピューター・セキュリティとは?</h3></div></div></div><div class="para">
+ コンピューター・セキュリティは、コンピューティングと情報処理の幅広い領域を取り扱う一般的な用語です。日々のビジネス取引を行い、極めて重要な情報にアクセスするために、コンピューターシステムとネットワークに依存する産業は、それらのデータを全体の資産の最も重要な部分であると見なしています。いくつかの用語と評価指標が、Total Cost of Ownership (TCO) や Quality of Service (QoS) のように、日常のビジネス会話に入ってきています。これらの評価指標を用いることで、計画とプロセス管理のコストの一部として、データの完全性や高可用性のような観点を産業が計算できるようになります。電子商取引のようないくつかの産業において、データの可用性と信頼性は成功と失敗の分かれ目になりえます。
+ </div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. コンピューター・セキュリティはどのように起こるのでしょうか?</h4></div></div></div><div class="para">
+ 情報セキュリティは、個人情報、金融情報、および他の制限された情報が暴露されないようにするため、パブリック・ネットワークへの増大する依存のため何年もかけて進歩してきました。すべての業種にわたる組織が取り扱う情報だけでなくその転送や暴露について再検討するよう促す、Mitnick <sup>[<a id="idm62704160" href="#ftn.idm62704160" class="footnote">1</a>]</sup> や Vladimir Levin <sup>[<a id="idm13075888" href="#ftn.idm13075888" class="footnote">2</a>]</sup> の事件のような数多くの事例があります。インターネットの普及は、データ・セキュリティにおける大きな努力を促す最も重要な開発の1つでした。
+ </div><div class="para">
+ インターネットが提供するリソースへアクセスするために、いまだ増え続ける人々が PC を使用しています。研究や情報探索から電子メールや電子商取引まで、インターネットは20世紀の最も重要な開発の1つとみなされるようになってきました。
+ </div><div class="para">
+ しかしながら、インターネットおよびそれ以前のプロトコルは、<em class="firstterm">信頼を前提とする</em>システムとして開発されました。つまり、インターネットプロトコル (Internet Protocol) 自身はセキュアには設計されていません。TCP/IP 通信階層に組み込まれている公式のセキュリティ標準はありません。それは、ネットワーク越しに潜在的に悪意のあるユーザーやプロセスに開かれたままです。最近の開発はインターネット通信をよりセキュアにしてきましたが、国中の注目を集め、私たちに完全に安全なものは何もないという事実を警告する、いくつかのインシデントがいまだにあります。
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Security_Today"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. 今日のセキュリティ</h4></div></div></div><div class="para">
+ 2000年2月、分散サービス妨害 (DDoS: Distributed Denial of Service) 攻撃が、インターネットにある最も高トラフィックのサイトのいくつかに対して行われました。攻撃者は <em class="firstterm">ping flood</em> とも呼ばれる大きな ICMP パケットを送信することにより数時間ルータを使用不能し、yahoo.com, cnn.com, amazon.com, fbi.gov, および他のいくつかのサイトを通常のユーザーから完全にアクセス不能にしました。攻撃は、脆弱性のあるネットワーク・サーバーをスキャンする、特別に作成された広く利用可能なプログラムを使用している未知の攻撃者によりもたらされ、サーバーに<em class="firstterm">トロイの木馬</em>と呼ばれるクライアント・アプリケーションをインストールし、犠牲サイトをあふれさせ利用不可能にするあらゆる感染したサーバーで、
攻撃の時間を計りました。多くの人は、パケットが送られたどんなところでも、どんな目的に対しても、すべての入力データを受け付けるために構成されるよう、ルーターとプロトコルが使われる方法で基本的な欠陥にある攻撃を非難しました。
+ </div><div class="para">
+ 2007年、Wired Equivalent Privacy (WEP) 無線暗号化プロトコルの広く知られる脆弱性をエクスプロイトするデータ侵害により、世界中の金融機関から4500万を越えるクレジットカード番号が盗まれました。<sup>[<a id="idm49781184" href="#ftn.idm49781184" class="footnote">3</a>]</sup>
+ </div><div class="para">
+ 別のインシデントにおいて、バックアップ・テープに保存された、220万人の患者の請求記録が配送者のフロントシートから盗まれました。<sup>[<a id="idm49782800" href="#ftn.idm49782800" class="footnote">4</a>]</sup>
+ </div><div class="para">
+ 現在、世界中で推定18億人がインターネットを使用しています、または使用していました。<sup>[<a id="idm49783872" href="#ftn.idm49783872" class="footnote">5</a>]</sup> 同時に:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ある特定の日に、CERT Coordination Center at Carnegie Mellon University<sup>[<a id="idm55775680" href="#ftn.idm55775680" class="footnote">6</a>]</sup> へと報告されたセキュリティ違反のメジャー・インシデントは推定225あります。
+ </div></li><li class="listitem"><div class="para">
+ 2003年、CERT に報告されたインシデントの数は、2001年の52,658、2002年の82,094から跳ね上がりました。<sup>[<a id="idm55776192" href="#ftn.idm55776192" class="footnote">7</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ ここ3年の最も危険なインターネット・ウイルスに関するワールドワイドの経済的影響は、132億アメリカドルと見積もられました。<sup>[<a id="idm100428992" href="#ftn.idm100428992" class="footnote">8</a>]</sup>
+ </div></li></ul></div><div class="para">
+ 2008年のグローバルなビジネスと技術のエグゼクティブ調査 "The Global State of Information Security"<sup>[<a id="idm100430592" href="#ftn.idm100430592" class="footnote">9</a>]</sup> から、<span class="emphasis"><em>CIO Magazine</em></span> により断言された、いくつかのポイントは以下です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 43%のみがユーザー・コンプライアンスの監査または監視とセキュリティ・ポリシーが一致します
+ </div></li><li class="listitem"><div class="para">
+ 22%のみがデータを使用する外部企業の一覧を維持しています
+ </div></li><li class="listitem"><div class="para">
+ 約半数のセキュリティ・インシデントはソースが "Unknown" と印がつけられました
+ </div></li><li class="listitem"><div class="para">
+ 回答者の44%が翌年にセキュリティ予算を増やす計画をします
+ </div></li><li class="listitem"><div class="para">
+ 59%は情報セキュリティ戦略を持ちます
+ </div></li></ul></div><div class="para">
+ これらの結果は、コンピューター・セキュリティが IT 予算に対する支出を定量化して正当化するようになってきたことの現実性を強調します。データの完全性と高可用性を必要とする組織は、システム、サービスおよび情報の 24x7 の信頼性を確実にするために、システム管理者、開発者、および技術者のスキルを引き出します。犠牲者が悪意のあるユーザー、プロセスおよび協調された攻撃に落とされると、組織の成功に対する直接の脅威になります。
+ </div><div class="para">
+ 不幸にも、システムとネットワークのセキュリティは、組織が情報をどのようにみなし、使用し、処理し、転送するかの複雑な知識を必要とする、難しい命題になるでしょう。組織(および組織を構成する人々)がビジネスを実施する方法を理解することは、適切なセキュリティ計画を導入することに優先します。
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">1.1.1.3. セキュリティの標準化</h4></div></div></div><div class="para">
+ すべての産業における企業は、アメリカ医師会 (AMA: American Medical Association) や IEEE (Institute of Electrical and Electronics Engineers ) のような標準化推進団体により作られた規制やルールに依存します。同じ理念が情報セキュリティにも有効です。多くのセキュリティ・コンサルタント・ベンダーは CIA (機密性、完全性および可用性) として知られる標準的なセキュリティ・モデルについて意見が一致します。この3階層モデルは、機密情報のリスクアセスメントやセキュリティ方針の確立のために、一般的に受け入れられたコンポーネントです。以下は、 CIA モデルをさらに詳細に説明します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 機密性 — 機密情報は事前に定義された個人の組に対してのみ利用可能でなければいけません。情報の認可されない送信や使用は制限されなければいけません。たとえば、情報の機密性は、顧客情報や金融情報が個人情報の盗難や信用詐欺のような悪意のある目的のために認可されない個人により得られないよう、確実にします。
+ </div></li><li class="listitem"><div class="para">
+ 完全性 — 情報が不完全または不正確に与えられる情報で変更されないようすべきです。認可されないユーザーが機密情報を変更または破壊する能力から制限されなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ 可用性 — 情報は、認可されたユーザーが必要なときいつでもアクセス可能でなければいけません。可用性は情報が合意された頻度とタイムリーさで得られることの保証です。これはしばしば、パーセンテージの観点で測定され、Service Level Agreements (SLA) において公式に合意されます。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-SELinux"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</h3></div></div></div><div class="para">
+ Fedora は SELinux と呼ばれる Linux カーネルの強化を含みます。それは、システムにあるファイル、プロセス、ユーザーおよびアプリケーションに高精細なレベルの制御を提供する、強制アクセス制御 (MAC: Mandatory Access Control) アーキテクチャーを実装します。SELinux の詳細な議論はこのドキュメントの範囲を超えています。しかし、SELinux の詳細と Fedora における使用法は、<a href="http://docs.fedoraproject.org/">http://docs.fedoraproject.org/</a> で入手可能な Fedora SELinux User Guide を参照してください。SELinux により保護される Fedora におけるサービスの設定と実行に関する詳細は、<a href="http://docs.fedoraproject.org">http://docs.fedoraproject.org/</a> で入手可能な SELinux Managing Confined Services Guide を参照してください。SELinux に対する他の利用可能なリソースは <a class="xre
f" href="#chap-Security_Guide-References">9章<em>参考資料</em></a> にリストされています。
+ </div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Security_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. セキュリティ・コントロール</h3></div></div></div><div class="para">
+ コンピューター・セキュリティはしばしば、一般的に<em class="wordasword">コントロール</em>として参照される、3つの異なるマスター・カテゴリに分割されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 物理的
+ </div></li><li class="listitem"><div class="para">
+ 技術的
+ </div></li><li class="listitem"><div class="para">
+ 管理的
+ </div></li></ul></div><div class="para">
+ これら3つの幅広いカテゴリは、適切なセキュリティ導入の主な目的を定義します。これらのコントロールの中で、コントロールとそれらを実装する方法をさらに詳細化するサブカテゴリです。
+ </div><div class="section" id="sect-Security_Guide-Security_Controls-Physical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Physical_Controls">1.1.3.1. 物理的コントロール</h4></div></div></div><div class="para">
+ 物理的コントロールは、機密なマテリアルへの認可されないアクセスを阻止または防止するために使用される、定義された構造におけるセキュリティ対策の実装です。物理的コントロールの例は以下です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 有線監視カメラ
+ </div></li><li class="listitem"><div class="para">
+ 動作・温度警告システム
+ </div></li><li class="listitem"><div class="para">
+ 警備員
+ </div></li><li class="listitem"><div class="para">
+ 写真付き身分証明書
+ </div></li><li class="listitem"><div class="para">
+ ロックされた錠前をかけられたスチールドア
+ </div></li><li class="listitem"><div class="para">
+ バイオメトリクス(指紋、声、顔、虹彩、筆跡、および個人を認識するために使われる他の自動化された方法を含みます)
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Technical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Technical_Controls">1.1.3.2. 技術的コントロール</h4></div></div></div><div class="para">
+ 技術的コントロールは、物理構造やネットワークにおいて機密データのアクセスと制御を制御するために基礎となる技術を使用します。技術的コントロールは広範囲で以下のような技術を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 暗号化
+ </div></li><li class="listitem"><div class="para">
+ スマートカード
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク認証
+ </div></li><li class="listitem"><div class="para">
+ アクセス制御リスト (ACL: Access control lists)
+ </div></li><li class="listitem"><div class="para">
+ ファイル完全性監査ソフトウェア
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Administrative_Controls">1.1.3.3. 管理的コントロール</h4></div></div></div><div class="para">
+ 管理的コントロールはセキュリティの人間的要素を定義します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ トレーニングおよび意識向上
+ </div></li><li class="listitem"><div class="para">
+ 災害準備および復旧計画
+ </div></li><li class="listitem"><div class="para">
+ 要員採用および退職戦略
+ </div></li><li class="listitem"><div class="para">
+ 要員登録およびアカウンティング
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Conclusion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. 結論</h3></div></div></div><div class="para">
+ 今、セキュリティの起源、理由および観点について学んできたので、Fedora に関する適切な行動指針をより簡単に決定するようになることがわかります。どの要素と条件が適切な戦略を計画・導入するためにセキュリティを作り上げるかを知ることは重要です。セキュリティ・プロセスの細部のより深いところを調べるとき、この情報を心に留めておくと、プロセスを正式化して、パスがより明確になります。
+ </div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. 攻撃者と脆弱性</h2></div></div></div><div class="para">
+ 素晴らしいセキュリティ戦略を計画・導入するために、決意して動機付けられた攻撃者がシステムを危険にさらすためにエクスプロイトするいくつかの問題をまず理解します。しかし、これらの問題を詳細化する前に、攻撃者を識別するときに使われる用語を定義しなければいけません。
+ </div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. ハッカーの簡単な歴史</h3></div></div></div><div class="para">
+ <em class="firstterm">ハッカー</em>という語の近代的な意味は、1960年代とマサチューセッツ工科大学 (MIT) の Tech Model Railroad Club (大規模で複雑な詳細の鉄道セットを設計しました) にさかのぼる起源を持ちます。ハッカーは、賢いトリックや問題の回避方法を発見したクラブのメンバーに対して使われた名前です。
+ </div><div class="para">
+ ハッカーという語は、コンピューター通から才能あるプログラマまですべてを説明するためにきました。多くのハッカーの間の共通の特徴は、ほとんど外部的な動機づけではなく、コンピューター・システムとネットワークがどのように機能するかを詳細に調査したいという意欲です。オープンソース・ソフトウェアの開発者はしばしば自分自身と同僚をハッカーであると考え、尊敬を表す語としてその語を使用します。
+ </div><div class="para">
+ ä¸è¬çã«ãããã«ã¼ã¯<em class="firstterm">ããã«ã¼å«ç</em>ã®å½¢å¼ã«å¾ãã¾ããããã¯ãæ
å ±ã®æ¢æ±ã¨ç¿çãä¸å¯æ¬ ã§ãããã¨ã表ãããã®ç¥èãå
±æãããã¨ã¯ã³ãã¥ããã£ã¸ã®ããã«ã¼ã®ç¾©åã§ãããã¨ã表ãã¾ãããã®ç¥èã®æ¢æ±ã®éãä½äººãã®ããã«ã¼ã¯ã³ã³ãã¥ã¼ã¿ã»ã·ã¹ãã ã«ãããã»ãã¥ãªãã£ã»ã³ã³ããã¼ã«ãåé¿ãããã¨ããã¢ã«ãããã¯ãªææ¦ã楽ãã¿ã¾ãããã®çç±ã«ããããã¬ã¹ã¯ãã°ãã°ããã«ã¼ã¨ããè¨èãæªè³ªãªãæªæã®ãããç¯ç½ªã®æå³ãæã£ã¦ã·ã¹ãã ã¨ãããã¯ã¼ã¯ã«ä¸æ³ã«ã¢ã¯ã»ã¹ãã人ã
ã説æããããã«ä½¿ç¨ãã¾ãããã®ç¨®é¡ã®ã³ã³ãã¥ã¼ã¿ã¼ã»ããã«ã¼ã«å¯¾ããããæ£ç¢ºãªè¨èã¯<em class="firstterm">ã¯ã©ãã«ã¼</em>ã§ã â 2ã¤ã®ã³ãã¥ããã£ãåºå¥ããããã«1980年代ä¸ããã«ããã«ã¼ã«ããä
½æãããè¨èã
+ </div><div class="section" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray">1.2.1.1. Shades of Gray</h4></div></div></div><div class="para">
+ システムとネットワークにある脆弱性を見つけてエクスプロイトする人々のコミュニティの中には、いくつかの別々のグループがあります。これらのグループはしばしば、セキュリティ調査を実行するときにその人たちが「身につけている」帽子の色相により説明され、これらの色相はその人たちの意図を示します。
+ </div><div class="para">
+ <em class="firstterm">ホワイト・ハット・ハッカー</em>は、ネットワークとシステムのパフォーマンスを検査するため、およびそれらが侵入のためにどのように脆弱であるかを決めるため、それらをテストする人々です。通常、ホワイト・ハット・ハッカーは、自身のシステム、およびシステム監査の目的のために特別に雇われたクライアントのシステム、をクラックします。アカデミックな研究者とプロフェッショナルのセキュリティ・コンサルタントはホワイト・ハット・ハッカーの2つの例です。
+ </div><div class="para">
+ <em class="firstterm">ブラック・ハット・ハッカー</em>はクラッカーの同義語です。一般に、クラッカーはプログラミングとシステムの侵入へのアカデミックな側面にあまりフォーカスしません。利用可能なクラック・プログラムに依存します。また、個人的利益のために機密情報を暴露するため、またはターゲット・システムやネットワークにダメージを与えるために、システムにあるよく知られた脆弱性をエクスプロイトします。
+ </div><div class="para">
+ 他方、<em class="firstterm">グレイ・ハット・ハッカー</em>は、多くの状況においてホワイト・ハット・ハッカーのスキルと意図を持ちますが、場合によっては崇高な目的以外にも知識を使用します。グレイ・ハット・ハッカーは自身の予定を達成するために時々ブラック・ハットをかぶるホワイト・ハット・ハッカーのように考えられます。
+ </div><div class="para">
+ グレイ・ハット・ハッカーは一般的にハッカー倫理の他の形式に同意します。それは、システムに侵入可能であると同時に、ハッカーが盗難を行わない、または機密性を破らないことを言います。しかし、ある人はシステムに侵入する行為自体が非倫理的あると主張します。
+ </div><div class="para">
+ 侵入者の意図に関わらず、クラッカーがエクスプロイトを試みたいかもしれないという弱さを知ることは重要です。本章の残りはこれらの問題に焦点をあてます。
+ </div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. ネットワーク・セキュリティへの脅威</h3></div></div></div><div class="para">
+ ネットワークを以下の観点で設定するとき、バッド・プラクティスは攻撃のリスクを増やす可能性があります。
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.2.2.1. セキュアではないアーキテクチャー</h4></div></div></div><div class="para">
+ 設定を誤っているネットワークは、認可されないユーザーの最初の入り口になります。信頼に基づいた、オープンなローカルネットワークを、非常にセキュアではないインターネットに対して脆弱なままにしておくことは、犯罪が多発する地区で半ドアにしておくようなものです。 — ある期間は何も起きないかもしれませんが、<span class="emphasis"><em>結局</em></span>誰かが機会を活用するでしょう。
+ </div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks">1.2.2.1.1. ブロードキャスト・ネットワーク</h5></div></div></div><div class="para">
+ システム管理者はしばしば、セキュリティ・スキームにおけるネットワーク・ハードウェアの重要性に気がつきません。ハブやルーターのような単純なハードウェアは、ブロードキャストやスイッチではない原則に基づいています。すなわち、あるノードが受信ノードへネットワークを超えてデータを転送するときはいつでも、ハブやルーターは、受信ノードが受信してデータを処理するまで、データ・パケットのブロードキャストを送り続けます。この方式は、外部の侵入者やローカル・ホストの認可されないユーザーによる、address resolution protocol (<em class="firstterm">ARP</em>) や media access control (<em class="firstterm">MAC</em>) アドレスの偽装に対して最も脆弱です。
+ </div></div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers">1.2.2.1.2. 集中化したサーバー</h5></div></div></div><div class="para">
+ 他の潜在的なネットワークの落とし穴は、集中化されたコンピューター環境の使用です。多くのビジネスに対する一般的なコスト削減の対策は、1台の強力なマシンにすべてのサービスを集約することです。管理がより簡単になり、複数サーバーの設定よりもコストを非常に安くできるので、これは便利でしょう。しかし、集中化したサーバーはネットワークにおける単一障害点となります。集中化したサーバーがセキュリティ侵害されると、データ操作や窃盗を引き起こしやすいよう、ネットワークを完全に使い物にならなくしたりより悪くしたりできます。これらの状況において、集中化したサーバーはネットワーク全体へアクセスできるオープン・ドアになります。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. サーバー・セキュリティへの脅威</h3></div></div></div><div class="para">
+ サーバーはしばしば組織の重要な情報を非常に多く取り扱っているので、サーバー・セキュリティはネットワーク・セキュリティと同じように重要です。サーバーがセキュリティ侵害されると、すべてのコンテンツがクラッカーの思いのままに窃盗または操作できるようになるかもしれません。以下のセクションは、おもな問題のいくつかを詳細に説明します。
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.2.3.1. 未使用のサービスとオープン・ポート</h4></div></div></div><div class="para">
+ Fedora の完全インストールには、1000以上のアプリケーションとライブラリのパッケージが含まれます。しかしながら、多くのサーバ管理者は、ディストリビューションにおいてすべての単独のパッケージをインストールしたいとは思いません。代わりに、いくつかのサーバ・アプリケーションを含めて、パッケージの基本インストールをしたいと思います。
+ </div><div class="para">
+ システム管理者の間で共通の出来事は、実際にどのアプリケーションがインストールされるかに注意を払わずにオペレーティング・システムをインストールすることです。不必要なパッケージが、インストールされ、デフォルトの設定で設定され、おそらく有効にされている可能性があるので、これは問題があります。管理者が意識することなくサーバーまたはワークステーションで実行するために、Telnet、DHCP や DNS のような期待しないサービスの原因となる可能性があります。これらは、サーバーへと期待しないトラフィックを順番に引き起こす可能性があります。もしくは、クラッカーがシステムの中へ入る潜在的な道になる可能性があります。ポートを閉じて、未使用のサービスを無効にすることに関する詳細は <a class="xref
" href="#sect-Security_Guide-Server_Security">「サーバのセキュリティ」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.2.3.2. パッチ未適用のサービス</h4></div></div></div><div class="para">
+ デフォルトのインストールに含まれる多くのサーバー・アプリケーションは、しっかりとしていて、全体を通してテストされたソフトウェアの集まりです。何年も本番環境において使用していると、それらのコードは全体を通して精錬され、多くのバグが発見され修正されていきます。
+ </div><div class="para">
+ しかしながら、完璧なソフトウェアのようなものはありません。また、さらなる精錬の余地が常にあります。さらに、比較的新しいソフトウェアはしばしば、その最近の本番環境への出現のため、または、他のサーバー・ソフトウェアほど普及していないため、期待されているほど厳しくテストされていません。
+ </div><div class="para">
+ 開発者とシステム管理者はしばしば、サーバー・アプリケーションにおいてエクスプロイト可能なバグを見つけます。そして、Bugtraq メーリングリスト (<a href="http://www.securityfocus.com">http://www.securityfocus.com</a>) や Computer Emergency Response Team (CERT) ウェブサイト (<a href="http://www.cert.org">http://www.cert.org</a>) のような、バグトラックやセキュリティ関連のウェブサイトにおいて情報を公開します。これらのメカニズムはセキュリティ脆弱性をコミュニティに警告する効果的な方法であるにも関わらず、システムに適切にパッチを当てるかはシステム管理者しだいです。クラッカーがこれらの同じ脆弱性トラッキング・サービスにアクセスして、できるときにいつでもパッチ未適用のシステムをクラックするために情報を使うので、これは特に当
てはまります。素晴らしいシステム管理者は、コンピューティング環境を確実によりセキュアにするために、警戒、定期的なバグ・トラッキング、および適切なシステム・メンテナンスを必要とされます。
+ </div><div class="para">
+ システムを最新に保つことに関する詳細は <a class="xref" href="#sect-Security_Guide-Security_Updates">「セキュリティ・アップデート」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.2.3.3. 不注意な管理</h4></div></div></div><div class="para">
+ システムにパッチを当てることに失敗した管理者は、サーバー・セキュリティへの最も重大な脅威の1つです。<em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>) によると、コンピューター・セキュリティ脆弱性のおもな原因は、「トレーニングされていない人にセキュリティを維持することを割り当て、その仕事をできるようにするためのトレーニングも時間も与えないこと」です。 <sup>[<a id="idm93795824" href="#ftn.idm93795824" class="footnote">10</a>]</sup> これは自信過剰または動機付けられた管理者と同じくらい、経験の少ない管理者に当てはまります。
+ </div><div class="para">
+ ä»ã®äººã
ãã·ã¹ãã ã»ã«ã¼ãã«ã®ãã°ã»ã¡ãã»ã¼ã¸ããããã¯ã¼ã¯ã»ãã©ãã£ãã¯ãè¦è½ã¨ãä¸æ¹ã§ãä½äººãã®ç®¡çè
ã¯ãµã¼ãã¼ã¨ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã«ããããå½ã¦ããã¨ã«å¤±æãã¾ããä»ã®ä¸è¬çãªã¨ã©ã¼ã¯ããµã¼ãã¹ã®ããã©ã«ããã¹ã¯ã¼ãã¾ãã¯ãã¼ãå¤æ´ãããã«æ®ã£ã¦ããã¨ãã§ãããã¨ãã°ãããã¤ãã®ãã¼ã¿ãã¼ã¹ã¯ããã¼ã¿ãã¼ã¹éçºè
ãã·ã¹ãã 管çè
ãã¤ã³ã¹ãã¼ã«å¾ããã«ãããã®ãã¹ã¯ã¼ããå¤æ´ããã¨èãã¦ãããã©ã«ãã®ç®¡çãã¹ã¯ã¼ããæã¡ã¾ãããã¼ã¿ãã¼ã¹ç®¡çè
ããã®ãã¹ã¯ã¼ããå¤æ´ãå¿ããã¨ãçµé¨ã®å°ãªãã¯ã©ãã«ã¼ã§ããããã¼ã¿ãã¼ã¹ã®ç®¡çè
権éãå¾ãããã«ãåºãç¥ãããããã©ã«ãã®ãã¹ã¯ã¼ãã使ç¨ã§ãã¾ããä¸æ³¨æãªç®¡çãã©ã®ããã«ã·ã¹ãã ã®ä¾µå®³ã«ã¤ãªããå¯è½æ
§ããããã«é¢ããä¾ãããã¤ãããã¾ãã
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.2.3.4. 本質的にセキュアではないサービス</h4></div></div></div><div class="para">
+ 最も注意深い組織でさえ、選択したネットワーク・サービスが本質的にセキュアでなければ、脆弱性の犠牲になる可能性があります。たとえば、信頼されたネットワーク上で使用されるという仮定の下に開発されたサービスがたくさんあります。しかしながら、サービスがインターネット(それ自体は本質的に信頼できません)で利用可能になるとすぐに、この仮定は崩壊します。
+ </div><div class="para">
+ セキュアではないネットワーク・サービスのカテゴリの1つは、認証に対して暗号化されないユーザー名とパスワードを必要とするものです。Telnet と FTP はそのようなサービスの2つです。パケット盗聴ソフトウェアがリモートユーザーとそのようなサービスの間でトラフィックを監視しているならば、ユーザー名とパスワードが簡単に横取りされる可能性があります。
+ </div><div class="para">
+ 本質的に、そのようなサービスもより簡単に、セキュリティ業界は<em class="firstterm">中間者</em>攻撃と呼びますものの犠牲になります。この種類の攻撃において、意図したサーバーの代わりに彼のマシンに向けるために、ネットワークにおいてクラックされたネームサーバーをだますことにより、クラッカーはネットワーク・トラフィックをリダイレクトします。いったん誰かがサーバーへのリモート・セッションをオープンすると、攻撃者のマシンが、リモート・サービスと情報をキャプチャされていることを用心していないユーザーの間に静かに座る、見えないパイプとして動作します。この方法で、クラッカーはサーバーやユーザに気づかれることなく、管理パスワードや生のデータを集められます。
+ </div><div class="para">
+ ã»ãã¥ã¢ã§ã¯ãªããµã¼ãã¹ã®ãã1ã¤ã®ã«ãã´ãªã¯ãLAN å©ç¨ãæå¾
ãã¦éçºãããããä¸å¹¸ã«ã (ãªã¢ã¼ãã»ã¦ã¼ã¶ã¼ã«å¯¾ãã¦) WAN ãå«ããæ¡å¼µãããããNFS ã NIS ã®ãããªãããã¯ã¼ã¯ã»ãã¡ã¤ã«ã»ã·ã¹ãã ããã³ãããã¯ã¼ã¯æ
å ±ãµã¼ãã¹ã§ããNFS ã¯ã¯ã©ãã«ã¼ã NFS å
±æããã¦ã³ããã¦ãããã«å«ã¾ãããã¹ã¦ã®ãã®ã«ã¢ã¯ã»ã¹ããã®ãé²ãããã«è¨å®ããããããããèªè¨¼ãã»ãã¥ãªãã£ã®ã¡ã«ããºã ãããã©ã«ãã§ã¯æã¡ã¾ãããNIS ãåæ§ã«ããã¬ã¤ã³ããã¹ã ASCII ã¾ã㯠DBM (ASCII ããæ´¾çãã) ãã¼ã¿ãã¼ã¹ã®ä¸ã«ããã¹ã¯ã¼ãããã¡ã¤ã«ã»ãã¼ããã·ã§ã³ãå«ãããããã¯ã¼ã¯ã«ãããã¹ã¦ã®ã³ã³ãã¥ã¼ã¿ã«ç¥ãããªããã°ãããªãéè¦ãªæ
å ±ãæã¡ã¾ãããã®ãã¼ã¿ãã¼ã¹ã¸ã®ã¢ã¯ã»ã¹æ¨©ãå¾ãã¯ã©ãã«ã¼ã¯ã管ç
è
ã®ã¢ã«ã¦ã³ããå«ãããããã¯ã¼ã¯ã«ããããã¹ã¦ã®ã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ãã«ã¢ã¯ã»ã¹ã§ãã¾ãã
+ </div><div class="para">
+ Fedora はデフォルトでそのようなサービスをすべてオフにしてリリースされています。しかしながら、管理者がしばしば、これらのサービスを使用するよう強制されることがあるので、注意深く設定することが重要な意味を持ちます。安全なようにサービスをセットアップする方法の詳細は <a class="xref" href="#sect-Security_Guide-Server_Security">「サーバのセキュリティ」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</h3></div></div></div><div class="para">
+ ワークステーションおよびホーム PC は、ネットワークやサーバーのように攻撃される傾向にないかもしれません。しかし、しばしばクレジットカード情報のような機密データを含むので、システム・クラッカーの標的にされます。ワークステーションは、ユーザーが知ることなく選出され、共同攻撃における "スレーブ" マシンとして攻撃者により使用される可能性もあります。これらの理由により、ワークステーションの脆弱性を理解することは、オペレーティング・システムの再インストール、もっと悪ければデータ窃盗からの回復の頭痛からユーザーを守ります。
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.2.4.1. 悪いパスワード</h4></div></div></div><div class="para">
+ 悪いパスワードは攻撃者がシステムへのアクセス権を得るために最も簡単な方法の1つです。パスワードを作成するときに一般的な落とし穴を避ける方法の詳細は、<a class="xref" href="#sect-Security_Guide-Workstation_Security-Password_Security">「パスワードのセキュリティ」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.2.4.2. 脆弱なクライアント・アプリケーション</h4></div></div></div><div class="para">
+ 管理者が完全にセキュアでパッチを当てたサーバーにしているにも関わらず、リモート・ユーザーがアクセスするときにセキュアであるとは限りません。たとえば、サーバーがパブリックネットワーク上で Telnet や FTP サービスを提供していると、攻撃者は平文のユーザー名とパスワードがネットワーク上を流れているので、それらを取ることができます。そして、リモート・ユーザーのワークステーションにアクセスするためにアカウント情報を使用します。
+ </div><div class="para">
+ SSH のようなセキュアなプロトコルを使用しているときでさえ、リモート・ユーザーは、クライアント・アプリケーションを更新していないと、特定の攻撃に対して脆弱であるかもしれません。たとえば、v.1 SSH クライアントは悪意のある SSH サーバーからの X 転送攻撃に対して脆弱です。一度サーバーに接続すると、攻撃者はネットワーク上でクライアントによるキー入力やマウス操作をひそかにとることができます。この問題は v.2 SSH プロトコルで修正されました。しかしユーザーは、どのアプリケーションがそのような脆弱性を持ち、更新する必要があるのかを把握し続けないといけません。
+ </div><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Workstation_Security">「ワークステーションのセキュリティ」</a> は、管理者とホームユーザーがコンピューター・ワークステーションの脆弱性を制限するためにどんなステップをとるべきかをより詳細に説明しています。
+ </div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Vulnerability_Assessment" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.3. 脆弱性のアセスメント</h2></div></div></div><div class="para">
+ 時間、リソースおよびモチベーションを与えられると、クラッカーはほとんどすべてのシステムに侵入できます。結局、現在利用可能なすべてのセキュリティの手順と技術は、あらゆるシステムが侵入から完全に安全であることを保証することはできません。ルーターはインターネットへの安全なゲートウェイの助けになります。ファイアウォールはネットワークの境界の助けになります。VPN は暗号化されたストリームにおいて安全にデータを通過させます。侵入検知システムは悪意のある活動を警告します。しかし、これらの技術のそれぞれの成功は、以下を含む多くの変動要因に依存します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 技術の設定、監視および維持に責任のあるスタッフの習熟。
+ </div></li><li class="listitem"><div class="para">
+ サービスとカーネルに迅速かつ効果的にパッチおよび更新する能力。
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク上の一定した警戒を維持する責任のある人の能力
+ </div></li></ul></div><div class="para">
+ システムと技術がデータのダイナミックな状態にすると、企業のリソースをセキュアにすることは極めて難しくなります。しばしばシステムのすべてに対する専門家のリソースを見つけることは難しいです。情報セキュリティの多くの領域における高いレベルの知識を持つ要員を持つことができる間、少し以上の主題領域に精通しているスタッフを維持することは難しいです。これはおもに、情報セキュリティの各主題領域は一定の注意と集中を必要とするからです。情報セキュリティは有効なままではありません。
+ </div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. 敵のような考え</h3></div></div></div><div class="para">
+ あなたが企業ネットワークの管理者であると仮定します。そのようなネットワークは一般的に、オペレーティングシステム、アプリケーション、サーバ、ネットワーク・モニタ、侵入検知システム等から構成されます。今日のソフトウェアとネットワーク環境の複雑さを与えられると、エクスプロイットとバグは必然性があります。ネットワーク全体をパッチとアップデートで最新に保つことは、異質なシステムを持つ大きなネットワークにおいて気が重い作業であることがわかります。
+ </div><div class="para">
+ 習熟の要件と現状維持の作業を組み合わせます。そして、不利益なインシデントが発生し、システムが侵害され、データが破壊され、サービスが中断されることは不可避です。
+ </div><div class="para">
+ セキュリティ技術を強化して、システム、ネットワーク、およびデータを保護する支援とするため、あなたはクラッカーのように考え、弱さに対するチェックをすることによりシステムのセキュリティを測定しなければいけません。自身のシステムとネットワーク・リソースに対する予防的な脆弱性アセスメントは、クラッカーがエクスプロイトする前に対処できる潜在的な問題を明らかにします。
+ </div><div class="para">
+ 脆弱性アセスメントはあなたのネットワークおよびシステムのセキュリティの内部監査です。(<a class="xref" href="#sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">「セキュリティの標準化」</a> に説明されているように)ネットワークの機密性、完全性および可用性を支持する結果です。一般的に、脆弱性アセスメントは、対象システムに関する重要なデータを集めることを通じて、調査フェーズから始めます。このフェーズはシステム準備フェーズにつながります。それによって、対象が基本的にすべての既知の脆弱性をチェックされます。準備フェーズは報告フェーズに達します。ここで、発見したものは高中低のカテゴリに分類され、対象のセキュリティを向上させる(または脆弱性のリスクを低減させる)方法が議論され
ます。
+ </div><div class="para">
+ あなたの自宅の脆弱性アセスメントを実行しているならば、自宅のドアが閉められて鍵がかけられているかどうかを確認するために、それぞれのドアをチェックするでしょう。確実にすべての窓が完全に閉まっており、正しく鍵がかけられていることもチェックします。この同じような概念をシステム、ネットワークおよび電子データに適用します。悪意のあるユーザーはあなたのデータの泥棒および心ない破壊者です。ツール、精神性および動機に注目します。そうすると、彼ら彼女らの行動に素早く反応できます。
+ </div></div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. アセスメントとテストの定義</h3></div></div></div><div class="para">
+ 脆弱性アセスメントは2種類に分解できます: <em class="firstterm">外から中を見る</em> および <em class="firstterm">中から外を見る</em>。
+ </div><div class="para">
+ 外から中を見る脆弱性アセスメントを実行するとき、外側からシステムを危険にさらすことを試みます。会社の外側であることは、あなたにクラッカーの観点を与えます。クラッカーが見るものを見ます — 公にルート可能な IP アドレス、<em class="firstterm">DMZ</em> にあるシステム、ファイアウォールの外部インタフェース、およびその他。DMZ は "demilitarized zone" を意味します。ここで、企業プライベート LAN のような信頼された内部ネットワーク、およびパブリックなインターネットのような信頼されない外部ネットワークの間にある、コンピューターまたは小さなサブネットワークに一致します。一般的に、DMZ は ウェブ (HTTP) サーバー、FTP サーバー、SMTP (e-mail) サーバーおよび DNS サーバーのような、インターネットのトラフィック
にアクセス可能なデバイスを含みます。
+ </div><div class="para">
+ 中から外を見る脆弱性アセスメントを実行するとき、あなたは内部にいて、状態が信頼されると昇格されるため、いくらかの優位性があります。これは一度システムにログオンしたあなたや同僚の視点です。プリント・サーバー、ファイル・サーバー、データベースおよび他のリソースを見ます。
+ </div><div class="para">
+ これら2種類の脆弱性アセスメントの著しい区別があります。会社の内部にいることは、どの外部者よりも上昇された権限を与えられます。多くの組織において今でも、セキュリティは侵入者を締め出すという方法で構成されています。(部門内ファイアウォール、ユーザー・レベル・アクセス制御、内部リソースに対する認証手順などのように)組織の内部をセキュアにしていることは非常にまれです。一般的に、多くのシステムが会社の内部にあるので、中から外を見るときより多くのリソースがあります。一度あなた自身を会社の外部者と設定すると、ただちに信頼されない状態を与えられます。あなたが外部的に利用可能なシステムとリソースは一般的に非常に制限されます。
+ </div><div class="para">
+ 脆弱性アセスメントと<em class="firstterm">侵入テスト</em>の違いを検討します。侵入テストへの第一歩として脆弱性アセスメントを考えます。アセスメントから収集された情報はテストのために使用されます。アセスメントがホールや潜在的な脆弱性に対するチェックをするために行われるのに対して、侵入テストは発見したものを実際にエクスプロイトしようとします。
+ </div><div class="para">
+ ネットワーク・インフラストラクチャをアセスメントすることは、ダイナミックなプロセスです。セキュリティ(情報も物理も)はダイナミックです。概要に示されるアセスメントを実行することは、フォールス・ポジティブとフォールス・ネガティブが現れる可能性があります。
+ </div><div class="para">
+ セキュリティ管理者は、使用しているツールと保有している知識を同じくらい素晴らしいです。現在、多くの形態のアセスメント・ツールが利用可能です。それらをシステムに対して実行して、そして、大抵いくつかのフォールス・ネガティブがあることを保証します。プログラムの間違いかユーザーの誤りかによらず、結果は同じです。ツールが実際に存在しない脆弱性を見つけるかもしれません(フォールス・ポジティブ)。もしくはさらに悪いことに、ツールが実際に存在する脆弱性を見つけないかもしれません(フォールス・ネガティブ)。
+ </div><div class="para">
+ これで脆弱性アセスメントと侵入テストの違いが定義されたので、あなたの新しいベスト・プラクティス・アプローチの一部として侵入テストを行う前に、アセスメントの結論を出して、注意深くレビューします。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 本番リソースにおける脆弱性をエクスプロイトする試みは、システムとネットワークの生産性や効率に悪影響を与える可能性があります。
+ </div></div></div><div class="para">
+ 以下の一覧は脆弱性アセスメントを実施するためにいくつかの有益性を検討します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 情報セキュリティにプロアクティブなフォーカスを当てる
+ </div></li><li class="listitem"><div class="para">
+ クラッカーに見つけられる前に潜在的なエクスプロイトを見つける
+ </div></li><li class="listitem"><div class="para">
+ システムを最新でパッチが当てられた状態をもたらす
+ </div></li><li class="listitem"><div class="para">
+ 成長とスタッフの習熟に役立つよう促進する
+ </div></li><li class="listitem"><div class="para">
+ 経済的損失とネガティブな広報を減らす
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology">1.3.2.1. 方法論の確立</h4></div></div></div><div class="para">
+ 脆弱性アセスメント用のツールを選択する支援のために、脆弱性アセスメントの方法論を確立することは助けになります。不幸にも、現在のところ事前に定義された、もしくは工業的に証明された方法論はありません。しかしながら、一般的な判断およびベスト・プラクティスが十分なガイドとして振る舞います。
+ </div><div class="para">
+ <span class="emphasis"><em>対象は何か?一つのサーバーを見るのか、もしくは、ネットワーク全体およびネットワーク内にあるすべてのものを見るのか? 会社にとって外部または内部なのか?</em></span> これらの質問に対する答えは、どのツールを選択するかだけでなく、そのツールをどのような方法で使用するかを決める助けになるので、重要です。
+ </div><div class="para">
+ 方法論の確立に関する詳細は、以下のウェブサイトを参照してください:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.isecom.org/osstmm/">http://www.isecom.org/osstmm/</a> <em class="citetitle">The Open Source Security Testing Methodology Manual</em> (OSSTMM)
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.owasp.org/">http://www.owasp.org/</a> <em class="citetitle">The Open Web Application Security Project</em>
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. ツールの評価</h3></div></div></div><div class="para">
+ アセスメントはいくつかの形式の情報収集ツールにより始められます。ネットワーク全体をアセスメントするとき、動作しているホストを見つけるために、まずレイアウトをマップします。一度位置が決められると、それぞれ各ホストを検査します。これらのホストに焦点をあてることは、他のセットのツールを必要とします。使うためのツールを知ることは、脆弱性を見つけるときの最も重要な手順かもしれません。
+ </div><div class="para">
+ 日常生活のあらゆる場面のように、同じ仕事を実行する数多くの異なるツールがあります。この概念は脆弱性アセスメントを実行することにも同様に当てはまります。オペレーティングシステム、アプリケーション、そしてネットワークにさえ(使用されるプロトコルに基づきます)具体的なツールがあります。いくつかのツールはフリーです。他のものはそうではありません。いくつかのツールは直感的で使いやすいです。一方、他のツールは不可解であり、十分に文書化されませんが、他のツールにはない機能を持ちます。
+ </div><div class="para">
+ 正しいツールを見つけることは、気が重い仕事であるかもしれません。最後には経験が重要になります。可能ならば、実験ラボをセットアップして、それぞれの強みと弱みに注目して、できる限り多くのツールを試験します。ツールに対する README ファイルまたはマニュアル・ページをレビューします。さらに、ツールに対する記事、ステップ・バイ・ステップのガイド、またはメーリングリストのような、詳細に関してインターネットに目を向けます。
+ </div><div class="para">
+ 以下で説明されるツールは、単に利用可能なツールの小さなサンプルです。
+ </div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap">1.3.3.1. Nmap を用いたホストのスキャン</h4></div></div></div><div class="para">
+ Nmap はネットワークのレイアウトを決定するために利用される Fedora に含まれる一般的なツールです。Nmap は長年にわたり利用可能であり、おそらく情報を集めるときに最もよく使われるツールです。そのオプションと使用法の詳細な説明を提供する、素晴らしいマニュアル・ページが含まれます。管理者は、ホストシステムとそれらのシステムにおいて開いているポートを見つけるためにネットワークにおいて Nmap を使用できます。
+ </div><div class="para">
+ Nmap は脆弱性アセスメントにおける十分な第一歩です。ネットワークの中にあるホストすべてを図示します。そして、Nmap が特定のホストで実行しているオペレーティング・システムを特定する試行ができるようにするオプションを渡すこともできます。Nmap は、セキュアなサービスの使用と不必要なサービスの停止の方針を確立するための素晴らしい基礎です。
+ </div><div class="section" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap">1.3.3.1.1. Nmap の使用</h5></div></div></div><div class="para">
+ Nmap は <code class="command">nmap</code> コマンドを、スキャンするマシンのホスト名または IP アドレスを後ろにつけて、入力することによりシェル・プロンプトから実行することができます。
+ </div><pre class="screen"><code class="command">nmap foo.example.com</code></pre><div class="para">
+ 基本的なスキャン(ホストの位置や他のネットワーク条件に依存して数分かかります)の結果は以下のように見えるでしょう。
+ </div><pre class="screen">
+Starting Nmap 4.68 ( http://nmap.org )
+Interesting ports on foo.example.com:
+Not shown: 1710 filtered ports
+PORT STATE SERVICE
+22/tcp open ssh
+53/tcp open domain
+70/tcp closed gopher
+80/tcp open http
+113/tcp closed auth</pre><div class="para">
+ Nmap は、サービスがリッスンしているまたは待っている、最も一般的なネットワーク・コミュニケーション・ポートをテストします。この知識は、不必要または未使用のサービスを閉じたいと思っている管理者の助けにすることができます。
+ </div><div class="para">
+ Nmap の使用法に関する詳細は、以下の URL にある公式ホームページを参照してください。
+ </div><div class="para">
+ <a href="http://www.insecure.org/">http://www.insecure.org/</a>
+ </div></div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nessus"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.3.3.2. Nessus</h4></div></div></div><div class="para">
+ Nessus は完全なサービス・セキュリティ・スキャナーです。Nessus のプラグイン・アーキテクチャーはユーザーがシステムやネットワークのためにカスタマイズできるようにします。あらゆるスキャナーと同じように、Nessus は依存するシグネチャー・データベースのみと同じくらいだけ素晴らしいです。幸運にも、Nessus は頻繁にアップデートされ、完全なレポート、ホスト・スキャン、およびリアルタイムの脆弱性検索の機能を持ちます。Nessus のようにパワフルで頻繁に更新されるツールでさえ、フォールス・ポジティブやフォールス・ネガティブがある可能性があることを覚えておいてください。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Nessus ソフトウェアのクライアントとサーバーは Fedora リポジトリに含まれますが、使用するためのサブスクリプションが必要になります。この人気のあるアプリケーションを使用することに興味があるユーザーのための参考情報として、このドキュメントに含まれます。
+ </div></div></div><div class="para">
+ Nessus に関する詳細は、以下の URL にある公式ウェブサイトを参照してください。
+ </div><div class="para">
+ <a href="http://www.nessus.org/">http://www.nessus.org/</a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nikto"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.3.3.3. Nikto</h4></div></div></div><div class="para">
+ Nikto は優れた CGI (common gateway interface) スクリプト・スキャナーです。Nikto は CGI の脆弱性に対するチェックだけではなく、侵入検知システムを回避するために曖昧な方法で実行します。プログラムを実行するに先立って注意深くレビューされるべき完全なドキュメントがついています。ウェブサーバーが CGI スクリプトを取り扱っているならば、Nikto はこれらのサーバーのセキュリティをチェックするための優れたリソースになるでしょう。
+ </div><div class="para">
+ Nikto の詳細については、以下の URL を参照してください:
+ </div><div class="para">
+ <a href="http://www.cirt.net/code/nikto.shtml">http://www.cirt.net/code/nikto.shtml</a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.3.3.4. VLAD the Scanner</h4></div></div></div><div class="para">
+ VLAD は Bindview 社の <acronym class="acronym">RAZOR</acronym> チームにより開発された脆弱性スキャナーです。それは、一般的なセキュリティ問題(SNMP の問題、ファイル共有の問題など)の SANS Top Ten リストに対するチェックをします。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ VLAD は Fedora に含まれず、サポートされません。この一般的なアプリケーションを使用することに興味があるユーザーのために参考としてこのドキュメントに含めています。
+ </div></div></div><div class="para">
+ VLAD の詳細は、以下の URL にある RAZOR チームのウェブサイトで見つけられます:
+ </div><div class="para">
+ <a href="http://www.bindview.com/Support/Razor/Utilities/">http://www.bindview.com/Support/Razor/Utilities/</a>
+ </div></div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.3.3.5. 将来ニーズの予測</h4></div></div></div><div class="para">
+ ターゲットよリソースに依存して、利用可能な多くのツールがあります。無線ネットワーク、Novell ネットワーク、Windows システム、Linux システムなどに対するツールがあります。アセスメントを実行することの他の重要な部分は、物理セキュリティ、人事選考、または音声/PBX ネットワークのアセスメントをレビューすることを含めるかもしれません。無線ネットワークの脆弱性のために企業の物理構造の境界線をスキャンするこを含む、<em class="firstterm">war walking</em> のような新しい概念は、必要に応じてアセスメントに組み込み調査をできるいくつかの持ち上がってきている概念です。想像と露出は脆弱性のアセスメントを計画および実施のみに制限されます。
+ </div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Common_Exploits_and_Attacks" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. 一般的なエクスプロイトと攻撃</h2></div></div></div><div class="para">
+ <a class="xref" href="#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits">表1.1「一般的なエクスプロイト」</a> は、組織のネットワーク資源にアクセスするために侵入者により使用される、いくつかの最も一般的なエクスプロイトとエントリー・ポイントを詳しく説明します。これらの一般的なエクスプロイトの要点は、それらがどのように実行されるか、および、管理者がそのような攻撃に対してどのようにネットワークを適切に保護できるかの説明にあります。
+ </div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><h6>表1.1 一般的なエクスプロイト</h6><div class="table-contents"><table summary="一般的なエクスプロイト" border="1"><colgroup><col width="20%" class="Exploit" /><col width="40%" class="Description" /><col width="40%" class="Notes" /></colgroup><thead><tr><th>
+ エクスプロイト
+ </th><th>
+ 説明
+ </th><th>
+ 注意事項
+ </th></tr></thead><tbody><tr><td>
+ 空もしくはデフォルトのパスワード
+ </td><td>
+ 管理パスワードが空白のままになっているか、または製品ベンダーにより設定されたデフォルトのパスワードを使用していることです。ルーターやファイアウォールのようなハードウェアにおいて最も一般的です。一方、Linux で実行しているいくつかのサービスはデフォルトの管理者パスワードを含みます(しかし Fedora 12 はそれらを同梱しません)。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>routers, firewalls, VPN および network attached storage (NAS) アプライアンスのようなネットワーク・ハードウェアと一般的に関連づけられます。</td></tr><tr><td>(UNIX や Windows のような)多くの古いオペレーティングシステム、とくにバンドルされたサービス、において一般的です。</td></tr><tr><td>管理者はときどき急いで特権ユーザーアカウントを作成して、パスワードを空白にしたままにします。それは、アカウントを探索している悪意のあるユーザーにとって完璧なエントリ・ポイントを作ります。</td></tr></table>
+
+ </td></tr><tr><td>
+ デフォルトの共有鍵
+ </td><td>
+ セキュアなサービスはときどき、開発者や評価テスト目的のためにデフォルトのセキュリティ鍵をパッケージしています。これらの鍵が変更されずに残っていて、インターネットの本番環境に置かれていると、同じデフォルトの鍵を持つ<span class="emphasis"><em>すべての</em></span>ユーザーが、共有鍵の資源およびそれに含まれる機密情報すべてにアクセスできます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>無線アクセスポイントや事前設定されたセキュアなサーバー・アプリケーションにおいて最も一般的です。</td></tr></table>
+
+ </td></tr><tr><td>
+ IP スプーフィング
+ </td><td>
+ リモート・マシンは、ネットワーク資源上の制御を得るために、ローカル・ネットワークにおけるノードとして動作し、サーバにある脆弱性を見つけ、バックドア・プログラムまたはトロイの木馬をインストールします。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>対象システムへの接続を順序立てて並べるために、攻撃者が TCP/IP シーケンス番号を予測することを含むので、スプーフィングはかなり難しいです。しかし、いくつかのツールは攻撃者がそのような脆弱性を実行することを支援することが可能です。</td></tr><tr><td><em class="firstterm">ソース・ベース</em>の認証テクニックを使用することは、ターゲットシステムが実行しているサービス (<code class="command">rsh</code>, <code class="command">telnet</code>, FTP および他のもののような) に依存します。それは、PKI、および<code class="command">ssh</code> や SSL/TLS において使われる暗号化された認証の他の形式と比較するとき、推奨されません。</td></tr></table>
+
+ </td></tr><tr><td>
+ 盗聴
+ </td><td>
+ 2つのノードの間のコネクションにおいて盗聴することにより、ネットワークにおける2つのアクティブなノードを通過するデータを収集します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>この種類の攻撃は大抵、Telnet, FTP, および HTTP 転送のようなプレーン・テキストの送信プロトコルとともに機能します。</td></tr><tr><td>リモートの攻撃者は、そのような攻撃を実行するために、LAN において危険にさらされたシステムへとアクセスできなければいけません。クラッカーは通常、LAN においてシステムを危険にさらすために能動的な攻撃(IP スプーフィングや中間者攻撃のような)を使用します。</td></tr><tr><td>防御的対策は、パスワード盗聴を防ぐために、暗号的な鍵交換、ワンタイムパスワード、または暗号化された認証を用いたサービスを含みます。転送中、強い暗号が通知されます。</td></tr></table>
+
+ </td></tr><tr><td>
+ サービスの脆弱性
+ </td><td>
+ 攻撃者はインターネット上で実行されるサービスにおいて欠陥や抜け穴を見つけます。この脆弱性を通して、攻撃者はシステム全体と保持されるデータを危険にさらし、おそらくネットワークにある他のシステムも危険にさらすでしょう。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CGI のような HTTP ベースのサービスは、リモート・コマンド実行およびインタラクティブなシェル・アクセスにも脆弱です。HTTP サービスが "nobody" のような非特権ユーザーとして実行されているときでさえ、設定ファイルやネットワーク構成のような情報が読みとらる可能性があります。または、攻撃者はシステム資源を流出させたり、他のユーザーが利用不可能にしたりするサービス妨害攻撃を開始します。</td></tr><tr><td>サービスはときどき開発とテストの期間中に気がつかない脆弱性を持つ可能性があります。(攻撃者が、アプリケーションのメモリー・バッファを埋める任意の値を使用してサービスをクラッシュさせ、攻撃者に任意のコマンドを実行するインタラクティブな
コマンド・プロンプトを与える、<em class="firstterm">バッファ・オーバーフロー</em>のような)これらの脆弱性により攻撃者は完全な管理コントロールを持ちます。</td></tr><tr><td>管理者はサービスが root ユーザーとして実行されていないことを確実にします。また、ベンダや CERT や CVE のようなセキュリティ組織から、アプリケーションに対するパッチやエラッタ・アップデートを用心深いままでいます。</td></tr></table>
+
+ </td></tr><tr><td>
+ アプリケーションの脆弱性
+ </td><td>
+ 攻撃者はデスクトップやワークステーションのアプリケーション(電子メールクライアントのような)に欠陥を見つけて、任意のコードを実行します、将来の侵入のためにトロイの木馬を注入します、もしくはシステムをクラッシュさせます。侵入されたワークステーションがネットワークの残りにおいて管理特権を持つならば、さらなるエクスプロイトが起こる可能性があります。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ワークステーションとデスクトップは、作業者が侵入を防いだり検知したりする習熟や経験を持たないため、エクスプロイトをより受ける傾向にあります。認可されないソフトウェアをインストールする、または頼んでいない電子メールの添付ファイルを開くときに、とられるリスクの個々について説明することは不可欠です。</td></tr><tr><td>セーフガードは、電子メールソフトウェアが添付を自動的に開いたり実行したりしない、というように導入されます。加えて、Red Hat Network や他のシステム管理サービスを通してワークステーションのソフトウェアを自動更新することにより、マルチシートのセキュリティ・デプロイの負担を軽減できます。</td></tr></table>
+
+ </td></tr><tr><td>
+ サービス妨害 (DoS: Denial of Service) 攻撃
+ </td><td>
+ 攻撃者や攻撃者のグループは、ターゲット・ホスト(もしくは、サーバー、ルーター、ワークステーション)へ認可されないパケットを送ることにより組織のネットワークやサーバーのリソースに対して調整されます。これはリソースを正当なユーザーに利用不可能になるよう強制します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ã¢ã¡ãªã«ã§æãå ±åããã DoS æ»æã¯2000å¹´ã«èµ·ããã¾ãããããã¤ãã®é«ãã©ãã£ãã¯ã®åç¨ããã³æ¿åºã®ãµã¤ãã<em class="firstterm">zombies</em> ã¾ãã¯ãªãã¤ã¬ã¯ããããããã¼ããã£ã¹ãã»ãã¼ãã¨ãã¦åä½ããé«å¸¯åæ¥ç¶ãæã¤ããã¤ãã®å±éºã«ãããããã·ã¹ãã ãç¨ãã¦ã調æ´ããã ping ãã©ããæ»æã«ããå©ç¨ä¸å¯è½ã«ãªãã¾ããã</td></tr><tr><td>ã½ã¼ã¹ã»ãã±ããã¯é常ãæ»æã®æ¬å½ã®ã½ã¼ã¹ã調æ»ããã®ãé£ãããªããããå½è£
ï¼ã¾ãã¯åããã¼ããã£ã¹ãï¼ããã¦ãã¾ãã</td></tr><tr><td><code class="command">iptables</code> ãç¨ããã¤ã³ã°ã¬ã¹ã»ãã£ã«ã¿ (IETF rfc2267) ã«ãããé²æ©ããã³ <code class="command">snort</code> ã®ãã㪠Network Intrusion Detection Systems ã¯ç®¡çè
ãåæ£ããã DoS æ
»æã追ãããã¦é²ãã®ãæ¯æ´ãã¾ãã</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Security_Updates" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. セキュリティ・アップデート</h2></div></div></div><div class="para">
+ ã»ãã¥ãªãã£èå¼±æ§ãçºè¦ãããã¨ããå½±é¿ãåããã½ããã¦ã§ã¢ã¯ããããæ½å¨çãªãªã¹ã¯ãå¶éããããã«æ´æ°ãããªããã°ããã¾ãããã½ããã¦ã§ã¢ãç¾å¨ãµãã¼ãããã¦ãã Fedora ãã£ã¹ããªãã¥ã¼ã·ã§ã³ã®ä¸ã«ããããã±ã¼ã¸ã®ä¸é¨ãªãã°ãã§ããéãæ©ãèå¼±æ§ãä¿®æ£ããããã±ã¼ã¸ããªãªã¼ã¹ãããã¨ãã³ããããã¾ãããã°ãã°ãæä¾ãããã»ãã¥ãªãã£ã»ã¨ã¯ã¹ããã¤ãã«é¢ããã¢ãã¦ã³ã¹ã¯ãããï¼ã¾ãã¯åé¡ãä¿®æ£ããã½ã¼ã¹ã³ã¼ãï¼ãä¼´ã£ã¦ãã¾ããããã¦ããã®ããã㯠Fedora ããã±ã¼ã¸ã«é©ç¨ããããã¹ããããã¢ãããã¼ãã¨ãã¦ãªãªã¼ã¹ããã¾ããããããªãããã¢ãã¦ã³ã¹ã¯ããããå«ã¿ã¾ããã®ã§ãéçºè
ã¯ã¾ãåé¡ãä¿®æ£ããã½ããã¦ã§ã¢ã®ã¡ã³ããã¼ã¨ä½æ¥ãã¾ããåé¡ãä¿®æ£ãããã¨ãã
ãã±ã¼ã¸ã¯ãã¹ããããã¨ã©ãã¿ã»ã¢ãããã¼ãã¨ãã¦ãªãªã¼ã¹ããã¾ãã
+ </div><div class="para">
+ システムにおいて使用されているソフトウェアに対するエラッタ・アップデートがリリースされたならば、システムが潜在的に脆弱である時間を最小限にするため、できる限り早く影響を受けるパッケージを更新することが強く推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Security_Updates-Updating_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. パッケージの更新</h3></div></div></div><div class="para">
+ システムにおけるソフトウェアを更新するとき、信頼されたソースからアップデートをダウンロードすることが重要です。攻撃者は、問題を修正すると思われるもののように同じバージョン番号を持ちますが、異なるセキュリティ・エクスプロイトを持つパッケージを簡単に再構築でき、インターネットにリリースできます。これが起こると、オリジナルの RPM に対するファイルの検証のようなセキュリティ対策を用いても、エクスプロイットを検知できません。このように、信頼されたソース(Fedora のような)からのみ RPM をダウンロードし、その完全性を検証するためにパッケージの署名を確認することは非常に重要です。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Fedora システムに対するアップデートがあるとき、わかりやすいアラートが表示される便利なパネル・アイコンが Fedora に含まれます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. 署名されたパッケージの検証</h3></div></div></div><div class="para">
+ Fedora のパッケージはすべて Fedora <em class="firstterm">GPG</em> キーを用いて署名されています。GPG は GNU Privacy Guard または GnuPG を意味する、配布ファイルの真正性を確実にするために使用されるフリー・ソフトウェアのパッケージです。たとえば、公開鍵がパッケージをロック解除して検証するまで、プライベート鍵(秘密鍵)はパッケージをロックします。Fedora により配布される公開鍵が RPM 検証中に秘密鍵と一致しなければ、パッケージは改ざんされているかもしれず、そのため信頼できません。
+ </div><div class="para">
+ Fedora の中にある RPM ユーティリティは、RPM パッケージのインストール前に自動的に GPG 署名を検証しようとします。Fedora GPG キーがインストールされていないならば、Fedora インストール CD-ROM または DVD のような、安全かつ静的な場所からそれをインストールします。
+ </div><div class="para">
+ ディスクが <code class="filename">/mnt/cdrom</code> にマウントされていると仮定すると、以下のコマンドを用いて <em class="firstterm">keyring</em> (システムにおいて信頼されたキーのデータベース) の中にインポートすることができます:
+ </div><pre class="screen"><code class="command">rpm --import /mnt/cdrom/RPM-GPG-KEY</code></pre><div class="para">
+ RPM 検証のためにインストールされたすべてのキーを一覧表示するために、次のコマンドを実行します:
+ </div><pre class="screen"><code class="command">rpm -qa gpg-pubkey*</code></pre><div class="para">
+ 出力は以下のように見えるでしょう:
+ </div><pre class="screen"><code class="computeroutput">gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ 特定のキーに関する詳細を表示するために、この例のように、前のコマンドの出力にしたがって <code class="command">rpm -qi</code> コマンドを使用します:
+ </div><pre class="screen"><code class="command">rpm -qi gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ RPM ファイルをインストールする前に、パッケージのオリジナル・ソースから改ざんされていないことを確実にするために、それの署名を検証することは極めて重要です。ダウンロードしたパッケージを一度に検証するために、以下のコマンドを発行します:
+ </div><pre class="screen"><code class="command">rpm -K /tmp/updates/*.rpm</code></pre><div class="para">
+ 各パッケージに対して、GPG キーが正しく検証されると、コマンドは <code class="computeroutput">gpg OK</code> を返します。そうでなければ、コンテンツのソースを検証するだけでなく、正しい Fedora 公開鍵を使用していることを確実にします。GPG 検証を通過しなかったパッケージは、第三者により改ざんされているかもしれないので、インストールすべきではありません。
+ </div><div class="para">
+ GPG キーを検証して、エラッタ・レポートに関連するすべてのパッケージをダウンロードした後、シェル・プロンプトにおいて root としてパッケージをインストールします。
+ </div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. 署名されたパッケージのインストール</h3></div></div></div><div class="para">
+ 多くのパッケージに対するインストールは、(カーネル・パッケージを除いて、)以下のコマンドにより、安全に実行することができます:
+ </div><pre class="screen"><code class="command">rpm -Uvh /tmp/updates/*.rpm</code></pre><div class="para">
+ カーネル・パッケージに対しては、以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">rpm -ivh /tmp/updates/<em class="replaceable"><code><kernel-package></code></em></code></pre><div class="para">
+ 前の例にある <em class="replaceable"><code><kernel-package></code></em> をカーネル RPM の名前で置き換えます。
+ </div><div class="para">
+ マシンが新しいカーネルを用いて安全に再起動されると、古いカーネルは以下のコマンドを用いて削除することができます:
+ </div><pre class="screen"><code class="command">rpm -e <em class="replaceable"><code><old-kernel-package></code></em></code></pre><div class="para">
+ 前の例にある <em class="replaceable"><code><old-kernel-package></code></em> を古いカーネル RPM で置き換えます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 古いカーネルを削除することは必要ではありません。デフォルトのブートローダ GRUB は、複数のカーネルがインストールされることを許可します。そして、ブート時にメニューから選択されます。
+ </div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ あらゆるセキュリティ・エラッタをインストールする前に、エラッタ・レポートに含まれるすべての特別な指示を確実に読み、それに応じてそれらを実行します。エラッタ・アップデートにより行われた変更を適用することに関する一般的な情報は <a class="xref" href="#sect-Security_Guide-Updating_Packages-Applying_the_Changes">「変更の適用」</a> を参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. 変更の適用</h3></div></div></div><div class="para">
+ セキュリティ・エラッタとアップデートをダウンロードしてインストールした後、古いソフトウェアの使用を停止し、新しいソフトウェアの使用を開始します。これがどのように実行されるかは、更新されたソフトウェアの種類によります。以下の一覧は、ソフトウェアの一般的なカテゴリを一覧化し、パッケージのアップグレード後に更新されたバージョンを使用するための説明を提供します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 一般に、システムを再起動することは、ソフトウェア・パッケージの最新バージョンを確実に使用するための最も確実な方法です。しかしながら、この選択肢は必ずしも必要とされません、またはシステム管理者が利用可能ではありません。
+ </div></div></div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">アプリケーション</span></dt><dd><div class="para">
+ ユーザ空間アプリケーションは、システムのユーザーにより開始できるあらゆるプログラムです。一般的に、そのようなアプリケーションは、ユーザー、スクリプトまたは自動化されたタスク・ユーティリティがそれらを起動して、長い期間続かないときにのみ使われます。
+ </div><div class="para">
+ そのようなユーザー空間アプリケーションが更新されると、システムにあるアプリケーションのインスタンスをすべて停止して、更新したバージョンを使用するために再びプログラムを起動します。
+ </div></dd><dt class="varlistentry"><span class="term">カーネル</span></dt><dd><div class="para">
+ カーネルは Fedora オペレーティング・システムの中心的なソフトウェア・コンポーネントです。メモリー、プロセッサおよび周辺機器へのアクセスを管理するだけでなく、すべてのタスクをスケジュールします。
+ </div><div class="para">
+ その中心的な役割のため、カーネルはコンピュータを止めることなく再起動することはできません。そのため、カーネルの更新されたバージョンはシステムが再起動されるまで使うことができません。
+ </div></dd><dt class="varlistentry"><span class="term">共有ライブラリ</span></dt><dd><div class="para">
+ 共有ライブラリは、<code class="filename">glibc</code> のように、多くのアプリケーションやサービスにより使用される、コードの集合です。共有ライブラリを使用しているアプリケーションは、一般的にアプリケーションが初期化されるときに共有コードをロードします。そのため、更新されたライブラリを使用しているすべてのアプリケーションは停止して再起動しなければいけません。
+ </div><div class="para">
+ 実行しているアプリケーションが特定のライブラリにリンクしているかどうかを決めるために、以下の例にあるように <code class="command">lsof</code> コマンドを使用します:
+ </div><pre class="screen"><code class="command">lsof /lib/libwrap.so*</code></pre><div class="para">
+ このコマンドは、ホストのアクセス制御用の TCP Wrappers を使用している、実行中のプログラムをすべて返します。
+ </div></dd><dt class="varlistentry"><span class="term">SysV サービス</span></dt><dd><div class="para">
+ SysV サービスはブート中に起動される永続的なプログラムです。SysV サービスの例は、<code class="command">sshd</code>, <code class="command">vsftpd</code>, および <code class="command">xinetd</code> を含みます。
+ </div><div class="para">
+ 通常これらのプログラムはマシンがブートしている限りはメモリに永続するので、それぞれの更新された SysV サービスはパッケージが更新された後に停止して再起動しなければいけません。これは、<span class="application"><strong>サービス設定ツール</strong></span>を用いるか、rootシェル・プロンプトにログインして、以下の例にあるように <code class="command">/sbin/service</code> コマンドを発行することにより実行されます。
+ </div><pre class="screen"><code class="command">/sbin/service <em class="replaceable"><code><service-name></code></em> restart</code></pre><div class="para">
+ 前の例において、<em class="replaceable"><code><service-name></code></em> を <code class="command">sshd</code> のようなサービスの名前で置き換えます。
+ </div></dd><dt class="varlistentry"><span class="term"><code class="command">xinetd</code> サービス</span></dt><dd><div class="para">
+ <code class="command">xinetd</code> スーパー・サービスにより管理されているサービスは、アクティブな接続があるときのみ実行されます。<code class="command">xinetd</code> により管理されるサービスの例は Telnet, IMAP, および POP3 を含みます。
+ </div><div class="para">
+ これらのサービスの新しいインスタンスは 新しいリクエストが受け取られるたびに <code class="command">xinetd</code> により起動されるので、更新後に発生した接続は更新されたソフトウェアにより取り扱われます。しかしながら、<code class="command">xinetd</code> に管理されたサービスが更新されたときにアクティブな接続があるならば、それらは古いバージョンのソフトウェアによりサービスされます。
+ </div><div class="para">
+ <code class="command">xinetd</code> が管理している特定のサービスの古いインスタンスを止めて、サービスに対するパッケージを更新するために、現在実行中のプロセスをすべて停止します。プロセスが実行中であるかどうかを決めるために、<code class="command">ps</code> コマンドを使用します。そして、現在のサービスのインスタンスを止めるために <code class="command">kill</code> または <code class="command">killall</code> コマンドを使用します。
+ </div><div class="para">
+ たとえば、<code class="filename">imap</code> パッケージのセキュリティ・エラッタがリリースされ、パッケージを更新したならば、シェル・プロンプトの中で root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">ps -aux | grep imap</code></pre><div class="para">
+ このコマンドはすべてのアクティブな IMAP セッションを返します。各セッションは以下のコマンドを発行することにより停止できます:
+ </div><pre class="screen"><code class="command">kill <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ これがセッションを停止するのに失敗したら、代わりに以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">kill -9 <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ 前の例において、<em class="replaceable"><code><PID></code></em> を IMAP セッションに対するプロセス識別番号(<code class="command">ps</code> コマンドの2番目の列で見つけられます)に置き換えます。
+ </div><div class="para">
+ すべてのアクティブな IMAP セッションを止めるために、以下のコマンドを発行します:
+ </div><pre class="screen"><code class="command">killall imapd</code></pre></dd></dl></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm62704160" href="#idm62704160" class="para">1</a>] </sup>
+ http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm13075888" href="#idm13075888" class="para">2</a>] </sup>
+ http://www.livinginternet.com/i/ia_hackers_levin.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm49781184" href="#idm49781184" class="para">3</a>] </sup>
+ http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm49782800" href="#idm49782800" class="para">4</a>] </sup>
+ http://www.healthcareitnews.com/story.cms?id=9408
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm49783872" href="#idm49783872" class="para">5</a>] </sup>
+ http://www.internetworldstats.com/stats.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm55775680" href="#idm55775680" class="para">6</a>] </sup>
+ http://www.cert.org
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm55776192" href="#idm55776192" class="para">7</a>] </sup>
+ http://www.cert.org/stats/fullstats.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm100428992" href="#idm100428992" class="para">8</a>] </sup>
+ http://www.newsfactor.com/perl/story/16407.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm100430592" href="#idm100430592" class="para">9</a>] </sup>
+ http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm93795824" href="#idm93795824" class="para">10</a>] </sup>
+ http://www.sans.org/resources/errors.php
+ </div></div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Basic_Hardening" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第2ç« åºæ¬å¼·åã¬ã¤ã</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. åºæ¬åå</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. ããã¯ãªãéè¦ãªã®ã§ããããï¼</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. ç©çã»ãã¥ãªãã£</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. ããã¯ãªãéè¦ãªã®ã§ããããï¼</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. ä»ã«ä½ã
ã§ããã§ããããï¼</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking">2.6. ãããã¯ã¼ã¯</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. ã½ããã¦ã§ã¢ã®ææ°åç¶æ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-Services">2.8. ãµã¼ãã¹</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</a></span></dt></dl></div><div class="para">
+ <a href="http://www.nsa.gov">US National Security Agency</a> (NSA) は Red Hat Enterprise Linux 5 のデフォルトインストールを強化するための2つのガイドを開発してきました。これらのガイドで提供される多くのヒントは Fedora のインストールに対しても有効です。この基本強化ガイドは、NSA の強化ヒントの一部分を取り扱い、これらのヒントを実装することがなぜ重要であるかを説明します。
+ </div><div class="para">
+ システムに対するあらゆる変更と同じように、これらの変更は意図しない結果を引き起こすことがあります。変更が実装される前にあなたのシステムにおいて適切であることを評価されるべきです。
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles">2.1. 基本原則</h2></div></div></div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ãããã¯ã¼ã¯çµç±ã§è»¢éããããã¹ã¦ã®ãã¼ã¿ãæå·åãã¾ããèªè¨¼æ
å ±ï¼ãã¹ã¯ã¼ããªã©ï¼ãæå·åãããã¨ã¯ã¨ãã«éè¦ã§ãã</td></tr><tr><td>èå¼±æ§ãæå°åããããã«ãã¤ã³ã¹ãã¼ã«ããã³å®è¡ããã¦ããã½ããã¦ã§ã¢ã®éãæå°åãã¾ãã</td></tr><tr><td>å©ç¨å¯è½ãªã¨ãã¯ã»ãã¥ãªãã£å¼·åãããã½ããã¦ã§ã¢ããã³ãã¼ã«ï¼ä¾ãã°ãSELinux ã IPTablesï¼ã使ç¨ãã¾ãã</td></tr><tr><td>åãããã¯ã¼ã¯ãµã¼ãã¹ãã§ããéãå¥ã
ã®ãµã¼ãã¼ã«ããã¦å®è¡ãã¾ããããã«ããããããµã¼ãã¹ã®ã»ãã¥ãªãã£ä¾µå®³ã«ããä»ã®ãã®ã¸ã®ä¾µå®³ã«ã¤ãªãããªã¹ã¯ãæå°åãã¾ãã</td></tr><tr><td>ã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ããç¶æãã¾ããè¯ããã¹ã¯ã¼ãããªã·ã¼ãä½æãã¦ããã®ä½¿ç¨ãå¼·å¶ãã¾ãã使ç
¨ãã¦ããªãã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ããåé¤ãã¾ãã</td></tr><tr><td>å®å¸¸æ¥åã¨ãã¦ã·ã¹ãã ãã°ã¨ã¢ããªã±ã¼ã·ã§ã³ãã°ã確èªãã¾ãããã°ãéä¸ãã°ãµã¼ãã¼ã«éä¿¡ãã¾ããããã«ãããä¾µå
¥è
ããã¼ã«ã«ãã°ãæ¹ãããããã¨ã«ãããç°¡åã«æ¤ç¥ãããªãããã«ãããã¨ãé²ãã¾ãã</td></tr><tr><td>絶対ã«å¿
è¦ãªã¨ã以å¤ã¯ãç´æ¥ root ã¨ãã¦ãã°ã¤ã³ãã¾ããã管çè
ã¯ãå¿
è¦ãªã¨ãã« root ã¨ãã¦ã³ãã³ããå®è¡ããããã« <code class="command">sudo</code> ã使ç¨ãã¹ãã§ããsudo ã使ç¨ããè½åã®ããã¢ã«ã¦ã³ã㯠<code class="filename">/etc/sudoers</code> ã«æå®ããã¾ãããã㯠visudo ã¦ã¼ãã£ãªãã£ãç¨ãã¦ç·¨éããã¾ããé¢é£ãããã°ã¯æ¨æºã§ <code class="filename">/var/log/secure</code> ã«æ¸ãè¾¼ã¾ãã¾ãã</td></tr></table>
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. これはなぜ重要なのでしょうか?</h2></div></div></div><div class="para">
+ NSA の基本原則はセキュリティのベストプラクティスの概要を表現します。上の一覧には、おそらくすべての人により使われることがない項目があります、また、ベストプラクティスとして強調されるべき失われた項目があるでしょう。これらのアイディアに関するさらなる情報と他の事項が以下で説明されます。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. 物理セキュリティ</h2></div></div></div><div class="para">
+ システムの物理セキュリティは最大の重要事項です。ここで与えられる多くの提案は、攻撃者がシステムに物理的にアクセスできるならば、システムを保護できないでしょう。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ このセクションは GRUB Legacy に関する情報を含みます。現在のリリースの GRUB (GRUB2 として知られています) ではありません。Fedora 16 は GRUB Legacy を使用していないので、以下のコマンドの多くは Fedora 16 やそれ以降のバージョンにおいて機能しません。
+ </div></div></div><div class="para">
+ CD/DVD、フロッピーおよび外部デバイスからのブートを無効にBIOSを設定して、これらの設定を保護するためにパスワードを設定します。次に、GRUBブートローダーにパスワードを設定します。コマンド ''/sbin/grub-md5-crypt'' を用いてパスワードハッシュを生成します。'' password --md5'' '''passwordhash''' を用いてハッシュを ''/etc/grub.conf'' の最初の行に追加します。これにより、ユーザーがシングルユーザーモードに入ったり、ブート時に設定を変えたりすることを防ぎます。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. これはなぜ重要なのでしょうか?</h2></div></div></div><div class="para">
+ 攻撃者が外部ソースからブートすることによりシステムの完全な制御をとることができます。外部ソース(たとえば live Linux CD)からブートすることにより、多くのセキュリティ設定が回避されます。攻撃者は GRUB の設定を変更することができるならば、システムへの管理者アクセスが可能になるシングルユーザーモードでブートすることができます。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. 他に何ができるでしょうか?</h2></div></div></div><div class="para">
+ Fedora 9 以降、LUKS 暗号化パーティションに保存されたデータを保護するために LUKS 暗号化がネイティブにサポートされています。Fedora 9 をインストールするときに、ファイルシステムをセットアップするとき、ファイルシステムを暗号化するためにボックスをチェックします。ルートパーティションおよび <code class="filename">/home</code> パーティション(または、デフォルトのファイルシステムならば、1つの / パーティション)を暗号化することにより、攻撃者が外部ソースを用いたりシングルユーザーモードでブートしたりするのを防ぎます。もちろん、あなたはデータを保護するために強力なパスフレーズを使用します。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Networking">2.6. ネットワーク</h2></div></div></div><div class="para">
+ コンピューターのネットワーク接続はシステムへの入り口です。ファイルおよびプロセッサー時間は、他の保護機能が実装されていなければ、ネットワーク接続経由でシステムに正常に接続した、すべての人に利用可能です。システムをコントロールした状態にしておく主要な方法の一つは、攻撃者が最初の場所でシステムにアクセスできないようにしておくことです。
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> は今日 Linux システムにおいてもっとも広く使用されているファイアウォールソフトウェアです。このプログラムは、ネットワーク接続経由でコンピューターに受信したパケットを横取りします。そして、指定されたルールに基づいてそれらをフィルターします。さらなる情報は<a class="xref" href="#sect-Security_Guide-IPTables">「IPTables」</a>にあります。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</h3></div></div></div><div class="para">
+ IPv6 は最新のインターネットプロトコルです。アドレス不足を解決することを目指した IPv4 の後継です。また、新しいプロトコルに関連した直接的なセキュリティリスクはありません。この新しい技術を利用する前に理解することがいくつかあります。
+ </div><div class="para">
+ å¤ãã®ã·ã¹ãã 管çè
㯠IPv4 ã«æ
£ãã¦ãã¾ããããã¦ãæ£ãã IPv4 ãåä½ãããããã«å ããããæ«å®å¯¾å¦ã«ã¤ãã¦æ
£ãã¦ãã¾ãããããã®æ«å®å¯¾å¦ã®ä¸ã¤ã¯ãããã¯ã¼ã¯ã¢ãã¬ã¹å¤æ <em class="firstterm">NAT</em> ã§ããNAT ã¯æ
£ç¿çã«ããã¼ã«ã«ã¨ãªã¢ãããã¯ã¼ã¯ãæ§ç¯ããã¨ãã«ãå¿
è¦ã¨ãªããããªã㯠IP ã¢ãã¬ã¹ã®æ°ãæå°éã«ããããã«ä½¿ç¨ããã¦ãã¾ãããããã®ãããã¯ã¼ã¯ã«ããã·ã¹ãã ã¯ãããªã㯠IP ã¢ãã¬ã¹ãå¿
è¦ã¨ãã¾ãããã¾ããéè¦ãªã¢ãã¬ã¹ç©ºéããããã®æè¡ãå®è£
ãããã¨ã«ããç¯ç´ã§ãã¾ããNAT ã«ããå¯ä½ç¨ã¨ãã¦ããã¤ãã®ã»ãã¥ãªãã£æ©è½ãããã¾ãããã£ã¨ã大ããªãã®ã¯ããã¼ããã«ã¼ã¿ã¼ãè¶ãã¦è»¢éãããªãéããå¤é¨ã®éä¿¡ããããã¯ã¼ã¯ã®å
é¨ã«å
¥ããªããã¨ã§ããIPv6 ã¯ã¢ãã¬ã
¹åé¡ã解決ããã®ã§ããã¯ã NAT ã使ç¨ããå¿
è¦\nã¯ããã¾ããããã¹ã¦ã®ãã®ããããªã㯠IP ã¢ãã¬ã¹ãæã¦ã¾ããããã«ãæ¡å¼µãããã¨ã«ããããã¹ã¦ã®ãã®ãç©ççããã³è«ççã«æ¥ç¶ããã¦ããã¨ããã¤ã³ã¿ã¼ããããã¾ããããããªãã¯ã«ã«ã¼ãå¯è½ã§ã¯ããã¾ããã
+ </div><div class="para">
+ 心配するべきもう一つのことは、セキュリティソフトウェアがこの新しいプロトコルをどのように処理するかです。<span class="application"><strong>iptables</strong></span> は IPv6 を認識もしくは理解しません。そのため、これらのパケットを無視します。つまり、ネットワークが IPv6 を利用し、<span class="application"><strong>ip6tables</strong></span> を有効化していなければ、システムを世界中に向けて開け放っていることになります。
+ </div><div class="para">
+ システムのソフトウェアがこの新しいネットワークプロトコルを使用できるという、変更点を把握して理解している限り、IPv6 を使用することは危険ではありません。
+ </div></div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Up_to_date"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. ソフトウェアの最新化維持</h2></div></div></div><div class="para">
+ ソフトウェアは毎日パッチをあてられます。これらの更新のいくつかは、開発者により識別されたセキュリティ問題を修正します。これらのパッチが利用可能になったとき、できる限り早くシステムに適用することが重要です。システムの更新を管理するもっとも簡単な方法の一つは <span class="application"><strong>yum</strong></span> を使用することです。バグ修正と機能拡張を無視して、セキュリティ更新のみをインストールできるようにする、特別なプラグインが利用可能です。このプラグインは<a class="xref" href="#sect-Security_Guide-CVE-yum_plugin">「YUM プラグイン」</a>においてより詳しく説明しています。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-Services"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Services">2.8. サービス</h2></div></div></div><div class="para">
+ Linux におけるサービスは、バックグラウンドにおいてデーモンとして実行されるプログラムです。実行する必要があるかどうかを決めるために、これらのプログラムを定期的に監査することが重要です。多くのデーモンは呼び出しをリッスンするためにネットワークのポートを開きます。不必要なポートを開いておくことにより、システム全体のセキュリティを危険にさらす可能性があります。あるソフトウェアの未知のセキュリティ侵害により、攻撃者がシステムの中に不正な理由で侵入できるようになる可能性があります。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Hardening-NTP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</h2></div></div></div><div class="para">
+ Network Time Protocol (<em class="firstterm">NTP</em>) はシステムの時刻を正確に保ちます。時間はセキュリティのパズルの非常に重要なピースであり、できる限り正確に維持するべきです。時間は、ログファイル、タイムスタンプおよび暗号において使用されます。誰かがシステムにおいて時刻設定を制御できるならば、侵入の再現をより難しくすることができます。
+ </div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Securing_Your_Network" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第3章 ネットワークのセキュア化</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security">3.1. ワークステーションのセキュリティ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. ワークステーションのセキュリティの評価</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS とブートローダのセキュリティ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. パスワードのセキュリティ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guid
e-Workstation_Security-Administrative_Controls">3.1.4. 管理的コントロール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. 利用可能なネットワーク・サービス</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. パーソナル・ファイアウォール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. セキュリティ強化したコミュニケーション・ツール</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Server_Security">3.2. サーバのセキュリティ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. TCP Wrappers と xinetd を用いたサービスのセキュア化</a></span
></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Portmap ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. NIS ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. NFS ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Apache HTTP Server ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. FTP ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Sendmail ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. ãªãã¹ã³ãã¦ãããã
¼ãã®ç¢ºèª</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. æ¦è¦</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. æ°ããã¹ãã¼ãã«ã¼ãã®éå§æ¹æ³</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. ã¹ãã¼ãã«ã¼ãã®ç»é²ã¯ã©ã®ããã«åä½ãã¾ãã</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. ã¹ãã¼ãã«ã¼ãã®ãã°ã¤ã³ã¯ã©ã®ããã«åä½ãã¾ãã</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5.
Firefox が SSO 用に Kerberos を使用するよう設定します</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Yubikey">3.4. YubiKey</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. センター・サーバーを用いた YubiKey の使用</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Yubikey-Web_Sites">3.4.2. YubiKey を用いたウェブサイトの認証</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. PAM の利点</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM 設定ファイル</a></span></dt><dt
><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM 設定ファイルの形式</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. サンプル PAM 設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. PAM モジュールの作成</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM と管理クレディンシャルのキャッシュ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM とデバイスの所有</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Pluggable_Authentication_
Modules_PAM-Additional_Resources">3.5.8. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers と xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers の設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd 設定ファイル</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="#sec
t-Security_Guide-Kerberos">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Kerberos とは何でしょうか?</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos の用語</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Kerberos はどのように動作しますか</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos と PAM</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Kerberos 5 サーバーの設定</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Kerberos 5 クライアントの設定</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Domai
n_to_Realm_Mapping">3.7.7. ドメイン-レルムのマッピング</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. セカンダリ KDC のセットアップ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. クロス・レルム認証のセットアップ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-Firewalls">3.8. ファイアウォール</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter と IPTables</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. 基本的なファイアウォールの設定</a></span></dt><dt><span cl
ass="section"><a href="#sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. IPTables の使用</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. 一般的な IPTables フィルタ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> および <acronym class="acronym">NAT</acronym> ルール</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables とコネクション追跡</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide
-Firewalls-Additional_Resources">3.8.9. 追å ã®ãªã½ã¼ã¹</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Security_Guide-IPTables">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. ãã±ããã»ãã£ã«ã¿ãªã³ã°</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. IPTables ã®ã³ãã³ãã»ãªãã·ã§ã³</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. IPTables ã«ã¼ã«ã®ä¿å</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables å¶å¾¡ã¹ã¯ãªãã</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables IPv6</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-IPTables-Additional_Resources">3.9.6. è
¿½å ã®ãªã½ã¼ã¹</a></span></dt></dl></dd></dl></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Workstation_Security" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Workstation_Security">3.1. ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã®ã»ãã¥ãªãã£</h2></div></div></div><div class="para">
+ Linux 環境をセキュアにすることはワークステーションから始めます。個人のマシンをロックするか企業システムをセキュアにするかどちらかに関わらず、健全なセキュリティ・ポリシーが個々のコンピュータから始まります。コンピュータ・ネットワークも最も弱いノードと同じくらいだけの安全性しかありません。
+ </div><div class="section" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. ワークステーションのセキュリティの評価</h3></div></div></div><div class="para">
+ Fedora ワークステーションのセキュリティを評価するとき、以下の事項を考慮します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>BIOS とブートローダのセキュリティ</em></span> — 認可されないユーザーがマシンに物理的にアクセスして、パスワードなしでシングルユーザーモードまたはレスキューモードにてブートできますか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パスワードのセキュリティ</em></span> — マシンのユーザー・アカウントのパスワードはどのくらいセキュアですか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>管理的コントロール</em></span> — 誰がシステムにアカウントを持ちますか、そしてどのくらいの管理的コントロールを持ちますか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>利用可能なネットワーク・サービス</em></span> — どのサービスがネットワークからのリクエストを待ち受けていますか、またそれらはすべて実行すべきですか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パーソナル・ファイアウォール</em></span> — もしあれば、どのタイプのファイアウォールが必要とされますか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>セキュリティ強化された通信ツール</em></span> — どのツールがワークステーション間の通信に使用され、どれが避けられるべきでしょうか?
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS とブートローダのセキュリティ</h3></div></div></div><div class="para">
+ BIOS とブートローダに対するパスワードの保護は、システムに物理的にアクセスできる認可されないユーザーが、リムーバブル・メディアを使用してブートしたり、シングルユーザーモードで root 特権を得たりすることを防げます。そのような攻撃に対する保護を得るためにとるべきセキュリティ対策は、ワークステーションにおける情報の機密性とマシンの場所に依存します。
+ </div><div class="para">
+ たとえば、信頼された人々のみがアクセスできる安全な場所においてマシンが使用され、コンピュータが機密情報を含まないならば、そのような攻撃を防ぐことは致命的ではないかもしれません。しかしながら、会社のネットワークに対するプライベートな暗号化されていない SSH キーを持つ従業員のラップトップが展示会に出席されずに残っているならば、会社全体に対する分岐を持つ主要なセキュリティ侵害につながるでしょう。
+ </div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">3.1.2.1. BIOS パスワード</h4></div></div></div><div class="para">
+ コンピュータの BIOS をパスワードで保護するおもな2つの理由は次のとおりです<sup>[<a id="idm75161264" href="#ftn.idm75161264" class="footnote">11</a>]</sup>:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>BIOS 設定の変更を防ぐ</em></span> — 侵入者が BIOS へのアクセス権を持つならば、ディスクや CD-ROM からブートするよう設定できます。これにより、システムにおいて任意のプロセスを開始したり機密データをコピーしたりできるようにする、レスキューモードやシングルユーザーモードに入ることができるようになります。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>システムのブートを防ぐ</em></span> — いくつかの BIOS はブート・プロセスのパスワード保護を許可します。有効化されたとき、攻撃者は BIOS がブートローダを起動する前にパスワードを入力することが強制されます。
+ </div></li></ol></div><div class="para">
+ BIOS パスワードを設定する方法はコンピュータ製造者間で異なるため、詳細な説明はコンピュータのマニュアルを参照してください。
+ </div><div class="para">
+ もし BIOS パスワードを忘れたならば、マザーボードにあるジャンパーを用いてリセットします、または CMOS バッテリーを外します。このため、可能ならばコンピュータのケースをロックすることはグッド・プラクティスです。しかし、CMOS バッテリーを外そうとする前にコンピュータまたはマザーボードのマニュアルを参照してください。
+ </div><div class="section" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms">3.1.2.1.1. 非 x86 プラットフォームのセキュア化</h5></div></div></div><div class="para">
+ 他のアーキテクチャは低レベルのタスク(x86 システムにおける BIOS のそれらとほぼ同等)を実行するために異なるプログラムを使用します。たとえば、 <span class="trademark">Intel</span>® <span class="trademark">Itanium</span>™ コンピュータは <em class="firstterm">Extensible Firmware Interface</em> (<em class="firstterm">EFI</em>) シェルを使用します。
+ </div><div class="para">
+ 他のアーキテクチャにおける BIOS のようなプログラムをパスワード保護することの説明は、製造者の説明書を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">3.1.2.2. ブートローダのパスワード</h4></div></div></div><div class="para">
+ Linux ブートローダをパスワードで保護する主要な理由は以下のとおりです:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>シングルユーザーモードにアクセスすることを防ぎます</em></span> — 攻撃者がシングルユーザーモードでシステムをブートできるならば、root パスワードを聞かれることなく自動的に root としてログインされます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>GRUB コンソールへのアクセスを防ぎます</em></span> — マシンがブートローダとして GRUB を使用していると、攻撃者は <code class="command">cat</code> コマンドを用いて、設定を変更したり情報を集めたりするために、GRUB 編集インタフェースを使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>セキュアではないオペレーティングシステムへのアクセスを防ぎます</em></span> — もしデュアルブートのシステムであれば、攻撃者は、アクセス制御とファイル・パーミッションを無視して、ブート時にオペレーティングシステム(たとえば、DOS)を選択できます。
+ </div></li></ol></div><div class="para">
+ Fedora は x86 プラットフォームにおいて GRUB ブートローダを同梱しています。GRUB に関する詳細は Red Hat Installation Guide を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB">3.1.2.2.1. GRUB のパスワード保護</h5></div></div></div><div class="para">
+ You can configure GRUB to address the first two issues listed in <a class="xref" href="#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">「ブートローダのパスワード」</a> 。これをするために、まず強いパスワードを選択し、シェルを開き、root としてログインし、そして以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">/sbin/grub-md5-crypt</code></pre><div class="para">
+ プロンプトが出たとき、GRUB パスワードを入力し、<span class="keycap"><strong>Enter</strong></span> を押します。これはパスワードの MD5 ハッシュを返します。
+ </div><div class="para">
+ 次に、GRUB 設定ファイル <code class="filename">/boot/grub/grub.conf</code> を編集します。ファイルを開き、main セクションにある <code class="command">timeout</code> 行の下に以下の行を追加します:
+ </div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><password-hash></code></em> を <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="idm110670720" href="#ftn.idm110670720" class="footnote">12</a>]</sup> により返された値に置き換えます。
+ </div><div class="para">
+ システムが次回起動するとき、GRUB メニューが <span class="keycap"><strong>p</strong></span> に続けて GRUB パスワードをまず入力するまで、エディタまたはコマンド・インタフェースにアクセスするのを防ぎます。
+ </div><div class="para">
+ 不幸にも、このソリューションは攻撃者がデュアルブート環境でセキュアではないオペレーティング・システムからブートするのを防げません。このため、<code class="filename">/boot/grub/grub.conf</code> ファイルの違う部分を編集しなければいけません。
+ </div><div class="para">
+ セキュアにしたいオペレーティング・システムの <code class="computeroutput">title</code> 行を探します。そして、そのすぐ後ろに <code class="command">lock</code> ディレクティブを行に追加します。
+ </div><div class="para">
+ DOS システムのために、その節は以下と似たように始まるでしょう:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock</code></pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ この方法が正しく動作するために、<code class="computeroutput">password</code> 行が <code class="filename">/boot/grub/grub.conf</code> ファイルの main セクションに存在しなければいけません。さもなければ、攻撃者が GRUB 編集インタフェースにアクセスでき、lock 行を削除できます。
+ </div></div></div><div class="para">
+ 特定のカーネルやオペレーティング・システムに対して異なるパスワードを作成するために、password 行に続けて <code class="command">lock</code> 行を節に追加します。
+ </div><div class="para">
+ 一意なパスワードで保護される各節は、以下のサンプルと似たような行で始まるでしょう:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Password_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. パスワードのセキュリティ</h3></div></div></div><div class="para">
+ パスワードは Fedora がユーザーのアイデンティティを検証するために使用される第一の方法です。これは、パスワード・セキュリティがユーザー、ワークステーション、およびネットワークの保護のために非常に重要である理由です。
+ </div><div class="para">
+ セキュリティ目的のために、インストール・プログラムはシステムが <em class="firstterm">Message-Digest Algorithm</em> (<span class="emphasis"><em>MD5</em></span>) および shadow パスワードを使用するよう設定します。これらの設定を変更しないことが強く推奨されます。
+ </div><div class="para">
+ MD5 パスワードがインストール中に選択解除されていると、古い <em class="firstterm">Data Encryption Standard</em> (<em class="firstterm"><acronym class="acronym">DES</acronym></em>) 形式が使用されます。この形式はパスワードを英数字8文字に制限し、少量の56ビット・レベルの暗号化を提供します。
+ </div><div class="para">
+ shadow パスワードがインストール中に選択解除されていると、すべてのパスワードが全ユーザーが読み込める <code class="filename">/etc/passwd</code> ファイルに一方向ハッシュとして保存されます。それは、システムをオフライン・パスワード・クラック攻撃に対して脆弱にします。侵入者が通常のユーザーとしてマシンへのアクセス権を得られると、<code class="filename">/etc/passwd</code> ファイルを自分自身のマシンにコピーして、それに対してパスワード・クラック・プログラムをいくらでも実行できます。ファイルにセキュアではないパスワードがあると、パスワード・クラッカーがそれを発見するのは時間の問題です。
+ </div><div class="para">
+ shadow パスワードは、root ユーザーのみが読み込める、<code class="filename">/etc/shadow</code> ファイルにパスワード・ハッシュを保存することにより、この種類の攻撃を取り除きます。
+ </div><div class="para">
+ これは、マシンにおける SSH や FTP のようなネットワーク・サービスにログインすることにより、潜在的な攻撃者がパスワード・クラックをリモートで試みることを強制します。この種のブルートフォース攻撃は、より遅く、数百ものログイン失敗の試みがシステムファイルに書き込まれるので、明らかな証拠を残します。もちろん、クラッカーが弱いパスワードを持つシステムに夜の中ごろに攻撃を始めると、クラッカーは夜明け前にアクセス権を得て、形跡を覆い隠すためにログファイルを編集しているかもしれません。
+ </div><div class="para">
+ 形式と保存に関する考慮点に加えて、コンテンツの問題があります。ユーザーがパスワード・クラック攻撃に対して自分のアカウントを保護するためにできる、最も重要なことの1つは、強いパスワードを生成することです。
+ </div><div class="section" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords">3.1.3.1. 強いパスワードの作成</h4></div></div></div><div class="para">
+ 安全なパスワードを作成するとき、これらのガイドラインに従うことは素晴らしいアイディアです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>単語のみまたは数字のみを使用しない</em></span> — パスワードにおいて数字のみまたは単語のみを使用してはいけません。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 8675309
+ </div></li><li class="listitem"><div class="para">
+ juan
+ </div></li><li class="listitem"><div class="para">
+ hackme
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>認識可能な単語を使用しない</em></span> — 固有名詞、辞書の単語、またはテレビ番組や小説からの単語さえ、そのような単語は最後に番号をつけたとしても避けるべきです。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ john1
+ </div></li><li class="listitem"><div class="para">
+ DS-9
+ </div></li><li class="listitem"><div class="para">
+ mentat123
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>外国語の単語を使用しない</em></span> — パスワード・クラッキング・プログラムはしばしば多くの言語の辞書を網羅する単語リストをチェックします。セキュアなパスワードのために外国語に依存することは、セキュアではありません。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cheguevara
+ </div></li><li class="listitem"><div class="para">
+ bienvenido1
+ </div></li><li class="listitem"><div class="para">
+ 1dumbKopf
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>ハッカー用語を使用しない</em></span> — ハッカー用語(l337 (LEET) speak とも言われます)を使用するので、あなたがエリートであると考えているならば、パスワードにおいては考え直してください。多くの単語リストは LEET speak を含みます。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ H4X0R
+ </div></li><li class="listitem"><div class="para">
+ 1337
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>個人情報を使用しない</em></span> — パスワードにあらゆる個人情報を使用するのを避けます。攻撃者があなたのアイデンティティを知っているならば、パスワードを推測する作業はより簡単になります。以下はパスワードを作成するときに避ける情報の種類の一覧です:
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ あなたの名前
+ </div></li><li class="listitem"><div class="para">
+ ペットの名前
+ </div></li><li class="listitem"><div class="para">
+ 家族の名前
+ </div></li><li class="listitem"><div class="para">
+ すべての誕生日
+ </div></li><li class="listitem"><div class="para">
+ 電話番号や郵便番号
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>認識可能な単語を逆順にしない</em></span> — 良いパスワード・チェッカーは常に一般的な単語を逆順にします。そのため、悪いパスワードを逆順にすることはまったくセキュアにしません。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ R0X4H
+ </div></li><li class="listitem"><div class="para">
+ nauj
+ </div></li><li class="listitem"><div class="para">
+ 9-DS
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パスワードを書き留めない</em></span> — パスワードを紙に保存しない。記録することはよりずっと安全です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>すべてのマシンに対して同じパスワードを使用しない</em></span> — 各マシンに対して別々のパスワードを作ることは重要です。このように、あるシステムが危険にさらされているならば、すべてのマシンが直ちにリスクにさらされることはありません。
+ </div></li></ul></div><div class="para">
+ 以下のガイドラインは強いパスワードを作成する助けになります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パスワードを8文字以上にする</em></span> — パスワードは長ければ長いほど良いです。MD5 パスワードを使用しているならば、15文字かそれより長くするべきです。DES パスワードを使用しているならば、最大長(8文字)を使用します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>大文字と小文字を混ぜる</em></span> — Fedora は大文字小文字を区別します。そのため、パスワードの強度を向上させるために大文字小文字を混ぜます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>文字と数字を混ぜる</em></span> — パスワードに数字を追加すること、とくに(単に最初または最後ではなく)真ん中に追加するとき、パスワードの強度を向上させることができます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>英数字以外の文字を含める</em></span> — &, $, および > のような特別な文字はパスワードの強度を非常に上げます(DES パスワードを使用していると、これはできません)。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>覚えられるパスワードを選ぶ</em></span> — あなたがパスワードを覚えられなければ、世界で最も良いパスワードはほとんど良くありません。パスワードを記憶する助けにするために頭文字または他の記憶装置を使用します。
+ </div></li></ul></div><div class="para">
+ これらのルールすべてを用いて、悪いものの特徴を避ける一方で、素晴らしいパスワードの基準のすべてに適合するパスワードを作成することは難しいかもしれません。幸運にも、覚えることが簡単かつセキュアなパスワードを生成するためにとることができるいくつかの手順があります。
+ </div><div class="section" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology">3.1.3.1.1. セキュアなパスワードの作成方法</h5></div></div></div><div class="para">
+ 人々がセキュアなパスワードを作成するために使う方法がいくつもあります。最も一般的な方法の1つは頭文字を含めることです。たとえば:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 以下のような簡単で覚えやすいフレーズを考えます:
+ </div><div class="para">
+ "over the river and through the woods, to grandmother's house we go."
+ </div></li><li class="listitem"><div class="para">
+ 次に、(句読点を含めて)頭文字にします。
+ </div><div class="para">
+ <strong class="userinput"><code>otrattw,tghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ 頭文字にある文字を数字と記号に置き換えることにより複雑さを追加します。たとえば、<strong class="userinput"><code>t</code></strong> を <strong class="userinput"><code>7</code></strong> に、<strong class="userinput"><code>a</code></strong> をアットマーク記号 (<strong class="userinput"><code>@</code></strong>) に置き換えます:
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7ghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ <strong class="userinput"><code>H</code></strong> のように、少なくとも1文字を大文字にすることでさらに複雑性を追加します。
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7gHwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>最後に、この例のパスワードはどのシステムに対しても決し使わないでください</em></span>。
+ </div></li></ul></div><div class="para">
+ セキュアなパスワードを作成することが不可欠である一方、それらを適切に管理することも重要です。とくに、大きな組織の中のシステム管理者にとってはそうです。以下のセクションは、組織の中においてユーザー・パスワードを作成および管理することのグッド・プラクティスを詳細に説明します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization">3.1.3.2. 組織内でのユーザー・パスワードの作成</h4></div></div></div><div class="para">
+ 組織が多くのユーザーを持っているならば、システム管理者は良いパスワードの使用を強制するために利用可能な基本的なオプションが2つあります。ユーザーのためにパスワードを作成できます。もしくは、パスワードが受け入れられる質であることを検証している間、ユーザー自身がパスワードを作成できるようにします。
+ </div><div class="para">
+ ユーザーのためにパスワードを作成することは、パスワードが良いものであることを確実にしますが、組織が大きくなるにつれて気の重い作業になります。ユーザーが自分のパスワードを書きとめるリスクも上昇します。
+ </div><div class="para">
+ これらの理由により、多くのシステム管理者は、ユーザー自身がパスワードを作成することを好みますが、パスワードが良いものであることを実際に確認します。いくつかの場合では、パスワード・エージングを通してユーザーが定期的にパスワードを変更することを強制します。
+ </div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords">3.1.3.2.1. 強いパスワードの強制</h5></div></div></div><div class="para">
+ 侵入からネットワークを保護するために、システム管理者が組織の中で使われるパスワードが強いものであることを検証することは素晴らしいアイディアです。ユーザーがパスワードを生成または変更したいとき、コマンドライン・アプリケーション <code class="command">passwd</code> を使用できます。これは、<em class="firstterm">Pluggable Authentication Manager</em> (<em class="firstterm">PAM</em>) に対応していて、そのためパスワードが短すぎたり、さもなければクラックしやすいかったりするかを確認するためにチェックします。このチェックは <code class="filename">pam_cracklib.so</code> PAM モジュールを使用することにより実行されます。PAM はカスタマイズ可能なので、<code class="filename">pam_passwdqc</code> (<a href="http://www.openwall.com/passwdqc/">http://www.openwall.com/passwd
qc/</a> から利用可能) のようなパスワード完全性チェッカーを追加することが可能です、または新しいモジュールを書くことが可能です。利用可能な PAM モジュールのリストのために、<a href="http://www.kernel.org/pub/linux/libs/pam/modules.html">http://www.kernel.org/pub/linux/libs/pam/modules.html</a> を参照してください。PAM の詳細は <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">「Pluggable Authentication Modules (PAM)」</a> を参照してください。
+ </div><div class="para">
+ パスワードチェックは作成されるときに実行され、パスワードに対してパスワード・クラック・プログラムを実行するように効果的に悪いパスワードを発見できません。
+ </div><div class="para">
+ 多くのパスワード・クラック・プログラムは、オペレーティングシステムに同梱されていないにも関わらず、Fedora で実行するものが利用可能です。以下は最も一般的なパスワード・クラック・プログラムのいくつかの簡単なリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>John The Ripper</strong></span></em></span> — 速くて柔軟なパスワード・クラック・プログラム。複数の単語リストを使用でき、ブルートフォース・パスワード・クラックをできます。<a href="http://www.openwall.com/john/">http://www.openwall.com/john/</a> においてオンラインで利用可能です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Crack</strong></span></em></span> — おそらく最もよく知られたパスワード・クラック・ソフトウェア。<span class="application"><strong>Crack</strong></span> は非常に速いですが、<span class="application"><strong>John The Ripper</strong></span> ほど使うのが簡単ではありません。<a href="http://www.crypticide.com/alecm/security/crack/c50-faq.html">http://www.crypticide.com/alecm/security/crack/c50-faq.html</a> においてオンラインで利用可能です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Slurpie</strong></span></em></span> — <span class="application"><strong>Slurpie</strong></span> は <span class="application"><strong>John The Ripper</strong></span> および <span class="application"><strong>Crack</strong></span> と似ていますが、分散パスワード・クラック攻撃を生成して、並行して複数のコンピューターで実行するよう設計されています。<a href="http://www.ussrback.com/distributed.htm">http://www.ussrback.com/distributed.htm</a> においてオンラインで、数多くの他の分散攻撃セキュリティ評価ツールとともに見つけられます。
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 組織内でパスワードをクラックする試行を始める前に常に書面で認可を得てください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Passphrases"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Passphrases">3.1.3.2.2. パスフレーズ</h5></div></div></div><div class="para">
+ パスフレーズとパスワードは今日のシステムの多くにおいてセキュリティの基礎です。不幸にも、バイオメトリクスや2要素認証のような技術は、多くのシステムにおいて主流になってきていません。パスワードがシステムをセキュアにするために使われるようになってくると、パスフレーズの使用が検討されるべきです。パスフレーズは、数字や記号のような標準的ではない文字とともに導入されるとき、パスワードよりも長く、パスワードよりも良い保護を提供します。
+ </div></div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging">3.1.3.2.3. パスワード・エージング</h5></div></div></div><div class="para">
+ パスワード・エージングは、組織の中で悪いパスワードを防御するためにシステム管理者により使用されるもう1つのテクニックです。パスワード・エージングは、指定された期間(通常90日)経過後、ユーザーは新しいパスワードを作成するようプロンプトが出されることを意味します。この後ろにある理論は、ユーザーが定期的にパスワードを変更することを強制されるならば、クラックされたパスワードが限られた期間のみ侵入者にとって有用である、というものです。しかしながら、パスワード・エージングの不利な面は、ユーザーがパスワードをより書きとめるかもしれないことです。
+ </div><div class="para">
+ Fedora でパスワード・エージングを指定するために使用される主要なプログラムが2つあります。<code class="command">chage</code> コマンドまたはグラフィカルな<span class="application"><strong>ユーザー管理</strong></span> (<code class="command">system-config-users</code>) アプリケーション。
+ </div><div class="para">
+ <code class="command">chage</code> コマンドの <code class="option">-M</code> オプションは、パスワードが有効である最大日数を指定します。たとえば、ユーザーのパスワードを90日で期限切れに設定するために、以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">chage -M 90 <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ 上のコマンドで、<em class="replaceable"><code><username></code></em> をユーザーの名前で置き換えます。パスワードの期限切れを無効にするために、伝統的に <code class="option">-M</code> オプションの後ろに <code class="command">99999</code> の値(273年と少しと同じです)を使用します。
+ </div><div class="para">
+ 複数のパスワード・エージングとアカウントの詳細を変更するためにインタラクティブ・モードにおいて <code class="command">chage</code> コマンドを使用することもできます。インタラクティブ・モードに入るために以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">chage <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ 以下はこのコマンドを用いたインタラクティブなセッションのサンプルです:
+ </div><pre class="screen">[root at myServer ~]# chage davido
+Changing the aging information for davido
+Enter the new value, or press ENTER for the default
+Minimum Password Age [0]: 10
+Maximum Password Age [99999]: 90
+Last Password Change (YYYY-MM-DD) [2006-08-18]:
+Password Expiration Warning [7]:
+Password Inactive [-1]:
+Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
+[root at myServer ~]#</pre><div class="para">
+ 利用可能なオプションの詳細は chage のマニュアル・ページを参照してください。
+ </div><div class="para">
+ パスワード・エージング・ポリシーを作成するために、グラフィカルな<span class="application"><strong>ユーザー・マネージャー</strong></span>・アプリケーション を使用することもできます。注記:この手順を実行するために管理者特権が必要になります。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ ユーザー・マネージャーを表示するために、パネルにある<span class="guimenu"><strong>システム</strong></span>メニューをクリックして、<span class="guisubmenu"><strong>管理</strong></span>をポイントして、<span class="guimenuitem"><strong>ユーザーとグループ</strong></span>をクリックします。代わりに、シェル・プロンプトにおいて <code class="command">system-config-users</code> コマンドを入力します。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>ユーザー</strong></span>タブをクリックして、ユーザーのリストにおいて必要なユーザーを選択します。
+ </div></li><li class="step"><div class="para">
+ ユーザー・プロパティのダイアログ・ボックスを表示するためにツールバーにおいて<span class="guibutton"><strong>プロパティ</strong></span>をクリックします(または、<span class="guimenu"><strong>ファイル</strong></span>メニューの<span class="guimenuitem"><strong>プロパティ</strong></span>を選択します)。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>パスワード情報</strong></span>タブをクリックして、<span class="guilabel"><strong>パスワードの有効期限を有効にする</strong></span>ためにチェックボックスを選択します。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>変更が必要になるまでの日数</strong></span>フィールドに必要な値を入力して、<span class="guibutton"><strong>OK</strong></span>をクリックします。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Password_Aging-Specifying_password_aging_options"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_info.png" width="444" alt="パスワード・エージングのオプションの指定" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>パスワード情報</strong></span>パネルのイラスト。
+ </div></div></div></div><h6>図3.1 パスワード・エージングのオプションの指定</h6></div><br class="figure-break" /></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. 管理的コントロール</h3></div></div></div><div class="para">
+ 自宅のマシンを管理しているとき、root ユーザーとして、または <code class="command">sudo</code> や <code class="command">su</code> のような <em class="firstterm">setuid</em> プログラムを経由して効果的な root 特権を取得することにより、ユーザーはいくつかのタスクを実行しなければいけません。setuid プログラムは、プログラムを実行しているユーザーではなく、プログラムの所有者のユーザー ID (<span class="emphasis"><em>UID</em></span>) で実行されるものです。そのようなプログラムは、以下の例にあるように、ロング形式リストの所有者セクションに <code class="computeroutput">s</code> により表現されます:
+ </div><pre class="screen"><code class="computeroutput">-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su</code></pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="computeroutput">s</code> は大文字または小文字かもしれません。大文字で表示されるならば、基礎となるパーミッション・ビットがセットされていないことを意味します。
+ </div></div></div><div class="para">
+ ããããªãããçµç¹ã®ã·ã¹ãã 管çè
ã«å¯¾ãã¦ãçµç¹ã®ä¸ã®ã¦ã¼ã¶ã¼ããã·ã³ã¸ã©ã®ãããã®ç®¡ççã¢ã¯ã»ã¹ãæããããã®é¸æãããªããã°ããã¾ããã<code class="filename">pam_console.so</code> ã¨å¼ã°ãã PAM ã¢ã¸ã¥ã¼ã«ãéãã¦ããªãã¼ãããªã ã¼ããã«ã»ã¡ãã£ã¢ã®ãã¦ã³ãã®ãããªãé常 root ã¦ã¼ã¶ã¼ã«å¯¾ãã¦ã®ã¿æå®ãããããã¤ãã®ã¢ã¯ãã£ããã£ã¯ãç©çã³ã³ã½ã¼ã«ã«ãã°ã¤ã³ããæåã®ã¦ã¼ã¶ã¼ã«å¯¾ãã¦è¨±å¯ããã¾ããï¼<code class="filename">pam_console.so</code> ã¢ã¸ã¥ã¼ã«ã®è©³ç´°ã¯ <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">ãPluggable Authentication Modules (PAM)ã</a> ãåç
§ãã¦ãã ãããï¼ããããªããããããã¯ã¼ã¯è¨å®ã®å¤æ´ãæ°ãããã¦ã¹ã®è¨å®ããããã¯ã¼ã¯ã»ããã¤ã¹ã®ãã¦ã³ãã®ãããªãä»ã®ã·ã¹ãã ç
®¡ççã¿ã¹ã¯ã¯ç®¡çç¹æ¨©ãªãã§ã¯ä¸å¯è½ã§ããçµæã¨ãã¦ãã·ã¹ãã 管çè
ã¯ãããã¯ã¼ã¯ã«ãããã©ã®ãããã®ã¦ã¼ã¶ã¼ãã¢ã¯ã»ã¹æ¨©ãåãåããã決ããªããã°ããã¾ããã
+ </div><div class="section" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access">3.1.4.1. root アクセスの許可</h4></div></div></div><div class="para">
+ 組織内のユーザーが信頼され、コンピューター・リテラシがあるならば、root アクセスを許可することは問題ないかもしれません。ユーザーによる root アクセス権を許可することは、デバイスの追加またはネットワークインタフェースの設定のような軽微な活動が個々のユーザにより取り扱われることを意味します。システム管理者をネットワーク・セキュリティおよび他の重要な問題を取り扱うことから開放します。
+ </div><div class="para">
+ 他方、個々のユーザーに root アクセス権を与えることは、以下の問題につながる可能性があります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>マシンの設定誤り</em></span> — root アクセス権を持つユーザーは、マシンの設定を誤り、問題を解決するために支援を必要とする可能性があります。さらに悪いことに、意識せずにセキュリティ・ホールを開けるかもしれません。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>セキュアではないサービスの実行</em></span> — root アクセス権を持つユーザーは、潜在的にユーザー名とパスワードをリスクにさらす、FTP や Telnet のようなセキュアではないサーバーをマシンにおいて実行するかもしれません。これらのサービスはこの情報をネットワーク上で平文で転送します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>root としての email 添付の実行</em></span> — 珍しいことですが、Linux に影響する email ウイルスが存在します。しかしながら、それらが脅威である唯一のときは、それらが root ユーザーとして実行されたときです。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access">3.1.4.2. root アクセスの不許可</h4></div></div></div><div class="para">
+ 管理者はユーザーに root としてログインできるようにすることが気持ち悪ければ、root パスワードは秘密にしておくべきです。また、ランレベル1やシングルユーザーモードへのアクセスはブートローダー・パスワード保護を通して無効にされるべきです。(この話題の詳細は <a class="xref" href="#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">「ブートローダのパスワード」</a> を参照してください。)
+ </div><div class="para">
+ <a class="xref" href="#tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account">表3.1「root アクセスを無効化する」</a> は、管理者が root ログインを無効にされていることをさらに確実にすることができる方法について説明しています:
+ </div><div class="table" id="tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account"><h6>表3.1 root アクセスを無効化する</h6><div class="table-contents"><table summary="root アクセスを無効化する" border="1"><colgroup><col width="12%" class="method" /><col width="29%" class="description" /><col width="29%" class="effect" /><col width="29%" class="noaffect" /></colgroup><thead><tr><th>
+ 方法
+ </th><th>
+ 説明
+ </th><th>
+ 効果
+ </th><th>
+ 影響なし
+ </th></tr></thead><tbody><tr><td>
+ root シェルの変更
+ </td><td>
+ <code class="filename">/etc/passwd</code> ファイルを編集して、シェルを <code class="command">/bin/bash</code> から <code class="command">/sbin/nologin</code> に変更します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>root シェルへのアクセスを防ぎ、そのような試行をすべて記録する。</td></tr><tr><td>以下のプログラムは root アカウントへのアクセスを防がれます:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>FTP クライアント、メール・クライアント、および多くの setuid プログラムのような、シェルを必要としないプログラム。</td></tr><tr><td>以下のプログラムは root アカウントへのアクセスを防ぎ<span class="emphasis"><em>ません</em></span>:</td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· FTP クライアント</td></tr><tr><td>· Email クライアント</td></tr></table>
+
+ </td></tr><tr><td>
+ すべてのコンソール・デバイス (tty) 経由の root アクセスの無効化
+ </td><td>
+ 空の <code class="filename">/etc/securetty</code> ファイルは、コンピュータに接続されたすべてのデバイスに root ログオンするのを防ぎます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>コンソールまたはネットワーク経由で root アカウントへアクセスするのを防ぎます。以下のプログラムは root アカウントにアクセスするのを防ぎます:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· tty を開く他のネットワーク・サービス</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>root としてログインしないが、setuid や他のメカニズムを通して管理的なタスクを実行するプログラム。</td></tr><tr><td>以下のプログラムは root アカウントへのアクセスを防ぎ<span class="emphasis"><em>ません</em></span>:</td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td></tr><tr><td>
+ root SSH ログインの無効化
+ </td><td>
+ <code class="filename">/etc/ssh/sshd_config</code> ファイルを編集して、<code class="command">PermitRootLogin</code> パラメータを <code class="command">no</code> にセットします。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>OpenSSH スイートのツール経由による root アクセスを防ぎます。以下のプログラムは root アカウントにアクセスするのを</td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>これは OpenSSH スイートのツールのみへと root アクセスを防ぎます。</td></tr></table>
+
+ </td></tr><tr><td>
+ サービスへの root アクセスを制限するために PAM の使用
+ </td><td>
+ <code class="filename">/etc/pam.d/</code> ディレクトリにある対象サービスのファイルを編集します。<code class="filename">pam_listfile.so</code> が認証のために必要であることを確実にします。<sup>[<a id="idm335168" href="#ftn.idm335168" class="footnote">a</a>]</sup>
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>PAM に対応するネットワーク・サービスへの root アクセスを防ぎます。</td></tr><tr><td>以下のサービスは root アカウントへのアクセスを防ぎます:</td></tr><tr><td>· FTP クライアント</td></tr><tr><td>· Email クライアント</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr><tr><td>· すべての PAM 対応アプリケーション</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>PAM に対応しないプログラムおよびサービス。</td></tr></table>
+
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><div class="para"><sup>[<a id="ftn.idm335168" href="#idm335168" class="para">a</a>] </sup>
+ 詳細は<a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">「PAM を用いた root の無効化」</a>を参照してください。
+ </div></div></td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">3.1.4.2.1. root シェルの無効化</h5></div></div></div><div class="para">
+ ユーザーが root として直接ログインすることを防ぐために、システム管理者は <code class="filename">/etc/passwd</code> ファイルにおいて root アカウントのシェルを <code class="command">/sbin/nologin</code> に設定できます。これにより、<code class="command">su</code> や <code class="command">ssh</code> コマンドのような、シェルを要求するコマンドを通して root アカウントにアクセスすることを防ぎます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ email クライアントや <code class="command">sudo</code> コマンドのような、シェルへのアクセスを必要としないプログラムは、まだ root アカウントにアクセスすることができます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins">3.1.4.2.2. root ログインの無効化</h5></div></div></div><div class="para">
+ root アカウントへのアクセスをさらに制限するために、管理者は <code class="filename">/etc/securetty</code> ファイルを編集することにより、コンソールに root ログインすることを無効にできます。このファイルは root ユーザーがログインを許可されているすべてのデバイスをリストします。ファイルがまったく存在しなければ、root ユーザーは、コンソール経由かロー・ネットワーク・デバイスかによらず、システムにあるすべてのコミュニケーション・デバイスを通してログインできます。ネットワーク上に平文でパスワードを転送する、Telnet 経由で root としてマシンにログインできるので、これは危険です。デフォルトで、Fedora の<code class="filename">/etc/securetty</code> ファイルは、root ユーザーがマシンに物理的に接続されたコンソールの
みにログインできます。root がログインするのを防ぐため、以下のコマンドを入力することによりこのファイルの内容を削除します:
+ </div><pre class="screen"><code class="command">echo <username> /etc/securetty</code></pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 空の <code class="filename">/etc/securetty</code> ファイルは、コンソールが認証される後まで開かれないので、root ユーザーが OpenSSH スイートのツールを用いてリモートログインするのを防ぎ<span class="emphasis"><em>ません</em></span>。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins">3.1.4.2.3. root SSH ログインの無効化</h5></div></div></div><div class="para">
+ SSH プロトコル経由の root ログインは Fedora においてデフォルトで無効化されています。しかし、このオプションが有効化されているならば、SSH デーモンの設定ファイル (<code class="filename">/etc/ssh/sshd_config</code>) を編集することにより再び無効化できます。それが読み込む行を変更します:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin yes</code></pre><div class="para">
+ 以下のように読み込むために:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin no</code></pre><div class="para">
+ これらの変更が効くために、SSH デーモンが再起動されなければいけません。これは以下のコマンドを通して実行できます。
+ </div><pre class="screen"><code class="computeroutput">kill -HUP `cat /var/run/sshd.pid`</code></pre></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">3.1.4.2.4. PAM を用いた root の無効化</h5></div></div></div><div class="para">
+ <code class="filename">/lib/security/pam_listfile.so</code> モジュールを通して PAM は特定のアカウントを拒否するときに大きな柔軟性を許します。管理者はログインが許可されないユーザーのリストを参照するためにこのモジュールを使用できます。以下は、モジュールが <code class="filename">/etc/pam.d/vsftpd</code> PAM 設定ファイルにおいて <code class="command">vsftpd</code> FTP サーバーのためにどのように使用されるかの例です。(以下の例で最初の行の最後にある <code class="computeroutput">\</code> 文字は、ディレクティブが1行にあるならば必要<span class="emphasis"><em>ありません</em></span>):
+ </div><pre class="screen">auth required /lib/security/pam_listfile.so item=user \
+sense=deny file=/etc/vsftpd.ftpusers onerr=succeed</pre><div class="para">
+ これは PAM に <code class="filename">/etc/vsftpd.ftpusers</code> ファイルを参照して、リストされたユーザーすべてをサービスへのアクセスを拒否するよう指示します。管理者はこのファイルの名前を変更できます。また、複数のサービスへのアクセスを拒否するために、各サービスに対して別々のリストを保つことも、1つの集中したライスとを使用することもできます。
+ </div><div class="para">
+ 管理者が複数のサービスへのアクセスを拒否したいならば、次の同じような行が PAM 設定ファイルに追加されます。メールクライアントに対しては <code class="filename">/etc/pam.d/pop</code> および <code class="filename">/etc/pam.d/imap</code>、SSH クライアントに対して <code class="filename">/etc/pam.d/ssh</code> です。
+ </div><div class="para">
+ PAM の詳細は <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">「Pluggable Authentication Modules (PAM)」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access">3.1.4.3. root アクセスの制限</h4></div></div></div><div class="para">
+ 管理者は root ユーザーへのアクセスを完全に拒否するより、<code class="command">su</code> や <code class="command">sudo</code> のような、setuid プログラム経由でのみアクセスを許可したいと考えるかもしれません。
+ </div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">3.1.4.3.1. <code class="command">su</code> コマンド</h5></div></div></div><div class="para">
+ ユーザーが <code class="command">su</code> コマンドを実行するとき、root パスワードに対するプロンプトが出されます。認証後、root シェルプロンプトが与えられます。
+ </div><div class="para">
+ 一度 <code class="command">su</code> コマンド経由でログインすると、ユーザーは root ユーザー<span class="emphasis"><em>であり</em></span>、システムへの絶対的な管理アクセス権を持ちます。 <sup>[<a id="idm84028688" href="#ftn.idm84028688" class="footnote">13</a>]</sup>. さらに、一度ユーザーが root になると、パスワードをプロンプトされることなくシステムにある他のすべてのユーザーに変更するために <code class="command">su</code> コマンドを使用できます。
+ </div><div class="para">
+ このプログラムは非常に強力であるため、組織の中にいる管理者はコマンドにアクセス権を持つ者を制限したいと思うかもしれません。
+ </div><div class="para">
+ これを実行する最も簡単な方法の1つは、<em class="firstterm">wheel</em> と呼ばれる特別な管理グループにユーザーを追加することです。これをするために、root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">usermod -G wheel <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ 前のコマンドにおいて、<em class="replaceable"><code><username></code></em> を <code class="command">wheel</code> グループに追加したいユーザー名で置き換えます。
+ </div><div class="para">
+ グループメンバーを変更するために、以下のように<span class="application"><strong>ユーザー管理</strong></span>を使用することもできます。注記:この手順を実行するために管理者権限を必要とします。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ ユーザー・マネージャーを表示するために、パネルにある<span class="guimenu"><strong>システム</strong></span>メニューをクリックして、<span class="guisubmenu"><strong>管理</strong></span>をポイントして、<span class="guimenuitem"><strong>ユーザーとグループ</strong></span>をクリックします。代わりに、シェル・プロンプトにおいて <code class="command">system-config-users</code> コマンドを入力します。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>ユーザー</strong></span>タブをクリックして、ユーザーのリストにおいて必要なユーザーを選択します。
+ </div></li><li class="step"><div class="para">
+ ユーザー・プロパティのダイアログ・ボックスを表示するためにツールバーにおいて<span class="guibutton"><strong>プロパティ</strong></span>をクリックします(または、<span class="guimenu"><strong>ファイル</strong></span>メニューの<span class="guimenuitem"><strong>プロパティ</strong></span>を選択します)。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>グループ</strong></span> タブをクリックして、wheel グループのチェックボックスを選択して、<span class="guibutton"><strong>OK</strong></span> をクリックします。<a class="xref" href="#figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group.">図3.2「ユーザーを "wheel" グループに追加します。」</a> を参照してください。
+ </div></li><li class="step"><div class="para">
+ <code class="command">su</code> に対する PAM 設定ファイル (<code class="filename">/etc/pam.d/su</code>) をテキストエディターで開き、以下の行からコメント <span class="keycap"><strong>#</strong></span> を削除します:
+ </div><pre class="screen">auth required /lib/security/$ISA/pam_wheel.so use_uid</pre><div class="para">
+ この変更は、管理グループ <code class="computeroutput">wheel</code> のメンバーだけがこのプログラムを使用できることを意味します。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group."><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_groups.png" width="444" alt="ユーザーを "wheel" グループに追加します。" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>グループ</strong></span>のパネル・アイコン
+ </div></div></div></div><h6>図3.2 ユーザーを "wheel" グループに追加します。</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ root ユーザーはデフォルトで <code class="computeroutput">wheel</code> グループの一部です。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command">3.1.4.3.2. <code class="command">sudo</code> コマンド</h5></div></div></div><div class="para">
+ <code class="command">sudo</code> コマンドは、ユーザーに管理アクセス権を与えるために他のアプローチを提供します。信頼されたユーザーが管理コマンドの前に <code class="command">sudo</code> をつけるとき、<span class="emphasis"><em>自分自身の</em></span>パスワードに対するプロンプトが出されます。そして、認証され、コマンドが許可されると考えられるとき、管理コマンドは root ユーザーであるかのように実行されます。
+ </div><div class="para">
+ <code class="command">sudo</code> コマンドの基本的な形式は以下のとおりです:
+ </div><pre class="screen"><code class="command">sudo <em class="replaceable"><code><command></code></em></code></pre><div class="para">
+ 上の例において、<em class="replaceable"><code><command></code></em> は、<code class="command">mount</code> のように、通常 root ユーザーのために取ってあるコマンドで置き換えられます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">sudo</code> コマンドのユーザーは、sudoers が5分以内はパスワードを聞かれることなく、再びコマンドを使用することができるので、マシンから離れる前にさらに注意深くログアウトするべきです。この設定は設定ファイル <code class="filename">/etc/sudoers</code> 経由で変更できます。
+ </div></div></div><div class="para">
+ <code class="command">sudo</code> コマンドは高いレベルの柔軟性を許します。たとえば、<code class="filename">/etc/sudoers</code> 設定ファイルにリストされたユーザーのみが <code class="command">sudo</code> コマンドを使用できます。また、コマンドは<span class="emphasis"><em>ユーザーの</em></span>シェルで実行され、root シェルではありません。このことは、<a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">「root シェルの無効化」</a> に示されるように、root シェルが完全に無効にできることを意味します。
+ </div><div class="para">
+ <code class="command">sudo</code> コマンドは完全な監査証跡も提供します。それぞれの成功の認証は <code class="filename">/var/log/messages</code> に記録されます。また、発行されたコマンドは発行したユーザー名とともに <code class="filename">/var/log/secure</code> ファイルに記録されます。
+ </div><div class="para">
+ <code class="command">sudo</code> コマンドの他の利点は、管理者が異なるユーザーに対してそのニーズに基づいて特定のコマンドにアクセスを許可できることです。
+ </div><div class="para">
+ <code class="command">sudo</code> 設定ファイル (<code class="filename">/etc/sudoers</code>) を編集したい管理者は、<code class="command">visudo</code> コマンドを使用すべきです。
+ </div><div class="para">
+ 誰かに完全な管理特権を与えるために、<code class="command">visudo</code> を入力して、ユーザー権限指定セクションに以下のような行を追加します:
+ </div><pre class="screen"><code class="command">juan ALL=(ALL) ALL</code></pre><div class="para">
+ この例は、ユーザー <code class="computeroutput">juan</code> がすべてのホストから <code class="command">sudo</code> を使用でき、すべてのコマンドを実行できます。
+ </div><div class="para">
+ 以下の例は、<code class="command">sudo</code> を設定するときに、可能な粒度を説明します:
+ </div><pre class="screen"><code class="command">%users localhost=/sbin/shutdown -h now</code></pre><div class="para">
+ この例は、すべてのユーザーがコンソールから発行される限り <code class="command">/sbin/shutdown -h now</code> コマンドを発行できます。
+ </div><div class="para">
+ <code class="filename">sudoers</code> のマニュアル・ページに、このファイルのオプションの詳細なリストがあります。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Available_Network_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. 利用可能なネットワーク・サービス</h3></div></div></div><div class="para">
+ 管理的コントロールへのユーザー・アクセスが組織内でシステム管理者に対して重要な問題である間、ネットワーク・サービスが有効であることを監視することは、Linux システムを管理して運用する誰かにとって最高の重要事項です。
+ </div><div class="para">
+ Fedora の下で多くのサービスはネットワーク・サービスとして動作します。ネットワーク・サービスがマシンで実行されると、サーバー・アプリケーション(<em class="firstterm">daemon</em> と呼ばれます)が1つかそれより多いネットワーク・ポートをリッスンしています。これらのサービスはそれぞれ攻撃の潜在的な経路として取り扱われるべきです。
+ </div><div class="section" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services">3.1.5.1. サービスへのリスク</h4></div></div></div><div class="para">
+ ネットワーク・サービスは Linux システムに対して多くのリスクをもたらす可能性があります。以下は主要な問題のいくつかのリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>サービス妨害攻撃 (DoS: Denial of Service Attacks)</em></span> — リクエストを用いてサービスを溢れさせることにより、ログとリクエストへの応答を試すので、サービス妨害攻撃はシステムを使用不能にすることができます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>分散サービス妨害攻撃 (DDoS: Distributed Denial of Service Attack)</em></span> — リクエストでサービスを溢れさせ、使用不能にする、サービスに協調した攻撃を指示するために、複数の侵入されたマシン(しばしば数千かそれより多い数です)を使用する DoS 攻撃の一種。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>スクリプト脆弱性攻撃</em></span> — サーバーが、ウェブサーバーで一般的に実行しているように、サーバーサイドアクションを実行するためにスクリプトを使用しているなら、クラッカーは不適切に書かれたスクリプトを攻撃できます。これらのスクリプト脆弱性攻撃はバッファーオーバーフローの条件に導き、攻撃者がシステムにあるファイルを改ざんできるようにする可能性があります。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>バッファー・オーバーフロー攻撃</em></span> — 0番から1023番までのポートに接続するサービスは、管理ユーザーとして実行しなければいけません。アプリケーションがエクスプロイット可能なバッファー・オーバーフローを持つならば、攻撃者はデーモンを実行しているユーザーとしてシステムへのアクセス権をけることができます。エクスプロイット可能なバッファー・オーバーフローが存在するので、クラッカーは脆弱性を持つシステムを識別するために自動化されたツールを使用します。そして、一度アクセス権を得ると、システムへのアクセス権を維持するために自動化された rootkit を使用します。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ バッファー・オーバーフロー脆弱性の脅威は、Fedora において <em class="firstterm">ExecShield</em> により軽減されます。これは、x86 互換のシングル・プロセッサーおよびマルチ・プロセッサーのカーネルによりサポートされる実行可能なメモリー分割および保護の技術です。ExecShield は、仮想メモリーを実行可能および実行不可能のセグメントに分割することにより、バッファー・オーバーフローのリスクを減らします。バッファー・オーバーフローのエクスプロイトから注入された悪意のあるコードのように、実行可能セグメントの外側で実行しようとするすべてのプログラム・コードは、セグメンテーション・フォールトを引き起こし、終了します。
+ </div><div class="para">
+ Execshield は、AMD64 プラットフォームにおける <em class="firstterm">No eXecute</em> (<acronym class="acronym">NX</acronym>) 技術と、 Itanium および <span class="trademark">Intel</span>® 64 システムにおける <em class="firstterm">eXecute Disable</em> (<acronym class="acronym">XD</acronym>) 技術に対するサポートも含みます。これらの技術は、悪意のあるコードが実行可能コードの 4KB の粒度を持つ、仮想メモリーの実行可能部分で実行されるのを防ぐために、ExecShield とともに動作して、ステルス型のバッファー・オーバーフローのエクスプロイットから攻撃のリスクを減らします。
+ </div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ ネットワーク上の攻撃にさらされることを制限するため、使用していないすべてのサービスをオフにするべきです。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">3.1.5.2. サービスの識別と設定</h4></div></div></div><div class="para">
+ セキュリティを向上させるために、Fedora とともにインストールされた多くのネットワーク・サービスはデフォルトでオフにされています。しかしながら、いくつかの注意すべき例外があります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">cupsd</code> — Fedora のデフォルトのプリント・サーバ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">lpd</code> — 代替のプリント・サーバ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">xinetd</code> — <code class="command">gssftp</code> や <code class="command">telnet</code> のような、従属するサーバの範囲へのコネクションを制御するスーパー・サーバです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code> — Sendmail <em class="firstterm">Mail Transport Agent</em> (<abbr class="abbrev">MTA</abbr>) はデフォルトで有効にされていますが、<span class="interface">localhost</span> からのコネクションのみをリッスンします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sshd</code> — Telnet のセキュアな代替である OpenSSH サーバ。
+ </div></li></ul></div><div class="para">
+ これらのサービスを実行したままにしておくかどうかを決めるとき、一般的なセンスを使用するのが最もよく、注意が過ぎると誤ります。たとえば、プリンターが利用できなければ、<code class="command">cupsd</code> を実行したままにしておきません。<code class="command">portmap</code> に対しても同じことが当てはまります。NFSv3 ボリュームをマウントしていない、もしくは NIS (<code class="command">ypbind</code> サービス) を使用していなければ、<code class="command">portmap</code> は無効にすべきです。
+ </div><div class="figure" id="figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-service_config.png" width="444" alt="サービス設定ツール" /><div class="longdesc"><div class="para">
+ <span class="application"><strong>サービス設定ツール</strong></span>のイラスト
+ </div></div></div></div><h6>図3.3 <span class="application">サービス設定ツール</span></h6></div><br class="figure-break" /><div class="para">
+ 特定のサービスの目的が確かでなければ、<span class="application"><strong>サービス設定ツール</strong></span> が、<a class="xref" href="#figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool">図3.3「<span class="application">サービス設定ツール</span>」</a> に説明されている、追加の情報を提供する説明フィールドを持ちます。
+ </div><div class="para">
+ ネットワーク・サービスがブート時に開始して利用可能かどうかを調べることは、話の一部です。どのポートが開いていて、リッスンしているかも調べるべきです。詳細は <a class="xref" href="#sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">「リッスンしているポートの確認」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Insecure_Services">3.1.5.3. セキュアではないサービス</h4></div></div></div><div class="para">
+ 潜在的に、すべてのネットワーク・サービスはセキュアではありません。このため、使用していないサービスをオフにすることは非常に重要です。サービスに対するエクスプロイットは、定期的に公開およびパッチ提供がされ、すべてのネットワーク・サービスに関連するパッケージを定期的にアップデートすることは非常に重要になります。詳細は<a class="xref" href="#sect-Security_Guide-Security_Updates">「セキュリティ・アップデート」</a>を参照してください。
+ </div><div class="para">
+ いくつかのネットワーク・プロトコルは他のものよりも本質的によりセキュアではありません。これらは以下のようなあらゆるサービスを含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>暗号化されないネットワーク上でユーザ名とパスワードを転送する</em></span> — Telnet や FTP のような古いプロトコルの多くは、認証セッションを暗号化せず、可能なときはいつでも避けられるべきです。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>暗号化されないネットワーク上で機密情報を転送する</em></span> — 多くのプロトコルは暗号化されないネットワーク上でデータを転送します。これらのプロトコルは Telnet, FTP, HTTP, および SMTP を含みます。NFS や SMB のような多くのネットワーク・ファイル・システムも暗号化されないネットワーク上で情報を転送します。これらのプロトコルを使用するとき、ユーザーのリポジトリはどの形式のデータが転送されるかを制限します。
+ </div><div class="para">
+ <code class="command">netdump</code> のようなリモート・メモリー・ダンプ・サービスは、暗号化されないネットワーク上でメモリーの内容を転送します。メモリー・ダンプはパスワード、悪ければデータベース・エントリーや他の機密情報を含む可能性があります。
+ </div><div class="para">
+ <code class="command">finger</code> や <code class="command">rwhod</code> のような他のサービスは、システムのユーザーに関する情報を明らかにします。
+ </div></li></ul></div><div class="para">
+ 比較的セキュアではない例として <code class="command">rlogin</code>, <code class="command">rsh</code>, <code class="command">telnet</code>, および <code class="command">vsftpd</code> があります。
+ </div><div class="para">
+ すべてのリモートログインとシェルプログラムは (<code class="command">rlogin</code>, <code class="command">rsh</code>, および <code class="command">telnet</code>) は、SSH を選んで、避けるべきです。<code class="command">sshd</code> の詳細は<a class="xref" href="#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">「セキュリティ強化したコミュニケーション・ツール」</a>を参照してください。
+ </div><div class="para">
+ FTP はシステムのセキュリティに関してリモート・シェルほど本質的に危険ではありません。しかし、FTP サーバーは問題を避けるために注意深く設定され、監視されなければいけません。FTP サーバーをセキュアにすることに関する詳細は <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_FTP">「FTP のセキュア化」</a> を参照してください。
+ </div><div class="para">
+ 注意深く導入され、ファイアウォールの後ろに置かれるべきサービスは以下です。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">finger</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">authd</code> (これは以前の Fedora リリースにおいて <code class="command">identd</code> と呼ばれていました。)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump-server</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">nfs</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rwhod</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">smb</code> (Samba)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">yppasswdd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypserv</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypxfrd</code>
+ </div></li></ul></div><div class="para">
+ ネットワーク・サービスをセキュアにすることに関する詳細は<a class="xref" href="#sect-Security_Guide-Server_Security">「サーバのセキュリティ」</a>を参照してください。
+ </div><div class="para">
+ 次のセクションは簡単なファイアウォールをセットアップするために利用可能なツールについて議論します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. パーソナル・ファイアウォール</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>必要な</em></span>ネットワーク・サービスが設定した後、ファイアウォールを導入することは重要です。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ インターネットやあなたが信頼できない他のあらゆるネットワークに接続する<span class="emphasis"><em>前に</em></span>、必要なサービスを設定し、ファイアウォールを導入すべきです。
+ </div></div></div><div class="para">
+ ファイアウォールはネットワーク・パケットがシステムのネットワーク・インターフェースにアクセスするのを防ぎます。リクエストがファイアウォールによりブロックされたポート宛てならば、パケットを受け取らず、効果的に無効化されます。この理由により、使っていないポートへのアクセスをブロックする一方、設定されたサービスにより使われるポートへのアクセスをブロックしないようにするためにファイアウォールを設定するとき注意すべきです。
+ </div><div class="para">
+ 多くのユーザーにとって、シンプルなファイアウォールを設定するための最も良いツールは、Fedora に同梱されているグラフィカルなファイアウォール設定ツールです: <span class="application"><strong>ファイアウォール管理ツール</strong></span> (<code class="command">system-config-firewall</code>)。このツールはコントロール・パネル・インターフェースを用いて一般的な目的のファイアウォールに対する幅広い <code class="command">iptables</code> ルールを作成します。
+ </div><div class="para">
+ このアプリケーションと利用可能なオプションを使用法に関する詳細は<a class="xref" href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">「基本的なファイアウォールの設定」</a>を参照してください。
+ </div><div class="para">
+ 高度なユーザーおよびサーバー管理者に対して、<code class="command">iptables</code> を用いてファイアウォールを手動で設定することは、おそらくより良いオプションです。詳細は<a class="xref" href="#sect-Security_Guide-Firewalls">「ファイアウォール」</a>を参照してください。<code class="command">iptables</code> コマンドの完全なガイドは<a class="xref" href="#sect-Security_Guide-IPTables">「IPTables」</a>を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. セキュリティ強化したコミュニケーション・ツール</h3></div></div></div><div class="para">
+ インターネットの規模と人気が拡大するにつれて、コミュニケーションの盗聴の脅威があります。何年にもわたり、それらがネットワーク上で転送されるので、ツールは暗号化されたコミュニケーションのために開発されてきました。
+ </div><div class="para">
+ Fedora は、情報がネットワーク上で送られるので、それを保護するために高いレベルの公開鍵暗号ベースの暗号化アルゴリズムを使用する基本的なツールを2つ同梱しています。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>OpenSSH</em></span> — ネットワーク通信を暗号化するための SSH プロトコルのフリー実装。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gnu Privacy Guard (GPG)</em></span> — データを暗号化するための暗号アプリケーション PGP (Pretty Good Privacy) のフリー実装。
+ </div></li></ul></div><div class="para">
+ OpenSSH は、リモートマシンにアクセスするより安全な方法で、<code class="command">telnet</code> や <code class="command">rsh</code> のようなより古い暗号化されないサービスを置き換えます。OpenSSH は <code class="command">sshd</code> というネットワーク・サービスおよび3つのコマンドライン・クライアント・アプリケーションを含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — リモート・コンソールのセキュアなアクセス・クライアント
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">scp</code> — セキュアなリモート・コピーのコマンド
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sftp</code> — インタラクティブなファイル転送セッションを可能にする、セキュアな擬似 ftp クライアント
+ </div></li></ul></div><div class="para">
+ OpenSSHに関する詳細は<a class="xref" href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">「Secure Shell」</a>を参照してください。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">sshd</code> サービスは本質的にセキュアであるにも関わらず、サービスはセキュリティの脅威を防ぐために常に最新にしておかなければ<span class="emphasis"><em>いけません</em></span>。詳細は <a class="xref" href="#sect-Security_Guide-Security_Updates">「セキュリティ・アップデート」</a> を参照してください。
+ </div></div></div><div class="para">
+ GPG はプライベートな email コミュニケーションを確実にする1つの方法です。パブリック・ネットワーク上で秘密データを email するためや、ハードディスクにある秘密データを保護するためのどちらにも使用されます。
+ </div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Server_Security" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Server_Security">3.2. サーバのセキュリティ</h2></div></div></div><div class="para">
+ システムがパブリック・ネットワークにおいてサーバとして使用されるとき、攻撃の対象になります。そのため、システムを堅牢化して、サービスをロックダウンすることは、システム管理者にとって最も重要なことになります。
+ </div><div class="para">
+ 特定の問題を掘り下げて考える前に、サーバのセキュリティを強化するための一般的な以下のヒントについて再考します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 最新の脅威に対して保護するために、すべてのサービスを最新に保ちます。
+ </div></li><li class="listitem"><div class="para">
+ できる限りセキュアなプロトコルを使用します。
+ </div></li><li class="listitem"><div class="para">
+ できる限りマシンあたり1種類のネットワークサービスのみを取り扱います。
+ </div></li><li class="listitem"><div class="para">
+ 疑わしい活動に対してすべてのサーバを注意深く監視します。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. TCP Wrappers と xinetd を用いたサービスのセキュア化</h3></div></div></div><div class="para">
+ <em class="firstterm">TCP Wrappers</em> はさまざまなサービスにアクセス制御を提供します。SSH、Telnet および FTP のような最近のネットワークサービスの多くは TCP Wrappers (入ってくるリクエストと要求されたサービスの間で見張りをします)を使用します。
+ </div><div class="para">
+ TCP Wrappers により提供される利便性は、<code class="command">xinetd</code>(追加のアクセス、ロギング、バインド、リダイレクトおよびリソース活用に関する制御を提供するスーパーサービス)と併用するときに向上します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ サービスのアクセス制御の中に冗長性を持たせるために、TCP Wrappers および <code class="command">xinetd</code> とともに iptables ファイアウォール・ルールを使用することは素晴らしいアイディアです。iptables コマンドを用いたファイアウォールの導入に関する詳細は<a class="xref" href="#sect-Security_Guide-Firewalls">「ファイアウォール」</a>を参照してください。
+ </div></div></div><div class="para">
+ 以下のサブセクションは、各トピックに関する基本的な知識があることを想定し、特定のセキュリティ・オプションに焦点を合わせています。
+ </div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">3.2.1.1. TCP Wrappres を用いたセキュリティの強化</h4></div></div></div><div class="para">
+ TCP Wrappers はサービスへのアクセスを拒否する以外にも多くの機能があります。このセクションは、接続バナーを送信し、特定のホストからの攻撃者に警告をし、ログ機能を強化するために、どのように使うことができるかを説明します。TCP Wrapper 機能と制御言語に関する詳細は、 <code class="filename">hosts_options</code> man page を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">3.2.1.1.1. TCP Wrappers と接続バナー</h5></div></div></div><div class="para">
+ ユーザーがサービスに接続するときに適切なバナーを表示することは、潜在的な攻撃者へとシステム管理者が気を配っていることを知らせるために有用な方法です。システムに関するどのような情報がユーザーへと表示されるかを制御することもできます。サービスに対して TCP Wrappers バナーを導入するために、<code class="option">banner</code> オプションを使用します。
+ </div><div class="para">
+ この例は <code class="command">vsftpd</code> のバナーを導入しています。始めるにはバナーファイルを作成します。それはシステムのどこでも構いませんが、デーモンと同じ名前でなければいけません。たとえば、そのファイルは <code class="filename">/etc/banners/vsftpd</code> と呼ばれ、以下の行を含みます:
+ </div><pre class="screen">220-Hello, %c
+220-All activity on ftp.example.com is logged.
+220-Inappropriate use will result in your access privileges being removed.</pre><div class="para">
+ <code class="command">%c</code> トークンは、より接続をおじけずかせるように、ユーザー名とホスト名、または、ユーザー名と IP アドレスのような、クライアントのさまざまな情報を提供します。
+ </div><div class="para">
+ 受信コネクションに表示するためのこのバナーに対して、<code class="filename">/etc/hosts.allow</code> ファイルに以下の行を追加します:
+ </div><pre class="screen"><code class="command"> vsftpd : ALL : banners /etc/banners/ </code></pre></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings">3.2.1.1.2. TCP Wrappers と攻撃の警告</h5></div></div></div><div class="para">
+ 特定のホストやネットワークがサーバを攻撃していることを検知したら、TCP Wrappers は <code class="command">spawn</code> ディレクティブを用いて、そのホストまたはネットワークからの後続の攻撃について管理者に警告するために使用されます。
+ </div><div class="para">
+ この例では 206.182.68.0/24 ネットワークからのクラッカーがサーバを攻撃しようとしていることを検知したと仮定しています。そのネットワークからの接続試行をすべて拒否して、その試行を特別なファイルに記録するために、<code class="filename">/etc/hosts.deny</code> ファイルに以下の行を置きます:
+ </div><pre class="screen"><code class="command"> ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert </code></pre><div class="para">
+ <code class="command">%d</code> トークンは、攻撃者がアクセスしようとしたサービスの名前を提供します。
+ </div><div class="para">
+ 接続を許可して、それを記録するには、<code class="filename">/etc/hosts.allow</code> ファイルに <code class="command">spawn</code> ディレクティブを置きます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">spawn</code> ディレクティブはあらゆるシェルコマンドを実行するので、特定のクライアントがサーバへ接続しようとしたときに、管理者に通知したり、一連のコマンドを実行したりする特別なスクリプトを作成することは素晴らしいアイディアです。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">3.2.1.1.3. TCP Wrappers と高度な</h5></div></div></div><div class="para">
+ もし特定の種類の接続が他のものよりも注意する必要があれば、<code class="command">severity</code> オプションを用いて、ログレベルをそのサービスに対して上昇させることができます。
+ </div><div class="para">
+ この例では、FTP サーバのポート23番(Telnet ポート)に接続しようとする者はすべて攻撃者であると仮定しています。このことを示すために、ログファイルにおいてデフォルトのフラグ <code class="command">info</code> の代わりに <code class="command">emerg</code> フラグを立てます。そして、接続を拒否します。
+ </div><div class="para">
+ これを実行するには、<code class="filename">/etc/hosts.deny</code> に以下の行を置きます:
+ </div><pre class="screen"><code class="command"> in.telnetd : ALL : severity emerg </code></pre><div class="para">
+ これはデフォルトの <code class="command">authpriv</code> ログ・ファシリティを使用しますが、プライオリティをデフォルト値の\n <code class="command">info</code> から <code class="command">emerg</code> (ログメッセージを直接コンソールに送ります) へと上昇させます。
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd">3.2.1.2. xinetd を用いた高度なセキュリティ</h4></div></div></div><div class="para">
+ このセクションは、トラップ・サービスを設定するために <code class="command">xinetd</code> を使用すること、および与えられたすべての <code class="command">xinetd</code> サービスが利用可能になるリソース・レベルを制御するために使用することに焦点を当てます。サービスに対するリソース制限を設定することで、<em class="firstterm">Denial of Service</em> (<acronym class="acronym">DoS</acronym>) 攻撃を阻止する助けにできます。利用可能なオプションの一覧は、<code class="command">xinetd</code> と <code class="filename">xinetd.conf</code> のマニュアルページを参照してください。
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap">3.2.1.2.1. トラップの設定</h5></div></div></div><div class="para">
+ <code class="command">xinetd</code> の重要な機能の1つは、全体に影響する <code class="filename">no_access</code> リストにホストを追加する機能です。このリストにあるホストは、指定された期間または <code class="command">xinetd</code> が再起動されるまで <code class="command">xinetd</code> により管理されたサービスへの後続の接続が拒否されます。
+ </div><div class="para">
+ <code class="command">SENSOR</code> をセットアップする最初のステップは、使用しない予定のサービスを選択することです。この例では、Telnet が使われます。
+ </div><div class="para">
+ <code class="filename">/etc/xinetd.d/telnet</code> ファイルを編集して、読み込むために <code class="option">flags</code> 行を変更します:
+ </div><pre class="screen">flags = SENSOR</pre><div class="para">
+ 以下の行を追加します:
+ </div><pre class="screen">deny_time = 30</pre><div class="para">
+ これにより、そのホストによるそのポートへのさらなる接続試行は30分間拒否されます。<code class="command">deny_time</code> 属性に対する他の利用可能な値は FOREVER (<code class="command">xinetd</code> が再起動されるまで禁止効果が続きます) および NEVER (接続を許可して記録します)です。
+ </div><div class="para">
+ 最後に、最終行に次を読み込むべきです:
+ </div><pre class="screen">disable = no</pre><div class="para">
+ これはトラップ自身を有効にします。
+ </div><div class="para">
+ <code class="option">SENSOR</code> を使用することは望ましくないホストからの接続を検知して停止するための素晴らしい方法ですが、欠点が2つあります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ステルス・スキャンに対してうまく機能しません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SENSOR</code> を実行していることを知っている攻撃者は、IP アドレスを偽造して、禁止されたポートに接続することにより、特定のホストに対するサービス妨害攻撃をしかけることができます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources">3.2.1.2.2. サーバ・リソースの制御</h5></div></div></div><div class="para">
+ <code class="command">xinetd</code> の他の重要な機能は、制御下にあるサービスに対してリソース制限を設定する能力です。
+ </div><div class="para">
+ 以下のディレクティブを用いて実施します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">cps = <number_of_connections> <wait_period></code> — 受信コネクションの割合を制限します。このディレクティブは2つの引数をとります。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><number_of_connections></code> — 1秒あたりに処理するコネクションの数。受信コネクションの割合がこれよりも多くなると、サービスが一時的に無効にされます。デフォルト値は50です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><wait_period></code> — サービスが無効化された後、再び有効化されるまでの待ち時間(秒単位)。デフォルトの間隔は10秒です。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">instances = <number_of_connections></code> — サービスへの許可されるコネクションの合計数を指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">per_source = <number_of_connections></code> — 各ホストあたりのサービスへの許可される接続数を指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_as = <number[K|M]></code> — サービスが占有できるメモリアドレス空間の量をキロバイトまたはメガバイト単位で指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_cpu = <number_of_seconds></code> — サービスが CPU を占有できる合計時間を秒単位で指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li></ul></div><div class="para">
+ これらのディレクティブを使用すると、ある1つの <code class="command">xinetd</code> サービスがシステムを制圧して、サービス妨害を達成することを防ぐ助けにできます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Portmap"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Portmap のセキュア化</h3></div></div></div><div class="para">
+ <code class="command">portmap</code> サービスは、NIS や NFS のような RPC サービスに対して、動的にポートを割り当てるデーモンです。認証メカニズムは弱いです。また、制御しているサービスに対して広い範囲のポートを割り当てる機能があります。これらの理由により、セキュアにすることが難しいです。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ NFSv4 はもはやそれを必要としないので、<code class="command">portmap</code> をセキュアにすることは NFSv2 と NFSv3 の導入に対してのみ効果があります。もし NFSv2 または NFSv3 サーバを導入しようとしているならば、<code class="command">portmap</code> が必要となり、以下のセクションが適用されます。
+ </div></div></div><div class="para">
+ もし RPC サービスを実行しているならば、以下の基本的なルールに従います。
+ </div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers">3.2.2.1. TCP Wrappers を用いた portmap の保護</h4></div></div></div><div class="para">
+ 組み込み形式の認証を持たないので、<code class="command">portmap</code> サービスへアクセスするネットワークまたはホストを制限するために、TCP Wrappers を使用することは重要です。
+ </div><div class="para">
+ さらに、サービスへのアクセスを制限するとき、ホスト名を使うのを避け、IP アドレス<span class="emphasis"><em>のみ</em></span>を使います。その理由は、ホスト名は DNS ポイズニングや他の方法により偽造される可能性があるからです。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">3.2.2.2. iptables を用いた portmap の保護</h4></div></div></div><div class="para">
+ <code class="command">portmap</code> サービスへのアクセスをさらに制限するために、サーバに iptables ルールを追加して、特定のネットワークへのアクセスを制限することは、素晴らしいアイディアです。
+ </div><div class="para">
+ 以下は iptables コマンドの2つの例です。1つ目は、192.168.0.0/24 のネットワークから、ポート111(<code class="command">portmap</code> サービスにより使用されます)への TCP 接続を許可します。2つ目は、ローカルホストから同じポートへのアクセスを許可します。これは、<span class="application"><strong>Nautilus</strong></span> により使用される <code class="command">sgi_fam</code> サービスのために必要となります。他のパケットはすべて破棄されます。
+ </div><pre class="screen">iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
+iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT</pre><div class="para">
+ UDP トラフィックを同じように制限するために、以下のコマンドを使用します。
+ </div><pre class="screen">iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ファイアウォールと iptables コマンドの導入に関する詳細は <a class="xref" href="#sect-Security_Guide-Firewalls">「ファイアウォール」</a> を参照してください。
+ </div></div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_NIS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. NIS のセキュア化</h3></div></div></div><div class="para">
+ <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) は <code class="command">ypserv</code> と呼ばれる RPC サービスです。これは、ドメイン内にあることを主張しているすべてのコンピュータへと、ユーザ名、パスワードおよび他の機密情報の対応付けを配布するために、<code class="command">portmap</code> や他の関連するサービスとともに使用されます。
+ </div><div class="para">
+ NIS サーバはいくつかのアプリケーションを包含しています。それらは以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.yppasswdd</code> — <code class="command">yppasswdd</code> サービスとも呼ばれ、このデーモンはユーザーが NIS パスワードを変更できるようにします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.ypxfrd</code> — <code class="command">ypxfrd</code> サービスとも呼ばれ、このデーモンはネットワークにおいて NIS マップを送信する責任があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/yppush</code> — このアプリケーションは変更された NIS データベースを複数の NIS サーバへ伝搬します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/ypserv</code> — これは NIS サーバのデーモンです。
+ </div></li></ul></div><div class="para">
+ NIS は今日の標準によるといくらかセキュアではありません。ホスト認証メカニズムを持たず、暗号化されていないネットワーク上ですべての情報を転送します。結果として、NIS を使用するネットワークをセットアップするとき、極めて注意しなければいけません。NIS のデフォルト設定は本質的にセキュアではないという事実により、さらに複雑になります。
+ </div><div class="para">
+ NIS サーバを導入しようとしている人は、まず <a class="xref" href="#sect-Security_Guide-Server_Security-Securing_Portmap">「Portmap のセキュア化」</a> に示されているように <code class="command">portmap</code> サービスをセキュアにして、その後ネットワーク計画のような以下の問題に取り組むことが推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network">3.2.3.1. ネットワークの注意深い計画</h4></div></div></div><div class="para">
+ NIS はネットワーク上で暗号化せずに秘密情報を転送するので、ファイアウォールの内側で、セグメント化されたセキュアなネットワークにおいてサービスを実行することが重要です。NIS 情報はセキュアではないネットワーク上で転送されるときは必ず、傍受されるリスクがあります。慎重なネットワーク設計が深刻なセキュリティ侵害を防ぐ助けにできます。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用</h4></div></div></div><div class="para">
+ NIS ドメインの中にあるすべてのマシンは、ユーザーが NIS サーバの DNS ホスト名を NIS ドメイン名を知っている限り、認証なしでサーバーから情報を抽出するためのコマンドを使用できます。
+ </div><div class="para">
+ たとえば、誰かがネットワークの中にあるノートPCに接続する、もしくは、外部からネットワーク内に侵入する(かつ内部 IP アドレスを詐称するよう管理する)と、以下のコマンドで <code class="command">/etc/passwd</code> マップを暴露します:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> passwd</pre><div class="para">
+ 攻撃者が root ユーザーならば、以下のコマンドを入力することにより <code class="command">/etc/shadow</code> ファイルを手に入れることができます:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> shadow</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Kerberos を使用していると、<code class="command">/etc/shadow</code> ファイルは NIS マップの中には保存されません。
+ </div></div></div><div class="para">
+ 攻撃者に対して NIS マップへのアクセスを堅牢化するために、<code class="filename">o7hfawtgmhwg.domain.com</code> のようなランダムな文字列を DNS ホスト名のために作成します。同様に、<span class="emphasis"><em>異なる</em></span>ランダムな NIS ドメイン名を作成します。これにより、攻撃者が NIS サーバへアクセスすることがより困難になります。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">3.2.3.3. <code class="filename">/var/yp/securenets</code> ファイルの編集</h4></div></div></div><div class="para">
+ <code class="filename">/var/yp/securenets</code> ファイルが空白または存在しなければ(デフォルト・インストール直後の場合)、NIS はすべてのネットワークを受け付けます。最初にすることは、<code class="command">ypserv</code> が適切なネットワークからのリクエストのみに応答するよう、ネットマスク/ネットワーク ペアを置くことです。
+ </div><div class="para">
+ 以下は <code class="filename">/var/yp/securenets</code> ファイルからのサンプル・エントリです:
+ </div><pre class="screen">255.255.255.0 192.168.0.0</pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 初めてのとき <code class="filename">/var/yp/securenets</code> ファイルを作成せずに NIS サーバを決して起動しないでください。
+ </div></div></div><div class="para">
+ このテクニックは IP 詐称攻撃からの保護を提供しませんが、少なくとも NIS サーバのサービスがどのネットワークにあるかを制限します。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">3.2.3.4. 静的ポートの割り当てと iptables ルールの使用</h4></div></div></div><div class="para">
+ NIS に関連するすべてのサーバは、<code class="command">rpc.yppasswdd</code> — ユーザーがログインパスワードを変更できるようにするデーモン、を除いて特定のポートを割り当てることができます。他の2つの NIS サーバデーモン<code class="command">rpc.ypxfrd</code> と <code class="command">ypserv</code> にポートを割り当てることにより、侵入者から NIS サーバデーモンをさらに保護するためにファイアウォール・ルールを作成できます。
+ </div><div class="para">
+ これをするために、<code class="filename">/etc/sysconfig/network</code> に以下の行を追加します:
+ </div><pre class="screen">YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"</pre><div class="para">
+ そして、以下の iptables ルールは、これらのポートに対してサーバがどのネットワークを待ち受けているかを強制するために使われます。
+ </div><pre class="screen">iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROP
+iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP</pre><div class="para">
+ このことは、リクエストが 192.168.0.0/24 のネットワークからならば、プロトコルに関係なく、ポート834と835への接続だけが許可されることを意味します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ファイアウォールと iptables コマンドの導入に関する詳細は <a class="xref" href="#sect-Security_Guide-Firewalls">「ファイアウォール」</a> を参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">3.2.3.5. Kerberos 認証の使用</h4></div></div></div><div class="para">
+ NIS を認証用に使用するときに検討する問題の1つは、ユーザーがマシンにログインするときは必ず、<code class="filename">/etc/shadow</code> マップからのパスワード・ハッシュがネットワーク上で送られることです。侵入者が NIS ドメインへのアクセスを獲得して、ネットワークのトラフィックを盗聴すると、ユーザー名とパスワード・ハッシュを収集することができます。十分な時間があれば、パスワード解析プログラムは弱いパスワードを推測でき、攻撃者はネットワークにおいて有効なアカウントへのアクセス権を得ることができます。
+ </div><div class="para">
+ Kerberos は秘密鍵暗号を使用するので、パスワード・ハッシュがネットワーク上に送られず、システムをよりもっとセキュアにします。Kerberos の詳細は <a class="xref" href="#sect-Security_Guide-Kerberos">「Kerberos」</a> を参照ください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_NFS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. NFS のセキュア化</h3></div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ Fedora に含まれるバージョンのNFS (NFSv4) は、<a class="xref" href="#sect-Security_Guide-Server_Security-Securing_Portmap">「Portmap のセキュア化」</a>に概要が示されているように <code class="command">portmap</code> サービスをもはや必要としません。NFS トラフィックはすべてのバージョンにおいて UDP より TCP を使用します。NFSv4 を使用するときそれを必要とします。NFSv4 は、<code class="filename">RPCSEC_GSS</code> カーネルモジュールの一部として、Kerberos ユーザーとグループの認証を含みます。Fedora が NFSv2 と NFSv3 をサポートするので(どちらも <code class="command">portmap</code> を利用します)、<code class="command">portmap</code> の情報はまだ含まれています。
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">3.2.4.1. ネットワークの注意深い計画</h4></div></div></div><div class="para">
+ いまや NFSv4 はネットワーク上で Kerberos を用いて暗号化されたすべての情報を受け渡す機能があるので、ファイアウォールの後ろ側もしくはセグメント化されたネットワーク上にあるならば、サービスが正しく設定されることが重要です。NFSv2 と NFSv3 はまだ安全ではなくデータを受け渡します。このことは考慮に入れられるべきです。これらの観点すべてにおいてネットワークを慎重に設計することは、セキュリティ侵害を防ぐ助けにできます。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">3.2.4.2. 構文エラーへの注意</h4></div></div></div><div class="para">
+ NFS サーバは、<code class="filename">/etc/exports</code> ファイルを参照することにより、どのファイルシステムをエクスポートするか、どのホストへとこれらのディレクトリをエクスポートするかを決めます。このファイルを編集するときに、無関係な空白を追加しないよう注意してください。
+ </div><div class="para">
+ たとえば、<code class="filename">/etc/exports</code> ファイルにある以下の行は、ディレクトリ <code class="command">/tmp/nfs/</code> を <code class="command">bob.example.com</code> へと読み書き権付きで共有します。
+ </div><pre class="screen">/tmp/nfs/ bob.example.com(rw)</pre><div class="para">
+ 一方で <code class="filename">/etc/exports</code> ファイルにある以下の行は、同じディレクトリを <code class="computeroutput">bob.example.com</code> へと読み込み権のみ付きで共有します。また、ホスト名の後ろにある1つの空白により、それを読み書き権付きで<span class="emphasis"><em>全体</em></span>に共有します。
+ </div><pre class="screen">/tmp/nfs/ bob.example.com (rw)</pre><div class="para">
+ 何が共有されているかを確認するために、<code class="command">showmount</code> コマンドを用いることにより、設定された NFS 共有すべてを確認することはグッド・プラクティスです。
+ </div><pre class="screen">showmount -e <em class="replaceable"><code><hostname></code></em></pre></div><div class="section" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">3.2.4.3. <code class="command">no_root_squash</code> オプションの未使用</h4></div></div></div><div class="para">
+ デフォルトで NFS 共有は root ユーザーを <code class="command">nfsnobody</code> ユーザー(非特権ユーザーアカウント)に変更します。これにより root が作成したファイルの所有者はすべて <code class="command">nfsnobody</code> に変更されます。ここで、setuid ビットが設定されたプログラムのアップロードは防がれます。
+ </div><div class="para">
+ <code class="command">no_root_squash</code> が使われていると、リモートの root ユーザーが、共有ファイルシステムにあるすべてのファイルを変更でき、他のユーザが不注意で実行するようトロイの木馬により感染されたアプリケーションを置いていけます。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">3.2.4.4. NFS ファイアウォールの設定</h4></div></div></div><div class="para">
+ NFS のために使用されるポートは rpcbind により動的に割り当てられます。それは、ファイアウォール・ルールを作成するときに問題を引き起こす可能性があります。このプロセスを単純化するため、どのポートが使われるかを指定するために <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> ファイルを使用します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">MOUNTD_PORT</code> — mountd (rpc.mountd) 用の TCP および UDP ポート
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">STATD_PORT</code> — status (rpc.statd) 用の TCP および UDP ポート
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_TCPPORT</code> — nlockmgr (rpc.lockd) 用の TCP ポート
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_UDPPORT</code> — nlockmgr (rpc.lockd) 用の UDP ポート
+ </div></li></ul></div><div class="para">
+ 指定されたポート番号はすべての他のサービスにより使用されてはいけません。TCP および UDP ポート 2049 (NFS) と同様、指定されたポート番号を許可するようファイアウォールを設定します。
+ </div><div class="para">
+ どのポートと RPC プログラムが使われているかを確認するために、NFS サーバにおいて <code class="command">rpcinfo -p</code> コマンドを実行します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Apache HTTP Server のセキュア化</h3></div></div></div><div class="para">
+ Apache HTTP Server は、Fedora に同梱されている、最も安定していてセキュアなサービスの1つです。多くのオプションとテクニックが Apache HTTP Server をセキュアにするために利用できます — ここで深く調べるには多すぎます。以下のセクションは Apache HTTP Server を実行するときのベストプラクティスを簡単に説明します。
+ </div><div class="para">
+ システムで実行するスクリプトは本番環境に置く<span class="emphasis"><em>前に</em></span>意図したとおりに動作することを常に確認します。また、root ユーザーのみが、スクリプトや CGI を含むすべてのディレクトリに対する書き込み権限を持つことを確認します。
+ </div><div class="orderedlist"><ol><li class="listitem"><pre class="screen">chown root <em class="replaceable"><code><directory_name></code></em></pre></li><li class="listitem"><pre class="screen">chmod 755 <em class="replaceable"><code><directory_name></code></em></pre></li></ol></div><div class="para">
+ システム管理者が以下の設定オプションを使用するときは注意が必要です (<code class="filename">/etc/httpd/conf/httpd.conf</code> において設定されます):
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><code class="option">FollowSymLinks</code></span></dt><dd><div class="para">
+ このディレクティブはデフォルトで有効です。そのため、ウェブサーバのドキュメントルートにシンボリックリンクを作成するときは確実に注意します。たとえば、<code class="filename">/</code> へのシンボリックリンクを提供することは悪いアイディアです。
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">Indexes</code></span></dt><dd><div class="para">
+ このディレクティブはデフォルトで有効です。しかし、望ましくありません。訪問者がサーバーにあるファイルを探索するのを防ぐため、このディレクティブを削除します。
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">UserDir</code></span></dt><dd><div class="para">
+ システムのユーザーアカウントの存在を確認できるので、<code class="option">UserDir</code> ディレクティブはデフォルトで無効です。サーバーのユーザーディレクトリのブラウジングを有効にするために、以下のディレクティブを使います:
+ </div><pre class="screen">UserDir enabled
+UserDir disabled root</pre><div class="para">
+ これらのディレクティブは <code class="filename">/root/</code> 以外のすべてのユーザーディレクトリに対するユーザー・ディレクトリのブラウジングを有効にします。無効にされたアカウントの一覧にユーザーを追加するには、<code class="option">UserDir disabled</code> 行にスペース区切りでユーザーの一覧を追加します。
+ </div></dd></dl></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="option">IncludesNoExec</code> ディレクティブを削除しないでください。<em class="firstterm">Server-Side Includes</em> (<abbr class="abbrev">SSI</abbr>) モジュールはデフォルトでコマンドを実行できません。潜在的に、攻撃者がシステムにあるコマンドを実行できるようにできるので、絶対に必要にならない限り、この設定を変更しないことを推奨します。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_FTP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. FTP のセキュア化</h3></div></div></div><div class="para">
+ <em class="firstterm">File Transfer Protocol</em> (<abbr class="abbrev">FTP</abbr>) はネットワーク上でファイルを転送するために設計された古い TCP プロトコルです。サーバとのすべてのトランザクション(ユーザー認証を含みます)が暗号化されないので、セキュアではないプロトコルと考えられていて、慎重に設定されるべきです。
+ </div><div class="para">
+ Fedora は3つの FTP サーバを提供します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">gssftpd</code> — ネットワーク上で認証情報を転送しない、Kerberos 対応の <code class="command">xinetd</code> ベースの FTP デーモン
+ </div></li><li class="listitem"><div class="para">
+ <span class="application"><strong>Red Hat Content Accelerator</strong></span> (<code class="command">tux</code>) — FTP 機能を持つカーネル空間のウェブサーバ
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">vsftpd</code> — スタンドアロンの、セキュリティ志向で実装された FTP サービス
+ </div></li></ul></div><div class="para">
+ 以下のセキュリティ・ガイドラインは <code class="command">vsftpd</code> FTP サービスをセットアップするためのものです。
+ </div><div class="section" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner">3.2.6.1. FTP グリーティング・バナー</h4></div></div></div><div class="para">
+ ユーザー名とパスワードを送信する前に、すべてのユーザーはグリーティング・バナーが表示されます。デフォルトで、このバナーはクラッカーがシステムにある弱点を識別するために有効なバージョン情報を含みます。
+ </div><div class="para">
+ <code class="command">vsftpd</code> に対するグリーティング・バナーを変更するには、以下のディレクティブを <code class="filename">/etc/vsftpd/vsftpd.conf</code> ファイルに追加します:
+ </div><pre class="screen">ftpd_banner=<em class="replaceable"><code><insert_greeting_here></code></em></pre><div class="para">
+ 上のディレクティブにある <em class="replaceable"><code><insert_greeting_here></code></em> をグリーティング・メッセージのテキストで置き換えます。
+ </div><div class="para">
+ 複数行のバナーには、バナー・ファイルを使用することが最も良いです。複数のバナーの管理を簡単にするために、<code class="filename">/etc/banners/</code> という新しいディレクトリにすべてのバナーを置きます。この例における FTP 接続に対するバナー・ファイルは <code class="filename">/etc/banners/ftp.msg</code> です。以下はファイルがどのように見えるかの例です:
+ </div><pre class="screen">######### # Hello, all activity on ftp.example.com is logged. #########</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">「TCP Wrappers と接続バナー」</a>で具体化されているように、ファイルの各行を <code class="command">220</code> で始めることは必要ありません。
+ </div></div></div><div class="para">
+ <code class="command">vsftpd</code> に対するこのグリーティング・バナーを参照するには、以下のディレクティブを <code class="filename">/etc/vsftpd/vsftpd.conf</code> ファイルに追加します:
+ </div><pre class="screen">banner_file=/etc/banners/ftp.msg</pre><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">「TCP Wrappers と接続バナー」</a>に記載されているように、TCP Wrappers を使用して入ってくる接続へと追加のメッセージを送ることが可能です。
+ </div></div><div class="section" id="sect-Security_Guide-Securing_FTP-Anonymous_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">3.2.6.2. 匿名アクセス</h4></div></div></div><div class="para">
+ <code class="filename">/var/ftp/</code> ディレクトリの存在により匿名アカウントが有効化されます。
+ </div><div class="para">
+ このディレクトリを作成するもっとも簡単な方法は <code class="filename">vsftpd</code> パッケージをインストールすることです。このパッケージは、匿名ユーザーに対するディレクトリツリーを確立し、匿名ユーザーに対して読み込み専用のパーミッションをそのディレクトリに設定します。
+ </div><div class="para">
+ デフォルトで匿名ユーザーはあらゆるディレクトリに書き込みできません。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ FTP サーバへの匿名アクセスを有効にすると、機密データが保存されている場所に注意してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">3.2.6.2.1. 匿名アップロード</h5></div></div></div><div class="para">
+ 匿名ユーザーがファイルをアップロードできるようにするため、書き込み専用ディレクトリを <code class="filename">/var/ftp/pub/</code> の中に作成することを推奨します。
+ </div><div class="para">
+ これをするために、以下のコマンドを入力します:
+ </div><pre class="screen">mkdir /var/ftp/pub/upload</pre><div class="para">
+ 次に、匿名ユーザーがディレクトリのコンテンツを表示できないよう、パーミッションを変更します。
+ </div><pre class="screen">chmod 730 /var/ftp/pub/upload</pre><div class="para">
+ ディレクトリの long フォーマットの一覧はこのように見えるでしょう:
+ </div><pre class="screen">drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload</pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 匿名ユーザーがディレクトリにおいて読み書きすることを許可する管理者は、しばしばそれらのサーバーが盗難されたソフトウェアの保管庫になっていることを見つけます。
+ </div></div></div><div class="para">
+ 加えて、<code class="command">vsftpd</code> の下で、以下の行を <code class="filename">/etc/vsftpd/vsftpd.conf</code> ファイルに追加します:
+ </div><pre class="screen">anon_upload_enable=YES</pre></div></div><div class="section" id="sect-Security_Guide-Securing_FTP-User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">3.2.6.3. ユーザー・アカウント</h4></div></div></div><div class="para">
+ FTP は認証のためにセキュアではないネットワーク上に暗号化されていないユーザー名とパスワードを送信するので、それらのユーザー・アカウントからサーバーへのアクセスを拒否することは素晴らしいアイディアです。
+ </div><div class="para">
+ <code class="command">vsftpd</code> においてすべてのユーザー・アカウントを無効にするため、以下のディレクティブを <code class="filename">/etc/vsftpd/vsftpd.conf</code> に追加します:
+ </div><pre class="screen">local_enable=NO</pre><div class="section" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts">3.2.6.3.1. ユーザー・アカウントの制限</h5></div></div></div><div class="para">
+ root ユーザーや <code class="command">sudo</code> 特権を持つユーザーのような、特定のアカウントもしくはアカウントの特定のグループを無効にするために、最も簡単な方法は<a class="xref" href="#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">「PAM を用いた root の無効化」</a>に記載されている PAM リスト・ファイルを使用することです。<code class="command">vsftpd</code> 用の PAM 設定ファイルは <code class="filename">/etc/pam.d/vsftpd</code> です。
+ </div><div class="para">
+ 各サービスにおいてユーザーアカウントを直接無効化することもできます。
+ </div><div class="para">
+ <code class="command">vsftpd</code> において特定のアカウントを無効にするには、ユーザー名を <code class="filename">/etc/vsftpd.ftpusers</code> に追加します
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">3.2.6.4. アクセス制御のための TCP Wrappers の使用</h4></div></div></div><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">「TCP Wrappres を用いたセキュリティの強化」</a> に概要が示されているように、FTP デーモンへのアクセスを制御するために TCP Wrappers を使用します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Sendmail のセキュア化</h3></div></div></div><div class="para">
+ Sendmail は、他の MTA と email クライアントや配送エージェントとの間で電子メッセージを配送するために Simple Mail Transfer Protocol (SMTP) を使用する Mail Transfer Agent (MTA) です。多くの MTA はもう一方との間のトラフィックを暗号化する機能がありますが、多くはそうしないので、あらゆるパブリック・ネットワーク上で email を送信することは、本質的にセキュアではないコミュニケーションの形式であると考えられています。
+ </div><div class="para">
+ Sendmail サーバを導入しようしている人は以下の問題に取り組むことが推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">3.2.7.1. サービス妨害攻撃の制限</h4></div></div></div><div class="para">
+ email の特性のため、本気になった攻撃者は、極めて簡単にメールを用いてサーバをあふれさせ、サービス妨害を引き起こすことができます。<code class="filename">/etc/mail/sendmail.mc</code> において以下のディレクティブに制限を設定することにより、そのような攻撃者を制限する効果があります。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">confCONNECTION_RATE_THROTTLE</code> — サーバが1秒当たりに受け付ける接続数。デフォルトで、Sendmail は接続数を制限しません。制限が設定され、制限に達すると、さらなる接続は遅延させられます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_DAEMON_CHILDREN</code> — サーバにより生成される子プロセスの最大数。デフォルトで、Sendmail は子プロセスの数の制限を割り当てません。制限が設定され、制限に達すると、さらなる接続は遅延させられます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMIN_FREE_BLOCKS</code> — メールを受け付けるためにサーバが利用可能でなければいけない空きブロックの最小数。デフォルトは 100 ブロックです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_HEADERS_LENGTH</code> — メッセージ・ヘッダの受信可能な最大容量(バイト単位)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_MESSAGE_SIZE</code> — 1つのメッセージの受信可能な最大容量(バイト単位)。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">3.2.7.2. NFS と Sendmail</h4></div></div></div><div class="para">
+ メールスプールのディレクトリ <code class="filename">/var/spool/mail/</code> を NFS 共有ボリュームに置いてはいけません。
+ </div><div class="para">
+ NFSv2 と NFSv3 はユーザーとグループの ID で制御されないので、2人以上のユーザーが同じ UID を持ち、それぞれ他のメールを受け取り、読む可能性があります。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Kerberos を用いる NFSv4 を使用していると、<code class="filename">SECRPC_GSS</code> カーネル・モジュールは UID ベースの認証を利用しないので、これは該当しません。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">3.2.7.3. メール専用ユーザー</h4></div></div></div><div class="para">
+ Sendmail サーバにおいてローカルユーザーがエクスプロイットするのを防ぐ助けにするため、メールのユーザーは email プログラムを用いて Sendmail サーバのみにアクセスすることが最善です。メールサーバにおけるシェル・アカウントは許可されるべきではなく、<code class="filename">/etc/passwd</code> におけるユーザー・シェルはすべて <code class="command">/sbin/nologin</code> に設定されるべきです(root ユーザーを除いて)。
+ </div></div></div><div class="section" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. リッスンしているポートの確認</h3></div></div></div><div class="para">
+ ネットワーク・サービスを設定した後、システムのネットワーク・インタフェースにおいて実際にどのポートがリッスンしているかに注意することは重要です。すべての開いているポートは侵入の兆候になる可能性があります。
+ </div><div class="para">
+ ネットワークにおいて待ち受けているポートを一覧化するための基本的なアプローチが2つあります。より信頼できないアプローチは、<code class="command">netstat -an</code> や <code class="command">lsof -i</code> のようなコマンドを用いてネットワーク・スタックを問い合わせることです。これらのプログラムはネットワークからマシンへ接続しないので、この方法はより信頼できませんが、システムにおいて実行しているものをよりチェックできます。そのため、これらのアプリケーションは頻繁に攻撃者により置き換えられる対象になります。攻撃者が認可されていないネットワーク・ポートを開くならば、<code class="command">netstat</code> と <code class="command">lsof</code> を自分自身の改変したバージョンに置き換えることにより、その痕跡を隠そうと
します。
+ </div><div class="para">
+ ネットワークにおいてどのポートがリッスンしているかを確認するためのより信頼できる方法は、<code class="command">nmap</code> のようなポート・スキャナーを使用することです。
+ </div><div class="para">
+ コンソールから実行される以下のコマンドは、どのポートがネットワークからの TCP 接続を待ち受けているかを決めます:
+ </div><pre class="screen">nmap -sT -O localhost</pre><div class="para">
+ このコマンドの出力は以下のように表示されます:
+ </div><pre class="screen">Starting Nmap 4.68 ( http://nmap.org ) at 2009-03-06 12:08 EST
+Interesting ports on localhost.localdomain (127.0.0.1):
+Not shown: 1711 closed ports
+PORT STATE SERVICE
+22/tcp open ssh
+25/tcp open smtp
+111/tcp open rpcbind
+113/tcp open auth
+631/tcp open ipp
+834/tcp open unknown
+2601/tcp open zebra
+32774/tcp open sometimes-rpc11
+Device type: general purpose
+Running: Linux 2.6.X
+OS details: Linux 2.6.17 - 2.6.24
+Uptime: 4.122 days (since Mon Mar 2 09:12:31 2009)
+Network Distance: 0 hops
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 1.420 seconds</pre><div class="para">
+ この出力は、<code class="computeroutput">sunrpc</code> の存在により、システムが <code class="command">portmap</code> を実行していることを示しています。しかしながら、ポート834に謎のサービスがあります。そのポートが既知のサービスの公式な一覧に関連づけられるかを確認するため、次を入力します:
+ </div><pre class="screen">cat /etc/services | grep 834</pre><div class="para">
+ このコマンドは何も出力しません。このことは、ポートが予約済み範囲(0から1023を意味します)にあり、開くために root アクセスが必要であり、既知のサービスに関連づけられていないことを意味します。
+ </div><div class="para">
+ 次に、<code class="command">netstat</code> または <code class="command">lsof</code> を用いてポートに関する情報を確認します。<code class="command">netstat</code> を用いてポート834を確認するために、以下のコマンドを使用します:
+ </div><pre class="screen">netstat -anp | grep 834</pre><div class="para">
+ コマンドは以下の出力を返します:
+ </div><pre class="screen">tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind</pre><div class="para">
+ 攻撃者が侵入したホストにおいて密かに開けたポートが、このコマンドにより明らかにされないかもしれないので、<code class="command">netstat</code> で開いているポートの存在を再確認します。また、<code class="option">[p]</code> オプションは、ポートを開いているサービスのプロセス ID (PID) を明らかにします。この場合、開いているポートは <code class="command">ypbind</code> (<abbr class="abbrev">NIS</abbr>) に属しています。これは、<code class="command">portmap</code> サービスとともに取り扱われる <abbr class="abbrev">RPC</abbr> サービスです。
+ </div><div class="para">
+ <code class="command">lsof</code> コマンドは、開いているポートをサービスと対応される機能もあるので、<code class="command">netstat</code> と同じような情報を明らかにします。
+ </div><pre class="screen">lsof -i | grep 834</pre><div class="para">
+ このコマンドからの出力の関連する部分は次のようです:
+ </div><pre class="screen">ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)</pre><div class="para">
+ これらのツールは、マシンで実行しているサービスの状態に関する詳細を非常に明らかにします。これらのツールは、柔軟であり、ネットワーク・サービスと設定に関する豊かな情報を提供します。詳細は <code class="command">lsof</code>, <code class="command">netstat</code>, <code class="command">nmap</code>, および <code class="filename">services</code> のマニュアルページを参照してください。
+ </div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Single_Sign_on_SSO" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. 概要</h3></div></div></div><div class="para">
+ Fedora の SSO 機能は Fedora デスクトップのユーザーがパスワードを入力しなければいけない回数を減らします。いくつかの有名なアプリケーションは、ユーザーがログイン画面から Fedora にログインでき、パスワードを再入力する必要がないよう、同じ基礎となる認証と認可のメカニズムを導入します。これらのアプリケーションは以下で詳しく説明されます。
+ </div><div class="para">
+ さらに、ネットワークがないとき(<em class="firstterm">オフライン・モード</em>)やネットワーク接続性が信頼できないところ(たとえば、無線アクセス)でさえ、それらのメカニズムにログインすることができます。後者の場合、サービスは緩やかに機能を下げていきます。
+ </div><div class="section" id="sect-Security_Guide-Introduction-Supported_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Applications">3.3.1.1. サポートされるアプリケーション</h4></div></div></div><div class="para">
+ 以下のアプリケーションは Fedora における単一ログインのスキームを現在サポートしています:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ログイン
+ </div></li><li class="listitem"><div class="para">
+ スクリーンセーバー
+ </div></li><li class="listitem"><div class="para">
+ Firefox および Thunderbird
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">3.3.1.2. サポートされる認証メカニズム</h4></div></div></div><div class="para">
+ Fedora は以下の認証メカニズムを現在サポートしています:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ケルベロス名/パスワードログイン
+ </div></li><li class="listitem"><div class="para">
+ スマートカード/PIN ログイン
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Smart_Cards"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Smart_Cards">3.3.1.3. サポートされるスマートカード</h4></div></div></div><div class="para">
+ Fedora は Cyberflex e-gate カードとリーダを用いてテストされていますが、Java card 2.1.1 および Global Platform 2.0.1 仕様の両方を用いて組み立てられているすべてのカードは、すべてのリーダが PCSC-lite によりサポートされているので、正しく動作するでしょう。
+ </div><div class="para">
+ Fedora は Common Access Cards (CAC) を用いてもテストされています。CAC 用にサポートされるリーダは SCM SCR 331 USB リーダです。
+ </div><div class="para">
+ Fedora 5.2 現在、Gemalto smart cards (Cyberflex Access 64k v2, PKCSI v2.1 で設定された DER SHA1 値を持つ標準) がサポートされます。これらのスマートカードは、Chip/Smart Card Interface Devices (CCID) と互換のあるリーダを使用します。
+ </div></div><div class="section" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">3.3.1.4. Fedora Single Sign-on の利点</h4></div></div></div><div class="para">
+ 現在、多くのプロトコルやクレディンシャル保管庫を利用する、多くのセキュリティ・メカニズムが存在します。例は、SSL, SSH, IPsec, および Kerberos を含みます。Fedora SSO は上でリストされた要求事項をサポートするために、これらのスキーマを単一化することを目標としています。X.509v3 証明書を用いた Kerberos を置き換えることを意味するわけではありません。むしろ、それらを管理しているシステムユーザーや管理者の負担を減らすために、それらを一体化させることを意味します。
+ </div><div class="para">
+ この目標を達成するために、Fedora は:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 各オペレーティングシステムにおいて単一の、共有された NSS 暗号ライブラリのインスタンスを提供します。
+ </div></li><li class="listitem"><div class="para">
+ 基本オペレーティングシステムに証明書システムの Enterprise Security Client (ESC) を同梱します。ESC アプリケーションは、スマートカードの挿入イベントを監視しています。Fedora Certificate System サーバ製品とともに使用されるよう設計されているスマートカードをユーザーが挿入したことを検知すると、ユーザーにスマートカードを登録する方法を説明するユーザーインタフェースが表示されます。
+ </div></li><li class="listitem"><div class="para">
+ スマートカードを用いてオペレーティングシステムにログインするユーザが、Kerberos クレディンシャル(ファイルサーバにログインできるようにする、など)も取得できるよう、Kerberos と NSS を一体化します。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. 新しいスマートカードの開始方法</h3></div></div></div><div class="para">
+ システムにログインするためにスマートカードを使用でき、この技術が提供する増やされたセキュリティ・オプションの利点を得られる前に、いくつかの基本的なインストールと設定手順を実行する必要があります。これらは以下で説明されます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ このセクションは、スマートカードの始め方を高いレベルでの概要を提供します。より詳細な情報は Red Hat Certificate System Enterprise Security Client Guide において入手可能です。
+ </div></div></div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Kerberos 名とパスワードを用いてログインします。
+ </div></li><li class="step"><div class="para">
+ <code class="filename">nss-tools</code> パッケージがロードされていることを確実にします。
+ </div></li><li class="step"><div class="para">
+ あなたの組織固有のルート証明書をダウンロードしてインストールします。ルート CA 証明書をインストールするために以下のコマンドを使用します:
+ </div><pre class="screen">certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i ./ca_cert_in_base64_format.crt</pre></li><li class="step"><div class="para">
+ システムにインストールされた次の RPM を検証します: esc, pam_pkcs11, coolkey, ifd-egate, ccid, gdm, authconfig, および authconfig-gtk。
+ </div></li><li class="step"><div class="para">
+ スマートカード・ログインのサポートを有効にします
+ </div><ol class="a"><li class="step"><div class="para">
+ Gnome のタイトル・バーにおいて、システム -> 管理 -> 認証を選択します。
+ </div></li><li class="step"><div class="para">
+ 必要に応じてマシンの root パスワードを入力します。
+ </div></li><li class="step"><div class="para">
+ 認証の設定ダイアログにおいて、<span class="guilabel"><strong>認証</strong></span>タブをクリックします。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>スマートカードのサポートを有効にする</strong></span>チェックボックスを選択します。
+ </div></li><li class="step"><div class="para">
+ スマートカードの設定ダイアログを表示するために <span class="guibutton"><strong>スマートカードを設定する...</strong></span> をクリックして、必要な設定を指定します:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ログインのためにスマートカードを要求する</strong></span> — このチェックボックスを外します。スマートカードを用いて正常にログインした後で、ユーザーがスマートカードなしでログインするを防ぐためにこのオプションを選択します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>カード抜き取り時の動作</strong></span> — これにより、ログインした後にスマートカードを抜いたときに何が起きるかを制御します。
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ロック</strong></span> — スマートカードを抜いたときに X 画面をロックします。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>無視</strong></span> — スマートカードを抜いても何もしません。
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </div></li></ol></li><li class="step"><div class="para">
+ Online Certificate Status Protocol (<abbr class="abbrev">OCSP</abbr>) を有効にする必要があるなら、<code class="filename">/etc/pam_pkcs11/pam_pkcs11.conf</code> ファイルを開いて、以下の行を探します:
+ </div><div class="para">
+ <code class="command">enable_ocsp = false;</code>
+ </div><div class="para">
+ 次のように、この値を true に変更します:
+ </div><div class="para">
+ <code class="command">enable_ocsp = true;</code>
+ </div></li><li class="step"><div class="para">
+ スマートカードを登録します
+ </div></li><li class="step"><div class="para">
+ CAC カードを使用しているならば、以下の手順も実行する必要があります:
+ </div><ol class="a"><li class="step"><div class="para">
+ root アカウントに変更して、<code class="filename">/etc/pam_pkcs11/cn_map</code> というファイルを作成します。
+ </div></li><li class="step"><div class="para">
+ 以下のエントリを <code class="filename">cn_map</code> ファイルに追加します:
+ </div><div class="para">
+ <em class="replaceable"><code>MY.CAC_CN.123454</code></em> -> <em class="replaceable"><code>myloginid</code></em>
+ </div><div class="para">
+ ここで、<em class="replaceable"><code>MY.CAC_CN.123454</code></em> は CAC の Common Name、<em class="replaceable"><code>myloginid</code></em> は UNIX ログイン ID です。
+ </div></li></ol></li><li class="step"><div class="para">
+ ログアウトします
+ </div></li></ol></div><div class="section" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting">3.3.2.1. トラブルシューティング</h4></div></div></div><div class="para">
+ スマートカードを動作させるためにトラブルに遭遇したら、問題のある箇所を特定するために次のコマンドを試してください。
+ </div><pre class="screen">pklogin_finder debug</pre><div class="para">
+ 登録されたスマートカードがプラグインされている間、デバッグモードで <code class="command">pklogin_finder</code> ツールを実行するならば、カードにある証明書からログイン ID を対応づけることがうまくいくと、証明書の検証に関する情報を出力しようとします。
+ </div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. スマートカードの登録はどのように動作しますか</h3></div></div></div><div class="para">
+ スマートカードは有効な認証局 (<abbr class="abbrev">CA</abbr>: Certificate Authority) により署名された適切な証明書を受け取ったとき、<em class="firstterm">登録</em>されたと言われます。これは以下で説明されるいくつかの手順に関連します。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ ユーザーがワークステーションのスマートカードリーダにスマートカードを挿入します。このイベントは Enterprise Security Client (<abbr class="abbrev">ESC</abbr>) により認識されます。
+ </div></li><li class="listitem"><div class="para">
+ 登録ページがユーザーのデスクトップに表示されます。ユーザーは必要な詳細とユーザーのシステムを完了します。そして、Token Processing System (<abbr class="abbrev">TPS</abbr>) および <abbr class="abbrev">CA</abbr> に接続します。
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">TPS</abbr> は <abbr class="abbrev">CA</abbr> により署名された証明書を使用してスマートカードを登録します。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Enrollment_Works-How_Smart_Card_Enrollment_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLoginEnrollment.png" width="444" alt="スマートカードの登録はどのように動作しますか" /><div class="longdesc"><div class="para">
+ スマートカードの登録はどのように動作しますか。
+ </div></div></div></div><h6>図3.4 スマートカードの登録はどのように動作しますか</h6></div><br class="figure-break" /></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. スマートカードのログインはどのように動作しますか</h3></div></div></div><div class="para">
+ このセクションは、スマートカードを用いたログインの流れについて簡単な概要を提供します。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ ユーザーがスマートカードリーダの中にスマートカードを挿入したとき、このイベントが PAM ファシリティにより認識されます。ここで、ユーザーの PIN に対するプロンプトが出ます。
+ </div></li><li class="listitem"><div class="para">
+ その後、システムはユーザーの現在の証明書を探して、それらの有効性を検証します。そして、証明書はユーザーの UID に対応づけられます。
+ </div></li><li class="listitem"><div class="para">
+ これは KDC に対して検証され、ログインが許可されます。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Login_Works-How_Smart_Card_Login_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLogin.png" width="444" alt="スマートカードのログインはどのように動作しますか" /><div class="longdesc"><div class="para">
+ スマートカードのログインはどのように動作しますか。
+ </div></div></div></div><h6>図3.5 スマートカードのログインはどのように動作しますか</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ フォーマットされていたとしても、登録されていないスマートカードを用いてログインすることはできません。フォーマットされ、登録されたカードを用いてログインする必要があります、もしくは新しいカードを登録できるまではスマートカードを用いたログインはできません。
+ </div></div></div><div class="para">
+ Kerberos と <acronym class="acronym">PAM</acronym> に関する詳細は <a class="xref" href="#sect-Security_Guide-Kerberos">「Kerberos」</a> および <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM">「Pluggable Authentication Modules (PAM)」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</h3></div></div></div><div class="para">
+ Firefox がシングルサインオンのために Kerberos を使用するよう設定できます。この機能を正しく動作させるために、Kerberos クレディンシャルを適切な <abbr class="abbrev">KDC</abbr> に送るようウェブブラウザを設定する必要があります。以下のセクションは、これを実現するために、設定の変更点と他の必要事項を説明しています。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Firefox のアドレスバーに、現在の設定オプションの一覧を表示するために <strong class="userinput"><code>about:config</code></strong> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>フィルタ</strong></span> フィールドに、オプションの一覧を制限するために <strong class="userinput"><code>negotiate</code></strong> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>文字列の入力</em></span>ダイアログボックスを表示するために <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> エントリをダブルクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 認証したいドメイン名を入力します。たとえば、<em class="replaceable"><code>.example.com</code></em> です。
+ </div></li><li class="listitem"><div class="para">
+ 上の手順を <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> エントリに対しても、同じドメインを用いて繰り返します。
+ </div><div class="para">
+ <div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 必要とされない Kerberos チケットをパスできるよう、この値を空白にしたままにできます。
+ </div><div class="para">
+ 表示されたこれら2つの設定オプションが見当たらないならば、Firefox のバージョンが Negotiate 認証をサポートしていない古すぎるバージョンである可能性があります。更新を検討すべきです。
+ </div></div></div>
+
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Configuring_Firefox_for_SSO_with_Kerberos"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firefox_kerberos_SSO.png" width="444" alt="Kerberos を用いた SSO 用に Firefox を設定" /><div class="longdesc"><div class="para">
+ SSO 用に Kerberos を使用するよう Firefox を設定します。
+ </div></div></div></div><h6>図3.6 Kerberos を用いた SSO 用に Firefox を設定</h6></div><br class="figure-break" /><div class="para">
+ Kerberos チケットを持っていることを確実にする必要があります。コマンドシェルにおいて、Kerberos チケットを読み出すために <code class="command">kinit</code> と入力します。利用可能なチケットの一覧を表示するために、<code class="command">klist</code> と入力します。以下は、これらのコマンドの出力例を示しています:
+ </div><pre class="screen">[user at host ~] $ kinit
+Password for user at EXAMPLE.COM:
+
+[user at host ~] $ klist
+Ticket cache: FILE:/tmp/krb5cc_10920
+Default principal: user at EXAMPLE.COM
+
+Valid starting Expires Service principal
+10/26/06 23:47:54 10/27/06 09:47:54 krbtgt/USER.COM at USER.COM
+ renew until 10/26/06 23:47:54
+
+Kerberos 4 ticket cache: /tmp/tkt10920
+klist: You have no tickets cached</pre><div class="section" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting">3.3.5.1. トラブルシューティング</h4></div></div></div><div class="para">
+ 上の設定手順にしたがっても Negotiate 認証がうまく動作しないならば、認証プロセスの冗長なログを有効にします。これにより、問題の原因を見つける助けになります。冗長なログを有効にするために、以下の手順を使用します:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Firefox のインスタンスをすべて閉じます。
+ </div></li><li class="listitem"><div class="para">
+ コマンドシェルを開いて、以下のコマンドを入力します:
+ </div><pre class="screen">export NSPR_LOG_MODULES=negotiateauth:5
+export NSPR_LOG_FILE=/tmp/moz.log</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>そのシェルから</em></span> Firefox を再起動して、前に認証できなかったウェブサイトを訪問します。情報が <code class="filename">/tmp/moz.log</code> に記録され、問題へのヒントを与えるかもしれません。たとえば:
+ </div><pre class="screen">-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
+-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
+No credentials cache found</pre><div class="para">
+ これは Kerberos チケットを持っていないことを意味します。<code class="command">kinit</code> を実行する必要があります。
+ </div></li></ol></div><div class="para">
+ マシンから正常に <code class="command">kinit</code> が実行できても、認証がうまくいかないならば、ログファイルにあるこのようなものを見かけるかもしれません:
+ </div><pre class="screen">-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
+-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
+Server not found in Kerberos database</pre><div class="para">
+ これは一般的な Kerberos の設定問題を意味します。<code class="filename">/etc/krb5.conf</code> ファイルの [domain_realm] セクションに正しいエントリを持つことを確実にします。たとえば:
+ </div><pre class="screen">.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ ログに何も表示されない場合、プロキシの内側にいる可能性があります。プロキシは Negotiate 認証に必要となる HTTP リクエストヘッダを取り除きます。回避策として、リクエストが変更されずに通過できるよう、代わりに HTTPS を使用しているサーバに接続を試してみることができます。そして、上で説明されたように、ログファイルを使用してデバッグを進めます。
+ </div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Yubikey" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Yubikey">3.4. YubiKey</h2></div></div></div><div class="para">
+ YubiKey は、動作のためにオープンソースソフトウェアを利用している、ハードウェア認証トークンです。このトークンは、コンピューターへキーボードとして現れる単なる USB デバイスです。トークンの1つのボタンは押すたびに、ユーザーを認証するために使われるワンタイムパスワード(OTP)を提供します。現在、ここで取り扱うこのソリューションは、いくつかの異なる実装があります。
+ </div><div class="section" id="sect-Security_Guide-Yubikey-Centralized_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. センター・サーバーを用いた YubiKey の使用</h3></div></div></div><div class="para">
+ 認証サーバーに問い合わせることができるようにする、コンピューターの認証を許可する PAM モジュールが、すでに Fedora リポジトリに存在します。サーバーは、ドメインのレベルでセットアップすることも、Yubico のサーバーを利用することもできます。この認証の方法は、ドメインにおいて複数のユーザーが複数のコンピューターにアクセスする必要がある、エンタープライズの素晴らしいソリューションです。以下の手順はこのセットアップを説明します。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Install <span class="package">pam_yubico</span>
+ </div></li><li class="step"><div class="para">
+ 二要素認証のために <code class="filename">/etc/pam.d/gdm-password</code> を開き、以下の位置を探します:
+ </div><div class="para">
+ <code class="command">auth substack password-auth </code>
+ </div><div class="para">
+ この後ろの新しい行に、次を追加します:
+ </div><div class="para">
+ <code class="command">auth sufficient pam_yubico.so id=16</code>
+ </div></li><li class="step"><div class="para">
+ パスワード認証なしで YubiKey トークンを単独で使用するために、上の手順から最初の行を削除して、2番目のもので置き換えます。
+ </div></li><li class="step"><div class="para">
+ YubiKey を初めて追加するために YubiKey トークンを置きます。すべての OTP の最初の12文字を見るか、または <a href="http://radius.yubico.com/demo/Modhex_Calculator.php"><em class="citetitle">http://radius.yubico.com/demo/Modhex_Calculator.php</em></a> を訪問して、ページにあるテキストボックスの中に OTP を入力した後 Modhex エンコードされた文字列をコピーすることにより、これがなされます。
+ </div></li><li class="step"><div class="para">
+ ユーザーの YubiKey を設定ファイルに追加します。<code class="filename">/etc/yubikey_mapping</code> においてグローバルに、もしくは<code class="filename">~/.yubico/authorized_yubikeys</code> において個々のユーザーにより、これがなされます。以下はその構文です:
+ </div><div class="para">
+ <code class="command">username:yubikey_token:another_yubikey_token</code>
+ </div></li><li class="step"><div class="para">
+ ログアウトします。再びログインしようとするとき、システムをどのように設定したかにより、パスワードと YubiKey OTP、または両方ともを入力するようプロンプトが出ます。
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 認証サーバーへの接続が要求されます、もしくは正しく認証されないでしょう。これは、安定したネットワーク接続性をもたないシステムにとって有害でしょう。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Yubikey-Web_Sites"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Web_Sites">3.4.2. YubiKey を用いたウェブサイトの認証</h3></div></div></div><div class="para">
+ このガイドの範囲外ではありますが、YubiKey はこの認証方法をサポートするウェブサイトへ認証するようにできます。これらのウェブサイトは一般的に Yubico の認証サーバーをサポートしますが、いくつかは上のセンターサーバーと同じようにセットアップすることができます。Yubico は、特定のウェブサイトで利用されている OpenID サービスも提供します。
+ </div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</h2></div></div></div><div class="para">
+ ユーザーがシステムにアクセスするのを認可するプログラムは、お互いのアイデンティティを確認するために(つまり、ユーザーがユーザーであるとわかることを証明するために)、<em class="firstterm">認証</em>を使用します。
+ </div><div class="para">
+ 歴史的に、各プログラムはユーザーを認証する自身の方法を持ちます。Fedora において、多くのプログラムは <em class="firstterm">Pluggable Authentication Modules</em> (<acronym class="acronym">PAM</acronym>) と呼ばれる集中化した認証メカニズムを使用するよう設定されています。
+ </div><div class="para">
+ PAM は抜き差し可能な、モジュール型のアーキテクチャを使用します。それは、システム管理者がシステムに対して認証ポリシーを設定することにおいて非常に大きな柔軟性を与えます。
+ </div><div class="para">
+ 多くの状況において、PAM 対応のアプリケーションに対してデフォルトの PAM 設定は十分です。しかしながら、ときどき、PAM 設定ファイルを編集する必要があります。PAM の設定誤りはシステムのセキュリティを危険にさらす可能性があるので、変更を始める前にこれらのファイルの構造を理解することは重要です。詳細は <a class="xref" href="#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">「PAM 設定ファイルの形式」</a> を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. PAM の利点</h3></div></div></div><div class="para">
+ PAM は以下の利点を提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 幅広い種類のアプリケーションで使うことができる一般的な認証スキーマ。
+ </div></li><li class="listitem"><div class="para">
+ システム管理者とアプリケーション開発者の双方に対して認証についての重要な柔軟性と制御。
+ </div></li><li class="listitem"><div class="para">
+ プログラマがプログラムを書くためにそれ自身の認証スキーマを作成しなくて済むようにする1つの完全にドキュメント化されたライブラリ。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM 設定ファイル</h3></div></div></div><div class="para">
+ <code class="filename">/etc/pam.d/</code> ディレクトリは、PAM 対応の各アプリケーションに対する PAM 設定ファイルを含みます。PAM の以前のバージョンでは、<code class="filename">/etc/pam.conf</code> ファイルが使われましたが、いまや不当とされ、 <code class="filename">/etc/pam.d/</code> ディレクトリが存在しない場合のみ使用されます。
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">3.5.2.1. PAM サービス・ファイル</h4></div></div></div><div class="para">
+ 各 PAM 対応アプリケーションまたは<em class="firstterm">サービス</em> は <code class="filename">/etc/pam.d/</code> ディレクトリにファイルを持ちます。このディレクトリにある各ファイルは、それがアクセスを制御するサービスと同じ名前を持ちます。
+ </div><div class="para">
+ PAM 対応プログラムは、そのサービスを定義して、<code class="filename">/etc/pam.d/</code> ディレクトリにそれ自身の PAM 設定ファイルをインストールする責任があります。たとえば、<code class="command">login</code> プログラムはそのサービス名を <code class="command">login</code> として定義し、<code class="filename">/etc/pam.d/login</code> PAM 設定ファイルをインストールします。
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM 設定ファイルの形式</h3></div></div></div><div class="para">
+ 各 PAM 設定ファイルは以下のようにフォーマットされたディレクティブのグループを含みます:
+ </div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em></pre><div class="para">
+ これらの要素はそれぞれ以下のセクションにおいて説明されます。
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface">3.5.3.1. モジュール・インタフェース</h4></div></div></div><div class="para">
+ PAM モジュール・インタフェースは現在4種類が利用可能です。これらはそれぞれ認可プロセスの異なる観点に対応します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">auth</code> — このモジュール・インタフェースはユーザーを認証します。たとえば、パスワードの正当性を要求して検証します。このインタフェースを持つモジュールは、グループのメンバーシップや Kerberos チケットのような、クレディンシャルもセットします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account</code> — このモジュール・インタフェースはアクセスが許可されていることを検証します。たとえば、ユーザー・アカウントが期限切れかどうか、またはユーザーが特定の期間にログインを許可されているかどうかをチェックします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password</code> — このモジュール・インタフェースはユーザーのパスワードを変更するために使われます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">session</code> — このモジュール・インタフェースは、ユーザーのセッションを設定して管理します。このインタフェースを持つモジュールは、ユーザーのホームディレクトリをマウントしたり、ユーザーのメールボックスを作成したりするような、アクセスを許可するために必要とされる追加のタスクも実行できます。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ それぞれのモジュールは、何らかのもしくはすべてのモジュール・インタフェースを提供できます。たとえば、<code class="filename">pam_unix.so</code> は全4つのモジュール・インタフェースを提供します。
+ </div></div></div><div class="para">
+ PAM 設定ファイルにおいて、モジュール・インタフェースは第1フィールドに定義されます。たとえば、設定における典型的な行はこのように見えます:
+ </div><pre class="screen">auth required pam_unix.so</pre><div class="para">
+ これは PAM が <code class="filename">pam_unix.so</code> モジュールの <code class="command">auth</code> インタフェースを使用するよう指示します。
+ </div><div class="section" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces">3.5.3.1.1. モジュール・インタフェースのスタック</h5></div></div></div><div class="para">
+ モジュール・インタフェースのディレクティブは、複数のモジュールが1つの目的のために一緒に使えるよう、<span class="emphasis"><em>スタック</em></span> できます、もしくはお互いに重ねておくことができます。モジュールの制御フラグが "sufficient" または "requisite" 値(これらのフラグの詳細については <a class="xref" href="#sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">「制御フラグ」</a> を参照してください。)を使うならば、どのモジュールがリストされるかの順番は認証プロセスにとって重要です。
+ </div><div class="para">
+ スタックすることは、ユーザーが認証を許可される前に存在するために、管理者が特定の条件を要求することを簡単にします。たとえば、<code class="command">reboot</code> コマンドは普通、PAM 設定ファイルに見られるように、いくつかのスタックされたモジュールを使用します。
+ </div><pre class="screen">[root at MyServer ~]# cat /etc/pam.d/reboot
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_console.so
+#auth include system-auth
+account required pam_permit.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 1行目はコメントであり、処理されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth sufficient pam_rootok.so</code> — この行は、UID を確認することにより、現在のユーザーが root であるかどうかをチェックするために <code class="filename">pam_rootok.so</code> モジュールを使用します。このテストが成功すると、他のモジュールは参照されず、コマンドが実行されます。このテストが失敗すると、次のモジュールが参照されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_console.so</code> — この行は、ユーザーを認証する試行のために <code class="filename">pam_console.so</code> モジュールを使用します。ユーザーがすでにコンソールにログインしていると、<code class="filename">pam_console.so</code> は <code class="filename">/etc/security/console.apps/</code> ディレクトリにサービス名 (reboot) と同じ名前を持つファイルがあるかどうかをチェックします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">#auth include system-auth</code> — この行はコメントされ、処理されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_permit.so</code> — この行は、コンソールにログインしている root ユーザーまたは誰かがシステムを再起動できるようにするために <code class="filename">pam_permit.so</code> モジュールを使用します。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">3.5.3.2. 制御フラグ</h4></div></div></div><div class="para">
+ すべての PAM モジュールは、呼び出されたときに成功または失敗の結果を生成します。制御フラグは結果とともに何を実行するかを PAM に教えます。モジュールは特定の順番でスタックされ、制御フラグは特定のモジュールの成功または失敗が、サービスへとユーザーを認証する目標全体にとって、どのくらい重要であるかを決めます。
+ </div><div class="para">
+ 事前定義済みの制御フラグが4つあります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">required</code> — モジュールは、認証を続けるために必ず成功しなければいけません。テストがここで失敗すると、すべてのモジュールの結果がインタフェースが完了するその参照をテストするまで、ユーザーに通知されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">requisite</code> — モジュールは、認証を続けるために成功しなければいけません。しかし、テストがここで失敗すると、最初に失敗した <code class="command">required</code> <span class="emphasis"><em>または</em></span> <code class="command">requisite</code> モジュールのテストを反映したメッセージとともにユーザーへ直ちに通知されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sufficient</code> — モジュールの結果は失敗しても無視されます。しかし、<code class="command">sufficient</code> フラグのついたモジュールの結果が成功であり、<span class="emphasis"><em>かつ</em></span>、<code class="command">required</code> フラグのついたモジュールがこの前で失敗していなければ、他の結果は何も必要とされず、ユーザーはサービスへ認証されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">optional</code> — モジュールの結果は無視されます。<code class="command">optional</code> としてフラグのついたモジュールは、他のモジュールがインタフェースを参照されないときのみ、認証成功のために必要とされます。
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">required</code> モジュールが呼び出される順番は重要ではありません。<code class="command">sufficient</code> および <code class="command">requisite</code> 制御フラグのみが重要になる順番を与えます。
+ </div></div></div><div class="para">
+ 今、PAM のより精細な制御を可能にする新しい制御フラグの構文が利用可能です。
+ </div><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリ(<em class="replaceable"><code><version-number></code></em> はシステムの PAM バージョン番号)にある <code class="command">pam.d</code> マニュアル・ページおよび PAM ドキュメントは、この新しい構文を詳細に説明しています。
+ </div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">3.5.3.3. モジュール名</h4></div></div></div><div class="para">
+ モジュール名は、指定されたモジュール・インタフェースを含む、挿抜可能なモジュールの名前を持つ PAM を提供します。Fedora の以前のバージョンでは、モジュールへのフルパスが PAM 設定ファイルにおいて与えられていました。しかしながら、<code class="filename">/lib64/security/</code> ディレクトリに64ビット PAM モジュールを保存する、<em class="firstterm">multilib</em> システムの出現により、モジュールの正しいバージョンを指定する、<code class="filename">libpam</code> の適切なバージョンにアプリケーションがリンクされるので、ディレクトリ名は廃止されました。
+ </div></div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">3.5.3.4. モジュール引数</h4></div></div></div><div class="para">
+ PAM はいくつかのモジュールに対して認証中に抜き差し可能なモジュールに情報を受け渡すため <em class="firstterm">arguments</em> を使用します。
+ </div><div class="para">
+ たとえば、<code class="filename">pam_userdb.so</code> モジュールはユーザーを認証するために Berkeley DB ファイルに保存された情報を使用します。Berkeley DB は多くのアプリケーションに組み込まれているオープンソースのデータベースシステムです。モジュールは、Berkeley DB が要求されたサービスに対して使用するためにデータベースを知ることができるよう、<code class="filename">db</code> 引数を取ります。
+ </div><div class="para">
+ 以下は、PAM 設定における典型的な <code class="filename">pam_userdb.so</code> 行です。<em class="replaceable"><code><path-to-file></code></em> は Berkeley DB データベースファイルへのフルパスです:
+ </div><pre class="screen">auth required pam_userdb.so db=<em class="replaceable"><code><path-to-file></code></em></pre><div class="para">
+ 無効な引数は<span class="emphasis"><em>一般的に</em></span>無視されます。そうでなければ、PAM モジュールの成功または失敗に影響を与えます。しかし、いくつかのモジュールは、無効な引数において落ちるかもしれません。多くのモジュールは <code class="filename">/var/log/secure</code> ファイルにエラーを報告します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. サンプル PAM 設定ファイル</h3></div></div></div><div class="para">
+ 以下はサンプル PAM アプリケーション設定ファイルです:
+ </div><pre class="screen">#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_unix.so nullok
+auth required pam_nologin.so
+account required pam_unix.so
+password required pam_cracklib.so retry=3
+password required pam_unix.so shadow nullok use_authtok
+session required pam_unix.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 行の最初にハッシュ記号 (<code class="command">#</code>) により示された、最初の行はコメントです。
+ </div></li><li class="listitem"><div class="para">
+ 2~4行目はログイン認証用の3つのモジュールを積み重ねています。
+ </div><div class="para">
+ <code class="command">auth required pam_securetty.so</code> — このモジュールは、ユーザーが root としてログインしようとしている<span class="emphasis"><em>ならば</em></span>、ユーザーがログインしている tty が <code class="filename">/etc/securetty</code> ファイル(存在<span class="emphasis"><em>すれば</em></span>)にリストされていることを確実にします。
+ </div><div class="para">
+ tty がファイルにリストされていなければ、root としてログインするすべての試行は <code class="computeroutput">Login incorrect</code> メッセージとともに失敗します。
+ </div><div class="para">
+ <code class="command">auth required pam_unix.so nullok</code> — このモジュールは、ユーザーに対してパスワードを促し、<code class="filename">/etc/passwd</code> および、存在すれば <code class="filename">/etc/shadow</code> に保存されている情報を用いてパスワードをチェックします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 引数 <code class="command">nullok</code> は <code class="filename">pam_unix.so</code> モジュールに空のパスワードを許可するよう指示します。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_nologin.so</code> — これは最後の認証手順です。<code class="filename">/etc/nologin</code> ファイルが存在するかどうかをチェックします。もし存在して、ユーザーが root でなければ、認証は失敗します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ この例において、<code class="command">auth</code> モジュールが失敗したときでも、3つの <code class="command">auth</code> モジュールはすべてチェックされます。これにより、ユーザーが認証のどの段階において失敗したかを知ることを防ぎます。そのような知識が攻撃者の手にわたると、攻撃者がシステムをクラックする方法をより簡単に推定することができるようになります。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_unix.so</code> — このモジュールはすべての必要なアカウント検証を実行します。たとえば、shadow パスワードが有効にされていれば、<code class="filename">pam_unix.so</code> モジュールのアカウント・インタフェースは、アカウントが期限切れであるかどうか、または認められた猶予期間内にパスワードを変更していなかったかどうかを確認するためにチェックします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_cracklib.so retry=3</code> — パスワードが期限切れになっていれば、<code class="filename">pam_cracklib.so</code> モジュールのパスワード・コンポーネントは新しいパスワードのためにプロンプトを出します。パスワードが辞書ベースのパスワード・クラック・ツールにより簡単に決められるかどうかを確認するために、新しく作成されたプログラムをテストします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 引数 <code class="command">retry=3</code> は、テストが初めて失敗すると、ユーザーは強いパスワードを作成するためにあと2回チャンスを持つことを指定します。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_unix.so shadow nullok use_authtok</code> — この行は、プログラムがユーザーのパスワードを変更するならば、<code class="filename">pam_unix.so</code> モジュールの <code class="command">password</code> インタフェースを使用するよう指定します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 引数 <code class="command">shadow</code> は、ユーザーのパスワードを更新するときに shadow パスワードを作成するようモジュールに指示します。
+ </div></li><li class="listitem"><div class="para">
+ 引数 <code class="command">nullok</code> は、ユーザーが空のパスワード<span class="emphasis"><em>から</em></span>パスワードを変更できるようモジュールに指示します、さもなければ空のパスワードはアカウント・ロックとして取り扱われます。
+ </div></li><li class="listitem"><div class="para">
+ この行の最後の引数 <code class="command">use_authtok</code> は、PAM モジュールをスタックするときに、順番の重要性の良い例を提供します。この引数は、ユーザーに新しいパスワードのためのプロンプトを表示しないよう、モジュールに指示します。代わりに、以前 password モジュールにより記録されたすべてのパスワードが受け付けられます。このように、すべての新しいパスワードは受け付けられる前にセキュアなパスワードのために <code class="filename">pam_cracklib.so</code> テストを通過しなければいけません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">session required pam_unix.so</code> — 最後の行は、<code class="filename">pam_unix.so</code> モジュールのセッション・インタフェースがセッションを管理するよう指示します。このモジュールは、せそれぞれのセッションの最初と最後に、ユーザー名とサービスタイプを <code class="filename">/var/log/secure</code> に記録します。このモジュールは追加の機能のために他の session モジュールを用いてそれをスタックすることにより補完されます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. PAM モジュールの作成</h3></div></div></div><div class="para">
+ PAM 対応のアプリケーションにより使用するために、いつでも新しい PAM モジュールを作成または追加できます。
+ </div><div class="para">
+ たとえば、開発者がワンタイムパスワードの生成方式を作成し、それをサポートするために PAM モジュールを書きます。PAM 対応プログラムは直ちに新しいモジュール、および再コンパイルされる、さもなければ修正されることなく、パスワード方式を使用できます。
+ </div><div class="para">
+ これにより、開発者とシステム管理者が、認証方法を再コンパイルすることなく異なるプログラムに対してそれらを、混ぜて組み合わせるだけでなく、テストできるようにします。
+ </div><div class="para">
+ 書き込みモジュールのドキュメントは <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリに含まれます。ここで <em class="replaceable"><code><version-number></code></em> はシステムにおける PAM のバージョン番号です。
+ </div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM と管理クレディンシャルのキャッシュ</h3></div></div></div><div class="para">
+ Fedora にある多くのグラフィカル管理ツールは、<code class="filename">pam_timestamp.so</code> モジュールを使用してユーザーに5分間まで権限を上昇させます。このメカニズムがどのように機能するかを理解することは重要です。なぜなら、<code class="filename">pam_timestamp.so</code> が効果を持っている間にユーザーがターミナルから離れることにより、コンソールに物理的にアクセスできる誰かによりマシンが操作されるようになるからです。
+ </div><div class="para">
+ PAM timestamp スキーマにおいて、グラフィカル管理アプリケーションが起動されたときに、ユーザに対して root パスワードのためにプロンプトを出します。ユーザーが認証されたとき、<code class="filename">pam_timestamp.so</code> モジュールがタイムスタンプ・ファイルを作成します。デフォルトで、これは <code class="filename">/var/run/sudo/</code> ディレクトリに作成されます。もし、タイムスタンプ・ファイルがすでに存在すると、グラフィカル管理プログラムはパスワードを促しません。代わりに、<code class="filename">pam_timestamp.so</code> モジュールが、ユーザーに対して変更されない管理アクセスを追加の5分を割り当てる、タイムスタンプ・ファイルを新たにします。
+ </div><div class="para">
+ <code class="filename">/var/run/sudo/<user></code> ファイルを調査することにより、タイムスタンプ・ファイルの実際の状態を検証できます。デスクトップに対して、関連するファイルは <code class="filename">unknown:root</code> です。それが存在して、タイムスタンプが5分以内であれば、クレディンシャルは有効です。
+ </div><div class="para">
+ タイムスタンプ・ファイルの存在は、パネルの通知エリアに表れる、認証アイコンにより示されます。
+ </div><div class="figure" id="figu-Security_Guide-PAM_and_Administrative_Credential_Caching-The_Authentication_Icon"><div class="figure-contents"><div class="mediaobject"><img src="images/authicon.png" alt="認証アイコン" /><div class="longdesc"><div class="para">
+ 認証アイコンのイラスト
+ </div></div></div></div><h6>図3.7 認証アイコン</h6></div><br class="figure-break" /><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File">3.5.6.1. タイムスタンプ・ファイルの削除</h4></div></div></div><div class="para">
+ PAM タイムスタンプが有効であるとき、コンソールを去る前に、タイムスタンプ・ファイルが廃棄されることが推奨されます。グラフィカル環境からこれを実行するために、パネルにある認証アイコンをクリックします。これにより、ダイアログボックスが表示されます。有効なタイムスタンプ・ファイルを廃棄するために <span class="guibutton"><strong>Forget Authorization</strong></span> ボタンをクリックします。
+ </div><div class="figure" id="figu-Security_Guide-Removing_the_Timestamp_File-Dismiss_Authentication_Dialog"><div class="figure-contents"><div class="mediaobject"><img src="images/auth-panel.png" width="444" alt="認証ダイアログの却下" /><div class="longdesc"><div class="para">
+ 認証却下ダイアログボックスのイラスト
+ </div></div></div></div><h6>図3.8 認証ダイアログの却下</h6></div><br class="figure-break" /><div class="para">
+ PAM タイムスタンプ・ファイルに関連して以下の事項に気をつけるべきです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> を用いてリモートでシステムにログインしているならば、タイムスタンプ・ファイルを廃棄するために <code class="command">/sbin/pam_timestamp_check -k root</code> コマンドを使用します。
+ </div></li><li class="listitem"><div class="para">
+ あなたが特権アプリケーションを起動した同じターミナル・ウィンドウから、<code class="command">/sbin/pam_timestamp_check -k root</code> コマンドを実行する必要があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/pam_timestamp_check -k</code> コマンドを使用するために、元々 <code class="filename">pam_timestamp.so</code> モジュールに関連したユーザーとしてログインしなければいけません。このコマンドを使用するために root としてログインしないでください。
+ </div></li><li class="listitem"><div class="para">
+ デスクトップにおいて(アイコンにある <span class="guibutton"><strong>Forget Authorization</strong></span> アクションを使用せずに)クレディンシャルを削除したければ、以下のコマンドを使用します:
+ </div><pre class="screen">/sbin/pam_timestamp_check -k root </dev/null >/dev/null 2>/dev/null</pre><div class="para">
+ このコマンドを使用するのに失敗すると、コマンドを実行した pty からクレディンシャル(あれば)のみを削除します。
+ </div></li></ul></div><div class="para">
+ <code class="command">pam_timestamp_check</code> を使用してタイムスタンプ・ファイルを廃棄する方法に関する詳細は <code class="filename">pam_timestamp_check</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">3.5.6.2. 一般的な pam_timestamp ディレクティブ</h4></div></div></div><div class="para">
+ <code class="filename">pam_timestamp.so</code> モジュールはいくつかのディレクティブを受け付けます。以下は最も一般的に使われるオプションです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">timestamp_timeout</code> — タイムスタンプ・ファイルが有効である期間を(秒単位で)指定します。デフォルト値は300(5分)です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">timestampdir</code> — タイムスタンプ・ファイルが保存されるディレクトリを指定します。デフォルト値は <code class="command">/var/run/sudo/</code> です。
+ </div></li></ul></div><div class="para">
+ <code class="filename">pam_timestamp.so</code> モジュールの制御に関する詳細は <a class="xref" href="#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">「インストールされているファイアウォールのドキュメント」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM とデバイスの所有</h3></div></div></div><div class="para">
+ Fedora では、マシンの物理コンソールに最初にログインしたユーザーが特定のデバイスを操作でき、通常 root ユーザーのために予約されている特定のタスクを実行できます。これは、<code class="filename">pam_console.so</code> と呼ばれる PAM モジュールにより制御されます。
+ </div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">3.5.7.1. デバイスの所有</h4></div></div></div><div class="para">
+ ã¦ã¼ã¶ã¼ã Fedora ã·ã¹ãã ã«ãã°ã¤ã³ããã¨ãã<code class="filename">pam_console.so</code> ã¢ã¸ã¥ã¼ã«ã <code class="command">login</code> ã¾ãã¯ã°ã©ãã£ã«ã«ã»ãã°ã¤ã³ã»ããã°ã©ã ï¼<span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, ããã³ <span class="application"><strong>xdm</strong></span>ï¼ã«ããå¼ã³åºããã¾ãããã®ã¦ã¼ã¶ã¼ãç©çã³ã³ã½ã¼ã«ã«ãã°ã¤ã³ããæåã®ã¦ã¼ã¶ã¼ â <em class="firstterm">console user</em> ã¨ãã¦åç
§ããã¾ã â ãªãã°ãã¢ã¸ã¥ã¼ã«ã¯é常㯠root ã«ããææããããã¾ãã¾ãªããã¤ã¹ã®ææ権ãã¦ã¼ã¶ã¼ã«ä¸ãã¾ããã³ã³ã½ã¼ã«ã»ã¦ã¼ã¶ã¼ã¯ããã®ã¦ã¼ã¶ã¼ã«å¯¾ããæå¾ã®ãã¼ã«ã«ã»ã»ãã·ã§ã³ãçµäºããã¾ã§ããããã®ããã¤ã¹ãææãã¾ãããã®ã¦ã¼ã¶ã¼ããã°ã¢ã¦ãããå¾ãããã¤ã¹ã®ææ権ã
¯ root ã¦ã¼ã¶ã¼ã«æ»ããã¾ãã
+ </div><div class="para">
+ 影響を受けるデバイスは、サウンドカード、ディスクドライブ、および CD-ROM ドライブを含みますが、限定されるわけではありません。
+ </div><div class="para">
+ この機能により、ユーザーが root アクセスを得ることなくこれらのデバイスを操作できるようになります。このようにコンソール・ユーザーの一般的なタスクを単純化します。
+ </div><div class="para">
+ 以下のファイルを編集することで、<code class="filename">pam_console.so</code> により制御されるデバイスのリストを編集できます:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms.d/50-default.perms</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ 上のファイルにあるこれらのリストから他のデバイスのパーミッションを変更できます、もしくは指定されたデフォルトを上書きできます。<code class="filename">50-default.perms</code> ファイルを変更するよりはむしろ、新しいファイル(たとえば、<code class="filename"><em class="replaceable"><code>xx</code></em>-name.perms</code>)を作成して、必要な修正を入力します。新しいデフォルト・ファイルの名前は、50より大きな数字(たとえば、<code class="filename">51-default.perms</code>)で始まらなければいけません。これにより、<code class="filename">50-default.perms</code> ファイルにあるデフォルトを上書きします。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, または <span class="application"><strong>xdm</strong></span> ディスプレイ・マネージャー設定ファイルは、リモート・ユーザーがログインできるよう変更されます。<span class="emphasis"><em>また</em></span>、ホストがランレベル5で実行するよう設定され、<code class="filename">/etc/security/console.perms</code> にある <code class="command"><console></code> および <code class="command"><xconsole></code> ディレクティブを以下の値に変更することが望ましいです。
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0 ⏎ <xconsole>=:0\.[0-9] :0</pre><div class="para">
+ これにより、リモートユーザーがマシンにおけるデバイスおよび制限されたアプリケーションへのアクセス権を得ることを防ぎます。
+ </div><div class="para">
+ <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, または <span class="application"><strong>xdm</strong></span> ディスプレイ・マネージャの設定ファイルが、リモートユーザーがログインできるよう変更されていて、<span class="emphasis"><em>かつ</em></span>、ホストが5以外のあらゆるマルチユーザー・ランレベルで実行するよう設定されているならば、<code class="command"><xconsole></code> ディレクティブを完全に削除して、<code class="command"><console></code> ディレクティブを以下の値に変更するようアドバイスします:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]*</pre></div></div></div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">3.5.7.2. アプリケーションのアクセス</h4></div></div></div><div class="para">
+ コンソール・ユーザーは <code class="filename">/etc/security/console.apps/</code> ディレクトリにおいて使用するために設定された特定のプログラムへのアクセス権も持ちます。
+ </div><div class="para">
+ このディレクトリは、コンソール・ユーザーが<code class="filename">/sbin</code> および <code class="filename">/usr/sbin</code> にある特定のアプリケーションを実行できるようにする設定ファイルを含みます。
+ </div><div class="para">
+ これらの設定ファイルはセットアップするアプリケーションと同じ名前を持ちます。
+ </div><div class="para">
+ コンソール・ユーザーがアクセス権を持つアプリケーションの注目すべきグループの1つは、システムをシャットダウンまたは再起動する3つのプログラムです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/halt</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/reboot</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/poweroff</code>
+ </div></li></ul></div><div class="para">
+ これらは PAM 対応のアプリケーションのため、使用するために必要に応じて <code class="filename">pam_console.so</code> モジュールを呼び出します。
+ </div><div class="para">
+ 詳細は <a class="xref" href="#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">「インストールされているファイアウォールのドキュメント」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. 追加のリソース</h3></div></div></div><div class="para">
+ 以下のリソースは PAM を使用したり設定したりする方法を詳細に説明しています。これらのリソースに加えて、PAM 設定ファイルがどのような構造をしているかをより理解するためにシステムにあるそれらを読んでください。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">3.5.8.1. インストールされている PAM ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ PAM 関連のマニュアル・ページ — いくつかのマニュアル・ページが PAM に関連するさまざまなアプリケーションと設定ファイルに対して存在します。以下はいくつかのより重要なマニュアル・ページの一覧です。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">設定ファイル</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">pam</code> — PAM に関する素晴らしい入門情報です、PAM 設定ファイルの構造と目的を含みます。
+ </div><div class="para">
+ このマニュアル・ページは <code class="filename">/etc/pam.conf</code> および <code class="filename">/etc/pam.d/</code> ディレクトリにある個々の設定ファイルについて説明します。デフォルトで、Fedora は <code class="filename">/etc/pam.d/</code> ディレクトリにある個々の設定ファイルを使用して、<code class="filename">/etc/pam.conf</code> が存在しても無視します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_console</code> — <code class="filename">pam_console.so</code> モジュールの目的を記述します。PAM 設定ファイルの中にあるエントリーに対する適切な構文も記述します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.apps</code> — <code class="filename">/etc/security/console.apps</code> 設定ファイルで利用可能なフォーマットとオプションを記述します。これは、どのアプリケーションが PAM により割り当てられたコンソール・ユーザーによりアクセス可能です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.perms</code> — <code class="filename">/etc/security/console.perms</code> 設定ファイルで利用可能なフォーマットとオプションを記述します。これは、PAM により割り当てられるコンソール・ユーザーのパーミッションを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_timestamp</code> — <code class="filename">pam_timestamp.so</code> モジュールを表します。
+ </div></li></ul></div></dd></dl></div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em></code> — <em class="citetitle">System Administrators' Guide</em>、<em class="citetitle">Module Writers' Manual</em> および <em class="citetitle">Application Developers' Manual</em> だけでなく、PAM 標準 DCE-RFC 86.0 のコピーを含みます。ここで <em class="replaceable"><code><version-number></code></em> は PAM のバージョンです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/txts/README.pam_timestamp</code> — <code class="filename">pam_timestamp.so</code> PAM モジュールに関する情報を含みます。ここで <em class="replaceable"><code><version-number></code></em> は PAM のバージョン番号です。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">3.5.8.2. 有用な PAM ウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — Linux-PAM プロジェクトの一次的なディストリビューションのウェブサイト、さまざまな PAM モジュール、FAQ、さらなる PAM ドキュメントに関する情報を含みます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 上のウェブサイトにあるドキュメントは、PAM の最新リリースの上流バージョンに対するもので、Fedora に含まれるバージョンの PAM に対して 100% 正確ではないかもしれません。
+ </div></div></div></li></ul></div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers と xinetd</h2></div></div></div><div class="para">
+ ãããã¯ã¼ã¯ã»ãµã¼ãã¹ã¸ã®ã¢ã¯ã»ã¹ãå¶å¾¡ãããã¨ã¯ããµã¼ã管çè
ãç´é¢ããæãéè¦ãªã»ãã¥ãªãã£ã®ä»äºã®ã²ã¨ã¤ã§ããFedora ã¯ãã®ããã«ããã¤ãã®ãã¼ã«ãæä¾ãã¾ãããã¨ãã°ã<code class="command">iptables</code> ãã¼ã¹ã®ãã¡ã¤ã«ã¦ã©ã¼ã«ã»ãã£ã«ã¿ã¯ãã«ã¼ãã«ã®ãããã¯ã¼ã¯ã»ã¹ã¿ãã¯ã®ä¸ã§æè¿ãããªããããã¯ã¼ã¯ã»ãã±ãããé¤å»ãã¾ãããããå©ç¨ãããããã¯ã¼ã¯ã»ãµã¼ãã¹ã«å¯¾ãã¦ã<em class="firstterm">TCP Wrappers</em> ã¯ã©ã®ãã¹ãã "<span class="emphasis"><em>ã©ããããã</em></span>" ãããã¯ã¼ã¯ã»ãµã¼ãã¹ã¸ã®æ¥ç¶ã許å¯ãããã¯æå¦ãããããå®ç¾©ãããã¨ã«ããããããªãä¿è·å±¤ã追å ãã¾ãããã®ãããªã©ããããããããã¯ã¼ã¯ã»ãµã¼ãã¹ã®ï¼ã¤ã¯ã<code class="systemitem">xinetd</code> <span class="emphasis"><em>ã¹ã¼ã
ã¼ãµã¼ãã¼</em></span> ã§ããããã¯ãããã¯ã¼ã¯ã»ãµã¼ãã¹ã®ãµãã»ããã¸ã®æ¥ç¶ãå¶å¾¡ããã¢ã¯ã»ã¹å¶å¾¡ãããã«ç²¾é¬ããã®ã§ããã®ãµã¼ãã¹ã¯ã¹ã¼ãã¼ãµã¼ãã¨å¼ã°ãã¾ãã
+ </div><div class="para">
+ <a class="xref" href="#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services">図3.9「ネットワーク・サービスへのアクセス制御」</a>は、これらのツールがネットワーク・サービスを保護するためにどのように動作するかに関する基本的な説明です。
+ </div><div class="figure" id="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"><div class="figure-contents"><div class="mediaobject"><img src="images/tcp_wrap_diagram.png" alt="ネットワーク・サービスへのアクセス制御" /><div class="longdesc"><div class="para">
+ 図 A: ネットワーク・サービスへのアクセス制御のフローチャート
+ </div></div></div></div><h6>図3.9 ネットワーク・サービスへのアクセス制御</h6></div><br class="figure-break" /><div class="para">
+ この章はネットワーク・サービスへのアクセスを制御することにおける TCP Wrappers および <code class="systemitem">xinetd</code> の役割に焦点を当てます。そして、これらのツールがログ取得と利用管理を向上するためにどのように使われるかを概説します。
+ </div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</h3></div></div></div><div class="para">
+ TCP Wrappers パッケージ (<code class="filename">tcp_wrappers</code>) はデフォルトでインストールされ、ネットワーク・サービスに対するホスト・ベースのアクセス制御を提供します。パッケージの中にある最も重要なコンポーネントは <code class="filename">/usr/lib/libwrap.a</code> ライブラリです。一般的な用語で、TCP ラップされたサービスとは <code class="filename">libwrap.a</code> ライブラリに備えてコンパイルされたものです。
+ </div><div class="para">
+ TCP ラップされたサービスに接続を試行するとき、クライアントが接続を許可されるかどうかを決めるために、サービスはまずホストの access ファイル (<code class="filename">/etc/hosts.allow</code> および <code class="filename">/etc/hosts.deny</code>) を参照します。多くの場合、リクエストしているクライアントとリクエストされたサービスの名前を、<code class="filename">/var/log/secure</code> または <code class="filename">/var/log/messages</code> に書き込むために、syslog デーモンを使用します。
+ </div><div class="para">
+ クライアントが接続を許可されると、TCP Wrappers がコネクションの制御をリクエストされたサービスに開放し、クライアントとサーバ間のコミュニケーションにおいてそれ以上は取り入れません。
+ </div><div class="para">
+ アクセス制御とロギングに加えて、リクエストされたネットワーク・サービスへのコネクションの拒否や開放をする前に、TCP Wrappers はクライアントとやりとりするためにコマンドを実行できます。
+ </div><div class="para">
+ TCP Wrappers はすべてのサーバ管理者のセキュリティ・ツールの備蓄庫へと重要な追加をするので、Fedora に含まれる多くのネットワーク・サービスは <code class="filename">libwrap.a</code> ライブラリへリンクされます。そのようなアプリケーションのいくつかは <code class="systemitem">/usr/sbin/sshd</code>, <code class="command">/usr/sbin/sendmail</code>, および <code class="systemitem">/usr/sbin/xinetd</code> を含みます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ネットワーク・サービスのバイナリが <code class="filename">libwrap.a</code> とリンクしているかを確認するために、root ユーザーとして以下のコマンドを入力します:
+ </div><pre class="screen">ldd <binary-name> | grep libwrap</pre><div class="para">
+ <em class="replaceable"><code><binary-name></code></em> をネットワーク・サービスのバイナリの名前で置き換えます。
+ </div><div class="para">
+ コマンドが何も出力せずにプロンプトが戻ってくると、ネットワーク・サービスは <code class="filename">libwrap.a</code> へとリンクされて<span class="emphasis"><em>いません</em></span>。
+ </div><div class="para">
+ 以下の例は <code class="systemitem">/usr/sbin/sshd</code> が <code class="filename">libwrap.a</code> とリンクしていることを意味します:
+ </div><pre class="screen">[root at myServer ~]# ldd /usr/sbin/sshd | grep libwrap
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
+[root at myServer ~]#</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">3.6.1.1. TCP Wrappers の利点</h4></div></div></div><div class="para">
+ TCP Wrappers は他のネットワーク・サービス制御のテクニックに比べて以下の利点を提供します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>クライアントとラップされたネットワーク・サービス双方への透過性</em></span> — 接続しているクライアントとラップされたネットワーク・サービス双方が TCP Wrappers が使用されていることに気がつきません。正当なユーザーは記録され、要求したサービスに接続される一方、禁止されたクライアントからの接続は失敗します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>複数プロトコルの一元管理</em></span> — TCP Wrappers は、多くのサーバ・アプリケーションがアクセス制御設定ファイルの一般的なセットを共有でき、よりシンプルな管理をできるようにするため、保護するネットワーク・サービスと独立して動作します。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers の設定ファイル</h3></div></div></div><div class="para">
+ クライアントがサービスへ接続を許可するかを決めるために、TCP Wrappers は、一般的に <em class="firstterm">hosts access</em> ファイルとして参照される、以下の2つのファイルを参照します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.allow</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.deny</code>
+ </div></li></ul></div><div class="para">
+ TCP ラップされたサービスがクライアントのリクエストを受け取ったとき、以下の手順が実行されます:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em><code class="filename">/etc/hosts.allow</code>を参照します。</em></span> — TCP ラップされたサービスは順番に <code class="filename">/etc/hosts.allow</code> ファイルを解析し、そのサービスのために指定された最初のルールを適用します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><code class="filename">/etc/hosts.deny</code> を参照します。</em></span> — TCP ラップされたサービスは <code class="filename">/etc/hosts.deny</code> ファイルを順番に解析します。マッチするルールを見つけると、接続を拒否します。見つからなければ、サービスへのアクセスが許可されます。
+ </div></li></ol></div><div class="para">
+ ネットワーク・サービスを保護するために TCP Wrappers を使用するとき、考慮する重要なポイントは以下のとおりです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">hosts.allow</code> にあるアクセス・ルールが最初に適用されるので、<code class="filename">hosts.deny</code> で指定されたルールに優先されます。そのため、サービスへのアクセスが <code class="filename">hosts.allow</code> で許可されると、同じサービスに対する <code class="filename">hosts.deny</code> にあるアクセス拒否ルールは無視されます。
+ </div></li><li class="listitem"><div class="para">
+ 各ファイルにあるルールは上から下へ読み込まれ、与えられたサービスに最初にマッチするルールが1つだけ適用されます。ルールの順番は極めて重要です。
+ </div></li><li class="listitem"><div class="para">
+ サービスに対するルールがどちらのファイルにも見つからなければ、もしくはファイルが存在しなければ、サービスへのアクセスは許可されます。
+ </div></li><li class="listitem"><div class="para">
+ TCP ラップされたサービスは、hosts access ファイルをキャッシュしません。そのため、<code class="filename">hosts.allow</code> や <code class="filename">hosts.deny</code> の変更はすべて、ネットワーク・サービスを再起動しなくても、直ちに効果を持ちます。
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ hosts アクセス・ファイルの最後の行が改行文字(<span class="keycap"><strong>Enter</strong></span> キーを押すことにより作成されます)でなければ、ファイルにある最後のルールは失敗して、エラーが <code class="filename">/var/log/messages</code> または <code class="filename">/var/log/secure</code> のどちらかに記録されます。バックスラッシュ文字を用いることなく複数行にわたるルールに対しても同様です。以下の例は、これらの状況どちらかによる、ルールの失敗に対するログメッセージの関連する部分を説明します:
+ </div><pre class="screen">warning: /etc/hosts.allow, line 20: missing newline or line too long</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules">3.6.2.1. アクセス・ルールのフォーマット</h4></div></div></div><div class="para">
+ <code class="filename">/etc/hosts.allow</code> と <code class="filename">/etc/hosts.deny</code> のフォーマットは同じです。 空行とハッシュ (#) で始まる行は無視されます。
+ </div><div class="para">
+ 各ルールはネットワーク・サービスへのアクセスを制御するために以下の基本的なフォーマットを使用します:
+ </div><pre class="screen"><em class="replaceable"><code><daemon list></code></em>: <em class="replaceable"><code><client list></code></em> [: <em class="replaceable"><code><option></code></em>: <em class="replaceable"><code><option></code></em>: ...]</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="replaceable"><code><daemon list></code></em> — カンマ区切りのプロセス名(サービス名では<span class="emphasis"><em>ありません</em></span>) の一覧、もしくは <code class="option">ALL</code> ワイルドカード。デーモンの一覧はより柔軟性を許すためにオペレータ(<a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Operators">「演算子」</a>参照)も受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><client list></code></em> — ルールにより影響するホストのホスト名、ホスト IP アドレス、特別なパターン、またはワイルドカードのカンマ区切りのリスト。クライアント・リストはより柔軟性を持たせるために、<a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Operators">「演算子」</a> にリストされた演算子も受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><option></code></em> — ルールが起動されたときに実行されるオプションのアクションまたはアクションのコロン区切りのリスト。オプション・フィールドは、拡張、シェルの起動、アクセスの許可または拒否、および他のロギング動作をサポートします。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 上の専門用語の詳細は、このガイドの他のところで見つけられます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Wildcards">「ワイルドカード」</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Formatting_Access_Rules-Patterns">「パターン」</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Option_Fields-Expansions">「拡張」</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">「オプション・フィールド」</a>
+ </div></li></ul></div></div></div><div class="para">
+ 以下はサンプルの hosts アクセス・ルールです:
+ </div><pre class="screen">vsftpd : .example.com</pre><div class="para">
+ このルールは、TCP Wrappers が <code class="systemitem">example.com</code> ドメインにあるすべてのホストからの FTP デーモン (<code class="systemitem">vsftpd</code>) へのコネクションを待つよう指示します。このルールが <code class="filename">hosts.allow</code> に表れると、コネクションは受け付けられます。このルールが <code class="filename">hosts.deny</code> にある表れると、コネクションは拒否されます。
+ </div><div class="para">
+ 次のサンプル hosts access ルールは、より複雑で、2つのオプション・フィールドを使用します:
+ </div><pre class="screen">sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny</pre><div class="para">
+ 各オプション・フィールドはバックスラッシュ (\) が先につけられることに注意してください。バックスラッシュを使用すると、長さのためルールが失敗することを防ぎます。
+ </div><div class="para">
+ このサンプル・ルールは次のことをしています。SSH デーモン (<code class="systemitem">sshd</code>) への接続が <code class="systemitem">example.com</code> ドメインにあるホストから試みられると、特別なログファイルに試行を追加するために <code class="command">echo</code> コマンドを実行して、コネクションが拒否されます。オプションの <code class="command">deny</code> ディレクティブが使われているので、この行は <code class="filename">hosts.allow</code> ファイルに表れたとしてもアクセスが拒否されます。利用可能なオプションの詳細は <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">「オプション・フィールド」</a> を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards">3.6.2.1.1. ワイルドカード</h5></div></div></div><div class="para">
+ ワイルドカードは TCP Wrappers がより簡単にデーモンやホストのグループとマッチできるようにします。それらはアクセス・ルールのクライアント・リスト・フィールドにおいてより頻繁に使われます。
+ </div><div class="para">
+ 以下のワイルドカードが利用可能です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ALL</code> — すべてにマッチします。デーモン・リストとクライアント・リストに対して使えます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">LOCAL</code> — localhost のようなピリオド (.) を含まないすべてのホストにマッチします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">KNOWN</code> — ホスト名またはホスト・アドレスが既知であるかユーザーが既知である、すべてのホストにマッチします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">UNKNOWN</code> — ホスト名またはホスト・アドレスが未知であるかユーザーが未知である、すべてのホストにマッチします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PARANOID</code> — ホスト名とホスト・アドレスが一致しない、すべてのホストにマッチします。
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="option">KNOWN</code>, <code class="option">UNKNOWN</code>, および <code class="option">PARANOID</code> ワイルドカードは正しい動作が DNS サーバの機能に依存するので、注意して使用するべきです。名前解決の破壊により、正当なユーザーがサービスにアクセスを得るのを妨害するかもしれません。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Patterns"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Patterns">3.6.2.1.2. パターン</h5></div></div></div><div class="para">
+ パターンは、クライアント・ホストのグループをより正確に指定するために、クライアント・フィールドにおいて使用されます。
+ </div><div class="para">
+ 以下は、クライアント・フィールドにおけるエントリーの一般的なパターンのリストです。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>ピリオド (.) で始まるホスト名</em></span> — ホスト名の始めにピリオドを置くことにより、リストされたコンポーネント名を共有するすべてのホストにマッチします。以下の例は<code class="systemitem">example.com</code> ドメインにあるすべてのホストに適用されます。:
+ </div><pre class="screen">ALL : .example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>ピリオド (.) で終わる IP アドレス</em></span> — IP アドレスの最後にピリオドを置くことにより、IP アドレスの最初の数値グループを共有するすべてのホストにマッチします。以下の例は <code class="systemitem">192.168.x.x</code> ネットワークにあるすべてのホストに適用されます:
+ </div><pre class="screen">ALL : 192.168.</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>IP アドレス/ネットマスクのペア</em></span> — ネットマスク表現は、IP アドレスの特定のグループへのアクセスを制御するためのパターンとしても使われます。<code class="systemitem">192.168.0.0</code> から <code class="systemitem">192.168.1.255</code> までのアドレス範囲を持つすべてのホストに適用されます:
+ </div><pre class="screen">ALL : 192.168.0.0/255.255.254.0</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ IPv4 アドレス空間で動作しているとき、アドレス/プレフィックス長 (<em class="firstterm">prefixlen</em>) ペアの宣言 (<abbr class="abbrev">CIDR</abbr> 表記) はサポートされません。IPv6 ルールのみがこの形式を利用できます。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>[IPv6 アドレス]/プレフィックス長ペア</em></span> — [ネット]/プレフィックス長は IPv6 アドレスの特定のグループに対するアクセスを制御するためにパターンとして使われます。以下の例は、<code class="systemitem">3ffe:505:2:1::</code> から <code class="systemitem">3ffe:505:2:1:ffff:ffff:ffff:ffff</code> までのアドレス範囲を持つすべてのホストに適用されます:
+ </div><pre class="screen">ALL : [3ffe:505:2:1::]/64</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>アスタリスク (*)</em></span> — アスタリスクは、他の形式のパターンを含むクライアント・リストと混在されない限り、ホスト名または IP アドレスのグループ全体にマッチするために使用されます。以下の例は <code class="systemitem">example.com</code> ドメインの中にあるホストすべてに:
+ </div><pre class="screen">ALL : *.example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>スラッシュ (/)</em></span> — クライアント・リストがスラッシュで始まっていると、ファイル名として取り扱われます。多数のホストを指定するルールが必要ならば、これは有用です。以下の例は TCP Wrappers がすべての Telnet コネクションに対して <code class="filename">/etc/telnet.hosts</code> ファイルを参照します:
+ </div><pre class="screen">in.telnetd : /etc/telnet.hosts</pre></li></ul></div><div class="para">
+ 他にも、あまり使われないパターンも TCP Wrappers により受け付けられます。詳細は <code class="filename">hosts_access</code> マニュアル 5 ページを参照してください。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ ホスト名とドメイン名を使用するときは非常に注意してください。攻撃者は、正確な名前解決を避けるためにさまざまな技を使用できます。さらに、DNS サービスへの妨害により認可されたユーザーがネットワーク・サービスを使用することを妨害します。そのため、可能なときは必ず IP アドレスを使用するのが一番です。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers">3.6.2.1.3. Portmap と TCP Wrappers</h5></div></div></div><div class="para">
+ <code class="command">Portmap</code> の TCP Wrappers の実装は、ホスト名検索をサポートしません。このことは、<code class="command">portmap</code> がホストを識別するためにホスト名を使えないことを意味します。結果として、<code class="filename">hosts.allow</code> や <code class="filename">hosts.deny</code> における portmap に対するアクセス制御ルールは、ホストを指定するために、IP アドレスを使用するか、キーワード <code class="option">ALL</code> を使用しなければいけません。
+ </div><div class="para">
+ <code class="command">portmap</code> アクセス制御ルールへの変更はすぐに反映されないかもしれません。<code class="command">portmap</code> サービスを再起動する必要があるかもしれません。
+ </div><div class="para">
+ NIS や NFS のような広く使われるサービスは、動作するために <code class="command">portmap</code> に依存します。そのため、これらの制限を意識してください。
+ </div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Operators"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Operators">3.6.2.1.4. 演算子</h5></div></div></div><div class="para">
+ 現在、アクセス制御ルールは1つの演算子 <code class="option">EXCEPT</code> を受け付けます。ルールのデーモン・リストとクライアント・リストどちらも使用できます。
+ </div><div class="para">
+ <code class="option">EXCEPT</code> 演算子は、同じルールの中でより広くマッチさせるために、特定の例外を許可します。
+ </div><div class="para">
+ <code class="filename">hosts.allow</code> ファイルからの以下の例は、すべての <code class="systemitem">example.com</code> ホストは、<code class="systemitem">cracker.example.com</code> は除き、すべてのサービスに接続を許可されます:
+ </div><pre class="screen">ALL: .example.com EXCEPT cracker.example.com</pre><div class="para">
+ <code class="filename">hosts.allow</code> ファイルの他の例では、<code class="systemitem">192.168.0.<em class="replaceable"><code>x</code></em></code> ネットワークのクライアントは FTP を除くすべてのサービスを使用できます。
+ </div><pre class="screen">ALL EXCEPT vsftpd: 192.168.0.</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 組織的に、<code class="option">EXCEPT</code> 演算子を使用することを避けることは、しばしばより簡単です。これにより、どのホストがサービスにアクセスを許可または拒否をされるかを見るために、<code class="option">EXCEPT</code> 演算子をより分けることなく、他の管理者が適切なファイルを素早く検索できるようになります。
+ </div></div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">3.6.2.2. オプション・フィールド</h4></div></div></div><div class="para">
+ アクセスを許可または拒否する基本的なルールに加えて、TCP Wrappers の Fedora 実装は、<em class="firstterm">オプション・フィールド</em>を通してアクセス制御言語への拡張をサポートします。hosts アクセス・ルールにおけるオプション・フィールドを使用することにより、ログ動作の変更、アクセス制御の統合、シェル・コマンドの実行などのさまざまな作業を管理者は達成することができます。
+ </div><div class="section" id="sect-Security_Guide-Option_Fields-Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">3.6.2.2.1. ログ取得</h5></div></div></div><div class="para">
+ オプション・フィールドは、<code class="option">severity</code> ディレクティブを使用することにより、管理者がルールに対するログ・ファシリティおよびプライオリティ・レベルをより簡単に変更できるようにします。
+ </div><div class="para">
+ 以下の例では、<code class="systemitem">example.com</code> ドメインにあるすべてのホストから SSH デーモンへの接続は、デフォルトの <code class="option">authpriv</code> <code class="option">syslog</code> ファシリティ(ファシリティ値が指定されていないため)にプライオリティ <code class="option">emerg</code> で記録されます:
+ </div><pre class="screen">sshd : .example.com : severity emerg</pre><div class="para">
+ <code class="option">severity</code> オプションを使用してファシリティを指定することも可能です。以下の例は、<code class="systemitem">example.com</code> ドメインのホストによるすべての SSH コネクション試行が <code class="option">local0</code> ファシリティに <code class="option">alert</code> プライオリティで記録されます:
+ </div><pre class="screen">sshd : .example.com : severity local0.alert</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 実際には、syslog デーモン (<code class="systemitem">syslogd</code>) が <code class="command">local0</code> ファシリティを記録するよう設定されるまで、この例はうまく働きません。カスタムログ・ファシリティの設定に関する詳細は <code class="filename">syslog.conf</code> マニュアル・ページを参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Option_Fields-Access_Control"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">3.6.2.2.2. アクセス制御</h5></div></div></div><div class="para">
+ オプション・フィールドは管理者が、最後のオプションとして <code class="option">allow</code> または <code class="option">deny</code> ディレクティブを追加することにより、1つのルールにおいてホストの許可または拒否を明示的にできるようにすることができます。
+ </div><div class="para">
+ たとえば、以下の2つのルールは、<code class="systemitem">client-1.example.com</code> からの SSH 接続を許可しますが、<code class="systemitem">client-2.example.com</code> からの接続は拒否します:
+ </div><pre class="screen">sshd : client-1.example.com : allow
+sshd : client-2.example.com : deny</pre><div class="para">
+ ルールごとを基本としたアクセス制御を許可することにより、オプション・フィールドは、管理者が1つのファイルの中ですべてのアクセス・ルールを統合できるようにします: <code class="filename">hosts.allow</code> または <code class="filename">hosts.deny</code>。何人かの管理者はこれがアクセス・ルールを編成する最も簡単な方法と考えます。
+ </div></div><div class="section" id="sect-Security_Guide-Option_Fields-Shell_Commands"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">3.6.2.2.3. シェル・コマンド</h5></div></div></div><div class="para">
+ オプション・フィールドはアクセス・ルールが以下の2つのディレクティブによりシェル・コマンドを起動できるようにします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">spawn</code> — 子プロセスとしてシェルコマンドを起動します。リクエストしているクライアントのより詳しい情報を得るために <code class="command">/usr/sbin/safe_finger</code> を使用するようなタスクを実行できます、もしくは<code class="command">echo</code> コマンドを用いて特別なログファイルを作成できます。
+ </div><div class="para">
+ 以下の例では、<code class="systemitem">example.com</code> ドメインからの Telnet サービスにアクセスしようとしているクライアントは特別なファイルにひそかに記録されます:
+ </div><pre class="screen">in.telnetd : .example.com \
+ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
+ : allow</pre></li><li class="listitem"><div class="para">
+ <code class="command">twist</code> — 要求されたサービスを特別なコマンドで置き換えます。このディレクティブはしばしば、侵入者に対するトラップ(「ハニーポット」とも呼ばれます)をセットアップするために使用されます。接続しているクライアントにメッセージを送るためにも使えます。<code class="command">twist</code>ディレクティブはルール行の最後に表れなければいけません。
+ </div><div class="para">
+ 以下の例では、<code class="systemitem">example.com</code> ドメインからの FTP サービスへのアクセスを試みているクライアントは、<code class="command">echo</code> コマンドを用いてメッセージを送られます:
+ </div><pre class="screen">vsftpd : .example.com \
+ : twist /bin/echo "421 This domain has been black-listed. Access denied!"</pre></li></ul></div><div class="para">
+ シェル・コマンド・オプションの詳細は <code class="filename">hosts_options</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Option_Fields-Expansions"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">3.6.2.2.4. 拡張</h5></div></div></div><div class="para">
+ 拡張は、<code class="command">spawn</code> および <code class="command">twist</code> ディレクティブとともに使用されるとき、クライアント、サーバ、および関連するプロセスに関する情報を提供します。
+ </div><div class="para">
+ 以下はサポートされる拡張のリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">%a</code> — クライアントの IP アドレスを返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%A</code> — サーバの IP アドレスを返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%c</code> — ユーザ名ーとホスト名、またはユーザー名と IP アドレスのようなクライアントのさまざまな情報を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%d</code> — デーモン・プロセス名を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%h</code> — クライアントのホスト名 (または、ホスト名が利用できなければ IP アドレス) を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%H</code> — サーバーのホスト名 (または、ホスト名が利用できなければ IP アドレス) を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%n</code> — クライアントのホスト名を返します。もし利用できなければ、<code class="computeroutput">unknown</code> が表示されます。クライアントのホスト名とホストのアドレスが一致しなければ、<code class="computeroutput">paranoid</code> が表示されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%N</code> — サーバーのホスト名を返します。もし利用できなければ、<code class="computeroutput">unknown</code> が表示されます。サーバーのホスト名とホストのアドレスが一致しなければ、<code class="computeroutput">paranoid</code> が表示されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%p</code> — デーモンのプロセス ID を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%s</code> — デーモン・プロセスおよびサーバーのホストまたは IP アドレスのような、さまざまな種類のサーバーの情報を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%u</code> — クライアントのユーザー名を返します。もし利用できなければ、<code class="computeroutput">unknown</code> が表示されます。
+ </div></li></ul></div><div class="para">
+ 以下のサンプル・ルールはカスタマイズされたログファイルにおいてクライアント・ホストを識別するために <code class="command">spawn</code> コマンドとともに拡張を使用します。
+ </div><div class="para">
+ SSH デーモン (<code class="systemitem">sshd</code>) へのコネクションが <code class="systemitem">example.com</code> ドメインにあるホストから試行されるとき、特別なファイルに(<code class="option">%h</code> 表現を使用することにより)クライアントのホスト名を含めて、試行を記録するために <code class="command">echo</code> コマンドを実行します。
+ </div><pre class="screen">sshd : .example.com \
+ : spawn /bin/echo `/bin/date` access denied to %h>>/var/log/sshd.log \
+ : deny</pre><div class="para">
+ 同様に、拡張はクライアントに返すメッセージをカスタマイズするために使用できます。以下の例では、<code class="systemitem">example.com</code> ドメインから FTP サービスにアクセスを試行しているクライアントは、サーバから禁止されていることを通知されます。
+ </div><pre class="screen">vsftpd : .example.com \
+: twist /bin/echo "421 %h has been banned from this server!"</pre><div class="para">
+ 利用可能な拡張の完全な説明、および追加のアクセス制御オプションは、<code class="filename">hosts_access</code> のマニュアル・ページのセクション5 (<code class="command">man 5 hosts_access</code>) および <code class="filename">hosts_options</code> のマニュアル・ページを参照してください。
+ </div><div class="para">
+ TCP Wrappers に関する詳細は <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">「追加のリソース」</a> を参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</h3></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは、FTP, IMAP, および Telnet を含む一般的なネットワーク・サービスのサブセットへのアクセスを制御する、TCP ラップされた<em class="firstterm">スーパー・サービス</em>です。アクセス制御、高度なロギング、バインド、リダイレクト、およびリソース使用量制御に対するサービス固有の設定オプションも提供します。
+ </div><div class="para">
+ クライアントが <code class="systemitem">xinetd</code> により制御されているネットワーク・サービスに接続しようとしているとき、スーパー・サービスがリクエストを受け取り、すべての TCP Wrappers アクセス制御ルールをチェックします。
+ </div><div class="para">
+ アクセスが許可されると、<code class="systemitem">xinetd</code> はコネクションがそのサービスに対するそれ自身のアクセス・ルール下で許可されます。サービスがより多くのリソースを割り当てられ、すべての定義されたルールに違反していないこともチェックします。
+ </div><div class="para">
+ これらの条件すべてが満たされた(つまり、サービスへのアクセスが許可され、サービスがそのリソース制限に届かず、そして、サービスが定義されたルールすべてに違反していない)ならば、<code class="systemitem">xinetd</code> はリクエストされたインスタンスを開始して、それへのコネクションの制御を認めます。コネクションが確立された後、<code class="systemitem">xinetd</code> は、クライアントとサーバ間のコミュニケーションにそれ以上参加しません。
+ </div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd 設定ファイル</h3></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> の設定ファイルは以下のとおりです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> — 全体の <code class="systemitem">xinetd</code> 設定ファイル。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> — サービス固有のすべてのファイルを含むディレクトリ。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File">3.6.4.1. /etc/xinetd.conf ファイル</h4></div></div></div><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> ファイルは <code class="systemitem">xinetd</code> の制御下ですべてのサービスに影響する一般的な設定を含みます。<code class="systemitem">xinetd</code> サービスが最初に起動するときに読み込まれます。そのため、設定の変更を反映するためには、<code class="systemitem">xinetd</code> サービスを再起動する必要があります。以下は <code class="filename">/etc/xinetd.conf</code> ファイルのサンプルです:
+ </div><pre class="screen">defaults
+{
+ instances = 60
+ log_type = SYSLOG authpriv
+ log_on_success = HOST PID
+ log_on_failure = HOST
+ cps = 25 30
+}
+includedir /etc/xinetd.d</pre><div class="para">
+ これらの行は <code class="systemitem">xinetd</code> の以下の観点を制御します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">instances</code> — <code class="systemitem">xinetd</code> が処理できる同時リクエストの最大数を指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_type</code> — <code class="systemitem">xinetd</code> が <code class="command">authpriv</code> ログ・ファシリティを使用するよう設定します。それはログ・エントリーを <code class="filename">/var/log/secure</code> ファイルに書き込みます。<code class="option">FILE /var/log/xinetdlog</code> のようなディレクティブを追加することにより、<code class="filename">/var/log/</code> ディレクトリにある <code class="filename">xinetdlog</code>というカスタムログファイルを作成します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_success</code> — 成功したコネクション試行を記録するよう <code class="systemitem">xinetd</code> を編集します。デフォルトで、リクエストを処理するサーバのリモートホストの IP アドレスおよびプロセス ID が記録されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — コネクションが拒否されると、失敗したコネクション試行を記録するために <code class="systemitem">xinetd</code> を設定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — あらゆる与えられたサービスに1秒あたり25コネクションだけを許可するように <code class="systemitem">xinetd</code> を設定します。サービスが 30 秒間待たされます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">includedir</code> <code class="filename">/etc/xinetd.d/</code> — <code class="filename">/etc/xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルで宣言されたオプションを取り込みます。詳細は <a class="xref" href="#sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">「/etc/xinetd.d/ ディレクトリ」</a> を参照してください。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ しばしば、<code class="filename">/etc/xinetd.conf</code> にある <code class="option">log_on_success</code> および <code class="option">log_on_failure</code> の設定は、サービス固有の設定ファイルにおいてさらに修正されます。そのため、詳細は、<code class="filename">/etc/xinetd.conf</code> ファイルが示すところより、与えられたサービスのログファイルに表れるかもしれません。詳細は <a class="xref" href="#sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">「ログ取得オプション」</a> を参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">3.6.4.2. /etc/xinetd.d/ ディレクトリ</h4></div></div></div><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> ディレクトリは <code class="systemitem">xinetd</code> により管理される各サービスに対する設定ファイルを含み、ファイルの名前はサービスと一致します。<code class="filename">xinetd.conf</code> にあるように、このディレクトリは <code class="systemitem">xinetd</code> サービスが起動するときのみ読み込まれます。あらゆる変更は効果を持たせるために、管理者が <code class="systemitem">xinetd</code> サービスを再起動しなければいけません。
+ </div><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> ディレクトリにあるファイルのフォーマットは、<code class="filename">/etc/xinetd.conf</code> と同じ規約を使用します。各サービスに対する設定が別々のファイルに保存される一番の理由は、より簡単にカスタマイズでき、他のサービスに影響を与えないようにするためです。
+ </div><div class="para">
+ これらのファイルがどのような構造であるかを理解するために、<code class="filename">/etc/xinetd.d/krb5-telnet</code> ファイルを検討します:
+ </div><pre class="screen">service telnet
+{
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ disable = yes
+}</pre><div class="para">
+ これらの行は <code class="command">telnet</code> サービスをさまざまな観点で制御します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">service</code> — サービス名を指定します、通常 <code class="filename">/etc/services</code> ファイルにおいてリストされるものの1つです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">flags</code> — コネクションに対するいくつかの属性のどれかをセットします。<code class="option">REUSE</code> は Telnet 接続に対するソケットを再利用するよう <code class="systemitem">xinetd</code> に指示します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="option">REUSE</code> フラグは廃止されました。現在、すべてのサービスは暗黙的に <code class="option">REUSE</code> フラグを使用します。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">socket_type</code> — ネットワーク・ソケットの種類を <code class="option">stream</code> にセットします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">wait</code> — サービスがシングル・スレッド (<code class="option">yes</code>) またはマルチ・スレッド (<code class="option">no</code>) のどちらであるかを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">user</code> — プロセスが実行されるユーザー ID を指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">server</code> — 起動するためにバイナリ実行可能なものを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — <code class="filename">xinetd.conf</code> においてすでに定義されているものに加えて、<code class="option">log_on_failure</code> に対するログのパラメータを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">disable</code> — サービスが無効化 (<code class="option">yes</code>) または有効化 (<code class="option">no</code>) されるかを指定します。
+ </div></li></ul></div><div class="para">
+ これらのオプションとその使用法に関する詳細は <code class="filename">xinetd.conf</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">3.6.4.3. xinetd 設定ファイルの変更</h4></div></div></div><div class="para">
+ ディレクティブの範囲は <code class="systemitem">xinetd</code> により保護されたサービスに対して利用可能です。このセクションは、より一般的に使用されるオプションのいくつかにハイライトします。
+ </div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">3.6.4.3.1. ログ取得オプション</h5></div></div></div><div class="para">
+ 以下のロギング・オプションは <code class="filename">/etc/xinetd.conf</code> および <code class="filename">/etc/xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルに対して利用可能です。
+ </div><div class="para">
+ 以下は、より一般的に使われるロギング・オプションのいくつかのリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ATTEMPT</code> — 失敗した試行がなされたという事実を記録します (<code class="option">log_on_failure</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DURATION</code> — サービスがリモート・システムにより使用された時間の長さを記録します (<code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">EXIT</code> — 終了ステータスまたはサービスの終了シグナルを記録します (<code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">HOST</code> — リモート・ホストの IP アドレスを記録します (<code class="option">log_on_failure</code> および <code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PID</code> — リクエストを受け取ったサーバのプロセス ID を記録します (<code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">USERID</code> — すべてのマルチ・スレッド stream サービスに対して RFC 1413 で定義された方式を使用してリモート・ユーザーを記録します (<code class="option">log_on_failure</code> および <code class="option">log_on_success</code>)。
+ </div></li></ul></div><div class="para">
+ ロギング・オプションの完全なリストは <code class="filename">xinetd.conf</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">3.6.4.3.2. アクセス制御オプション</h5></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> サービスのユーザーは、TCP Wrappers の hosts アクセスルールを使うことを選択する、<code class="systemitem">xinetd</code> 設定ファイル経由のアクセス制御を提供する、もしくは両方の混在をすることができます。TCP Wrappers hosts アクセス制御ファイルの詳細は <a class="xref" href="#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">「TCP Wrappers の設定ファイル」</a> を参照してください。
+ </div><div class="para">
+ このセクションはサービスへのアクセスを制御するために <code class="systemitem">xinetd</code> を使用することについて議論します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ TCP Wrappers と違い、<code class="systemitem">xinetd</code> 管理者が <code class="systemitem">xinetd</code> サービスを再起動すると、アクセス制御の変更が効果を持ちます。
+ </div><div class="para">
+ また、TCP Wrappers と違い、<code class="systemitem">xinetd</code> を通したアクセス制御は <code class="systemitem">xinetd</code> により制御されるサービスのみが効果を持ちます。
+ </div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> ホスト・アクセス制御は、TCP Wrappers により使われる方式とは異なります。TCP Wrappers は2つの設定ファイル <code class="filename">/etc/hosts.allow</code> および <code class="filename">/etc/hosts.deny</code> の\n中ですべてのアクセス設定がされますが、<code class="systemitem">xinetd</code> のアクセス制御は <code class="filename">/etc/xinetd.d/</code> ディレクトリにある各サービスの設定ファイルに見られます。
+ </div><div class="para">
+ 以下のホスト・アクセス・オプションは <code class="systemitem">xinetd</code> によりサポートされます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">only_from</code> — 指定されたホストのみがサービスを使用することを許可されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">no_access</code> — リストされたホストがサービスを使用することをブロックされます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">access_times</code> — 特定のサービスが使用される可能性がある時間帯を指定します。時間帯は24時間表記 HH:MM-HH:MM で記載されなければいけません。
+ </div></li></ul></div><div class="para">
+ <code class="option">only_from</code> と <code class="option">no_access</code> オプションは、IP アドレスまたはホスト名のリストを使用できます。もしくは、ネットワーク全体を指定できます。TCP Wrappers のように、<code class="systemitem">xinetd</code> アクセス制御と高度なロギング設定を組み合わせることは、各コネクションの試行を冗長に記録しながら、禁止されたホストからのリクエストをブロックすることにより、セキュリティを向上させることができます。
+ </div><div class="para">
+ たとえば、以下の <code class="filename">/etc/xinetd.d/telnet</code> ファイルは特定のネットワークグループからの Telnet アクセスを拒否して、許可されたユーザーがログインできる時間帯を制限できます:
+ </div><pre class="screen">service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ no_access = 172.16.45.0/24
+ log_on_success += PID HOST EXIT
+ access_times = 09:45-16:15
+}</pre><div class="para">
+ この例では、<code class="systemitem">172.16.45.2</code> のような <code class="systemitem">172.16.45.0/24</code> ネットワークからのクライアント・システムが Telnet サービスにアクセスしようとするとき、以下のメッセージを受け取ります。
+ </div><pre class="screen">Connection closed by foreign host.</pre><div class="para">
+ さらに、ログイン試行が以下のように <code class="filename">/var/log/messages</code> に記録されます:
+ </div><pre class="screen">Sep 7 14:58:33 localhost xinetd[5285]: FAIL: telnet address from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: START: telnet pid=5285 from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: EXIT: telnet status=0 pid=5285 duration=0(sec)</pre><div class="para">
+ <code class="systemitem">xinetd</code> アクセス制御とともに TCP Wrappers を使用するとき、2つのアクセス制御メカニズムの関係を理解することは重要です。
+ </div><div class="para">
+ 以下は、クライアントが接続を要求するとき、<code class="systemitem">xinetd</code> により実行される一連のイベントです。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは <code class="filename">libwrap.a</code> ライブラリコールを用いて TCP Wrappers hosts アクセスルールにアクセスします。拒否ルールがクライアントにマッチすると、コネクションは廃棄されます。許可ルールがクライアントにマッチすると、コネクションが <code class="systemitem">xinetd</code> に渡されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは、<code class="systemitem">xinetd</code> サービスおよびリクエストされたサービスどちらに対しても自身のアクセス制御ルールをチェックします。拒否ルールがクライアントにマッチすると、コネクションは廃棄されます。そうでなければ、<code class="systemitem">xinetd</code> はリクエストされたサービスのインスタンスを起動し、サービスへのコネクションを認めます。
+ </div></li></ol></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="systemitem">xinetd</code> アクセス制御とともに TCP Wrappers を使用するときは注意する必要があります。設定誤りが意図しない効果を引き起こす可能性があります。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">3.6.4.3.3. バインドとリダイレクトのオプション</h5></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> の設定ファイルは、サービスの IP アドレスへのバインド、およびサービスの入力リクエストを他の IP アドレス、ホスト名、またはポートへのリダイレクトをサポートします。
+ </div><div class="para">
+ バインドは、サービス固有の設定ファイルにおいて <code class="option">bind</code> オプションを用いて制御され、サービスをシステムにおける1つの IP アドレスにリンクします。これが設定されるとき、<code class="option">bind</code> オプションは正しい IP アドレスへのリクエストのみがサービスへのアクセスを許可されます。リクエストに基づいて、異なるネットワークインタフェースに異なるサービスをバインドするために、この方式を使用することができます。
+ </div><div class="para">
+ これは複数のネットワークアダプタまたは複数の IP アドレスを持つシステムにとってとくに有用です。そのようなシステムにおいて、セキュアではないサービス(たとえば、Telnet)は、プライベート・ネットワークに接続されたインタフェースにおいてのみリッスンして、インターネットに接続されたインタフェースではそうしないよう設定できます。
+ </div><div class="para">
+ <code class="option">redirect</code> オプションは、ポート番号を後ろにつけた IP アドレスまたはホスト名を受け付けます。このサービスに対するすべてのリクエストを、指定されたホストとポート番号へとリダイレクトするよう、サービスを設定します。同じシステムにある別のポート番号を指し示す、リクエストを同じマシンにある別の IP アドレスにリダイレクトする、リクエストを全体的に異なるシステムとポート番号に変換する、もしくはこれらのオプションすべての組み合わせをするためにこれらの機能を使用できます。それゆえ、システムにおける特定のサービスに接続しているユーザーは中断することなく他のシステムに再ルートされるかもしれません。
+ </div><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは、クライアントマシンと実際にサービスを提供するホストの間でコネクションの間中ずっと継続し続けるプロセスを生み出し、2つのシステム間でデータを転送することにより、このリダイレクトを達成できます。
+ </div><div class="para">
+ <code class="option">bind</code> および <code class="option">redirect</code> オプションの利点は、一緒に使われたときに、最も明確にわかりやすいです。あるシステムにおいて特定の IP アドレスへとサービスをバインドして、このサービスに対するリクエストを1番目のマシンが見える2番目のマシンへとリダイレクトすることにより、内部システムが全体的に異なるネットワークに対してサービスを提供するために使用できます。代わりに、これらのオプションは、既知の IP アドレスへと複数ホームのマシンにおける特定のサービスの露出を制限して、そのサービスに対するすべてのリクエストをその目的のために特別に設定された他のマシンへとリダイレクトするためにも使用できます。
+ </div><div class="para">
+ たとえば、システム Telnet サービスに対して、この設定を持つファイアウォールとして使用されることを考えます:
+ </div><pre class="screen">service telnet
+{
+ socket_type = stream
+ wait = no
+ server = /usr/kerberos/sbin/telnetd
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ bind = 123.123.123.123
+ redirect = 10.0.1.13 23
+}</pre><div class="para">
+ このファイルにある <code class="option">bind</code> および <code class="option">redirect</code> オプションはマシンにある Telnet サービスは外部 IP アドレス(インターネットに接しているもの)に結び付けらることを確実にします。加えて、<code class="systemitem">123.123.123.123</code> に送られた Telnet サービスに対するすべてのリクエストは、2つ目のネットワーク・アダプターを経由して、ファイアウォールと内部システムだけがアクセスできる内部 IP アドレス (<code class="systemitem">10.0.1.13</code>) に送られます。そして、ファイアウォールを2つのシステム間で通信を送り、接続しているシステムは実際に別のマシンに接続しているとき、<code class="systemitem">123.123.123.123</code> へと接続していると考えます。
+ </div><div class="para">
+ ããã¼ããã³ãæ¥ç¶ã¨åºå® IP ã¢ãã¬ã¹ã1ã¤ã ãæã¤ã¦ã¼ã¶ã¼ã«ã¨ã£ã¦ããã®æ©è½ã¯ã¨ãã«æç¨ã§ããNetwork Address Translation (NAT) ã使ç¨ããã¨ããå
é¨å°ç¨ IP ã¢ãã¬ã¹ã使ç¨ããã²ã¼ãã¦ã§ã¤ãã·ã³ã®å¾ãã«ããã·ã¹ãã ã¯ã²ã¼ãã¦ã§ã¤ã·ã¹ãã ã®å¤å´ããå©ç¨å¯è½ã§ã¯ããã¾ãããããããªããã<code class="systemitem">xinetd</code> ã«ããå¶å¾¡ãããç¹å®ã®ãµã¼ãã¹ã <code class="option">bind</code> ããã³ <code class="option">redirect</code> ãªãã·ã§ã³ãç¨ãã¦è¨å®ããã¦ããã¨ããã²ã¼ãã¦ã§ã¤ãã·ã³ã¯ãå¤å´ã®ã·ã¹ãã ã¨ããµã¼ãã¹ãæä¾ããããè¨å®ãããç¹å®ã®å
é¨ãã·ã³ã®éã§ãããã·ã¨ãã¦åä½ã§ãã¾ããããã«ã<code class="systemitem">xinetd</code> ã®ã¢ã¯ã»ã¹å¶å¾¡ããã³ãã®ã³ã°ã®ãã¾ãã¾ãªãªãã·ã§ã³ããããªãä¿è·ã®ããã«å©ç¨å¯è½ã§ã
ã
+ </div></div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">3.6.4.3.4. リソース管理オプション</h5></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは Denial of Service (DoS) 攻撃から基本的なレベルの保護を与えられます。以下はそのような攻撃の有効性を制限するのに役立つディレクティブのリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">per_source</code> — ソース IP アドレスあたりのサービスに対するインスタンスの最大数を定義します。引数として整数のみを受け付け、<code class="filename">xinetd.conf</code> および <code class="filename">xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルにおいて使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — 秒あたりの最大コネクション数を定義します。このディレクティブは空白で区切られた2つの整数を受け付けます。1番目の引数は秒あたりにサービスに許可されたコネクションの最大数です。2番目の引数は <code class="systemitem">xinetd</code> がサービスを再び有効化するまでに待たなければいけない秒数です。引数として整数のみを受け付け、<code class="filename">xinetd.conf</code> および <code class="filename">xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルにおいて使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">max_load</code> — サービスに対する CPU 利用率またはロード・アベレージの閾値を定義します。浮動小数点の引数を受け付けます。
+ </div><div class="para">
+ ロード・アベレージはある時点においてどのくらいのサービスがアクティブであるかを大まかに測定する方法です。ロード・アベレージの詳細は <code class="command">uptime</code>, <code class="command">who</code>, および <code class="command">procinfo</code> コマンドを参照してください。
+ </div></li></ul></div><div class="para">
+ <code class="systemitem">xinetd</code> に対して利用可能なより多くのリソース管理オプションがあります。詳細は <code class="filename">xinetd.conf</code> マニュアル・ページを参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. 追加のリソース</h3></div></div></div><div class="para">
+ TCP Wrappers と <code class="systemitem">xinetd</code> に関する詳細は、システムのドキュメントとインターネットにおいて入手可能です。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">3.6.5.1. インストールされた TCP Wrappers ドキュメント</h4></div></div></div><div class="para">
+ システムにあるドキュメントは、TCP Wrappers, <code class="systemitem">xinetd</code>, およびアクセス制御に対する、追加の設定オプションを探し始めるよい場所です。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/tcp_wrappers-<em class="replaceable"><code><version></code></em>/</code> — このディレクトリは <code class="filename">README</code> ファイルを含みます。これは、TCP Wrappers がどのように働き、さまざまなホスト名やホスト・アドレスのありえる偽装リスクについて議論しています。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/xinetd-<em class="replaceable"><code><version></code></em>/</code> — このディレクトリは <code class="filename">README</code> ファイルを含みます。これは、<code class="filename">/etc/xinetd.d/</code> ディレクトリ\nにあるサービス固有の設定ファイルを変更することに対するさまざまなアイディアとともに、アクセス制御や <code class="filename">sample.conf</code> ファイルの観点を議論しています。
+ </div></li><li class="listitem"><div class="para">
+ TCP Wrappers および <code class="systemitem">xinetd</code> に関連するマニュアル・ページ — TCP Wrappers および <code class="systemitem">xinetd</code> に関連するさまざまなアプリケーションや設定ファイルに対する多くのマニュアル・ページが存在します。以下はより重要なマニュアル・ページのいくつかです。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">サーバ・アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man xinetd</code> — <code class="systemitem">xinetd</code> のマニュアル・ページ
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">設定ファイル</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man 5 hosts_access</code> — TCP Wrappers の hosts access 制御ファイルのマニュアル・ページ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man hosts_options</code> — TCP Wrappers オプション・フィールドのマニュアル・ページ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man xinetd.conf</code> — <code class="systemitem">xinetd</code> 設定オプションを一覧にしているマニュアル・ページ。
+ </div></li></ul></div></dd></dl></div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">3.6.5.2. 有用な TCP Wrappers ウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.xinetd.org">http://www.xinetd.org/</a> — <code class="systemitem">xinetd</code> のホーム、サンプル設定ファイル、機能の完全な一覧、および有益な FAQ。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial">http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial</a> — 具体的なセキュリティ目標を達成するために、デフォルトの <code class="systemitem">xinetd</code> 設定ファイルを最適化する多くの異なる方法を議論する、完全なチュートリアル。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Books"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">3.6.5.3. 関連書籍</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Brian Hatch, James Lee, および George Kurtz による <em class="citetitle">Hacking Linux Exposed</em>; Osbourne/McGraw-Hill — TCP Wrappers および <code class="systemitem">xinetd</code> に関する情報を持つ優れたセキュリティ・リソース。
+ </div></li></ul></div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Kerberos" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Kerberos">3.7. Kerberos</h2></div></div></div><div class="para">
+ ネットワークの中におけるシステムのセキュリティと完全性は扱いにくいです。どのサービスがネットワークにおいて実行されているか、これらのサービスがどのような方法で使用されているか、を追いかけ続けるために何人かの管理者の時間を消費します。
+ </div><div class="para">
+ さらに、ネットワーク・サービスに認証しているユーザーは、従来の FTP や Telnet プロトコルを用いてネットワーク上に暗号化されないパスワードの転送により証明されるように、プロトコルにより使用されている方式が本質的にセキュアではないとき、危険であることを証明できます。
+ </div><div class="para">
+ Kerberos は、危険な認証の方式を許可するプロトコルに対する必要性を取り除き、それによりネットワーク・セキュリティ全体を強化する方法です。
+ </div><div class="section" id="sect-Security_Guide-Kerberos-What_is_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Kerberos とは何でしょうか?</h3></div></div></div><div class="para">
+ Kerberos は MIT により作成されたネットワーク認証プロトコルです。そして、ネットワーク・サービスにユーザーを認証するために対象暗号鍵 <sup>[<a id="idm93710848" href="#ftn.idm93710848" class="footnote">14</a>]</sup> を使用します。これは、パスワードがネットワーク上で実際には決して送られないことを意味します。
+ </div><div class="para">
+ したがって、ユーザーが Kerberos を使用してネットワーク・サービスに認証するとき、ネットワーク・トラフィックを監視することによりパスワードを集めようとしている認可されないユーザーは効果的に挫折させられます。
+ </div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">3.7.1.1. Kerberos の利点</h4></div></div></div><div class="para">
+ 多くの慣習的なネットワーク・サービスは、パスワード・ベースの認証スキームを使用します。そのようなスキームは、ユーザー名とパスワードを供給することにより、与えられたネットワーク・サーバーへと認証するためにユーザーに要求します。不幸にも、多くのサービスに対する認証情報の転送は暗号化されません。そのようなスキームをセキュアにするために、ネットワークは外部者からアクセス不能にしなければいけません。そして、ネットワークにあるすべてのコンピュータとユーザーが信頼され、信頼できなければいけません。
+ </div><div class="para">
+ たとえこれが問題であるとしても、インターネットに接続されたネットワークはもはやセキュアであるとは見なされません。ネットワークへのアクセス権を得た攻撃者は、ユーザー・アカウントとセキュリティ基盤全体を危険にさらす、ユーザー名とパスワードを横取りするために、パケット・スニファーとしても知られるシンプルなパケット・アナライザーを使用できます。
+ </div><div class="para">
+ Kerberos の一番の設計目標は、ネットワークを通した暗号化されないパスワードの転送を減らすことです。適切に使用されれば、Kerberos はパケット・スニファーがそうしないとネットワークに配置される脅威を効果的に減らします。
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos">3.7.1.2. Kerberos の欠点</h4></div></div></div><div class="para">
+ Kerberos は一般的かつ深刻なセキュリティ脅威を取り除きますが、さまざまな理由により導入することが難しいかもしれません:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/passwd</code> や <code class="filename">/etc/shadow</code> のような標準的な UNIX パスワード・データベースから、Kerberos パスワード・データベースにユーザーのパスワードを移行することは、このタスクを実行する自動化されたメカニズムがないため、時間がかかる可能性があります。オンライン Kerberos FAQ の Question 2.23 を参照してください:
+ </div><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#pwconvert"> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a>
+ </div></li><li class="listitem"><div class="para">
+ Kerberos は多くの Fedora サーバーにより使用される Pluggable Authentication Modules (PAM) システム\nと部分的な互換性のみがあります。この問題の詳細は <a class="xref" href="#sect-Security_Guide-Kerberos-Kerberos_and_PAM">「Kerberos と PAM」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ Kerberos は、それぞれのユーザーが信頼されますが、信頼されないネットワークにある信頼されないホストを使用します。その主要な目標は、暗号化されないパスワードがネットワークを越えて転送されるのを防ぐことです。しかしながら、適切なユーザー以外の誰かが認証のために使用されるチケットを発行する1つのホスト、キー配布センター (<em class="firstterm">KDC</em>: <em class="firstterm">key distribution center</em>) 、にアクセスするならば、Kerberos 認証システム全体がリスクにさらされます。
+ </div></li><li class="listitem"><div class="para">
+ Kerberosを利用するアプリケーションにとって、そのソースは Kerberos ライブラリの中にある適切なコールをするために、修正されなければいけません。この方法で修正されたアプリケーションは <em class="firstterm">Kerberos 対応</em>, あるいは <em class="firstterm">kerberos 化された</em>と考えられます。いくつかのアプリケーションに対して、これはアプリケーションの大きさやその設計のために極めて問題である可能性があります。他の互換性のないアプリケーションに対しては、変更はサーバーとクライアントがコミュニケートする方法にならなければいけません。さらにまた、これは広範囲なプログラミングを必要とします。デフォルトで Kereros に対応していないクローズ・ソースのアプリケーションはしばしば最も問題があります。
+ </div></li><li class="listitem"><div class="para">
+ Kerberos は全か無かのソリューションです。Kerberos がネットワークにおいて使用されるならば、Kerberos に対応していないサービスに転送される暗号化されないパスワードはすべてリスクになります。このように、ネットワークは Kerberos の使用から何も利益を得ません。Kerberos を用いてネットワークをセキュアにするために、暗号化されないパスワードを転送する<span class="emphasis"><em>すべて</em></span>のクライアント/サーバー・アプリケーションの Kerberos 対応バージョンを使用する、もしくは、そのようなクライアント/サーバー・アプリケーションを<span class="emphasis"><em>まったく</em></span>使用しないようにしなければいけません。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_Terminology"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos の用語</h3></div></div></div><div class="para">
+ Kerberos はサービスのさまざまな特徴を定義するためにそれ自身の用語を持ちます。Kerberos がどのように機能するかを学ぶ前に、以下の用語を学ぶことは重要です。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">認証サーバ (AS: authentication server)</span></dt><dd><div class="para">
+ 次々にユーザーにサービスへのアクセス権を与える専用のサービスに対するチケットを発行するサーバー。AS は、リクエストとともにクレデンシャルを持っていない、または送っていないクライアントからのリクエストに応答します。ticket-granting ticket (TGT) を発行することにより、ticket-granting server (TGS) サービスへのアクセス権を得るために一般的に使用されます。AS は一般的にキー配布センター (KDC) を同じホストにおいて実行します。
+ </div></dd><dt class="varlistentry"><span class="term">暗号文</span></dt><dd><div class="para">
+ 暗号化されたデータ。
+ </div></dd><dt class="varlistentry"><span class="term">クライアント</span></dt><dd><div class="para">
+ ネットワークにおいて Kerberos からチケットを受け取るエンティティ(ユーザー、ホストまたはアプリケーション)。
+ </div></dd><dt class="varlistentry"><span class="term">クレデンシャル</span></dt><dd><div class="para">
+ 特定のサービスに対するクライアントのアイデンティティを確認する電子的なクレデンシャルの一時的なセット。チケットとも呼ばれます。
+ </div></dd><dt class="varlistentry"><span class="term">クレデンシャル・キャッシュまたはチケット・ファイル</span></dt><dd><div class="para">
+ ユーザーとさまざまなネットワーク・サービスの間の暗号化されたコミュニケーションに対するキーを含むファイル。Kerberos 5 は共有メモリーのような他のキャッシュ形式を使用するためのフレームワークをサポートしますが、ファイルはより全体的にサポートされます。
+ </div></dd><dt class="varlistentry"><span class="term">暗号ハッシュ</span></dt><dd><div class="para">
+ ユーザーを認証するために使われる一方向ハッシュ。暗号化されていないデータを使うよりはセキュアですが、経験のあるユーザーが復号することはまだ比較的易しいです。
+ </div></dd><dt class="varlistentry"><span class="term">GSS-API</span></dt><dd><div class="para">
+ Generic Security Service Application Program Interface (Internet Engineering Task Force により発行された RFC-2743 で定義されます) は、セキュリティ・サービスを提供する一連の関数です。この API は、それぞれのプログラムが基礎となるメカニズムの具体的な知識なしでお互いを認証するために、クライアントとサービスにより使用されます。ネットワーク・サービス(cyrus-IMAPのような)が GSS-API を使用するならば、Kerberos を用いて認証できます。
+ </div></dd><dt class="varlistentry"><span class="term">ハッシュ</span></dt><dd><div class="para">
+ <em class="firstterm">ハッシュ値</em>としても知られます。<em class="firstterm">ハッシュ関数</em>に文字列を渡すことにより生成された値。これらの値は一般的に、転送されたデータが改ざんされていないことを保証にするために使われます。
+ </div></dd><dt class="varlistentry"><span class="term">ハッシュ関数</span></dt><dd><div class="para">
+ 入力データからデジタルな "フィンガープリント" を生成する方法。これらの関数は、<em class="firstterm">ハッシュ値</em>を作成するために、データを再配置、転置、または他に変更します。
+ </div></dd><dt class="varlistentry"><span class="term">キー</span></dt><dd><div class="para">
+ 他のデータを暗号化または複合するときに使われるデータ。暗号化されたデータは、正しいデータもしくはクラッカー側で極めて幸運がなければ複合できません。
+ </div></dd><dt class="varlistentry"><span class="term">キー配布センター (KDC: key distribution center)</span></dt><dd><div class="para">
+ kerberos チケットを発行するサービス、また一般的に ticket-granting server (TGS) として同じホストにおいて実行されます。
+ </div></dd><dt class="varlistentry"><span class="term">keytab(またはキー・テーブル)</span></dt><dd><div class="para">
+ プリンシパルとそのキーの暗号化されていないリストを含むファイル。サーバーは <code class="command">kinit</code> を使用する代わりに keytab ファイルから必要とするキーを取得します。デフォルトの keytab ファイルは <code class="filename">/etc/krb5.keytab</code> です。KDC 管理サーバー <code class="command">/usr/kerberos/sbin/kadmind</code> は、(<code class="filename">/var/kerberos/krb5kdc/kadm5.keytab</code> を使用する)他のすべてのファイルを使用する唯一のサービスです。
+ </div></dd><dt class="varlistentry"><span class="term">kinit</span></dt><dd><div class="para">
+ <code class="command">kinit</code> コマンドは、すでにログインしたプリンシパルが、初期 TGT (ticket-granting ticket) を手に入れてキャッシュできるようにします。詳細は <code class="command">kinit</code> マニュアル・ページを参照してください。
+ </div></dd><dt class="varlistentry"><span class="term">プリンシパル(またはプリンシパル名)</span></dt><dd><div class="para">
+ プリンシパルは、Kerberos を使用する認証を許可されたユーザーまたはサービスの一意な名前です。プリンシパルは <code class="computeroutput">root[/instance]@REALM</code> の形式に従います。一般的なユーザーに対して、root はログイン ID を同じです。<code class="computeroutput">instance</code> はオプションです。プリンシパルがインスタンスを持つならば、スラッシュ ("/") を用いて root から分離されます。空の文字 ("") は(デフォルトの <code class="computeroutput">NULL</code> インスタンスを異なる)有効なインスタンスを見なされますが、それを使用することは混乱を招きます。レルムにあるすべてのプリンシパルは自分自身のキーを持ち、ユーザーに対してパスワードから導き出されるか、サービスに対してランダムにセットされます。
+ </div></dd><dt class="varlistentry"><span class="term">レルム</span></dt><dd><div class="para">
+ Kerberos を使用するネットワーク。1つかそれより多い KDC と呼ばれるサーバー、および潜在的に多くのクライアントから構成されます。
+ </div></dd><dt class="varlistentry"><span class="term">サービス</span></dt><dd><div class="para">
+ ネットワーク上でアクセスされるプログラム。
+ </div></dd><dt class="varlistentry"><span class="term">チケット</span></dt><dd><div class="para">
+ 特定のサービスに対するクライアントのアイデンティティを確認する電子的なクレデンシャルの一時的なセット。クレディンシャルとも呼ばれます。
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting server (TGS)</span></dt><dd><div class="para">
+ サービスにアクセスするためにユーザーへ交互に与えられる、希望するサービスに対してチケットを発行するサーバー。TGS は一般的に KDC と同じホストにおいて実行されます。
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting ticket (TGT)</span></dt><dd><div class="para">
+ クライアントが KDC から適用されることなく追加のチケットを得られるようにする特別なチケット。
+ </div></dd><dt class="varlistentry"><span class="term">暗号化されていないパスワード</span></dt><dd><div class="para">
+ プレイン・テキスト、人間が読めるパスワード。
+ </div></dd></dl></div></div><div class="section" id="sect-Security_Guide-Kerberos-How_Kerberos_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Kerberos はどのように動作しますか</h3></div></div></div><div class="para">
+ Kerberos はユーザー/パスワードの認証方式とは異なります。各ユーザーが各ネットワーク・サービスに認証する代わりに、ユーザーを一連のネットワーク・サービスに認証するために、Kerberos は対象鍵暗号と信頼された第三者 (KDC) を使用します。ユーザーが KDC に認証するとき、KDC はそのセッションに特有のチケットをユーザーのマシンに送り戻します。そして、すべての Kerberos 対応サービスは、ユーザーにパスワードを使用した認証よりも、ユーザーのマシンにおけるチケットを期待します。
+ </div><div class="para">
+ Kerberos 対応のネットワークにいるユーザーが自身のワークステーションにログインするとき、プリンシパルがアプリケーション・サーバーからの TGT をリクエストの一部として KDC に送られます。このリクエストは、ユーザーへと透過的になるようにログイン・プログラムにより送られます。もしくは、ユーザーがログインした後に <code class="command">kinit</code> により送られます。
+ </div><div class="para">
+ その後、KDC はそのデータベースにあるプリンシパルに対してチェックします。プリンシパルが見つかると、KDC は TGT を作成します。それは、ユーザーのキーを使用して暗号化され、ユーザーへと返されます。
+ </div><div class="para">
+ クライアントにあるログインまたは <code class="command">kinit</code> プログラムはユーザーのキーを使用して TGT を復号します。そして、それはユーザーのパスワードから計算します。ユーザーのキーはクライアントマシンにおいてのみ使用され、ネットワーク上で転送され<span class="emphasis"><em>ません</em></span>
+ </div><div class="para">
+ TGT は一定時間後(通常は10から24時間)に期限切れするようセットされ、クライアント・マシンのクレデンシャルに保存されます。漏えいした TGT が攻撃者に短い時間のみ使用されるよう、期限切れ時間がセットされます。TGT が発行された後、ユーザーは TGT が期限切れするまで、またはログアウトして再びログインするまでパスワードを再入力する必要はありません。
+ </div><div class="para">
+ ユーザーがネットワーク・サービスにアクセスする必要があるときはいつでも、クライアント・ソフトウェアが TGS からその特定のサービスに対する新しいチケットを要求するために TGT を使用します。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ ネットワークにいるユーザーが平文でパスワードを転送することにより Kerberos に対応していないサービスに認証するならば、Kerberos システムは危険にさらされる可能性があります。Kerberos に対応していないサービスを使用することは高く思いとどまらせます。そのようなサービスは Telnet や FTP を含みます。しかしながら、SSH や SSL 化されたサービスのような他の暗号化プロトコルの使用は好まれますが、理想的ではありません。
+ </div></div></div><div class="para">
+ これは Kerberos 認証がどのように機能するかの幅広い概要です。詳細については <a class="xref" href="#sect-Security_Guide-Kerberos-Additional_Resources">「追加のリソース」</a> を参照してください。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Kerberos は正しく機能するために以下のネットワーク・サービスに依存します。
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ネットワークにあるマシン間でクロック同期を近づけます。
+ </div><div class="para">
+ クロック同期プログラムは <code class="command">ntpd</code> のようにネットワークに対してセットアップされるべきです。Network Time Protocol サーバーのセットアップに関する詳細は <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> を参照してください(ここで <em class="replaceable"><code><version-number></code></em> は、システムにインストールされた <code class="filename">ntp</code> パッケージのバージョン番号です)。
+ </div></li><li class="listitem"><div class="para">
+ Domain Name Service (DNS)
+ </div><div class="para">
+ ネットワークにおける DNS エントリーと hosts がすべて正しく設定されていることを確実にすべきです。詳細は <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em></code> にある <em class="citetitle">Kerberos V5 System Administrator's Guide</em> を参照してください(ここで <em class="replaceable"><code><version-number></code></em> は、システムにインストールされた <code class="filename">krb5-server</code> パッケージのバージョン番号です)。
+ </div></li></ul></div>
+
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos と PAM</h3></div></div></div><div class="para">
+ Kerberos 対応サービスは現在 Pluggable Authentication Modules (PAM) を使用しません — これらのサービスは完全に PAM を回避します。しかしながら、PAM を使用するアプリケーションは、<code class="filename">pam_krb5</code> モジュール(<code class="filename">pam_krb5</code> で提供されます)がインストールされていると、認証のために Kerberos を使用できます。<code class="filename">pam_krb5</code> パッケージは、<code class="command">login</code> や <code class="command">gdm</code> のようなサービスがユーザーを認証するとともにそれらのパスワードを用いて初期クレデンシャルを得られるようにする、サンプル設定ファイルを含みます。ネットワーク・サービスへのアクセスが常に Kerberos 対応サービスまたは IMAP のような GSS-API を使用するサービスを用いて実行されるならば、ネ
ットワークは相当に安全であると考えられます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ 管理者はユーザーが Kerberos パスワードを用いて多くのネットワーク・サービスに認証できないことに注意すべきです。これらのサービスにより使用される多くのプロトコルは、ネットワーク上でそれを送信して、Kerberos システムの利益を破壊する前にパスワードを暗号化しません。たとえば、ユーザーは Kerberos 認証のために使用するものと同じパスワードを用いて、Telnet サービスへと認証することが許可されるべきではありません。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Kerberos 5 サーバーの設定</h3></div></div></div><div class="para">
+ Kerberos をセットアップするとき、まず KDC をインストールします。スレーブサーバーをセットアップする必要があれば、まずマスターをインストールします。
+ </div><div class="para">
+ 最初の Kerberos KDC を設定するために、これらの手順に従います:
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Kerberos を設定する前に時刻同期と DNS がすべてのクライアントとサーバーマシンにおいて正しく機能していることを確実にします。Kerberos サーバーとそのクライアントの間の時刻同期については特に注意をします。サーバーとクライアントの間で時刻が5分よりもずれていると(これは Kerberos 5 で設定可能です)、Kerberos クライアントはサーバーに認証することができません。この時刻同期は攻撃者が正当なユーザーになりすますために古い Kerberos チケットを使用するのを防ぐために不可欠です。
+ </div><div class="para">
+ Kerberos が使用されていないときでも、Network Time Protocol (NTP) 互換のクライアント/サーバー・ネットワークをセットアップすることが望ましいです。Fedora はこの目的のために <code class="filename">ntp</code> パッケージを含みます。Network Time Protocol サーバーをセットアップする方法に関する詳細は <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> を (<em class="replaceable"><code><version-number></code></em> はシステムにインストールされた <code class="filename">ntp</code> パッケージのバージョン番号です)、NTP に関する詳細は <a href="http://www.ntp.org">http://www.ntp.org</a> を参照してください。
+ </div></li><li class="step"><div class="para">
+ KDC を実行する専用のマシンにおいて <code class="filename">krb5-libs</code>, <code class="filename">krb5-server</code>, および <code class="filename">krb5-workstation</code> パッケージをインストールします。このマシンは非常にセキュアである必要があります — 可能ならば、KDC 以外のあらゆるサービスを実行すべきではありません。
+ </div></li><li class="step"><div class="para">
+ レルム名とドメイン-レルム・マッピングを反映するために、<code class="filename">/etc/krb5.conf</code> および <code class="filename">/var/kerberos/krb5kdc/kdc.conf</code> 設定ファイルを編集します。シンプルなレルムは、<em class="replaceable"><code>EXAMPLE.COM</code></em> と <em class="replaceable"><code>example.com</code></em> を正しいドメイン名に置き換え、 — 正しい形式において大文字と小文字を確実に保ってください — また、KDC を <em class="replaceable"><code>kerberos.example.com</code></em> から Kerberos サーバーの名前に変えることにより構築できます。便宜上、すべてのレルム名は大文字で、すべての DNS ホスト名とドメイン名は小文字にします。これらの設定ファイルの形式に関する詳細はそれぞれのマニュアル・ページを参照してください。
+ </div></li><li class="step"><div class="para">
+ シェル・プロンプトから <code class="command">kdb5_util</code> ユーティリティを用いてデータベースを作成します:
+ </div><pre class="screen">/usr/kerberos/sbin/kdb5_util create -s</pre><div class="para">
+ <code class="command">create</code> コマンドは Kerberos レルムのためのキーを保存するデータベースを作成します。<code class="command">-s</code> スイッチはマスター・サーバー・キーが保存される <em class="firstterm">stash</em> ファイルの作成を強制します。キーを読み込むために存在する隠しファイルが存在しなければ、Kerberos サーバー (<code class="command">krb5kdc</code>) は、起動するときに毎回ユーザーにマスター・サーバー・キー(キーを再生成するために使用されます)を要求します。
+ </div></li><li class="step"><div class="para">
+ <code class="filename">/var/kerberos/krb5kdc/kadm5.acl</code> ファイルを編集します。このファイルは、どのプリンシパルが Kerberos データベースとそのアクセスレベルを持つかを決めるために <code class="command">kadmind</code> により使用されます。多くの組織は1行でうまくやっていけます:
+ </div><pre class="screen">*/admin at EXAMPLE.COM *</pre><div class="para">
+ 大抵のユーザーは、データベースにおいて単一プリンシパル(<span class="emphasis"><em>NULL</em></span>、空、または <span class="emphasis"><em>joe at EXAMPLE.COM</em></span> のようなインスタンス)により表現されます。この設定において、<span class="emphasis"><em>admin</em></span> のインスタンスという2つ目のプリンシパルを持つユーザー(たとえば、<span class="emphasis"><em>joe/admin at EXAMPLE.COM</em></span>)は、レルムの Kerberos データベース上でフルパワーを行使できます。
+ </div><div class="para">
+ <code class="command">kadmind</code> がサーバーにおいて起動された後、すべてのユーザーは、レルムにあるすべてのクライアントとサーバーにおいて <code class="command">kadmin</code> を実行することによりそのサービスにアクセスできます。しかしながら、<code class="filename">kadm5.acl</code> ファイルにリストされたユーザーのみが、自身のパスワードを変更することを除いて、なんらかの方法でデータベースを変更できます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">kadmin</code> ユーティリティはネットワーク上で <code class="command">kadmind</code> サーバーをコミュニケーションして、認証を処理するために Kerberos を使用します。その結果として、最初のプリンシパルは、それを管理するためにネットワーク上でサーバーに接続する前に、すでに存在しなければいけません。<code class="command">kadmin.local</code> コマンドを用いて最初のプリンシパルを作成します。これは、KDC として同じホストにおいて使用されるための具体的に設定されたもので、認証のために Kerberos を使用しません。
+ </div></div></div><div class="para">
+ 最初のプリンシパルを作成するために、KDC ターミナルにおいて以下の <code class="command">kadmin.local</code> コマンドを入力します:
+ </div><pre class="screen">/usr/kerberos/sbin/kadmin.local -q "addprinc <em class="replaceable"><code>username</code></em>/admin"</pre></li><li class="step"><div class="para">
+ 以下のコマンドを使用して Kerberos を起動します:
+ </div><pre class="screen">/sbin/service krb5kdc start
+/sbin/service kadmin start
+/sbin/service krb524 start</pre></li><li class="step"><div class="para">
+ <code class="command">kadmin</code> の中にある <code class="command">addprinc</code> コマンドを使用してユーザーに対するプリンシパルを追加します。<code class="command">kadmin</code> と <code class="command">kadmin.local</code> は KDC に対するコマンドライン・インターフェースです。それ自体は、多くのコマンド — <code class="command">addprinc</code> のような — が <code class="command">kadmin</code> プログラムを起動した後で利用可能です。詳細は <code class="command">kadmin</code> マニュアル・ページを参照してください。
+ </div></li><li class="step"><div class="para">
+ KDC がチケットを発行していることを確認します。まず、チケットを取得して、それをクレデンシャル・キャッシュファイルに保存するために、<code class="command">kinit</code> を実行します。次に、キャッシュにあるクレデンシャルのリストを表示するために <code class="command">klist</code> を使用して、キャッシュおよびそれを含むクレデンシャルを廃棄するために <code class="command">kdestroy</code> を使用します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ デフォルトで、<code class="command">kinit</code> は、同じシステムログインユーザー名(Kerberos サーバーではありません)を使用して認証をしようとします。そのユーザー名が Kerberos データベースにあるプリンシパルと一致しなければ、<code class="command">kinit</code> はエラーメッセージを発行します。それが起きると、コマンドラインにおける引数として正しいプリンシパル名をとともに <code class="command">kinit</code> を供給します(<code class="command">kinit <em class="replaceable"><code><principal></code></em></code>)。
+ </div></div></div></li></ol></div><div class="para">
+ これらの手順が完了すると、Kerberos サーバーは稼働可能になります。
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Kerberos 5 クライアントの設定</h3></div></div></div><div class="para">
+ Kerberos 5 クライアントをセットアップすることは、サーバーをセットアップするほどではありません。最低限、クライアント・パッケージをインストールして、各クライアントに適切な <code class="filename">krb5.conf</code> 設定ファイルを提供します。<code class="command">ssh</code> と <code class="command">slogin</code> はクライアントシステムにリモートでログインする方式を好む一方、デプロイするのにもう少し多くの設定変更を必要とするにも関わらず、Kerberos 化されたバージョンの <code class="command">rsh</code> と <code class="command">rlogin</code> はまだ利用可能です。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ 時刻同期は Kerberos クライアントと KDC の間で適切であることを確実にします。詳細は <a class="xref" href="#sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">「Kerberos 5 サーバーの設定」</a> を参照してください。さらに、Kerberos クライアント・プログラムを設定する前に Kerberos クライアントにおいて DNS が適切に動作することを確認します。
+ </div></li><li class="step"><div class="para">
+ すべてのクライアント・マシンにおいて <code class="filename">krb5-libs</code> および <code class="filename">krb5-workstation</code> パッケージをインストールします。各クライアントに対して 適切な <code class="filename">/etc/krb5.conf</code> ファイルを供給します(通常は KDC により使用される <code class="filename">krb5.conf</code> ファイルと同じです)。
+ </div></li><li class="step"><div class="para">
+ ã¬ã«ã ã«ããã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã <code class="command">ssh</code> ã¾ã㯠Kerberos åããã <code class="command">rsh</code> ã <code class="command">rlogin</code> ã使ç¨ãã¦æ¥ç¶ããã¦ã¼ã¶ã¼ãèªè¨¼ããããã« Kerberos ã使ç¨ã§ããåã«ãããèªèº«ã®ãã¹ãããªã³ã·ãã«ã Kerberos ãã¼ã¿ãã¼ã¹ã«æããªããã°ããã¾ããã<code class="command">sshd</code>, <code class="command">kshd</code>, ããã³ <code class="command">klogind</code> ãµã¼ãã¼ã»ããã°ã©ã ã¯ãã¹ã¦ã<span class="emphasis"><em>ãã¹ã</em></span>ã®ãµã¼ãã¹ã®ããªã³ã·ãã«ã«å¯¾ãããã¼ã«ã¢ã¯ã»ã¹ããå¿
è¦ãããã¾ããå ãã¦ãKerberos åããã <code class="command">rsh</code> 㨠<code class="command">rlogin</code> ã使ç¨ããããã«ããã®ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã¯ <code class="filename">xinetd</code> ããã±ã¼ã¸ãã¤ã³ã¹ãã¼ã«ããã¦ããªããã°ããã
¾ããã
+ </div><div class="para">
+ <code class="command">kadmin</code> を使用すると、KDC におけるワークステーションに対するホストプリンシパルが追加されます。このケースにおけるインスタンスはワークステーションのホスト名です。プリンシパルを作成して、それにランダムなキーを割り当てるために、<code class="command">kadmin</code> の <code class="command">addprinc</code> コマンドに対して <code class="command">-randkey</code> オプションを使用します:
+ </div><pre class="screen">addprinc -randkey host/<em class="replaceable"><code>blah.example.com</code></em></pre><div class="para">
+ これでプリンシパルが作成されたので、キーは <span class="emphasis"><em>ワークステーション自身において</em></span> <code class="command">kadmin</code> を実行して、<code class="command">kadmin</code> を用いて <code class="command">ktadd</code> コマンドを使用することによりワークステーションのために抽出されます:
+ </div><pre class="screen">ktadd -k /etc/krb5.keytab host/<em class="replaceable"><code>blah.example.com</code></em></pre></li><li class="step"><div class="para">
+ 他の Kerberos 化されたネットワーク・サービスを使用するためには、まずそれらが起動されていなければいけません。以下は、一般的な Kerberos 化されたサービスとそれらを有効にすることに関する説明の一覧です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — クライアントとサーバーの設定がどちらも <code class="option">GSSAPIAuthentication</code> を有効にしているならば、OpenSSH はユーザーをサーバーへ認証するために GSS-API を使用します。クライアントが <code class="option">GSSAPIDelegateCredentials</code> も有効にしていると、ユーザの証明書がリモート・システムにおいて利用可能になります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rsh</code> および <code class="command">rlogin</code> — Kerberos 化されたバージョンの <code class="command">rsh</code> および <code class="command">rlogin</code> を使用するために、<code class="command">klogin</code>, <code class="command">eklogin</code>, および <code class="command">kshell</code> を有効にします。
+ </div></li><li class="listitem"><div class="para">
+ Telnet — Kerberos 化された Telnet を使用するために、<code class="command">krb5-telnet</code> が有効にされなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ FTP — FTP アクセスを提供するために、<code class="computeroutput">ftp</code> の root とともにプリンシパルに対するキーを作成および解凍する必要があります。インスタンスに FTP サーバーの完全修飾ホスト名を確実にセットしてください、そして <code class="command">gssftp</code> を有効にします。
+ </div></li><li class="listitem"><div class="para">
+ IMAP — Kerberos 化された IMAP サーバーを使用するために、<code class="filename">cyrus-sasl-gssapi</code> パッケージもインストールされているならば、<code class="filename">cyrus-imap</code> パッケージは Kerberos 5 を使用します。<code class="filename">cyrus-sasl-gssapi</code> パッケージは GSS-API 認証をサポートする Cyrus SASL プラグインを含みます。Cyrus IMAP は <code class="command">cyrus</code> ユーザーが <code class="filename">/etc/krb5.keytab</code> に適切なキーを見つけられ、プリンシパルに対する root が <code class="command">imap</code> (<code class="command">kadmin</code> を用いて作成されます) にセットされる限り、Kerberos を用いて適切に機能すべきです。
+ </div><div class="para">
+ <code class="filename">cyrus-imap</code> の代替は、Fedora にも含まれる <code class="command">dovecot</code> パッケージで見つけられます。このパッケージは IMAP サーバーを含みますが、現在まで GSS-API と Kerberos をサポートしていません。
+ </div></li><li class="listitem"><div class="para">
+ CVS — Kerberos 化された CVS サーバーを使用するために、<code class="command">gserver</code> は <code class="computeroutput">cvs</code> の root とともにプリンシパルを使用します。そうでなければ、CVS <code class="command">pserver</code> を同一です。
+ </div></li></ul></div></li></ol></div></div><div class="section" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. ドメイン-レルムのマッピング</h3></div></div></div><div class="para">
+ クライアントが特定のサーバーで実行しているサービスにアクセスしようとするとき、サービスの名前(<span class="emphasis"><em>host</em></span>) とサーバーの名前 (<span class="emphasis"><em>foo.example.com</em></span>) を知ります。しかし、1つより多いレルムがネットワークにデプロイされているかもしれないので、サービスが存在するレルムの名前で推測しなければいけません。
+ </div><div class="para">
+ レルムの名前はデフォルトで、サーバーの DNS ドメイン名が大文字で使用されます。
+ </div><div class="literallayout"><p>foo.example.org → EXAMPLE.ORG<br />
+ foo.example.com → EXAMPLE.COM<br />
+ foo.hq.example.com → HQ.EXAMPLE.COM<br />
+</p></div><div class="para">
+ いくつかの設定において、これは十分ですが、他では導かれたレルム名は存在しないレルムの名前でしょう。これらの場合、サーバーの DNS ドメイン名からそのレルム名へのマッピングが、クライアントシステムの <code class="filename">krb5.conf</code> の <span class="emphasis"><em>domain_realm</em></span> セクションにおいて指定されなければいけません。たとえば:
+ </div><pre class="screen">[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ 上の設定は2つのマッピングを指定します。最初のマッピングは "example.com" DNS ドメインにあるすべてのシステムが <span class="emphasis"><em>EXAMPLE.COM</em></span> レルムに所属するということを指定します。2つ目は正確に "example.com" という名前を持つシステムもレルムにあることを指定します。(ドメインと具体的なホストの区別は最初の "." の有無により区別されます。)マッピングは DNS にも直接保存されます。
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. セカンダリ KDC のセットアップ</h3></div></div></div><div class="para">
+ 多くの理由のため、与えられたレルムに対して複数の KDC を実行することを選択するかもしれません。このシナリオでは、1つの KDC (<span class="emphasis"><em>マスター KDC</em></span>) がレルム・データベースの書き込み可能なコピーを維持して、<code class="command">kadmind</code> を実行します (それはレルムの <span class="emphasis"><em>管理サーバー</em></span>でもあります)。また、1つかそれより多い KDC (<span class="emphasis"><em>スレーブ KDC</em></span>) はデータベースの読み込み専用のコピーを維持して、<code class="command">kpropd</code> を実行します。
+ </div><div class="para">
+ マスター-スレーブの伝搬手順は、マスター KDC がそのデータベースを一時的なダンプファイルにダンプして、そのファイルを各スレーブに転送するようにします。これは、それらの以前に受け取ったデータベース読み込み専用コピーをダンプファイルの内容で上書きします。
+ </div><div class="para">
+ スレーブ KDC をセットアップするために、マスター KDC の <code class="filename">krb5.conf</code> および <code class="filename">kdc.conf</code> ファイルがスレーブ KDC に確実にコピーします。
+ </div><div class="para">
+ マスター KDC において root シェルで <code class="command">kadmin.local</code> を起動して、マスター KDC の <span class="emphasis"><em>host</em></span> サービスに対する新しいエントリーを作成するために、その <code class="command">add_principal</code> コマンドを使用します。そして、同時にサービスに対するランダムなキーをセットして、ランダムキーをマスターのデフォルト keytab ファイルに保存するために、その <code class="command">ktadd</code> を使用します。このキーはスレーブサーバーを認証するために <code class="command">kprop</code> コマンドにより使用されます。どのくらいのスレーブサーバーをインストールするかに関わらず、これを一度だけ実行する必要があります。
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin.local -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal root/admin at EXAMPLE.COM with password.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/masterkdc.example.com</code></strong>
+
+Principal "host/host/masterkdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/masterkdc.example.com</code></strong>
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ スレーブ KDC において root シェルから <code class="command">kadmin</code> を起動して、スレーブ KDC の <span class="emphasis"><em>host</em></span> サービスに対する新しいエントリーを作成するために、その <code class="command">add_principal</code> コマンドを使用します。そして、同時にサービスに対するランダムなキーをセットして、ランダムキーをスレーブのデフォルト keytab ファイルに保存するために、<code class="command">kadmin</code> の <code class="command">ktadd</code> を使用します。このキーはクライアントを認証するときに <code class="command">kpropd</code> サービスにより使用されます。
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -p jimbo/admin at EXAMPLE.COM -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal jimbo/admin at EXAMPLE.COM with password.
+
+<code class="prompt">Password for jimbo/admin at EXAMPLE.COM: </code>
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/slavekdc.example.com</code></strong>
+
+Principal "host/slavekdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/slavekdc.example.com at EXAMPLE.COM</code></strong>
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ そのサービスキーを用いると、スレーブ KDC はそれに接続するすべてのクライアントを認証できます。明らかに、それらのすべてが新しいレルム・データベースを持つスレーブの <code class="command">kprop</code> サービスを提供することが許可されるわけではありません。アクセスを制限するために、スレーブ KDC における <code class="command">kprop</code> サービスは、<code class="filename">/var/kerberos/krb5kdc/kpropd.acl</code> にリストされたプリンシパル名であるクライアントからの更新のみを受け付けます。マスター KDC の host サービスの名前をそのファイルに追加します。
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>echo host/masterkdc.example.com at EXAMPLE.COM > /var/kerberos/krb5kdc/kpropd.acl</code></strong></code></p></div><div class="para">
+ 一度スレーブ KDC がデータベースのコピーを取得すると、それを暗号化するために使用されるマスターキーが必要になります。KDC データベースのマスターキーが、マスター KDC (一般的に <code class="filename">/var/kerberos/krb5kdc/.k5.REALM</code> という名前) における <span class="emphasis"><em>stash</em></span> ファイルに保存されると、利用可能なセキュアなあらゆる方法を用いてスレーブ KDC にコピーするか、ダミーのデータベースを作成して、<code class="command">kdb5_util create -s</code> を実行して、同じパスワードを供給することによりスレーブ KDC に同一の stash ファイルを作成するかします。
+ </div><div class="para">
+ スレーブ KDC のファイアウォールはマスター KDC がポート 754 の TCP を使用して接続できるようにしていることを確実にして、<code class="command">kprop</code> サービスを起動します。そして、<code class="command">kadmin</code> サービスが<span class="emphasis"><em>無効</em></span>にされていることを二重チェックします。
+ </div><div class="para">
+ 今、マスター KDC においてレルム・データベースを、<code class="command">kprop</code> コマンドが読み込むデフォルトのデータファイル (<code class="filename">/var/kerberos/krb5kdc/slave_datatrans</code>) に、ダンプすることにより、手動のデータベース伝搬テストを実行します。そして、その内容をスレーブ KDC に転送するために <code class="command">kprop</code> コマンドを使用します。
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>/usr/kerberos/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans</code></strong><code class="prompt">#</code> <strong class="userinput"><code>kprop slavekdc.example.com</code></strong></code></p></div><div class="para">
+ <code class="command">kinit</code> を使用すると、クライアントシステムの <code class="filename">krb5.conf</code> があなたのレルムに対して KDC のリストにあるスレーブ KDC のみリストしているものは、スレーブ KDC から初期クレデンシャルを正しく得られることを確認します。
+ </div><div class="para">
+ 単にレルム・データベースをダンプするスクリプトを作成して、データベースを各スレーブ KDC に順番に転送するために <code class="command">kprop</code> コマンドを実行します。そして、定期的にスクリプトを実行するために <code class="command">cron</code> サービスを設定します。
+ </div></div><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. クロス・レルム認証のセットアップ</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>クロス・レルム認証</em></span>は、それらの自身以外のレルムが属するサービス(一般的に特定のサーバーシステムにおいて実行しているサーバープロセス)を認証するために、あるレルムのクライアント(一般的にユーザー)が Kerberos を使用する状況を記述するために使用される言葉です。
+ </div><div class="para">
+ 最も簡単な場合に対して、<code class="literal">A.EXAMPLE.COM</code> という名前のレルムのクライアントが <code class="literal">B.EXAMPLE.COM</code> レルムにあるサービスにアクセスするために、両方のレルムが <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code> という名前のプリンシパルに対するキーを共有しなければならず、両方のキーがそれらに関連づけられた同じキーバージョン番号を持たなければいけません。
+ </div><div class="para">
+ これを達成するために、非常に強いパスワードまたはパスフレーズを選択して、kadmin により使用される両方のレルムにおけるプリンシパルに対するエントリーを作成します。
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong></p></div><div class="para">
+ 両方のエントリーが対応するキー・バージョン番号 (<code class="literal">kvno</code> 値) と暗号化の種類を持つことを検証するために、<code class="command">get_principal</code> コマンドを使用します。
+ </div><div class="important"><div class="admonition_header"><h2>データベースをダンプすることを実行しないでください。</h2></div><div class="admonition"><div class="para">
+ セキュリティに注意深い管理者は、パスワードの代わりにランダムなキーを割り当てるために <code class="command">add_principal</code> コマンドの <code class="literal">-randkey</code> オプションを使用して、最初のレルムのデータベースから新しいエントリーをダンプして、そしてそれを2番目にインポートしようとするかもしれません。データベースに含まれるキーがマスターキーを用いて暗号化されたそれ自身なので、これはレルム・データベースに対するマスターキーが同一でなければうまく動きません。
+ </div></div></div><div class="para">
+ これで <code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントは <code class="literal">B.EXAMPLE.COM</code> レルムにあるサービスに認証できます。言い換えると、これで <code class="literal">B.EXAMPLE.COM</code> レルムは <code class="literal">A.EXAMPLE.COM</code> レルムを<span class="emphasis"><em>信頼</em></span>します、もしくは、よりシンプルに言うと、<code class="literal">B.EXAMPLE.COM</code> は <code class="literal">A.EXAMPLE.COM</code> を<span class="emphasis"><em>信頼</em></span>します。
+ </div><div class="para">
+ これは重要な点をもたらします: クロス・レルム認証はデフォルトで一方向性です。<code class="literal">B.EXAMPLE.COM</code> レルムに対する KDC は、<code class="literal">B.EXAMPLE.COM</code> レルムにあるサービスに認証するために <code class="literal">A.EXAMPLE.COM</code> からのクライアントを信頼するかもしれません。しかし、<code class="literal">B.EXAMPLE.COM</code> レルムにクライアントがあってもなくても効果を持たないという事実は <code class="literal">A.EXAMPLE.COM</code> レルムにあるサービスに認証するために信頼されます。他の方向に信頼を確立するために、両方のレルムが <code class="literal">krbtgt/A.EXAMPLE.COM at B.EXAMPLE.COM</code> サービスに対するキーを共有する必要があります(上の例と比較して、2つのレルムの順番を反対にすることに注意してください)。
+ </div><div class="para">
+ ç´æ¥ã®ä¿¡é ¼é¢ä¿ãã¬ã«ã éã®ä¿¡é ¼ãæä¾ããå¯ä¸ã®æ¹æ³ã§ãããªãã°ãè¤æ°ã®ã¬ã«ã ãå«ããããã¯ã¼ã¯ã¯ã»ããã¢ãããããã¨ãé常ã«é£ããã§ãã幸éãªãã¨ã«ãã¯ãã¹ã»ã¬ã«ã èªè¨¼ã¯æ¨ç§»çã§ãã<code class="literal">A.EXAMPLE.COM</code> ããã®ã¯ã©ã¤ã¢ã³ãã <code class="literal">B.EXAMPLE.COM</code> ã«ãããµã¼ãã¹ã«èªè¨¼ã§ãã<code class="literal">B.EXAMPLE.COM</code> ããã®ã¯ã©ã¤ã¢ã³ãã <code class="literal">C.EXAMPLE.COM</code> ã«ãããµã¼ãã¹ã«èªè¨¼ã§ãããªãã°ã<span class="emphasis"><em><code class="literal">C.EXAMPLE.COM</code> ãç´æ¥ <code class="literal">A.EXAMPLE.COM</code></em></span> ãä¿¡é ¼ãã¦ããªãã¦ãã<code class="literal">A.EXAMPLE.COM</code> ã«ããã¯ã©ã¤ã¢ã³ã㯠<code class="literal">C.EXAMPLE.COM</code> ã«ãããµã¼ãã¹ã«ãèªè¨¼ã§ãã¾ããããã¯æ¬¡ã®ãã¨ãæå³ãã¾ãããäºãã«ã
ã¹ã¦ãèªè¨¼ããå¿
è¦ããããè¤æ°ã®ã¬ã«ã ãæã¤ãããã¯ã¼ã¯ã«ããã¦ãã©ã®ä¿¡é ¼é¢ä¿ãã»ããã¢ãããããã«ã¤ãã¦è¯ãé¸æããããã¨ã¯ãå¿
è¦ã¨ãããåªåã®éãé常ã«æ¸ãããã¨ãã§ãã¾ãã
+ </div><div class="para">
+ ここでより伝統的な問題に直面します: クライアントのシステムは、特定のサービスが属するレルムを適切に導き出されるように設定されなければいけません。また、そのレルムにあるサービスに対するクレデンシャルを取得する方法を決められなければいけません。
+ </div><div class="para">
+ まず第一に: 与えられたレルムにおいて特定のサーバーシステムから提供されるサービスに対するプリンシパル名は、一般的にこのように見えます:
+ </div><div class="literallayout"><p>service/server.example.com at EXAMPLE.COM</p></div><div class="para">
+ この例において、<span class="emphasis"><em>service</em></span> は一般的に、使用するプロトコルの名前(他の一般的な値は <span class="emphasis"><em>ldap</em></span>, <span class="emphasis"><em>imap</em></span>, <span class="emphasis"><em>cvs</em></span>, および <span class="emphasis"><em>HTTP</em></span> を含みます)もしくは <span class="emphasis"><em>host</em></span> を使用します。<span class="emphasis"><em>server.example.com</em></span> はサービスを実行しているシステムの完全修飾ドメイン名(FQDN)です。また、<code class="literal">EXAMPLE.COM</code> はレルムの名前です。
+ </div><div class="para">
+ サービスが属するレルムを導き出すために、クライアントはしばしば、ホスト名 (<span class="emphasis"><em>server.example.com</em></span>) または DNS ドメイン名 (<span class="emphasis"><em>.example.com</em></span>) をレルム名 (<span class="emphasis"><em>EXAMPLE.COM</em></span>) に対応付けるために、DNS または <code class="filename">/etc/krb5.conf</code> の<code class="literal">domain_realm</code> セクションを参照します。
+ </div><div class="para">
+ サービスがどのレルムに属するかを決めると、サービスに認証することに使用するためのクレデンシャルを得るために、クライアントはコンタクトする必要があるレルムの組を、またどの順番でコンタクトしなければいけないかを決めなければいけません。
+ </div><div class="para">
+ これは2つの方法の内1つで実行されます。
+ </div><div class="para">
+ 明示的な設定を必要としないデフォルトの方式は、共有された階層の中でレルム名を与えることです。例として、<code class="literal">A.EXAMPLE.COM</code>, <code class="literal">B.EXAMPLE.COM</code>, および <code class="literal">EXAMPLE.COM</code> という名前のレルムを考えます。<code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントが <code class="literal">B.EXAMPLE.COM</code> にあるサービスに認証しようとするとき、デフォルトでまず <code class="literal">EXAMPLE.COM</code> レルムに対するクレデンシャルを取得しようとします。そして、<code class="literal">B.EXAMPLE.COM</code> レルムにおいて使用するためのクレデンシャルを取得するためにそれらのクレデンシャルを使用しようとします。
+ </div><div class="para">
+ このシナリオにおけるクライアントは、あるものが DNS 名を取り扱っているかのようにレルム名を取り扱います。サービスのレルムの "上" でもあるポイントにたどり着くまで、階層においてそれの "上" であるレルムの名前を生成するために、それ自身のレルムの名前のコンポーネントを繰り返し取り除きます。その時点で、サービスのレルムにたどり着くまでサービスのレルム名のコンポーネントを先頭につけるもので始めます。プロセスに関連する各レルムは他の "ホップ" です。
+ </div><div class="para">
+ たとえば、<code class="literal">A.EXAMPLE.COM</code> にあるクレデンシャルを使用して、<code class="literal">B.EXAMPLE.COM</code> にあるサービスを認証する方法\n<code class="literal">A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> と <code class="literal">EXAMPLE.COM</code> は <code class="literal">krbtgt/EXAMPLE.COM at A.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> と <code class="literal">B.EXAMPLE.COM</code> は <code class="literal">krbtgt/B.EXAMPLE.COM at EXAMPLE.COM</code> に対するキーを共有します
+ </div></li></ul></div>
+
+ </div><div class="para">
+ もう1つの例は、<code class="literal">SITE1.SALES.EXAMPLE.COM</code> にあるクレデンシャルを使用して、<code class="literal">EVERYWHERE.EXAMPLE.COM</code> にあるサービスを認証する方法\n<code class="literal">SITE1.SALES.EXAMPLE.COM → SALES.EXAMPLE.COM → EXAMPLE.COM → EVERYWHERE.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">SITE1.SALES.EXAMPLE.COM</code> と <code class="literal">SALES.EXAMPLE.COM</code> は <code class="literal">krbtgt/SALES.EXAMPLE.COM at SITE1.SALES.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">SALES.EXAMPLE.COM</code> と <code class="literal">EXAMPLE.COM</code> は <code class="literal">krbtgt/EXAMPLE.COM at SALES.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> と <code class="literal">EVERYWHERE.EXAMPLE.COM</code> は <code class="literal">krbtgt/EVERYWHERE.EXAMPLE.COM at EXAMPLE.COM</code> に対するキーを共有します
+ </div></li></ul></div>
+
+ </div><div class="para">
+ もう一つの例は、その名前が共通のサフィックスを共有しないレルム名を使用するよう、これが調整します (<code class="literal">DEVEL.EXAMPLE.COM</code> および <code class="literal">PROD.EXAMPLE.ORG</code><code class="literal"> DEVEL.EXAMPLE.COM → EXAMPLE.COM → COM → ORG → EXAMPLE.ORG → PROD.EXAMPLE.ORG </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">DEVEL.EXAMPLE.COM</code> と <code class="literal">EXAMPLE.COM</code> は <code class="literal">krbtgt/EXAMPLE.COM at DEVEL.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> および <code class="literal">COM</code> は <code class="literal">krbtgt/COM at EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">COM</code> および <code class="literal">ORG</code> は <code class="literal">krbtgt/ORG at COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">ORG</code> および <code class="literal">EXAMPLE.ORG</code> は <code class="literal">krbtgt/EXAMPLE.ORG at ORG</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.ORG</code> および <code class="literal">PROD.EXAMPLE.ORG</code> は <code class="literal">krbtgt/PROD.EXAMPLE.ORG at EXAMPLE.ORG</code> に対するキーを共有します
+ </div></li></ul></div>
+
+ </div><div class="para">
+ より複雑でより柔軟な方法は、あるレルムに対するクレデンシャルを持つクライアントがどのレルムがサーバーに認証できることに導くチェインの次にあるかを探すことができるように、<code class="filename">/etc/krb5.conf</code> の <code class="literal">capaths</code> セクションを設定することに関連します。
+ </div><div class="para">
+ <code class="literal">capaths</code> セクションの形式は比較的素直です: セクションの各エントリーはクライアントが存在するかもしれないレルムの後ろに名前がつけられます。このサブセクションの中で、クライアントがクレデンシャルを得なければいけない中間レルムのセットは、サービスが存在するかもしれないレルムと対応するキーの値としてリストされます。もし中間レルムがなければ、値 "." が使用されます。
+ </div><div class="para">
+ これは例です:
+ </div><div class="literallayout"><p> [capaths]<br />
+ A.EXAMPLE.COM = {<br />
+ B.EXAMPLE.COM = .<br />
+ C.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = C.EXAMPLE.COM<br />
+ }<br />
+<br />
+</p></div><div class="para">
+ この例において、<code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントは、<code class="literal">B.EXAMPLE.COM</code> に対するクレデンシャルを直接 <code class="literal">A.EXAMPLE.COM</code> KDC からクロス・レルム・クレデンシャルを得ることができます。
+ </div><div class="para">
+ それらのクライアントが <code class="literal">C.EXAMPLE.COM</code> レルムにあるサービスに問い合わせしたければ、まず <code class="literal">B.EXAMPLE.COM</code> レルムから必要なクレデンシャルを取得する必要があります(これは <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code> が存在する必要があります)。そして、(<code class="literal">krbtgt/C.EXAMPLE.COM at B.EXAMPLE.COM</code> を使用して)<code class="literal">C.EXAMPLE.COM</code> レルムにおいて使用するためのクレデンシャルを取得するために、<code class="literal">それらの</code>クレデンシャルを使用します。
+ </div><div class="para">
+ それらのクライアントが <code class="literal">D.EXAMPLE.COM</code> レルムにあるサービスに問い合わせたいならば、最終的に <code class="literal">D.EXAMPLE.COM</code> レルムを使用するためにクレデンシャルを得る前に、まず <code class="literal">B.EXAMPLE.COM</code> レルムから必要なクレデンシャルを、次に <code class="literal">C.EXAMPLE.COM</code> レルムからクレデンシャルを手に入れる必要があります。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 他の方法で capth エントリーを表示していなければ、Kerberos はクロス・レルム信頼関係が階層をなすと仮定します。
+ </div><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントは <code class="literal">B.EXAMPLE.COM</code> レルムから直接クロスドメイン・クレデンシャルを得ることができます。これを意味する "." がなければ、クライアントは階層的なパスを使用するために代わりの試みをします。今回の場合:
+ </div><div class="literallayout"><p> A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM<br />
+<br />
+</p></div></div></div></div><div class="section" id="sect-Security_Guide-Kerberos-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. 追加のリソース</h3></div></div></div><div class="para">
+ Kerberos に関する詳細は、以下のリソースを参照してください。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">3.7.10.1. インストールされた Kerberos ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ PostScript 形式および HTML 形式の <em class="citetitle">Kerberos V5 Installation Guide</em> および <em class="citetitle">Kerberos V5 System Administrator's Guide</em>。これらのドキュメントは <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリで見つけられます (ここで <em class="replaceable"><code><version-number></code></em> はシステムにインストールされた <code class="command">krb5-server</code> パッケージのバージョン番号です) 。
+ </div></li><li class="listitem"><div class="para">
+ PostScript および HTML 形式の <em class="citetitle">Kerberos V5 UNIX User's Guide</em>。これらは <code class="filename">/usr/share/doc/krb5-workstation-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリ (ここで <em class="replaceable"><code><version-number></code></em> はシステムにインストールされた <code class="command">krb5-workstation</code> パッケージのバージョン番号です) で見つけられます。
+ </div></li><li class="listitem"><div class="para">
+ Kerberos マニュアル・ページ — Kerberos 実装と関連したさまざまなアプリケーションと設定ファイルに対する数多くのマニュアル・ページがあります。以下はより重要なマニュアル・ページのいくつかのリストです。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">クライアント・アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kerberos</code> — どのようにクレデンシャルが機能して、Kerberos チケットを取得および廃棄するための推奨値を提供するかについて説明する、Kerberos システムへの導入。マニュアル・ページの最後に関連するマニュアル・ページの番号を参照します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kinit</code> — ticket-granting ticket を取得およびキャッシュするためにこのコマンドを使用する方法について説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdestroy</code> — Kerberos クレデンシャルを廃棄するためにこのコマンドを使用する方法について説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man klist</code> — Kerberos キャッシュsれたクレデンシャルを表示するためにこのコマンドを使用する方法について説明します。
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">管理アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kadmin</code> — Kerberos V5 データベースを管理するためにこのコマンドを使用する方法について説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdb5_util</code> — Kerberos V5 データベースにおける低レベルの管理機能を作成および実行するためにこのコマンドを使用する方法について説明します。
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">サーバー・アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5kdc</code> — Kerberos V5 KDC に対して利用可能なコマンドライン・オプションを説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kadmind</code> — V5 管理サーバーに対して利用可能なコマンドライン・オプションを説明します。
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">設定ファイル</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5.conf</code> — Kerberos V5 ライブラリの設定ファイルにおける形式および利用可能なオプションを説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdc.conf</code> — Kerberos V5 AS および KDC の設定ファイルにおける形式および利用可能なオプションを説明します。
+ </div></li></ul></div></dd></dl></div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">3.7.10.2. 有用な Kerberos </h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a> — MIT の <em class="citetitle">Kerberos: The Network Authentication Protocol</em> ウェブページ。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a> — Kerberos の FAQ (Frequently Asked Questions)。
+ </div></li><li class="listitem"><div class="para">
+ <a href="ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS">ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS</a> — Jennifer G. Steiner, Clifford Neuman, および Jeffrey I. Schiller による <em class="citetitle">Kerberos: An Authentication Service for Open Network Systems</em> の PostScript バージョン。このドキュメントは Kerberos を説明している原論文です。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/dialogue.html">http://web.mit.edu/kerberos/www/dialogue.html</a> — <em class="citetitle">Designing an Authentication System: a Dialogue in Four Scenes</em>、元々1988年 Bill Bryant により、1997年に Theodore Ts'o によります。このドキュメントは、Kerberos 形式の認証システムについて考え抜いている開発者2人の間の会話です。議論の会話形式は、Kerberos に完全になじみがない人々にとって素晴らしい開始地点になります。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.ornl.gov/~jar/HowToKerb.html">http://www.ornl.gov/~jar/HowToKerb.html</a> — <em class="citetitle">How to Kerberize your site</em> はネットワークを Kerberos 化するための素晴らしい参考資料です。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.networkcomputing.com/netdesign/kerb1.html">http://www.networkcomputing.com/netdesign/kerb1.html</a> — <em class="citetitle">Kerberos Network Design Manual</em> は Kerberos システムの完全な概要です。
+ </div></li></ul></div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Firewalls" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Firewalls">3.8. ファイアウォール</h2></div></div></div><div class="para">
+ 情報セキュリティは一般的にプロセスでありプロダクトではないと考えられています。しかしながら、標準的なセキュリティ実装は通常、認可され、識別可能であり、追跡可能であるユーザーへと、特権へのアクセスを制御し、ネットワーク・リソースを制限するために、いくつかの形式の専用のメカニズムを使用します。Fedora は、ネットワーク・レベルのアクセス制御メカニズムを用いて、管理者とセキュリティ・エンジニアを支援するためにいくつかのツールを含みます。
+ </div><div class="para">
+ ファイアウォールはネットワーク・セキュリティ実装の中心的なコンポーネントです。いくつかのベンダーは市場のすべてのレベルにサービス供給するファイアウォール・ソリューションを販売しています: 1台の PC を保護するホーム・ユーザーから、極めて重要な企業の情報を保護するデータセンター・ソリューションまで。ファイアウォールは、Cisco, Nokia, および Sonicwall によるファイアウォール・アプライアンスのような、スタンドアロンのハードウェアである可能性があります。Checkpoint, McAfee, および Symantec のようなベンダーも、家庭およびビジネスの市場に対して専用のソフトウェアのファイアウォール・ソリューションを開発してきました。
+ </div><div class="para">
+ ハードウェアとソフトウェアのファイアウォールの違いは別として、あるソリューションと他のものを分けるファイアウォール機能の方法で違いもあります。<a class="xref" href="#tabl-Security_Guide-Firewalls-Firewall_Types">表3.2「ファイアウォールの種類」</a>は、3つの一般的なファイアウォールのタイプとそれらがどのように機能するかを詳細に説明しています:
+ </div><div class="table" id="tabl-Security_Guide-Firewalls-Firewall_Types"><h6>表3.2 ファイアウォールの種類</h6><div class="table-contents"><table summary="ファイアウォールの種類" border="1"><colgroup><col width="10%" class="method" /><col width="30%" class="description" /><col width="30%" class="advantages" /><col width="30%" class="disadvantages" /></colgroup><thead><tr><th>
+ 方式
+ </th><th>
+ 説明
+ </th><th>
+ 利点
+ </th><th>
+ 欠点
+ </th></tr></thead><tbody><tr><td>
+ NAT
+ </td><td>
+ <em class="firstterm">Network Address Translation</em> (NAT) は、1つまたは少しのパブリック IP アドレスの後ろにプライベート IP サブネットワークを置き、すべてのリクエストをいくつかではなく1つのソースへと変換します。Linux カーネルは Netfilter カーネル・サブシステムを通して組み込みの NAT 機能を持ちます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· LANにおいてマシンに透過的に設定できますか</td></tr><tr><td>· 1つまたは複数の外部 IP アドレスの後ろにある多くのマシンやサービスの保護は管理者の義務を減らします</td></tr><tr><td>· LAN への、または LAN からのユーザー・アクセスの制限は、NAT ファイアウォール/ゲートウェイにおいてポートの開閉により設定されます</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· ユーザーがファイアウォールの外部からサービスに接続すると、悪意のある行動を妨げることができません</td></tr></table>
+
+ </td></tr><tr><td>
+ パケット・フィルター
+ </td><td>
+ パケット・フィルター・ファイアウォールは、LAN を通過する各データ・パケットを読み込みます。ヘッダ情報によりパケットを読み込み、処理できます。そして、ファイアウォール管理者により実装されたプログラム可能なルールの組に基づいてパケットをフィルタします。Linux カーネルは Netfilter カーネル・サブシステムを通して組み込みのパケット・フィルタ機能を持ちます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· <code class="command">iptables</code> フロントエンド・ユーティリティを介してカスタマイズできます</td></tr><tr><td>· すべてのネットワーク活動はアプリケーション・レベルではなくルータ・レベルにおいてフィルタされるため、クライアント側においてカスタマイズする必要はまったくありません</td></tr><tr><td>· パケットはプロキシを経由して転送されないので、クライアントからリモート・ホストへと直に接続するため、ネットワーク性能は比較的です</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· プロキシ・ファイアウォールのようにコンテンツに対してパケットをフィルタすることはできません</td></tr><tr><td>· プロトコル層においてパケットを処理しますが、アプリケーション層においてパケットをフィルタできません</td></tr><tr><td>· とくに <em class="firstterm">IP マスカレード</em>またはローカル・サブネットを DMZ ネットワークと結び付けていると、複雑なネットワーク・アーキテクチャーはパケット・フィルタ・ルールを作ることを難しくする可能性があります</td></tr></table>
+
+ </td></tr><tr><td>
+ プロキシ
+ </td><td>
+ プロキシ・ファイアウォールは、特定のプロトコルまたは LAN クライアントからプロキシ・マシンへの種類について、すべてのリクエストをフィルタします。そしてそれは、これらのリクエストをローカル・クライアントの役割でインターネットへと送ります。プロキシ・マシンは、悪意のあるリモート・ユーザーと内部ネットワークのクライアント・マシンの間でバッファとして動作します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· どのアプリケーションやプロトコルが LAN の外側に機能するかを管理者が制御できるようにします</td></tr><tr><td>· いくつかのプロキシ・サーバは、頻繁にアクセスされるデータをリクエストするためにインターネット接続を使用するのではなく、ローカルにキャッシュすることができます。これにより帯域の消費を減らすことができます</td></tr><tr><td>· プロキシ・サービスは、ネットワークにおけるリソース利用をより制限できるよう、詳しくログ取得して監視することができます</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· プロキシはしばしばアプリケーション固有 (HTTP, Telnet など) です、またはプロトコル制限 (多くのプロキシは TCP 接続のサービスとともに機能します) があります。</td></tr><tr><td>· アプリケーション・サービスはプロキシの後ろ側で実行できないので、アプリケーション・サーバはネットワーク・セキュリティの分離した形式を使用しなければいけません</td></tr><tr><td>· プロキシは、すべてのリクエストと転送がクライアントからリモート・サービスへと直接ではなく1つのソースを通過するので、ネットワークのボトルネックになる可能性があります</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter と IPTables</h3></div></div></div><div class="para">
+ Linux カーネルは <em class="firstterm">Netfilter</em> という力強いネットワーク・サブシステムの機能を持ちます。Netfilter サブシステムは、NAT と IP マスカレードのサービスだけでなく、ステートフルおよびステートレスのパケット・フィルタリングを提供します。Netfilter は高度なルーティングやコネクション状態管理のために IP ヘッダ情報を <em class="firstterm">mangle</em> する機能も持ちます。
+ </div><div class="section" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview">3.8.1.1. IPTables の概要</h4></div></div></div><div class="para">
+ Netfilter のパワーと柔軟性は <code class="command">iptables</code> 管理ツールを用いて実装されます。これは、その前身である <code class="command">ipchains</code> (Linux カーネル2.4およびそれ以上において Netfilter/iptables に置き換えられた )と構文が似ているコマンドライン・ツールです。
+ </div><div class="para">
+ <code class="command">iptables</code> は、ネットワーク接続、検査、処理を強化させるために Netfilter サブシステムを使用します。<code class="command">iptables</code> は、高度なログ取得、プレ・ルーティング動作、ポスト・ルーティング動作、ネットワーク・アドレス変換、およびポート転送の機能を、オールインワンのコマンドライン・インタフェースにて持ちます。
+ </div><div class="para">
+ このセクションは <code class="command">iptables</code> の概要を提供します。詳細は <a class="xref" href="#sect-Security_Guide-IPTables">「IPTables」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. 基本的なファイアウォールの設定</h3></div></div></div><div class="para">
+ ただ、ビルにおける防火壁(ファイアウォール)は火が拡散するのを防ごうとするように、コンピュータのファイアウォールは悪意のあるソフトウェアがあなたのコンピュータへと拡散するのを防ごうとします。認可されないユーザーがコンピュータへアクセスするのを防ぐ助けにもなります。
+ </div><div class="para">
+ デフォルトの Fedora インストールでは、ファイアウォールは、あなたのコンピュータまたはネットワークとあらゆる信頼されないネットワーク(たとえば、インターネット)の間に存在します。コンピュータのどのサービスがリモート・ユーザーからアクセス可能であるかを決めます。適切に設定されたファイアウォールはシステムのセキュリティを非常に向上させます。インターネット接続をするすべての Fedora システムに対してファイアウォールを設定することが推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">3.8.2.1. <span class="application"><strong>ファイアウォール管理ツール</strong></span></h4></div></div></div><div class="para">
+ Fedora インストールの<span class="guilabel"><strong>ファイアウォールの設定</strong></span>画面の間、基本的なファイアウォールを有効にするためだけでなく、特定のデバイス、サービス、およびポートを許可するには、オプションが与えられます。
+ </div><div class="para">
+ インストール後、<span class="application"><strong>ファイアウォール管理ツール</strong></span>を使用することでこの設定を変更できます。
+ </div><div class="para">
+ このアプリケーションを起動するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # system-config-firewall</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewall_config.png" width="444" alt="ファイアウォール管理ツール" /><div class="longdesc"><div class="para">
+ セキュリティ・レベルの設定
+ </div></div></div></div><h6>図3.10 <span class="application">ファイアウォール管理ツール</span></h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <span class="application"><strong>ファイアウォール管理ツール</strong></span>は基本的なファイアウォールのみを設定します。システムがより複雑なルールを必要とするならば、具体的な <code class="command">iptables</code> ルールを設定するために、<a class="xref" href="#sect-Security_Guide-IPTables">「IPTables」</a> を参照してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">3.8.2.2. ファイアウォールの有効化および無効化</h4></div></div></div><div class="para">
+ ファイアウォールに対する以下のオプションの1つを選択します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>無効 (Disabled)</strong></span> — ファイアウォールを無効化することにより、システムへの完全なアクセス権を提供し、セキュリティ・チェックを無くします。信頼されたネットワーク(インターネットではありません)において実行している、または iptables コマンドライン・ツールを用いて個別のファイアウォールを設定する必要があるときのみ、これを選択してください。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ ファイアウォール設定とあらゆる個別のファイアウォール・ルールは <code class="filename">/etc/sysconfig/iptables</code> ファイルに保存されます。<span class="guilabel"><strong>無効 (Disabled)</strong></span> を選択して、<span class="guibutton"><strong>OK</strong></span> をクリックすると、これらの設定とファイアウォール・ルールは失われます。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Enabled</strong></span> — このオプションは、DNS 応答や DHCP リクエストのような外部へのリクエストへの応答ではない、入ってくる接続を拒否するようシステムを設定します。このマシンにおいて実行しているサービスへアクセスが必要ならば、ファイアウォールを通して特定のサービスを許可するよう選択する必要があります。
+ </div><div class="para">
+ もしシステムをインターネットに接続しているならば、サーバを実行しようと考えないでください。これが最も安全な選択です。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">3.8.2.3. 信頼されたサービス</h4></div></div></div><div class="para">
+ <span class="guilabel"><strong>信頼されたサービス</strong></span>一覧にあるオプションを有効にすることで、指定されたサービスがファイアウォールを通過することを許可します。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
+ HTTP プロトコルはウェブページを取り扱うために Apache(または他のウェブサーバ)により使用されます。ウェブサーバは公に利用可能にしようと計画しているならば、このチェックボックスを選択します。このオプションは、ページをローカルに表示するため、またはウェブページを開発するためには必要とされません。このサービスは <code class="filename">httpd</code> パッケージがインストールされている必要があります。
+ </div><div class="para">
+ <span class="guilabel"><strong>WWW (HTTP)</strong></span> を有効にしても、SSL バージョンの HTTP である HTTPS 用のポートは開きません。このサービスが必要ならば、<span class="guilabel"><strong>Secure WWW (HTTPS)</strong></span> チェックボックスを選択します。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>FTP</strong></span></span></dt><dd><div class="para">
+ FTP プロトコルはネットワークにおいてマシン間でファイルを転送するために使用されます。FTP サーバを公に利用可能にしようと計画しているなら、このチェックボックスを選択します。このサービスは <code class="filename">vsftpd</code> パッケージがインストールされている必要があります。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>SSH</strong></span></span></dt><dd><div class="para">
+ Secure Shell (SSH) はリモート・マシンにログインして、コマンドを実行するためのツール群です。ssh 経由でマシンへのアクセスを許可するために、このチェックボックスを選択します。このサービスは <code class="filename">openssh-server</code> パッケージがインストールされている必要があります。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Telnet</strong></span></span></dt><dd><div class="para">
+ Telnet はリモート・マシンにログインするためのプロトコルです。Telnet コミュニケーションは、暗号化されず、ネットワーク盗聴からのセキュリティを提供しません。入ってくる Telnet を許可することは推奨されません。telnet 経由でマシンへのリモート・アクセスを許可するために、このチェックボックスを選択します。このサービスは <code class="filename">telnet-server</code> パッケージがインストールされている必要があります。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Mail (SMTP)</strong></span></span></dt><dd><div class="para">
+ SMTP はリモートホストがメールを配送するためにマシンへ直接接続するのを許可するプロトコルです。POP3 や IMAP を用いて ISP のサーバからメールを収集している、もしくは <code class="command">fetchmail</code> のようなツールを使用しているならば、このサービスを有効にする必要はありません。マシンへのメールの配送を許可するために、このチェックボックスを選択します。不適切に設定された SMTP サーバはリモートマシンがスパムを送るためにサーバを使用できるようになることに注意してください。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>NFS4</strong></span></span></dt><dd><div class="para">
+ Network File System (NFS) は *NIX システムにおいて一般的に使われているファイル共有のプロトコルです。このプロトコルのバージョン4はその前身よりセキュアです。システムにあるファイルやディレクトリを他のネットワーク・ユーザーを共有したいならば、このチェックボックスを選択します。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Samba</strong></span></span></dt><dd><div class="para">
+ Samba は Microsoft の独自の SMB ネットワーク・プロトコルの実装です。ファイル、ディレクトリまたはローカル接続プリンタを Microsoft Windows マシンと共有する必要があるならば、このチェックボックスを選択します。
+ </div></dd></dl></div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">3.8.2.4. 他のポート</h4></div></div></div><div class="para">
+ <span class="application"><strong>ファイアウォール管理ツール</strong></span>は、<code class="command">iptables</code> により信頼されるために、個別の IP ポートを指定するための<span class="guilabel"><strong>他のポート</strong></span>セクションを含みます。たとえば、IRC と Internet printing protocol (IPP) がファイアウォールを通過することを許可するために、<span class="guilabel"><strong>他のポート</strong></span>セクションに以下を追加します:
+ </div><div class="para">
+ <code class="computeroutput">194:tcp,631:tcp</code>
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">3.8.2.5. 設定の保存</h4></div></div></div><div class="para">
+ 変更を保存するために <span class="guibutton"><strong>OK</strong></span> をクリックして、ファイアウォールを有効または無効にします。<span class="guilabel"><strong>ファイアウォールを有効にする</strong></span>が選択されていると、選択されたオプションが <code class="command">iptables</code> コマンドに翻訳され、<code class="filename">/etc/sysconfig/iptables</code> ファイルに書き込まれます。選択されたオプションを保存した後、ファイアウォールを直ちに有効化するために、<code class="command">iptables</code> サービスも開始されます。<span class="guilabel"><strong>ファイアウォールを無効化する</strong></span>が選択されると、<code class="filename">/etc/sysconfig/iptables</code> ファイルが削除され、<code class="command">iptables</code> サービスは直ちに停止されます。
+ </div><div class="para">
+ 選択されたオプションは、設定を復元でき、次回アプリケーションを開始できるよう、<code class="filename">/etc/sysconfig/system-config-securitylevel</code> ファイルにも書き込まれます。
+ </div><div class="para">
+ ファイアウォールが直ちに有効化されるにも関わらず、<code class="command">iptables</code> サービスはブート時に自動的に開始するよう設定されません。詳細は <a class="xref" href="#sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">「IPTables サービスの有効化」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">3.8.2.6. IPTables サービスの有効化</h4></div></div></div><div class="para">
+ <code class="command">iptables</code> サービスが実行されているならファイアウォール・ルールは有効化されています。手動でサービスを開始するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # service iptables restart</pre><div class="para">
+ <code class="command">iptables</code> がシステムのブート時に確実に開始するよう、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre></div></div><div class="section" id="sect-Security_Guide-Firewalls-Using_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. IPTables の使用</h3></div></div></div><div class="para">
+ <code class="command">iptables</code> を使用する第一歩は、<code class="command">iptables</code> サービスを開始することです。<code class="command">iptables</code> サービスを開始するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # service iptables start</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">iptables</code> サービスのみを使用したい場合、<code class="command">ip6tables</code> サービスはオフにされています。<code class="command">ip6tables</code> サービスを再び有効化したいなら、IPv6 ネットワークも忘れずに再び有効化します。ネットワーク・デバイスを対応するファイアウォールなしで有効化しないでください。
+ </div></div></div><div class="para">
+ システムがブートするときにデフォルトで <code class="command">iptables</code> が開始することを強制するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre><div class="para">
+ これは、システムがランレベル3, 4, または5でブートするときは必ず <code class="command">iptables</code> が開始するよう強制します。
+ </div><div class="section" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax">3.8.3.1. IPTables コマンドの構文</h4></div></div></div><div class="para">
+ 以下のサンプル <code class="command">iptables</code> コマンドは、基本的なコマンド構文を説明します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A <em class="replaceable"><code><chain></code></em> -j <em class="replaceable"><code><target></code></em></pre><div class="para">
+ <code class="option">-A</code> オプションは <em class="firstterm"><chain></em> に追加されるルールを指定します。各チェインは1つ以上の<em class="firstterm">ルール</em>から構成されます。そのため、<em class="firstterm">ルール・セット</em>としても知られています。
+ </div><div class="para">
+ 3つの組み込みチェインは INPUT、OUTPUT および FORWARD です。これらのチェインは、永続し、削除できません。チェインはパケットを処理する場所を指定します。
+ </div><div class="para">
+ <code class="option">-j <em class="replaceable"><code><target></code></em></code> オプションは、ルールのターゲット、つまり、パケットがルールにマッチしたら何をするのか、を指定します。組み込みターゲットの例は ACCEPT, DROP, および REJECT です。
+ </div><div class="para">
+ 利用可能なチェイン、オプションおよびターゲットに関する詳細は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">3.8.3.2. 基本的なファイアウォール・ポリシー</h4></div></div></div><div class="para">
+ 基本的なファイアウォール・ポリシーを確立することにより、より詳細な、ユーザー定義のルールを構築する基礎を作成します。
+ </div><div class="para">
+ それぞれの <code class="command">iptables</code> チェインはデフォルトのポリシー、および、ファイアウォールに対するルールセット全体を定義するためにデフォルトのポリシーとともに働く、0またはそれより多いルールから構成されます。
+ </div><div class="para">
+ チェインに対するデフォルト・ポリシーは DROP または ACCEPT です。セキュリティに気を配る管理者は一般的に DROP のデフォルト・ポリシーを実装し、ケースバイケースで特定のパケットのみを許可します。たとえば、以下のポリシーはネットワーク・ゲートウェイにおいてすべての入力および出力パケットをブロックします:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P INPUT DROP
+[root at myServer ~ ] # iptables -P OUTPUT DROP</pre><div class="para">
+ 内部クライアントが不注意にインターネットへとさらされるのを制限するため、同じようにすべての<em class="firstterm">転送パケット</em>(ファイアウォールから宛て先ノードへとルートされるネットワーク・トラフィック)が拒否されることも推奨されます。これをするために、以下のルールを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P FORWARD DROP</pre><div class="para">
+ 各チェインに対するデフォルトのポリシーが確立されると、特定のネットワークに対するさらなるルールやセキュリティ要件を作成・保存できます。
+ </div><div class="para">
+ 以下のセクションは iptables ルールを保存する方法を説明し、iptables ファイアウォールを構築する間に実装するかもしれないいくつかのルールの概要を示します。
+ </div></div><div class="section" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">3.8.3.3. IPTables ルールの保存と復元</h4></div></div></div><div class="para">
+ <code class="command">iptables</code> への変更は一時的なものです。システムが再起動したり、<code class="command">iptables</code> サービスが再起動したりすると、ルールは自動的に消去されリセットされます。<code class="command">iptables</code> サービスが起動するときにロードされるよう、ルールを保存するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # service iptables save</pre><div class="para">
+ ルールは <code class="filename">/etc/sysconfig/iptables</code> に保存され、サービスが開始またはマシンが再起動するときは必ず適用されます。
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. 一般的な IPTables フィルタ</h3></div></div></div><div class="para">
+ リモート攻撃者が LAN にアクセスするのを防ぐことは、ネットワーク・セキュリティの最も重要な観点の1つです。LAN の完全性は、厳しいファイアウォール・ルールの使用を通して、悪意のあるリモート・ユーザーから保護されるべきです。
+ </div><div class="para">
+ しかしながら、すべての入力、出力、転送パケットをブロックするためにセットされるデフォルトのポリシーを用いて、ファイアウォール/ゲートウェイと内部 LAN ユーザーがお互いにまたは外部のリソースとコミュニケーションをすることは不可能です。
+ </div><div class="para">
+ ユーザーがネットワーク関連の機能を実行すること、およびネットワーク・アプリケーションを使用することを許可するために、管理者はコミュニケーション用の特定のポートを開かなければいけません。
+ </div><div class="para">
+ たとえば、<span class="emphasis"><em>ファイアウォールにおける</em></span>ポート80へのアクセスを許可するために、以下のルールを追加します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</pre><div class="para">
+ これはユーザーが標準的なポート80を使用して通信するウェブサイトをブラウズできるようにします。セキュアなウェブサイト(たとえば、https://www.example.com/)へのアクセスを許可するために、以下のようにポート443へのアクセスを提供する必要もあります:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">iptables</code> ルールセットを作成しているとき、順番は重要です。
+ </div><div class="para">
+ ルールが192.168.100.0/24 サブネットからのパケットをすべて廃棄することを指定するならば、これは192.168.100.13(廃棄されるサブネットに含まれます)からのパケットを許可するルールにより続けられます、そして2番目のルールは無視されます。
+ </div><div class="para">
+ 192.168.100.13 からのパケットを許可するルールは、サブネットの残りを廃棄するルールより先になければいけません。
+ </div><div class="para">
+ 既存のチェインにおいて特定の位置にルールを追加するために、<code class="option">-I</code> オプションを使用します。たとえば:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT</pre><div class="para">
+ このルールは、ローカルの loopback デバイスのトラフィックを許可するために、INPUT チェインの最初のルールとして挿入されます。
+ </div></div></div><div class="para">
+ LAN へとリモートアクセスする必要があるときがあるかもしれません。セキュアなサービス、たとえば SSH は LAN サービスへのリモート接続を暗号化するために使われます。
+ </div><div class="para">
+ PPP ベースのリソース(集合モデムや ISP アカウントのような)を持つ管理者は、ダイヤルアップ・アクセスがファイアウォールのバリアを安全に回避するために使われる可能性があります。それらは直接接続されるので、モデム接続は一般的にファイアウォール/ゲートウェイの後ろ側になります。
+ </div><div class="para">
+ しかしながら、ブロードバンド接続を持つリモート・ユーザーのために、特別な場合が作られる可能性があります。リモート・クライアントからの接続を受け付けるために <code class="command">iptables</code> を設定できます。たとえば、以下のルールはリモート SSH アクセスを許可します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+[root at myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT</pre><div class="para">
+ これらのルールは、インターネットまたはファイアウォール/ゲートウェイに直接接続された単独の PC のような、個々のシステムに対して入力および出力を許可します。しかし、ファイアウォール/ゲートウェイの後ろにあるノードがこれらのサービスにアクセスすることは許可しません。LAN アクセスがこれらのサービスにアクセスできるようにするために、<code class="command">iptables</code> フィルタ・ルールを用いて <em class="firstterm">Network Address Translation</em> (<acronym class="acronym">NAT</acronym>) を使うことができます。
+ </div></div><div class="section" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> および <acronym class="acronym">NAT</acronym> ルール</h3></div></div></div><div class="para">
+ 多くの ISP は、取り扱う組織に対して制限された数の公にルーティング可能な IP アドレスのみを提供します。
+ </div><div class="para">
+ そのため、管理者は LAN にあるすべてのノードへパブリック IP アドレスを与えることなく、インターネット・サービスへのアクセスを共有するために代わりの方法を見つけなければいけません。
+ </div><div class="para">
+ エッジ・ルータ(ファイアウォールのような)はインターネットからの入力される通信を受け取り、パケットを意図した LAN ノードにルートできます。同時に、ファイアウォール/ゲートウェイは LAN ノードからリモート・インターネット・サービスへの出力リクエストもルートできます。
+ </div><div class="para">
+ ネットワーク・トラフィックのこのフォワーディングは、ときどき危険になる可能性があります。とくに、<span class="emphasis"><em>内部</em></span> IP アドレスを偽装し、リモート攻撃者のマシンが LAN にあるノードのように振舞う、最近のクラック・ツールが利用可能なときです。
+ </div><div class="para">
+ これを防ぐために、<code class="command">iptables</code> は、ネットワーク・リソースの異常な使用方法を防ぐために実装される、ルーティングおよびフォワーディングのポリシーを提供します。
+ </div><div class="para">
+ <code class="computeroutput">FORWARD</code> チェインは管理者がどのパケットを LAN の中でルーティングするかを制御できるようにします。たとえば、LAN 全体に対してフォワーディングできるようにするために(ファイアウォール/ゲートウェイが eth1 において内部 IP アドレスを割り当てられていると仮定します)、以下のルールを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
+[root at myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT</pre><div class="para">
+ このルールにより、ファイアウォール/ゲートウェイの後ろにあるシステムが内部ネットワークへアクセスできるようになります。ゲートウェイは、<code class="filename">eth1</code> デバイスを経由するすべてのパケットを通過させ、LAN ノードからのパケットを意図した宛て先ノードへとルートします。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Fedora カーネルにおける IPv4 ポリシーは、デフォルトで IP フォワーディングのサポートを無効にしています。これにより、Fedora を実行しているマシンが専用のエッジ・ルータとして機能することを防ぎます。
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</pre><div class="para">
+ この設定変更は現在のセッションに対してのみ有効です。リブートや network サービスの再起動を超えて永続化されません。永続的に IP フォワーディングをセットするために、以下のように <code class="filename">/etc/sysctl.conf</code> を編集します:
+ </div><div class="para">
+ 以下の行を置きます:
+ </div><pre class="screen">net.ipv4.ip_forward = 0</pre><div class="para">
+ 読み込むために以下のように編集します:
+ </div><pre class="screen">net.ipv4.ip_forward = 1</pre><div class="para">
+ <code class="filename">sysctl.conf</code> ファイルへの変更を有効にするために以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -p /etc/sysctl.conf</pre></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading">3.8.5.1. ポストルーティングと IP マスカレード</h4></div></div></div><div class="para">
+ ファイアウォールの内部 IP デバイスを経由して転送されたパケットを受け付けることにより、LAN ノードがお互いにコミュニケーションできるようになります。しかしながら、まだインターネットへの外部のコミュニケーションはできません。
+ </div><div class="para">
+ プライベート IP アドレスを持つ LAN ノードが外部のパブリック・ネットワークと通信できるようにするために、<em class="firstterm">IP マスカレード</em>用にファイアウォールを設定します。これは、LAN ノードからのリクエストをファイアウォールの外部デバイス(この場合、eth0)の IP アドレスで隠します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre><div class="para">
+ このルールは、NAT パケットのマッチング・テーブル (<code class="option">-t nat</code>) を使用し、ファイアウォールの外部ネットワーク・デバイス (<code class="option">-o eth0</code>) において、NAT に対して組み込み POSTROUTING チェイン (<code class="option">-A POSTROUTING</code>) を指定します。
+ </div><div class="para">
+ POSTROUTING は、すべてのパケットがファイアウォールの外部デバイスを出ていくときに変更できるようにします。
+ </div><div class="para">
+ <code class="option">-j MASQUERADE</code> ターゲットは、ノードのプライベート IP アドレスをファイアウォール/ゲートウェイの外部 IP アドレスで隠すよう指定します。
+ </div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">3.8.5.2. プレルーティング</h4></div></div></div><div class="para">
+ 外部から利用可能にしたいと思っている、内部ネットワークにあるサーバを持っているならば、内部サービスへの接続を要求している入力パケットが転送される宛て先 IP アドレスとポートを指定するために、NAT において PREROUTING チェインの <code class="option">-j DNAT</code> ターゲットを使用できます。
+ </div><div class="para">
+ たとえば、入力 HTTP リクエストを 172.31.0.23 にある専用の Apache HTTP Server に転送したいならば、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80</pre><div class="para">
+ このルールは <acronym class="acronym">nat</acronym> テーブルがリストされた宛て先 IP アドレス 172.31.0.23 への入力 HTTP リクエストだけを転送するために組み込み PREROUTING を使用するよう指定しています。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ FORWARD チェインにおいて DROP のデフォルト・ポリシーを持っていると、宛て先 NAT ルーティングができるよう、すべての入力 HTTP リクエストを転送するルールを追加しなければなりません。
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT</pre><div class="para">
+ このルールは、すべての入力 HTTP リクエストがファイアウォールから意図した宛て先(ファイアウォールの後ろにある Apache HTTP Server)へと転送します。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">3.8.5.3. DMZ と IPTables</h4></div></div></div><div class="para">
+ 特定のマシン(<em class="firstterm">demilitarized zone</em> (<acronym class="acronym">DMZ</acronym>) にある専用の HTTP や FTP のサーバのような)へのトラフィックをルートするために <code class="command">iptables</code> ルールを作成することもできます。<acronym class="acronym">DMZ</acronym> は、インターネットのような公のキャリアにおいてサービスを提供することを専用とする、特別なローカル・サブネットワークです。
+ </div><div class="para">
+ たとえば、10.0.4.2にある(LANの192.168.1.0/24範囲の外にある)専用の HTTP サーバへ入力 HTTP リクエストをルーティングするためのルールをセットするために、NAT は適切な宛て先へパケットを転送するために <code class="computeroutput">PREROUTING</code> テーブルを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.4.2:80</pre><div class="para">
+ このコマンドを用いると、LAN の外からポート80へのすべての HTTP コネクションは内部ネットワークの他の部分から分離されたネットワークにある HTTP サーバへとルートされます。ネットワーク・セグメントのこの形態は、ネットワークにあるマシンへ HTTP コネクションを許可するよりは安全であることがわかります。
+ </div><div class="para">
+ HTTP サーバがセキュアな接続を受け付けるよう設定されていると、ポート443も同じように転送されなければいけません。
+ </div></div></div><div class="section" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</h3></div></div></div><div class="para">
+ LAN の中にある特定のサブネットまたは特定のノードへのアクセスを制御する、より精細なルールが作成できます。トロイの木馬、ワーム、およびクライアント/サーバのウイルスのような、特定の疑わしいアプリケーションやプログラムが、サーバに接触することから制限することもできます。
+ </div><div class="para">
+ たとえば、いくつかのトロイの木馬は、31337から31340までのポート(クラック用語で <span class="emphasis"><em>elite</em></span> ポートと呼ばれます)にあるサービスに対してネットワークをスキャンします。
+ </div><div class="para">
+ これらの非標準的なポートを経由してコミュニケーションする正当なサービスはないので、それらをブロックすることは、リモートのマスター・サーバと独立的にコミュニケーションするネットワークにおけるノードに潜在的に影響を与えるチャンスを効率的に減らせます。
+ </div><div class="para">
+ 以下のルールはポート31337を使用するすべての TCP パケットを廃棄します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
+[root at myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP</pre><div class="para">
+ LAN に侵入するためにプライベート IP アドレス範囲を偽ろうとする外部のコネクションをブロックすることもできます。
+ </div><div class="para">
+ たとえば、LAN が 192.168.1.0/24 範囲を使用しているならば、インターネットにつながっているネットワーク・デバイス(たとえば、eth0)に、LAN の IP 範囲にあるアドレスを持つデバイスへのすべてのパケットを廃棄するよう指示するルールを設計できます。
+ </div><div class="para">
+ デフォルト・ポリシーとして転送されたパケットを拒否することが推奨されるので、外部につながっているデバイス(eth0)への他の偽造された IP アドレスすべては自動的に拒否されます。
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <span class="emphasis"><em>appended</em></span> ルールを取り扱うとき、<code class="computeroutput">DROP</code> と <code class="computeroutput">REJECT</code> ターゲットの間に区別があります。
+ </div><div class="para">
+ <code class="computeroutput">REJECT</code> ターゲットは、アクセスを拒否して、サービスに接続しようとしたユーザーへ<code class="computeroutput">connection refused</code> \nエラーを返します。<code class="computeroutput">DROP</code> ターゲットは、名前が意味するように、警告なしでパケットを破棄します。
+ </div><div class="para">
+ 管理者は、これらのターゲットを使用するとき、自身の判断を使用することができます。しかしながら、ユーザーの混乱を避け、コネクションを続けるよう試行するために、<code class="computeroutput">REJECT</code> ターゲットが推奨されます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables とコネクション追跡</h3></div></div></div><div class="para">
+ <em class="firstterm">コネクション状態</em>に基づいたサービスへの接続を検査して制限することができます。<code class="command">iptables</code> の中にあるモジュールは、入力コネクションに関する情報を保存するために、<em class="firstterm">コネクション追跡</em>と呼ばれる方法を使用します。以下のコネクション状態に基づいてアクセスを許可または拒否することができます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — HTTP リクエストのような新しい接続をリクエストするパケット。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — 既存の接続の一部であるパケット。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — 新規コネクションをリクエストしているが、既存のコネクションの一部であるパケット。たとえば、FTP はコネクションを確立するためにポート 21 を使用しますが、データは異なるポート(一般的にポート20)において転送されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — コネクション追跡テーブルにおいてコネクションが存在しないパケット。
+ </div></li></ul></div><div class="para">
+ <code class="command">iptables</code> コネクション追跡のステートフルな機能を、プロトコル自身が(UDP のように)ステートレスであったとしても、あらゆるネットワーク・プロトコルとともに使用できます。以下の例は、確立されたコネクションと関連付けられたパケットのみを転送するために、コネクション追跡を使用するルールを示します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</pre></div><div class="section" id="sect-Security_Guide-Firewalls-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</h3></div></div></div><div class="para">
+ IPv6 と呼ばれる次世代 Internet Protocol を採用することにより、IPv4 (または IP) の32ビット・アドレス制限を越えて拡張します。IPv6 は128ビット・アドレスをサポートします。またそのため、IPv6 対応のキャリアのネットワークは IPv4 よりも多くのルート可能なアドレスを割り当てられます。
+ </div><div class="para">
+ Fedora は Netfilter 6 サブシステムと <code class="command">ip6tables</code> コマンドを用いて IPv6 ファイアウォール・ルールをサポートします。Fedora 12 では、IPv4 と IPv6 サービスがどちらもデフォルトで有効にされています。
+ </div><div class="para">
+ <code class="command">ip6tables</code> コマンドの構文は、128ビットアドレスをサポートすることを除き、すべての観点において <code class="command">iptables</code> と同じです。たとえば、IPv6 対応のネットワーク・サーバにおいて SSH 接続を有効にするために以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT</pre><div class="para">
+ IPv6 ネットワークの詳細については、<a href="http://www.ipv6.org/">http://www.ipv6.org/</a> にある IPv6 情報ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Firewalls-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. 追加のリソース</h3></div></div></div><div class="para">
+ 本章では取り扱うことができない、ファイアウォールと Linux Netfilter サブシステムのいくつかの観点があります。詳細は以下のリソースを参照してください。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">3.8.9.1. インストールされているファイアウォールのドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 多くのコマンド・オプションの定義を含め、<code class="command">iptables</code> コマンドに関する詳細は、<a class="xref" href="#sect-Security_Guide-IPTables">「IPTables」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">iptables</code> マニュアル・ページはさまざまなオプションの概要を含みます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">3.8.9.2. 有用なファイアウォールのウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — Netfilter と <code class="command">iptables</code> プロジェクトの公式ホームページ。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.tldp.org/">http://www.tldp.org/</a> — The Linux Documentation Project はファイアウォールの作成と管理に関するいくつかの有用なガイドを含みます。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.iana.org/assignments/port-numbers">http://www.iana.org/assignments/port-numbers</a> — Internet Assigned Numbers Authority により割り当てた、登録された一般的なサービス・ポートの公式な一覧。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">3.8.9.3. 関連ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Red Hat Linux Firewalls</em>, by Bill McCarty; Red Hat Press — Netfilter や <code class="command">iptables</code> のようなオープンソースのパケット・フィルタリング技術を用いたネットワークおよびサーバ・ファイアウォールを構築するための完全なリファレンス。さまざまなグラフィカル・ツールを用いて、ファイアウォール・ログの解析、ファイアウォール・ルールの開発、ファイアウォールのカスタマイズに関するトピックを含みます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Linux Firewalls</em>, by Robert Ziegler; New Riders Press — 2.2 カーネルの <code class="command">ipchains</code> および Netfilter と <code class="command">iptables</code> の両方を用いたファイアウォールを構築することに関する豊富な情報を含みます。リモート・アクセスの問題や侵入検知システムのような追加のセキュリティのトピックも取り扱います。
+ </div></li></ul></div></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-IPTables" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-IPTables">3.9. IPTables</h2></div></div></div><div class="para">
+ Fedora に含まれるネットワーク・<em class="firstterm">パケット・フィルタリング</em>の高度なツールです — カーネルの中にあるネットワーク・スタックに入る、移動する、および出るときに、ネットワーク・パケットを制御するプロセス。カーネル・バージョン 2.4 より前はパケット・フィルタリングに対して <code class="command">ipchains</code> に依存しています。また、フィルタリング・プロセスの各ステップにおいてパケットに適用されるルールのリストが使われました。2.4 カーネルは <code class="command">iptables</code> (<em class="firstterm">netfilter</em> とも呼ばれます) を導入しました。それは、<code class="command">ipchains</code> と似ていますが、ネットワーク・パケットのフィルタリングのために利用可能な範囲と制御を大幅に拡張します。
+ </div><div class="para">
+ 本章は、パケット・フィルタリングの基礎に焦点をあて、<code class="command">iptables</code> コマンドで利用可能なさまざまなオプションを説明し、フィルタリング・ルールがシステム再起動時にどのように保存されるかを説明します。
+ </div><div class="para">
+ これらのルールに基づいた <code class="command">iptables</code> ルールを構築して、ファイアウォールをセットアップする方法の説明は、<a class="xref" href="#sect-Security_Guide-IPTables-Additional_Resources">「追加のリソース」</a> を参照してください。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ カーネル 2.4 およびそれ以降におけるデフォルトのファイアウォール・メカニズムは <code class="command">iptables</code> です。しかし、<code class="command">ipchains</code> がすでに実行されていると、<code class="command">iptables</code> は使用できません。<code class="command">ipchains</code> が起動時に存在すると、カーネルはエラーを起こし、<code class="command">iptables</code> を開始できません。
+ </div><div class="para">
+ <code class="command">ipchains</code> の機能はこれらのエラーにより影響されません。
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables-Packet_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. パケット・フィルタリング</h3></div></div></div><div class="para">
+ Linux カーネルは、パケットをフィルタするための <span class="application"><strong>Netfilter</strong></span> 機能を使用します。システムにより受け取られた、または通過されたパケットのいくつかを許可しますが、他のものは止めます。この機能は Linux カーネルに組み込まれ、以下のような3つの組み込み <em class="firstterm">テーブル</em> または <em class="firstterm">ルール・リスト</em>を持ちます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">filter</code> — ネットワーク・パケットを取り扱うためのデフォルト・テーブルです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">nat</code> — 新しい接続を作成するパケットを変更するために使用され、<em class="firstterm">ネットワークアドレス変換</em> (<em class="firstterm">NAT: Network Address Translation</em>) のために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">mangle</code> — パケット変換の具体的な種類のために使用されます。
+ </div></li></ul></div><div class="para">
+ 各テーブルは、パケットにおいて <code class="command">netfilter</code> により実行されるアクションと対応する、組み込み<em class="firstterm">チェイン</em>のグループを持ちます。
+ </div><div class="para">
+ <code class="option">filter</code> テーブルに対する組み込みチェインは以下のようなものです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — そのホスト宛てのネットワーク・パケットに適用されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — ローカルに生成されたネットワーク・パケットに適用されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — ホストを経由してルートされるネットワーク・パケットに適用されます。
+ </div></li></ul></div><div class="para">
+ <code class="option">nat</code> テーブルに対する組み込みチェインは以下のようなものです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — ネットワーク・パケットが入ってくるときに変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — ローカルに生成されたネットワーク・パケットが出ていくときに変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — ネットワーク・パケットが出ていくときに変更されます。
+ </div></li></ul></div><div class="para">
+ <code class="option">mangle</code> テーブルに対する組み込みチェインは以下のようなものです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — ホスト宛てのネットワーク・パケットを変更します。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — ローカルに生成されたネットワーク・パケットが出ていくときに変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — ホストを経由してルートされるネットワーク・パケットを変更します。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — 入ってくるネットワーク・パケットがルートされる前に変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — ネットワーク・パケットが出ていくときに変更されます。
+ </div></li></ul></div><div class="para">
+ Linux システムにより受け取られた、またはそれから送られたすべてのネットワーク・パケットは、少なくとも1つのテーブルに従います。しかしながら、パケットはチェインの最後に出てくる前に各テーブルの中にある複数のルールに従うかもしれません。これらのルールの構造と目的は非常に変化します。しかし、それらは一般に特定のプロトコルおよびネットワーク・サービスを使用するとき、特定の IP アドレスまたはアドレスの組から入力された、または出力されたパケットを識別するために探索されます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ファイアウォール・ルールはデフォルトで <code class="filename">/etc/sysconfig/iptables</code> または <code class="filename">/etc/sysconfig/ip6tables</code> ファイルに保存されます。
+ </div><div class="para">
+ <code class="command">iptables</code> サービスは、Linux システムがブートするときにすべての DNS 関連サービスの前に開始します。ファイアウォール・ルールは数値 IP アドレス(たとえば、192.168.0.1)のみが参照できる、ということを意味します。そのようなルールにあるドメイン名(たとえば、host.example.com)はエラーを発生させます。
+ </div></div></div><div class="para">
+ ãã±ããããã¼ãã«ã®1ã¤ã«ããç¹å®ã®ã«ã¼ã«ã«ãããããã¨ããå®ã¦å
ã«é¢ãããã<em class="firstterm">target</em> ã¾ãã¯ã¢ã¯ã·ã§ã³ããããã«é©ç¨ããã¾ããã«ã¼ã«ãããããããã±ããã«å¯¾ã㦠<code class="command">ACCEPT</code> ãæå®ãã¦ããã¨ããã±ããã¯æ®ãã®ã«ã¼ã«ã®ãã§ãã¯ãé£ã°ãã¦ãå®ã¦å
ã¸ç¶ãããã¨ã許ãã¾ããã«ã¼ã«ã <code class="command">DROP</code> ã¿ã¼ã²ãããæå®ãã¦ããã¨ããã±ããã¯ã·ã¹ãã ã¸ã®ã¢ã¯ã»ã¹ãæå¦ããããã±ãããéã£ã¦ãããã¹ãã¸ã¨ä½ãéç¥ããã¾ãããã«ã¼ã«ã <code class="command">QUEUE</code> ã¿ã¼ã²ãããæå®ãã¦ããã¨ããã±ããã¯ã¦ã¼ã¶ã¼ç©ºéã¸ã¨æ¸¡ããã¾ããã«ã¼ã«ããªãã·ã§ã³ã® <code class="command">REJECT</code> ã¿ã¼ã²ãããæå®ãã¦ããã¨ããã±ããã¯ç ´æ£ããã¾ãããã¨ã©ã¼ã»ãã±ãããã
ã±ããã®éä¿¡è
ã¸éããã¾ãã
+ </div><div class="para">
+ すべてのチェインは、<code class="command">ACCEPT</code>, <code class="command">DROP</code>, <code class="command">REJECT</code>, または <code class="command">QUEUE</code> へのデフォルト・ポリシーを持ちます。チェインにあるルールが何もパケットに適用されないならば、パケットはデフォルト・ポリシーに従って処理されます。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンドはこれらのテーブルを設定します。また、必要に応じて新しいテーブルをセットアップします。
+ </div></div><div class="section" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. IPTables のコマンド・オプション</h3></div></div></div><div class="para">
+ パケットをフィルタするルールは <code class="command">iptables</code> コマンドを使用して生成されます。多くの場合パケットの以下の観点が基準として使用されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Type</em></span> — パケットの種類を指定するコマンド・フィルター。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Source/Destination</em></span> — パケットの送信元または宛て先に基づいてパケットを指定するコマンド・フィルター
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Target</em></span> — 上の基準にマッチしてとられるアクションを指定するパケット
+ </div></li></ul></div><div class="para">
+ パケットのこれらの観点を指定する特定のオプションに関する詳細は <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">「IPTables マッチ・オプション」</a> および <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Target_Options">「ターゲット・オプション」</a> を参照してください。
+ </div><div class="para">
+ 特定の <code class="command">iptables</code> ルールとともに使用されるオプションは、有効であるルールに対して、全体のルールの目的と条件に基づいて、論理的にグループ化されなければいけません。このセクションの残りで、<code class="command">iptables</code> コマンドに対して一般的に使われるオプションを説明します。
+ </div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options">3.9.2.1. IPTables コマンド・オプションの構造</h4></div></div></div><div class="para">
+ 多くの <code class="command">iptables</code> コマンドは以下の構造を持ちます:
+ </div><pre class="screen"><code class="computeroutput"> iptables [-t <em class="replaceable"><code><table-name></code></em>] <em class="replaceable"><code><command></code></em> <em class="replaceable"><code><chain-name></code></em> \ <em class="replaceable"><code><parameter-1></code></em> <em class="replaceable"><code><option-1></code></em> \ <em class="replaceable"><code><parameter-n></code></em> <em class="replaceable"><code><option-n></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><table-name></code></em> — どのテーブルにルールが適用されるかを指定します。省略されると、<code class="option">filter</code> テーブルが使用されます。
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — ルールの追加や削除のような、実行されるアクションを指定します。
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — 編集、作成または削除されるチェインを指定します。
+ </div><div class="para">
+ <em class="replaceable"><code><command>-<option></code></em> pairs — ルールにマッチするパケットをどのように処理するかを指定するパラメーターと関連するオプション。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンドの長さを複雑さは、その目的に応じて、非常に変わります。
+ </div><div class="para">
+ たとえば、チェインからルールを削除するコマンドは非常に短くできます:
+ </div><div class="para">
+ <code class="command">iptables -D <em class="replaceable"><code><chain-name> <line-number></code></em></code>
+ </div><div class="para">
+ 対照的に、さまざまな特定のパラメーターとオプションを用いて特定のサブネットからのパケットをフィルターするルールを追加するコマンドはかなり長い可能性があります。<code class="command">iptables</code> コマンドを構築するとき、有効なルールを作るために、いくつかのパラメーターとオプションはさらなるパラメーターとオプションを必要とすることを覚えておいてください。これにより、より多くのパラメーターを必要とするさらなるパラメーターを用いて、カスケード効果を作成できます。他のオプションの組を必要とするすべてのパラメーターとオプションが満たされるまで、ルールは有効ではありません。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンド構造の完全なリストを表示するために <code class="command">iptables -h</code> を入力します。
+ </div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">3.9.2.2. コマンド・オプション</h4></div></div></div><div class="para">
+ コマンド・オプションは特定のアクションを実行するよう <code class="command">iptables</code> に指示します。<code class="command">iptables</code> コマンドあたり、1つのコマンド・オプションのみが許可されます。ヘルプ・コマンドに注意書きされているように、すべてのコマンドは大文字で書かれます。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンドは以下のようです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-A</code> — ルールを指定されたチェインの最後に追加します。以下で説明される <code class="option">-I</code> オプションとは違い、整数の引数を取りません。常にルールを指定されたチェインの最後に追加します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-C</code> — ユーザー指定のチェインに追加する前に特定のルールをチェックします。このコマンドは、追加のパラメーターとオプションを促すことにより複雑な <code class="command">iptables</code> を構築する助けにできます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-D <integer> | <rule></code> — 数値(チェインにある5番目のルールに対しては<code class="option">5</code>、のように)またはルールの指定により特定のチェインにあるルールを削除します。ルールの指定は既存のルールに正確に一致しなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-E</code> — ユーザー指定のチェインの名前を変えます。ユーザー指定のチェインはデフォルト、既存のチェイン以外のチェインすべてです。 (ユーザー指定のチェインを作成することの詳細は、いかにある <code class="option">-N</code> オプションを参照してください。) これは表面的な変更であり、テーブルの構造に影響を与えません。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ デフォルトのチェインの1つの名前を変えようとしているならば、システムは <code class="computeroutput">Match not found</code> エラーを報告します。デフォルトのチェインの名前を変えることはできません。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-F</code> — 選択されたチェインをフラッシュします、効率的にチェインにあるルールをすべて削除します。チェインが指定されていないと、このコマンドはすべてのチェインからすべてのルールをフラッシュします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-h</code> — コマンド構造の一覧、およびコマンド・パラメーターとオプションの簡単な概要を提供します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-I [<integer>]</code> — ユーザー定義の整数の引数により指定されたところにある指定されたチェインにおけるルールを挿入します。引数が何も指定されていなければ、ルールはチェインの一番上に挿入されます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ 上で説明されたように、チェインにおけるルールの順番は、どのルールがどのパケットに適用されるかを決めます。ルールを追加するときに <code class="option">-A</code> または <code class="option">-I</code> オプションのどちらを使用するかを覚えておくかは重要なことです。
+ </div><div class="para">
+ ルールを追加するときに整数の引数とともに <code class="option">-I</code> を使用することはとくに重要です。ルールをチェインに追加するときに既存の数値を指定するならば、<code class="command">iptables</code> は既存のルールの<span class="emphasis"><em>前</em></span>(または上)に新しいルールを追加します。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-L</code> — コマンドの後ろに指定したチェインにあるルールをすべて表示します。デフォルト <code class="option">filter</code> テーブルにあるすべてのチェインのルールをすべて表示するためには、チェインまたはテーブルを指定しません。そうでなければ、特定のテーブルで指定したチェインにあるルールを表示するために、以下の構文が使用されます:
+ </div><pre class="screen"><code class="computeroutput"> iptables -L <em class="replaceable"><code><chain-name></code></em> -t <em class="replaceable"><code><table-name></code></em></code></pre><div class="para">
+ ルール番号を提供したり、より詳細なルールの説明を許可したりする、<code class="option">-L</code> コマンド・オプションに対する追加のオプションは、<a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">「リスト・オプション」</a> に記載されています。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-N</code> — ユーザー指定の名前を用いて新しいチェインを作成します。チェイン名は一意でなければならず、そうでなければエラー・メッセージが表示されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-P</code> — 指定したチェインに対するデフォルトのポリシーをセットします。これは、パケットがルールにマッチせずにチェイン全体を通り抜けるときに、ACCEPT または DROP のような、指定されたターゲットに送られるようにするためです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-R</code> — 指定されたチェインにおけるルールを置き換えます。ルールの番号は必ずチェイン名の後ろに指定されなければいけません。チェインにある最初のルールはルール番号1に対応します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-X</code> — ユーザーが指定したチェインを削除します。組み込みチェインは削除できません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-Z</code> — テーブルに対するすべてのチェインにあるバイトとパケットのカウンタを0にセットします。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">3.9.2.3. IPTables パラメーターのオプション</h4></div></div></div><div class="para">
+ 特定のチェインの中にルールを追加、削除、挿入、および置換するために使われるものを含む、特定の <code class="command">iptables</code> コマンドは、パケット・フィルタリング・ルールを構築するためにさまざまなパラメーターを必要とします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-c</code> — 特定のルールに対するカウンターをリセットします。このパラメーターはどのカウンターをリセットするかを指定するために <code class="option">PKTS</code> および <code class="option">BYTES</code> オプションを受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-d</code> — ルールにマッチするパケットの宛て先ホスト名、IP アドレス、またはネットワークをセットします。ネットワークにマッチさせるとき、以下の IP アドレス/ネットマスクの形式がサポートされます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M.M.M.M</code></em></code> — ここで <em class="replaceable"><code>N.N.N.N</code></em> は IP アドレスの範囲で、<em class="replaceable"><code>M.M.M.M</code></em> はネットマスクです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M</code></em></code> — ここで<em class="replaceable"><code>N.N.N.N</code></em> は IP アドレスの範囲で、<em class="replaceable"><code>M</code></em> はビットマスクです。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">-f</code> — このルールはフラグメントされたパケットにのみ適用されます。
+ </div><div class="para">
+ フラグメントされていないパケットのみにマッチするよう指定するために、このパラメーターの後ろに感嘆符記号 (<code class="option">!</code>) オプションを使用できます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ フラグメントされたパケットが IPプロトコルの標準的な部分であるにもかかわらず、フラグメントされたパケットとフラグメントされていないパケットを区別することが望ましいです。
+ </div><div class="para">
+ 元々は、IP パケットは異なるフレーム・サイズを持つネットワークを経由して伝搬できるように設計された、フラグメントは悪意のある形式のパケットを使用した DoS 攻撃を生成するために、最近はより一般的に使われます。IPv6 がフラグメントを完全に拒否することは何も価値がありません。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-i</code> — <code class="option">eth0</code> や <code class="option">ppp0</code> のような、入力ネットワーク・インターフェースをセットします。<code class="command">iptables</code> を用いて、このオプション・パラメータは <code class="option">filter</code> テーブルとともに使用されるとき INPUT および FORWARD チェインのみとともに使用されます。また、<code class="option">nat</code> および <code class="option">mangle</code> テーブルとともに使用されるときは PREROUTING チェインのみです。
+ </div><div class="para">
+ このパラメーターは以下の特別なオプションもサポートします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 感嘆符記号 (<code class="option">!</code>) — 指定されたインターフェースすべてがこのルールから除外されることを意味する、ディレクティブを反転します。
+ </div></li><li class="listitem"><div class="para">
+ プラス記号 (<code class="option">+</code>) — ワイルドカード文字は指定した文字列にマッチするすべてのインターフェースにマッチさせるために使用されます。たとえば、パラメータ <code class="option">-i eth+</code> は、このルールをすべてのイーサネット・インターフェースに適用しますが、<code class="option">ppp0</code> のような他のインターフェースすべては除きます。
+ </div></li></ul></div><div class="para">
+ <code class="option">-i</code> パラメータが使われていても、インターフェースが指定されていなければ、すべてのインターフェースがルールにより影響を受けます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-j</code> — パケットが特定のルールにマッチしたとき指定されたターゲットにジャンプします。
+ </div><div class="para">
+ 標準的なターゲットは <code class="option">ACCEPT</code>, <code class="option">DROP</code>, <code class="option">QUEUE</code>, および <code class="option">RETURN</code> です。
+ </div><div class="para">
+ 拡張されたオプションも Fedora <code class="command">iptables</code> RPM パッケージでデフォルトでロードされるモジュールを通して利用可能です。これらのモジュールにおいて有効なターゲットは、とりわけ <code class="option">LOG</code>, <code class="option">MARK</code>, および <code class="option">REJECT</code> を含みます。これらと他のターゲットの詳細は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div><div class="para">
+ このオプションは、他のルールがパケットへ適用されるよう現在のチェインの外側に、特定のルールがユーザー定義チェインにマッチする、パケットを指定するためにも使用できます。
+ </div><div class="para">
+ ターゲットが指定されていなければ、パケットは何もアクションがとられないルールを通過していきます。しかしながら、このルールに対するカウンターは1つ増えます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-o</code> — ルールに対する出力ネットワーク・インターフェースをセットします。このオプションは、<code class="option">filter</code> テーブルにおける OUTPUT および FORWARD チェイン、および <code class="option">nat</code> と <code class="option">mangle</code> テーブルにおける \nPOSTROUTING チェインに対してのみ有効です。このパラメーターは、入力インターフェース・パラメーター (<code class="option">-i</code>) と同じようなオプションを受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-p <protocol></code> — ルールにより影響を受けるプロトコルをセットします。これは <code class="option">icmp</code>, <code class="option">tcp</code>, <code class="option">udp</code>, または <code class="option">all</code> も、これらの1つまたは他のプロトコルを表現する数値もありえます。<code class="filename">/etc/protocols</code> ファイルにリストされているプロトコルも使用できます。
+ </div><div class="para">
+ "<code class="option">all</code>" プロトコルは、ルールがすべてのサポートされたプロトコルに適用されることを意味します。プロトコルがこのルールにリストされていなければ、デフォルトが "<code class="option">all</code>" になります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-s</code> — 宛て先 (<code class="option">-d</code>) パラメータと同じ構文を使用する、特定のパケットのために送信元をセットします。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">3.9.2.4. IPTables マッチ・オプション</h4></div></div></div><div class="para">
+ 異なるネットワーク・プロトコルが、そのプロトコルを使用する特定のパケットにマッチさせるために、設定される特別なマッチ・オプションを提供します。しかしながら、プロトコルはまず <code class="command">iptables</code> コマンドにおいて指定されなければいけません。たとえば、<code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> は、特別なプロトコルに対するオプションを有効にします。プロトコル名の代わりにプロトコル ID も使用できることに注意してください。それぞれ同じ効果を持つ、以下の例を参照してください。
+ </div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code></pre><pre class="screen"><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code></pre><div class="para">
+ サービス定義が <code class="filename">/etc/services</code> ファイルにおいて提供されます。読みやすさのために、ポート番号よりもサービス名を使用することが推奨されます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 認可されない編集を防ぐために <code class="filename">/etc/services</code> ファイルをセキュアにします。このファイルが編集可能であると、クラッカーはあなたが別に閉じているマシンのポートを有効にするためにそれを使うことができます。このファイルをセキュアにするために、root として以下のコマンドを入力します:
+ </div><pre class="screen">
+[root at myServer ~]# chown root.root /etc/services
+[root at myServer ~]# chmod 0644 /etc/services
+[root at myServer ~]# chattr +i /etc/services</pre><div class="para">
+ これにより、ファイルが名前変更、削除、またはリンクされるのを防ぎます。
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol">3.9.2.4.1. TCP プロトコル</h5></div></div></div><div class="para">
+ これらのマッチ・オプションは TCP プロトコル (<code class="option">-p tcp</code>) に対して利用可能です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — パケットの宛て先ポートをセットします。
+ </div><div class="para">
+ このオプションを設定するために、(www や smtp のような)ネットワーク・サービス名、ポート番号またはポート番号の範囲を使用します。
+ </div><div class="para">
+ ポート番号の範囲を指定するために、2つの数をコロン (<code class="option">:</code>) で分けます。たとえば: <code class="option">-p tcp --dport 3000:3200</code>。利用可能で有効な最大の数は <code class="option">0:65535</code> です。
+ </div><div class="para">
+ そのネットワーク・サービスやポートを使用<span class="emphasis"><em>しない</em></span>すべてのパケットにマッチさせるために、<code class="option">--dport</code> オプションの後ろに感嘆符記号 (<code class="option">!</code>) を使用します。
+ </div><div class="para">
+ 使用しているネットワーク・サービスとポート番号の名前およびエイリアスを閲覧するために、<code class="filename">/etc/services</code> ファイルを表示します。
+ </div><div class="para">
+ <code class="option">--destination-port</code> マッチ・オプションは <code class="option">--dport</code> のことです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — <code class="option">--dport</code> と同じオプションを用いてパケットのソース・ポートをセットします。<code class="option">--source-port</code> マッチ・オプションは <code class="option">--sport</code> のことです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--syn</code> — 一般的に <em class="firstterm">SYN パケット</em>を呼ばれる、通信を初期化するために設計されたすべての TCP パケットに適用されます。データ・ペイロードを運ぶすべてのパケットは影響しません。
+ </div><div class="para">
+ SYN パケット以外すべてとマッチさせるために、<code class="option">--syn</code> オプションの後に感嘆符記号 (<code class="option">!</code>) を使用します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-flags <tested flag list> <set flag list></code> — ルールにマッチされるために、特別なビット(フラグ)がセットされた TCP パケットすべて。
+ </div><div class="para">
+ <code class="option">--tcp-flags</code> マッチ・オプションは2つのパラメーターを受け取ります。1つ目のパラメーターはマスクで、パケットにおいて検査されるためのフラグのカンマ区切りの一覧です。2つ目のパラメーターは、ルールがマッチするためにセットされなければいけないフラグのカンマ区切りの一覧です。
+ </div><div class="para">
+ 利用可能なフラグは以下です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ACK</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">FIN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PSH</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RST</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SYN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">URG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ALL</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NONE</code>
+ </div></li></ul></div><div class="para">
+ たとえば、以下の指定を含む <code class="command">iptables</code> ルールは、SYN フラグがセットされていて、ACK と FIN フラグがセットされていない TCP パケットのみにマッチします:
+ </div><div class="para">
+ <code class="command">--tcp-flags ACK,FIN,SYN SYN</code>
+ </div><div class="para">
+ マッチ・オプションの効果を反転させるために、<code class="option">--tcp-flags</code> の後ろに感嘆符記号 (<code class="option">!</code>) を使用します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-option</code> — 特定のパケットの中にセットされる TCP 固有のオプションにマッチさせるよう試行します。このマッチ・オプションは感嘆符記号 (<code class="option">!</code>) を用いて反転されることもできます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">3.9.2.4.2. UDP プロトコル</h5></div></div></div><div class="para">
+ これらのマッチ・オプションは UDP プロトコルに対して利用可能です (<code class="option">-p udp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — サービス名、ポート番号およびポート番号の範囲を使用して、UDP パケットの宛て先ポートを指定します。<code class="option">--destination-port</code> マッチ・オプションは <code class="option">--dport</code> と同義です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — サービス名、ポート番号およびポート番号の範囲を使用して、UDP パケットの送信元ポートを指定します。<code class="option">--source-port</code> マッチ・オプションは <code class="option">--sport</code> と同義です。
+ </div></li></ul></div><div class="para">
+ <code class="option">--dport</code> および <code class="option">--sport</code> オプションに対して、ポート番号の範囲を指定するために、2つの数をコロン (:) で分けます。たとえば: <code class="option">-p tcp --dport 3000:3200</code>。利用可能な最大有効範囲は 0:65535 です。
+ </div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">3.9.2.4.3. ICMP プロトコル</h5></div></div></div><div class="para">
+ 以下のマッチ・オプションは Internet Control Message Protocol (ICMP) (<code class="option">-p icmp</code>) に:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--icmp-type</code> — ルールにマッチさせるための ICMP タイプの名前または番号をセットします。有効な ICMP 名のリストは <code class="command">iptables -p icmp -h</code> コマンドを入力することにより得られます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">3.9.2.4.4. 追加のマッチ・オプションのモジュール</h5></div></div></div><div class="para">
+ 追加のマッチ・オプションが <code class="command">iptables</code> コマンドによりロードされたモジュールを通して利用できます。
+ </div><div class="para">
+ マッチ・オプション・モジュールを使用するため、<code class="option">-m <em class="replaceable"><code><module-name>></code></em></code>を用いて名前によりモジュールをロードします、ここで、<em class="replaceable"><code><module-name></code></em> はモジュールの名前です。
+ </div><div class="para">
+ 多くのモジュールはデフォルトで利用可能です。追加の機能を提供するためにモジュールを作成することもできます。
+ </div><div class="para">
+ 以下は、最も一般的に使われるモジュールの部分的なリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">limit</code> module — どのくらいのパケットが特定のルールへマッチされるかの制限を置きます。
+ </div><div class="para">
+ <code class="command">LOG</code> ターゲットとともに使用されるとき、<code class="option">limit</code> モジュールは、大量のマッチするパケットが繰り返しのログでシステムのログをあふれさせる、またはシステム・リソースを使い切るのを防ぎます。
+ </div><div class="para">
+ <code class="command">LOG</code> ターゲットの詳細は <a class="xref" href="#sect-Security_Guide-Command_Options_for_IPTables-Target_Options">「ターゲット・オプション」</a> を参照してください。
+ </div><div class="para">
+ <code class="option">limit</code> モジュールは以下のオプションを有効にします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--limit</code> — <code class="option"><em class="replaceable"><code><value>/<period></code></em></code> ペアとして指定された、特定の期間にマッチする最大数をセットします。たとえば、<code class="option">--limit 5/hour</code> を使用すると、1時間あたり5回のルールへのマッチが許可されます。
+ </div><div class="para">
+ 期間は、秒、分、時間または日で指定できます。
+ </div><div class="para">
+ 回数および時間の修飾子が使用されていないと、デフォルト値の <code class="option">3/hour</code> が仮定されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--limit-burst</code> — 一度にルールにマッチできるパケットの数に制限をセットします。
+ </div><div class="para">
+ このオプションは、整数として指定され、<code class="option">--limit</code> オプションとともに使用されます。
+ </div><div class="para">
+ 値が指定されていないと、デフォルト値の 5 が仮定されます。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">state</code> module — state マッチングを有効にします。
+ </div><div class="para">
+ <code class="option">state</code> モジュールは以下のオプションを有効にします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--state</code> — 以下のコネクション状態を持つパケットにマッチします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — マッチするパケットが、確立されたコネクションにおいて他のパケットを関連づけられます。クライアントとサーバの間でコネクションを維持したいならば、この状態を受け付ける必要があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — マッチしているパケットが既知のコネクションと結びつけられません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — マッチするパケットが、新しいコネクションを作成している、もしくは双方向コネクションの一部で前に見られなかったものです。サービスへの新しいコネクションを許可するならば、この状態を受け付ける必要があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — マッチするパケットが、既存のコネクションに何らかの方法で関連した、新しいコネクションを開始します。この例はFTPです。これは、制御トラフィック (ポート20) のために1つのコネクションを、データ転送 (ポート21) のために分離したコネクションを使用します。
+ </div></li></ul></div><div class="para">
+ これらのコネクション状態は、<code class="option">-m state --state INVALID,NEW</code> のように、それぞれをコンマで分離することで組み合わせて使用できます。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">mac</code> モジュール — ハードウェア MAC アドレスのマッチングを有効にします。
+ </div><div class="para">
+ <code class="option">mac</code> モジュールは以下のオプションを有効にします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--mac-source</code> — パケットを送るネットワーク・インターフェース・カードの MAC アドレスをマッチします。ルールから MAC アドレスを除くために、<code class="option">--mac-source</code> の後ろに感嘆符記号 (<code class="option">!</code>) を置きます。
+ </div></li></ul></div></li></ul></div><div class="para">
+ モジュールにより利用可能なマッチ・オプションの詳細は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">3.9.2.5. ターゲット・オプション</h4></div></div></div><div class="para">
+ パケットが特定のルールにマッチしたとき、ルールは適切なアクションを決める多くの異なるターゲットにパケットを転送できます。各チェインは異なるターゲットを持ちます。それは、チェインにおけるルールがパケットにマッチしなければ、もしくは、パケットにマッチするルールがターゲットを指定しなければ使用される、デフォルトのターゲットを各チェインは持ちます。
+ </div><div class="para">
+ 以下は一般的なターゲットです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code><user-defined-chain></code></em></code> — テーブルの中にあるユーザー定義のチェイン。ユーザー定義のチェイン名は一意でなければいけません。このターゲットは指定されたチェインをパケットが通過します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ACCEPT</code> — 宛て先または他のチェインへのパケットを許可します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DROP</code> — 応答を返すことなくパケットを破棄します。パケットを送ったシステムは失敗を通知されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">QUEUE</code> — パケットはユーザー空間アプリケーションにより処理するためにキューに入れられます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RETURN</code> — 現在のチェインにあるルールに対してパケットのチェックを止めます。<code class="option">RETURN</code> ターゲットを持つパケットが他のチェインから呼び出されたチェインにあるルールにマッチすると、パケットはそれを離れてルールのチェックを止めるために最初のチェインに戻されます。<code class="option">RETURN</code> ルールが組み込みチェインにおいて使用されていて、かつパケットが前のチェインに戻れなければ、現在のチェインに対するデフォルト・ターゲットが使用されます。
+ </div></li></ul></div><div class="para">
+ さらに、他のターゲットが指定されるようにする拡張が利用可能です。これらの拡張はターゲット・モジュールまたはマッチ・オプション・モジュールと呼ばれ、多くは特定のテーブルおよび状況にのみ適用されます。マッチ・オプション・モジュールの詳細は <a class="xref" href="#sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">「追加のマッチ・オプションのモジュール」</a> を参照してください。
+ </div><div class="para">
+ 拡張されたターゲット・モジュールが数多く存在します。それらの多くは特定のテーブルや状況にのみ適用します。Fedora にデフォルトで含まれる最も一般的なターゲット・モジュールのいくつかは以下のとおりです。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">LOG</code> — このルールにマッチするすべてのパケットを記録します。パケットがカーネルにより記録されるので、<code class="filename">/etc/syslog.conf</code> ファイルがこれらのログ・エントリーが書き込まれる位置を決めます。デフォルトで <code class="filename">/var/log/messages</code> ファイルに置かれます。
+ </div><div class="para">
+ 追加のオプションは、ロギングが発生する方法を指定するために <code class="option">LOG</code> ターゲットの後ろで使用されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--log-level</code> — ログ・イベントの優先度をセットします。優先度の一覧は <code class="filename">syslog.conf</code> マニュアル・ページを参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-ip-options</code> — IP パケットのヘッダにセットされているすべてのオプションを記録します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-prefix</code> — ログ行が書き込まれるとき、その前に29文字までの文字列を置きます。これはパケット・ロギングとともに使用される syslog フィルターを書き込むために有用です。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ このオプションの問題のため、<em class="replaceable"><code>log-prefix</code></em> 値に末尾のスペースを追加する必要があります。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-options</code> — TCP パケットのヘッダーにセットされたオプションをすべて記録します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-sequence</code> — ログにパケットの TCP シーケンス番号を書き込みます。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">REJECT</code> — リモート・システムにエラー・パケットを送り返して、パケットを破棄します。
+ </div><div class="para">
+ <code class="option">REJECT</code> ターゲットは、より詳細な情報がエラー・パケットとともに返せるよう、<code class="option">--reject-with <em class="replaceable"><code><type></code></em></code> (<em class="replaceable"><code><type></code></em> は拒否の種類) を受け付けます。メッセージ <code class="computeroutput">port-unreachable</code> は、他のオプションが使用されなければ、与えられるデフォルトのエラー種別です。<code class="option"><em class="replaceable"><code><type></code></em></code> オプションの完全な一覧は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div></li></ul></div><div class="para">
+ 他のターゲット拡張が <code class="command">iptables</code> マニュアル・ページで見つけられます。これには、<code class="option">nat</code> テーブルを使用する IP マスカレードにとって有用なもの、および <code class="option">mangle</code> テーブルを使用するパケット変更とともに有用なものをいくつか含みます。
+ </div></div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">3.9.2.6. リスト・オプション</h4></div></div></div><div class="para">
+ デフォルトのリストコマンド <code class="command">iptables -L [<chain-name>]</code> は、デフォルト・フィルター・テーブルの現在のチェインに関する非常に基本的な概要を提供します。追加のオプションは以下の詳細を提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-v</code> — 各チェインが処理したパケット数やバイト数、各ルールがマッチしたパケット数やバイト数、どのインターフェースが特定のルールに適用されたかのような、冗長な出力を表示します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-x</code> — 数値をその正確な値に展開します。負荷のかかったシステムにおいては、特定のチェインやルールにより処理されたパケット数およびバイト数が、<code class="computeroutput">キロバイト</code>、<code class="computeroutput">メガバイト</code>(メガバイト)または<code class="computeroutput">ギガバイト</code>に短縮されているかもしれません。このオプションは、表示するために完全な数字を強制します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-n</code> — IP アドレスとポート番号を、デフォルトのホスト名およびネットワーク・サービス形式ではなく、数値形式で表示します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--line-numbers</code> — チェインにおける数値順番に続けて各チェインのルールを表示します。チェインにある特定のルールを削除したり、チェインの中にルールを挿入する位置を決めたりしようとするときに、このオプションは有用です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-t <table-name></code> — テーブル名を指定します。省略すると、フィルター・テーブルのデフォルトです。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. IPTables ルールの保存</h3></div></div></div><div class="para">
+ <code class="command">iptables</code> コマンドを用いて作成したルールは、メモリーに保存されます。<code class="command">iptables</code> ルールセットを保存する前にシステムが再起動されると、すべてのルールが失われます。netfilter ルールがシステム再起動しても永続させるために、それらが保存される必要があります。netfilter ルールを保存するために、root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">/usr/libexec/iptables.init save </code></pre><div class="para">
+ これは、<code class="command">/sbin/iptables-save</code> プログラムを実行し、現在の <code class="command">iptables</code> 設定を <code class="filename">/etc/sysconfig/iptables</code> に書き込む、<code class="command">iptables</code> 初期化スクリプトを実行します。既存の <code class="filename">/etc/sysconfig/iptables</code> ファイルは <code class="filename">/etc/sysconfig/iptables.save</code> として保存されます。
+ </div><div class="para">
+ 次回システムがブートしたとき、<code class="command">iptables</code> 初期化スクリプトが、<code class="command">/sbin/iptables-restore</code> を使用することにより、<code class="filename">/etc/sysconfig/iptables</code> に保存されたルールを再適用します。
+ </div><div class="para">
+ 新しい <code class="command">iptables</code> ルールを <code class="filename">/etc/sysconfig/iptables</code> ファイルにコミットする前にテストすることは常に素晴らしいアイディアですので、<code class="command">iptables</code> ルールをこのファイルの中から他のシステムのバージョンのこのファイルにコピーすることは可能です。これにより、<code class="command">iptables</code> ルールのセットを複数のマシンに配布する素早い方法が提供されます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="filename">/etc/sysconfig/iptables</code> ファイルを他のマシンへと配賦するならば、新しいルールを有効にするために <code class="command">/sbin/service iptables restart</code> を入力してください。
+ </div></div></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">iptables</code> 機能を構成するテーブルおよびチェインを操作するために使用される、<code class="command">iptables</code> <span class="emphasis"><em>コマンド</em></span> (<code class="command">/sbin/iptables</code>) の違いに注意してください。<code class="command">iptables</code> サービス自体を有効および無効にするために使われる、<code class="command">iptables</code> <span class="emphasis"><em>サービス</em></span> (<code class="command">/sbin/iptables service</code>) の違いにも注意してください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables 制御スクリプト</h3></div></div></div><div class="para">
+ Fedora の <code class="command">iptables</code> を制御するために2つの基本的な方法があります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="application"><strong>ファイアウォール管理ツール</strong></span> (<code class="command">system-config-firewall</code>) — ファイアウォール管理ツール。詳細は<a class="xref" href="#sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">「基本的なファイアウォールの設定」</a>を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/service iptables <em class="replaceable"><code><option></code></em></code> — その initscript を使用する <code class="command">iptables</code> のさまざまな機能を操作するために使われます。以下のオプションが利用可能です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">start</code> — ファイアウォールが設定されていると(つまり、<code class="filename">/etc/sysconfig/iptables</code> が存在すると)、すべての実行されている <code class="command">iptables</code> が完全に停止され、<code class="command">/sbin/iptables-restore</code> コマンドを用いて起動されます。このオプションは、<code class="command">ipchains</code> カーネル・モジュールがロードされていなければ、正しく動作します。このモジュールがロードされているかを調べるために、root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command"> [root at MyServer ~]# lsmod | grep ipchains </code></pre><div class="para">
+ このコマンドが何も返さないと、モジュールがロードされなかったことを意味します。必要に応じて、モジュールを削除するために <code class="command">/sbin/rmmod</code> コマンドを使用します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">stop</code> — ファイアウォールが実行されていると、メモリーにあるファイアウォール・ルールがフラッシュされ、すべての iptables モジュールとヘルパーがアンロードされます。
+ </div><div class="para">
+ <code class="filename">/etc/sysconfig/iptables-config</code> 設定ファイルにある <code class="command">IPTABLES_SAVE_ON_STOP</code> ディレクティブがそのデフォルト値から <code class="command">yes</code> へ変更されると、現在のルールが <code class="filename">/etc/sysconfig/iptables</code> へと保存され、既存のルールすべては <code class="filename">/etc/sysconfig/iptables.save</code> ファイルへと移動されます。
+ </div><div class="para">
+ <code class="filename">iptables-config</code> ファイルに関する詳細は <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">「IPTables 制御スクリプト設定ファイル」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">restart</code> — ファイアウォールが実行されていると、メモリーにあるファイアウォール・ルールが削除されます。そして、<code class="filename">/etc/sysconfig/iptables</code> に設定されているならばファイアウォールが再び起動されます。このオプションは、<code class="command">ipchains</code> カーネルがロードされていないと、正しく動作します。
+ </div><div class="para">
+ <code class="filename">/etc/sysconfig/iptables-config</code> 設定ファイルにある <code class="command">IPTABLES_SAVE_ON_RESTART</code> ディレクティブがデフォルト値から <code class="command">yes</code> に変更されていると、現在のルールが <code class="filename">/etc/sysconfig/iptables</code> へ保存され、既存のルールはすべて <code class="filename">/etc/sysconfig/iptables.save</code> へと移動されます。
+ </div><div class="para">
+ <code class="filename">iptables-config</code> ファイルに関する詳細は <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">「IPTables 制御スクリプト設定ファイル」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">status</code> — ファイアウォールの状態とすべてのアクティブなルールを表示します。
+ </div><div class="para">
+ このオプションのデフォルト設定は各ルールにおいて IP アドレスを表示します。ドメインおよびホスト名の情報を表示するために、<code class="filename">/etc/sysconfig/iptables-config</code> ファイルを編集して、<code class="command">IPTABLES_STATUS_NUMERIC</code> の値を <code class="command">no</code> に変更します。<code class="filename">iptables-config</code> ファイルの詳細は <a class="xref" href="#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">「IPTables 制御スクリプト設定ファイル」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">panic</code> — すべてのファイアウォール・ルールをフラッシュします。すべての設定されたテーブルのポリシーは <code class="command">DROP</code> にセットされます。
+ </div><div class="para">
+ サーバが危険にされられていることがわかっているならば、このオプションは有用です。ネットワークから物理的に切断したり、システムをシャットダウンしたりするよりは、さらなるネットワーク・トラフィックをすべて止め、マシンを分析や他のフォレンジクスのために稼動状態にしておくために、このオプションを使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">save</code> — <code class="command">iptables-save</code> を使用して、ファイアウォール・ルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。詳細は <a class="xref" href="#sect-Security_Guide-IPTables-Saving_IPTables_Rules">「IPTables ルールの保存」</a> を参照してください。
+ </div></li></ul></div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ IPv6 用 netfilter を制御するために同じ初期化コマンドを使用ために、このセクションで一覧される <code class="command">/sbin/service</code> において、<code class="command">iptables</code> を <code class="command">ip6tables</code> で置き換えます。IPv6 と netfilter の詳細は <a class="xref" href="#sect-Security_Guide-IPTables-IPTables_and_IPv6">「IPTables IPv6」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">3.9.4.1. IPTables 制御スクリプト設定ファイル</h4></div></div></div><div class="para">
+ <code class="command">iptables</code> 初期化スクリプトの挙動は <code class="filename">/etc/sysconfig/iptables-config</code> 設定ファイルにより制御されます。以下はこのファイルに含まれるディレクティブの一覧です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES</code> — ファイアウォールが有効化されたときにロードする追加の <code class="command">iptables</code> モジュールの空白区切りリストを指定します。これらはコネクション追跡や NAT ヘルパーを含められます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES_UNLOAD</code> — 再起動および停止するときにモジュールをアンロードします。このディレクティブは
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — デフォルト値。このオプションはファイアウォールを再起動または停止するために正しい状態を得るためにセットされなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — このオプションは、netfilter モジュールをアンロードすることに問題がある場合のみセットされるべきです。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_STOP</code> — ファイアウォールが停止するときに、現在のファイアウォール・ルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。このディレクティブは以下の値を受け付けます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — ファイアウォールを停止するときに、既存のルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。以前のバージョンは <code class="filename">/etc/sysconfig/iptables.save</code> ファイルに移動されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — デフォルト値。ファイアウォールが停止するときに既存のルールを保存しません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_RESTART</code> — ファイアウォールが再起動するときに、現在のファイアウォール・ルールを保存します。このディレクティブは以下の値を受け付けます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — ファイアウォールを再起動するときに、既存のルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。以前のバージョンは <code class="filename">/etc/sysconfig/iptables.save</code> ファイルに移動されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — デフォルト値。ファイアウォールを再起動するときに既存のルールを保存しません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_COUNTER</code> — すべてのチェインとルールにあるすべてのパケットとバイト・カウンターを保存および復元します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — カウンター値を保存します
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — デフォルト値。カウンター値を保存しません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_STATUS_NUMERIC</code> — ドメインまたはホスト名の代わりに数値形式で IP アドレスを出力します。このディレクティブは以下の値を受け付けます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — デフォルト値。status 出力にある IP アドレスのみを返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — status 出力にあるドメインまたはホスト名を返します。
+ </div></li></ul></div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-IPTables-IPTables_and_IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables IPv6</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> パッケージは次世代の IPv6 インターネット・プロトコルをサポートします。IPv6 ネットフィルターを操作するために使用するコマンドは <code class="command">ip6tables</code> です。
+ </div><div class="para">
+ このコマンドに対する多くのディレクティブは、<code class="command">iptables</code> のために使用されるものと同じです。ただし、<code class="command">nat</code> テーブルはまだサポートされていません。マスカレードやポート転送のような IPv6 ネットワーク・アドレス変換のタスクを実行することはできないことをこのことは意味します。
+ </div><div class="para">
+ <code class="command">ip6tables</code> に対するルールは <code class="filename">/etc/sysconfig/ip6tables</code> ファイルに保存されます。<code class="command">ip6tables</code> 初期化スクリプトにより保存された以前のルールは <code class="filename">/etc/sysconfig/ip6tables.save</code> ファイルに保存されます。
+ </div><div class="para">
+ <code class="command">ip6tables</code> 初期化スクリプトに対する設定オプションは <code class="filename">/etc/sysconfig/ip6tables-config</code> に保存されます。また、各ディレクティブの名前は <code class="command">iptables</code> からわずかに変化します。
+ </div><div class="para">
+ たとえば、<code class="filename">iptables-config</code> ディレクティブ <code class="command">IPTABLES_MODULES</code>: <code class="filename">ip6tables-config</code> ファイルにおける同等物は <code class="command">IP6TABLES_MODULES</code> です。
+ </div></div><div class="section" id="sect-Security_Guide-IPTables-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">3.9.6. 追加のリソース</h3></div></div></div><div class="para">
+ <code class="command">iptables</code> を用いたパケット・フィルタリングの詳細は以下の情報源を参照してください。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="#sect-Security_Guide-Firewalls">「ファイアウォール」</a> — セキュリティ戦略全体におけるファイアウォールの役割だけでなくファイアウォール・ルールの構築のための戦略に関する章を含みます。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation">3.9.6.1. インストールされている IPTables ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man iptables</code> — <code class="command">iptables</code> の説明だけでなく、ターゲット、オプションおよびマッチ・オプションの完全な一覧を含みます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">3.9.6.2. 有用な IPTables のウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — netfilter/iptables プロジェクトのホーム。<code class="command">iptables</code> に関する分類された情報を含みます。ここには、Linux IP ファイアウォールのメンテナーの Rusty Russell による、特定の問題に取り組む FAQ およびさまざまな有用なガイドを含みます。このサイトにある HOWTO ドキュメントは、基本的なネットワーク概念、カーネル・パケット・フィルタリング、および NAT 設定のような話題を取り扱います。
+ </div></li></ul></div></div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm75161264" href="#idm75161264" class="para">11</a>] </sup>
+ システム BIOS は製造者間で異なるので、いくつかはどちらのタイプのパスワード保護もサポートしないかもしれません。一方、他のものは1つのタイプをサポートするかもしれませんが、さらに他のものはそうでないかもしれません。
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm110670720" href="#idm110670720" class="para">12</a>] </sup>
+ GRUB は暗号化されていないパスワードも受け付けますが、さらなるセキュリティのために MD5 ハッシュを使用することは推奨されます。
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm84028688" href="#idm84028688" class="para">13</a>] </sup>
+ このアクセス権は SELinux が有効ならば、それにより課される制限をまだ受けます。
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm93710848" href="#idm93710848" class="para">14</a>] </sup>
+ ネットワーク通信を暗号化および復号するために使用される共通のキーをクライアントとサーバーが共有するシステム。
+ </div></div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Encryption" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第4章 暗号化</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Data_at_Rest">4.1. 静止しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. 完全なディスク暗号化</a></span></dt><dt><span class="section"><a href="#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. ファイルベースの暗号化</a></span></dt></dl></dd><dt><span class="section"><a href="#Security_Guide-Encryption-Data_in_Motion">4.2. 動作しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span
class="section"><a href="#Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS ディスク暗号化</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip 暗号化アーカイブ</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Encryption-Using_GPG">4.2.5. GNU Privacy Guard (GnuPG) の使用</a></span></dt></dl></dd></dl></div><div class="para">
+ 保護されなければいけない、主な2種類のデータがあります: 静止しているデータと動作しているデータ。これらの異なる種類のデータは同じ技術を用いて同じ方法で保護されますが、実装は完全に異なります。同じ情報が静止していて、同時に異なる場所で動作しているかもしれないので、1つの保護の実装が、すべてのありえる漏えいの方法を防ぐことはできません。
+ </div><div class="section" id="sect-Security_Guide-Encryption-Data_at_Rest"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">4.1. 静止しているデータ</h2></div></div></div><div class="para">
+ 静止しているデータとは、ハードディスク、テープ、CD、DVD および他のメディアに保存されているデータです。この情報の最大の脅威は物理的な盗難から起こります。
+ </div><div class="section" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. 完全なディスク暗号化</h3></div></div></div><div class="para">
+ 完全なディスクまたはパーティションの暗号化はデータを保護する最良の方法の1つです。各ファイルが保護されるだけでなく、これらのファイルの一部が含まれるかもしれない一時的なストレージも保護されます。完全ディスク暗号化はすべてのファイルを保護するので、保護したいものを選択すること、およびファイルを見落とすかもしれないことについて心配する必要がありません。
+ </div><div class="para">
+ Fedora 9 およびそれ以降は、ネイティブに LUKS 暗号化をサポートします。LUKS は、コンピューターがオフの間にデータを保護するよう、ハードディスクのパーティションを大量に暗号化します。これにより、攻撃者がコンピューターにログインするためにシングルユーザーモードを使用しようとしたり、他のアクセスを得ようとしたりすることからコンピューターを保護します。
+ </div><div class="para">
+ LUKS のような完全ディスク暗号化ソリューションはコンピューターがオフのときにだけデータを保護します。コンピューターがオンになり、LUKS がディスクを復号すると、ディスクにあるファイルはそれらに普通にアクセスできるすべての人が利用可能になります。コンピューターがオンのときにファイルを保護するために、ファイルベースの暗号化のような他のソリューションと組み合わせて完全ディスク暗号化を使用します。また、コンピューターから離れるときに、ロックすることを忘れないようにします。スクリーンセーバーを保護するパスフレーズが数分の未使用でアクティブになるよう設定することは、侵入者を追いやるために良い方法です。
+ </div></div><div class="section" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. ファイルベースの暗号化</h3></div></div></div><div class="para">
+ GnuPG (GPG) は、ファイルや電子メールメッセージを署名かつ/または暗号化を可能にする PGP のオープンソース・バージョンです。メッセージやファイルの完全性を維持するために有用です。また、ファイルや電子メールに含まれる情報の機密性も保護します。電子メールの場合、GPG は二重の保護を提供します。メッセージがネットワークを越えて送信されると、静止しているデータだけでなく動作しているデータを保護します。
+ </div><div class="para">
+ ファイルベースの暗号化は、ファイルがコンピューターを離れた後(郵送で CD を送るときのように)保護することを意図しています。いくつかのファイルベースの暗号化ソリューションは、コンピューターへ物理的にアクセスした攻撃者がある環境において復元できる、暗号化されたファイルの残りをそのままにします。コンピューターにアクセスした攻撃者からそれらのファイルのコンテンツを保護するために、完全ディスク暗号化のような他のソリューションと組み合わせてファイルベースの暗号化を使用します。
+ </div></div></div><div class="section" id="Security_Guide-Encryption-Data_in_Motion"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">4.2. 動作しているデータ</h2></div></div></div><div class="para">
+ 動作しているデータとは、ネットワークを越えて転送されているデータです。動作しているデータに対する最大の脅威は盗聴と改ざんです。ユーザー名とパスワードは、なりすましをする、もしくは機密情報へのアクセスを得るために、誰かにより盗聴されて使用される可能性があるので、保護なしでネットワークを越えて転送されるべきではありません。銀行アカウント情報のような他のプライベートな情報もネットワークを越えて転送されるときに保護されるべきです。ネットワーク・セッションが暗号化されているならば、転送されているときにデータが危険にさらされていることをあまり心配する必要はありません。
+ </div><div class="para">
+ 動作しているデータは、攻撃者がデータが保存されているコンピューターの近くにいる必要がなく、経路のどこかにいればよいため、特に攻撃者へ脆弱です。暗号化トンネルはコミュニケーションの経路に沿ってデータを保護できます。
+ </div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</h3></div></div></div><div class="para">
+ いくつかのサテライト・オフィスを持つ組織は、転送中に機密データの効率性と保護に対して専用線を用いてお互いに接続します。たとえば、多くの企業は、あるオフィスを他とつなぐためにエンド間のネットワーク・ソリューションとして、フレームリレーまたは <em class="firstterm">Asynchronous Transfer Mode</em> (<acronym class="acronym">ATM</acronym>) 回線を使用します。これは高価な提案です、とくに高いコストを払うことなくエンタープライズ・レベルの専用デジタル回線を結びつける拡張を期待する中小企業 (<acronym class="acronym">SMB</acronym>: small to medium sized businesses) にとってはそうです。
+ </div><div class="para">
+ このニーズに取り組むために、<em class="firstterm">Virtual Private Networks</em> (<abbr class="abbrev">VPN</abbr>) が開発されました。専用線と同じ機能原則に従うことで、<abbr class="abbrev">VPN</abbr> は、既存の <em class="firstterm">Local Area Networks</em> (<acronym class="acronym">LAN</acronym>) から <em class="firstterm">Wide Area Network</em> (<acronym class="acronym">WAN</acronym>) を作成する、2者(またはネットワーク)間でセキュアなデジタル・コミュニケーションが可能になります。フレームリレーや ATM との違いは、その転送メディアです。<abbr class="abbrev">VPN</abbr> はトランスポート層としてデータグラムを使用して、意図した宛て先へとインターネットを経由してセキュアなトンネルにする IP 上で転送されます。最もフリーなソフトウェアの <abbr class="abbrev">VPN</abbr> 実装は、転送に
おいてデータをさらにマスクするために、オープンで標準的な暗号方式を組み込んでいます。
+ </div><div class="para">
+ ããã¤ãã®çµç¹ã¯ã»ãã¥ãªãã£ãå¼·åããããã«ãã¼ãã¦ã§ã¢ <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ã使ç¨ãã¾ããä¸æ¹ããã以å¤ã®çµç¹ã¯ã½ããã¦ã§ã¢ãããã¯ãããã³ã«ã»ãã¼ã¹ã®å®è£
ã使ç¨ãã¾ããCisco, Nortel, IBM, ã Checkpoint ã®ãããªãããã¤ãã®ãã³ãã¼ã¯ãã¼ãã¦ã§ã¢ <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ãæä¾ãã¾ããæ¨æºåããã <em class="firstterm">Internet Protocol Security</em> (<abbr class="abbrev">IPsec</abbr>) å®è£
ãå©ç¨ãã FreeS/Wan ã¨å¼ã°ãã Linux åãã®ããªã¼ã®ã½ããã¦ã§ã¢ã»ãã¼ã¹ã® <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ãããã¾ãããããã® <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ã¯ããã¼ãã¦ã§ã¢ãã½ããã¦ã§ã¢ã»ãã¼ã¹ãã«ãããããããªãã£ã¹ãããã1ã¤ã¸ã® IP ã³ãã¯ã·ã§ã³éã«åå¨ããå°ç¨ã®ã«ã¼ã¿ã¼ã¨ã
ã¦åä½ãã¾ãã
+ </div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">4.2.1.1. VPN はどのように機能しますか?</h4></div></div></div><div class="para">
+ パケットがクライアントから転送されるとき、ルーティングと認証のために <em class="firstterm">Authentication Header</em> (<abbr class="abbrev">AH</abbr>) を追加する、<abbr class="abbrev">VPN</abbr> ルーターまたはゲートウェイを通過して送られます。データは暗号化され、最終的に <em class="firstterm">Encapsulating Security Payload</em> (<abbr class="abbrev">ESP</abbr>) に囲い込まれます。後者は復号とハンドリング指示を取り扱います。
+ </div><div class="para">
+ 受信している <abbr class="abbrev">VPN</abbr> ルーターはヘッダー情報を分離して、データを復号して、そしてそれを意図した宛て先(ワークステーションもしくはネットワークにある他のノード)にルートします。ネットワーク-ネットワーク間のコネクションを使用していると、ローカルネットワークにある受信ノードは、すでに復号されて、処理する準備ができているパケットを受け取ります。ネットワーク-ネットワーク間の <abbr class="abbrev">VPN</abbr> コネクションにおいて暗号化/復号プロセスはローカルノードに透過的です。
+ </div><div class="para">
+ そのように高くされたレベルのセキュリティを用いると、攻撃者はパケットを横取りしてはいけないだけでなく、パケットを復号してはいけません。サーバーとクライアント間で中間者攻撃を使用する侵入者は、認証セッションに対する秘密鍵を少なくとも1つにアクセスできなければいけません。認証と暗号化のいくつかの層を使用するので、<abbr class="abbrev">VPN</abbr> は単一化されたイントラネットとして動作するために、複数のリモートノードを接続するセキュアかつ効果的な手段です。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">4.2.1.2. VPN と Fedora</h4></div></div></div><div class="para">
+ Fedora は <acronym class="acronym">WAN</acronym> をセキュアに接続するために、ソフトウェア・ソリューションの実装に関してさまざまなオプションを提供します。<em class="firstterm">Internet Protocol Security</em> (<acronym class="acronym">IPsec</acronym>) は、Fedora のためのサポートされた <abbr class="abbrev">VPN</abbr> 実装です。また、支店やリモート・ユーザーとともに組織の利便性のニーズを十分に取り組みます。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">4.2.1.3. IPsec</h4></div></div></div><div class="para">
+ Fedora は、インターネットのような一般的なキャリア・ネットワークにおいてセキュアなトンネルを使用して、お互いにリモートのホストとネットワークを接続するために <abbr class="abbrev">IPsec</abbr> をサポートします。<abbr class="abbrev">IPsec</abbr> は、ホスト-ホスト間(あるコンピュータ・ワークステーションともう一方)またはネットワーク-ネットワーク間(ある <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> ともう一方)の設定を使用して導入されます。
+ </div><div class="para">
+ Fedora における <abbr class="abbrev">IPsec</abbr> 実装は、接続しているシステム間で相互認証およびセキュアな関連づけのために使用される、Internet Engineering Task Force (<acronym class="acronym">IETF</acronym>) により実装されたプロトコル、<em class="firstterm">Internet Key Exchange</em> (<em class="firstterm">IKE</em>) を使用します。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">4.2.1.4. <abbr class="abbrev">IPsec</abbr> 接続の作成</h4></div></div></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションは、2つの論理的なフェーズに分かれています。フェーズ1は、<abbr class="abbrev">IPsec</abbr> ノードがリモートのホストまたはネットワークとコネクションを初期化します。リモートのノードまたはネットワークは、リクエストしているノードのクレディンシャルをチェックして、両当事者はコネクションの認証方式をネゴシエーションします。
+ </div><div class="para">
+ Fedora システムにおいては、<abbr class="abbrev">IPsec</abbr> コネクションは <abbr class="abbrev">IPsec</abbr> ノード認証の <em class="firstterm">事前共有キー</em> 方式を使用します。事前共有キー <abbr class="abbrev">IPsec</abbr> コネクションにおいて、両方のホストは <abbr class="abbrev">IPsec</abbr> コネクションのフェーズ2に移行するために同じキーを使用しなければいけません。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションのフェーズ2は、<em class="firstterm">Security Association</em> (<acronym class="acronym">SA</acronym>) が <abbr class="abbrev">IPsec</abbr> ノード間に作成されるところです。このフェーズは、暗号化方式、秘密セッションキーの交換パラメーター、およびその他のような、設定情報を持つ <abbr class="abbrev">SA</abbr> データベースを確立します。このフェーズは、リモートノードとネットワーク間で実際の <abbr class="abbrev">IPsec</abbr> コネクションを管理します。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> の Fedora 実装は、インターネットを越えるホスト間でキーを共有するために IKE を使用します。<code class="command">racoon</code> キー管理デーモンは、IKE キーの配布と交換を取り扱います。このデーモンの詳細は <code class="command">racoon</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">4.2.1.5. IPsec のインストール</h4></div></div></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> を実装するには、すべての <abbr class="abbrev">IPsec</abbr> ホスト(ホスト-ホスト間の設定なら)またはルーター(ネットワーク-ネットワーク間の設定なら)において、<code class="filename">ipsec-tools</code> RPM パッケージがインストールされている必要があります。RPM パッケージは、<abbr class="abbrev">IPsec</abbr> コネクションをセットアップするために、以下を含めて基本的なライブラリ、デーモンおよび設定ファイルを含みます。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/setkey</code> — カーネルにおける <abbr class="abbrev">IPsec</abbr> のキー管理およびセキュリティ属性を操作します。この実行コマンドは <code class="command">racoon</code> キー管理デーモンにより制御されます。詳細は <code class="command">setkey</code>(8) マニュアル・ページを参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/racoon</code> — IKE キー管理デーモン。IPsec 接続されたシステム間でセキュリティ・アソシエーションとキー共有を管理および制御するために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> — <code class="command">racoon</code> デーモンの設定ファイル。コネクションに使用される認証方式および暗号化アルゴリズムを含む <abbr class="abbrev">IPsec</abbr> 接続のさまざまな観点を設定するために使用されます。利用可能なディレクティブの完全な一覧は <code class="filename">racoon.conf</code>(5) を参照してください。
+ </div></li></ul></div><div class="para">
+ Fedora において <abbr class="abbrev">IPsec</abbr> を設定するために、<span class="application"><strong>ネットワーク管理ツール</strong></span> を使用できます、もしくはネットワーク および <abbr class="abbrev">IPsec</abbr> 設定ファイルを手で編集します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ IPsec 経由でネットワーク接続された2つのホストを接続するために、<a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">「ホスト-ホスト間 IPsec の設定」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ IPsec 経由である <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> ともう一方を接続するために、<a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">「ネットワーク-ネットワーク間の IPsec 設定」</a> を参照してください。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">4.2.1.6. ホスト-ホスト間 IPsec の設定</h4></div></div></div><div class="para">
+ IPsec は、あるデスクトップまたはワークステーション(ホスト)が他のものと、ホスト-ホスト間コネクションを使用して接続するために設定されます。この種類のコネクションは、各ホスト間でセキュアなトンネルを作成するために、各ホストが接続されるネットワークを使用します。ホスト-ホスト間コネクションの必要要件は、各ホストにおいて <abbr class="abbrev">IPsec</abbr> の設定をする、という最小のものです。ホストは(インターネットのような)キャリアのネットワークへの専用のコネクションと <abbr class="abbrev">IPsec</abbr> コネクションを作成するための Fedora のみを必要とします。
+ </div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">4.2.1.6.1. ホスト-ホスト間コネクション</h5></div></div></div><div class="para">
+ ホスト-ホスト間 <abbr class="abbrev">IPsec</abbr> コネクションは、どちらも同じ認証キーを用いて <abbr class="abbrev">IPsec</abbr> を実行している、2つのシステム間の暗号化されたコネクションです。<abbr class="abbrev">IPsec</abbr> コネクションをアクティブにすると、2つのホスト間のネットワーク・トラフィックはすべて暗号化されます。
+ </div><div class="para">
+ ホスト-ホスト間 <abbr class="abbrev">IPsec</abbr> コネクションを設定するために、各ホストに対して以下の手順を使用します:
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 設定している実際のマシンにおいて以下の手順を実行すべきです。リモートで設定して、<abbr class="abbrev">IPsec</abbr> 接続を確立しようとする試みは避けるべきです。
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="application"><strong>ネットワーク管理ツール</strong></span>を起動するために、コマンド・シェルにおいて <code class="command">system-config-network</code> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">IPsec</abbr>設定ウィザードを起動するために、<span class="guilabel"><strong>IPsec</strong></span> タブにおいて<span class="guibutton"><strong>新規</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ ホスト-ホスト間の <abbr class="abbrev">IPsec</abbr> コネクションの設定を開始するために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションのための一意な名前、たとえば <strong class="userinput"><code>ipsec0</code></strong> を入力します。必要に応じて、コンピュータが開始するときに自動的にコネクションを有効化するためにチェックボックスを選択します。続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの種類として <span class="guilabel"><strong>ホスト-ホスト間暗号化</strong></span> を選択して、<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type"><div class="para">
+ 使用する暗号化の種類を選択します: 手動または自動。
+ </div><div class="para">
+ 手動暗号化を選択すると、暗号キーが後のプロセスにおいて提供されなければいけません。自動暗号化を選択すると、<code class="command">racoon</code> デーモンが暗号キーを管理します。自動暗号化を使用したいならば、<code class="filename">ipsec-tools</code> パッケージがインストールされていなければいけません。
+ </div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ リモートホストの IP アドレスを入力します。
+ </div><div class="para">
+ リモートホストの IP アドレスを決めるために、<span class="emphasis"><em>リモートホストで</em></span>以下のコマンドを使用します。:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifconfig <em class="replaceable"><code><device></code></em></pre><div class="para">
+ ここで <em class="replaceable"><code><device></code></em> は <abbr class="abbrev">VPN</abbr> 接続のために使用したいイーサネット・デバイスです。
+ </div><div class="para">
+ システムに1つだけイーサネットカードが存在するならば、デバイス名は一般的に eth0 です。以下の例はこのコマンドに関連する情報を表示します(これは出力のみの例であることに注意してください)。
+ </div><pre class="screen">eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
+ inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0</pre><div class="para">
+ IP アドレスは <code class="computeroutput">inet addr:</code> ラベルに続く番号です。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ホスト-ホスト間コネクションのために、どちらのホストもパブリックで、ルート可能なアドレスを持つ必要があります。代わりに、どちらも同じ LAN にある限り、プライベートで、ルート不可能なアドレス(たとえば、10.x.x.x または 192.168.x.x 範囲から)を持つことができます。
+ </div><div class="para">
+ ホストが異なる LAN にあるならば、もしくは、一方がパブリック・アドレスを持ち、他方がプライベート・アドレスを持つならば、<a class="xref" href="#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">「ネットワーク-ネットワーク間の IPsec 設定」</a> を参照してください。
+ </div></div></div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys"><div class="para">
+ 手順 <a class="xref" href="#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type">6</a> において手動の暗号化を選択していると、使用する暗号キーを指定するか、それを生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ 認証キーを指定します。もしくはそれを生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。数字と文字のあらゆる組み合わせが可能です。
+ </div></li><li class="listitem"><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li></ol></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>IPsec — Summary</strong></span> ページにおいて情報を確認し、<span class="guibutton"><strong>Apply</strong></span> をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 設定を保存するために <span class="guimenu"><strong>ファイル</strong></span> => <span class="guimenuitem"><strong>保存</strong></span> をクリックします。
+ </div><div class="para">
+ 変更を有効にするために、ネットワークを再起動する必要があるかもしれません。ネットワークを再起動するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~]# service network restart</pre></li><li class="listitem"><div class="para">
+ リストから <abbr class="abbrev">IPsec</abbr> コネクションを選択して、 <span class="guibutton"><strong>Activate</strong></span> ボタンをクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 他のホストに対しても手順全体を繰り返します。手順 <a class="xref" href="#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys">8</a> からの同じキーを他のホストにおいて使うことが不可欠です。さもなければ、<abbr class="abbrev">IPsec</abbr> はうまく動作しません。
+ </div></li></ol></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションを設定した後、<a class="xref" href="#figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection">図4.1「IPsec 接続」</a> に示されるように <abbr class="abbrev">IPsec</abbr> リストに表示されます。
+ </div><div class="figure" id="figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_host2host.png" width="444" alt="IPsec 接続" /><div class="longdesc"><div class="para">
+ IPsec 接続
+ </div></div></div></div><h6>図4.1 IPsec 接続</h6></div><br class="figure-break" /><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続が設定されたとき、以下のファイルが作成されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/ifcfg-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/keys-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/<em class="replaceable"><code><remote-ip></code></em>.conf</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/psk.txt</code>
+ </div></li></ul></div><div class="para">
+ 自動暗号化が選択されていると、<code class="filename">/etc/racoon/racoon.conf</code> も作成されます。
+ </div><div class="para">
+ インタフェースが起動するとき、<code class="filename"><em class="replaceable"><code><remote-ip></code></em>.conf</code> を含めるために、<code class="filename">/etc/racoon/racoon.conf</code>が修正されます。
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">4.2.1.6.2. 手動のホスト-ホスト間 <abbr class="abbrev">IPsec</abbr> の設定</h5></div></div></div><div class="para">
+ コネクションを設定する第一歩は、各ワークステーションからシステムとネットワークの情報を集めることです。ホスト-ホスト間コネクションに対して、以下が必要になります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 各ホストの IP アドレス
+ </div></li><li class="listitem"><div class="para">
+ 一意な名前。たとえば、<code class="computeroutput">ipsec1</code>。これは <abbr class="abbrev">IPsec</abbr> コネクションを識別し、他のデバイスまたはコネクションと区別するために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ 固定された暗号キーまたは <code class="command">racoon</code> により自動的に生成されたもの。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの初期化段階で使用され、セッション中に暗号キーを交換するために事前共有された認証キー。
+ </div></li></ul></div><div class="para">
+ たとえば、ワークステーションAとワークステーションBが <abbr class="abbrev">IPsec</abbr> トンネルを通してお互いに接続していると仮定してください。<code class="computeroutput">Key_Value01</code> の値を持つ事前共有キーを用いて接続したく、<code class="command">racoon</code> が各ホスト間の認証キーを自動的に生成および共有できるようにすることをユーザーが賛成します。どちらのホストもそのコネクションを <code class="computeroutput">ipsec1</code> と名づけることに決めます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 大文字、小文字、数字および句読点の混在を使用する PSK を選択すべきです。推測が容易な PSK がセキュリティ・リスクを構成します。
+ </div><div class="para">
+ 各ホストに対して同じコネクション名を使用する必要はありません。インストールに便利でふさわしい名前を選択すべきです。
+ </div></div></div><div class="para">
+ 以下はワークステーションに対する <abbr class="abbrev">IPsec</abbr> 設定ファイルです。ワークステーション B とのホスト-ホスト間の <abbr class="abbrev">IPsec</abbr> コネクションのために A。この例においてコネクションを識別するための一意な名前が <em class="replaceable"><code>ipsec1</code></em> です。そのため、結果ファイルは <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec1</code> と呼ばれます。
+ </div><pre class="screen">DST=<em class="replaceable"><code>X.X.X.X</code></em>TYPE=IPSEC
+ONBOOT=no
+IKE_METHOD=PSK</pre><div class="para">
+ ワークステーション A に対して、<em class="replaceable"><code>X.X.X.X</code></em> はワークステーション B の IP アドレスです。ワークステーション B に対して、<em class="replaceable"><code>X.X.X.X</code></em> はワークステーション A の IP アドレスです。この接続はブート時に初期化するよう設定されていません (<code class="computeroutput">ONBOOT=no</code>) 。また、事前共有キー認証方式を使用します (<code class="computeroutput">IKE_METHOD=PSK</code>) 。
+ </div><div class="para">
+ 以下は、両方のワークステーションがお互いを認証するために必要となる、事前共有キーファイル(<code class="filename">/etc/sysconfig/network-scripts/keys-ipsec1</code> と呼ばれます)のコンテンツです。このファイルのコンテンツは両方のワークステーションで同じであるべきです。また、root ユーザーだけがこのファイルを読み書きできるべきです。
+ </div><pre class="screen">IKE_PSK=Key_Value01</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ root ユーザーのみがファイルを読み込みおよび編集できるように <code class="filename">keys-ipsec1</code> ファイルを変更するために、ファイルを作成した後で以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ いつでも認証キーを変更するために、両方のワークステーションにおいて <code class="filename">keys-ipsec1</code> ファイルを編集します。<span class="emphasis"><em>両方の認証キーは正しいコネクションのために同一でなければいけません</em></span>。
+ </div><div class="para">
+ 次の例は、リモート・ホストへのフェーズ1コネクションに対する具体的な設定を示します。このファイルは <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> と呼ばれます。ここで、<em class="replaceable"><code>X.X.X.X</code></em> はリモート <abbr class="abbrev">IPsec</abbr> ホストの IP アドレスです。このファイルは <abbr class="abbrev">IPsec</abbr> トンネルが有効化されるとき自動的に作成され、直接編集すべきではありません。
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションが初期化されるときに作成される、デフォルトのフェーズ1設定ファイルは、IPsec の Fedora 実装により使用される以下の命令文を含みます:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">remote <em class="replaceable"><code>X.X.X.X</code></em></span></dt><dd><div class="para">
+ この設定ファイルの以降の節は <em class="replaceable"><code>X.X.X.X</code></em> IP アドレスにより識別されるリモート・ホストに対してのみ適用されることを指定します。
+ </div></dd><dt class="varlistentry"><span class="term">exchange_mode aggressive</span></dt><dd><div class="para">
+ Fedora における <abbr class="abbrev">IPsec</abbr> のデフォルトの設定は、複数のホストを用いたいくつかの <abbr class="abbrev">IPsec</abbr> コネクションの設定を許可する、コネクションのオーバーヘッドがより少ない、アグレッシブ認証モードを使用します。
+ </div></dd><dt class="varlistentry"><span class="term">my_identifier address</span></dt><dd><div class="para">
+ ノードを認証するときに使用するための識別方式を指定します。Fedora はノードを識別するために IP アドレスを使用します。
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des</span></dt><dd><div class="para">
+ 認証の間に使用される暗号化の方式を指定します。デフォルトで <em class="firstterm">Triple Data Encryption Standard</em> (<acronym class="acronym">3DES</acronym>) が使用されます。
+ </div></dd><dt class="varlistentry"><span class="term">hash_algorithm sha1;</span></dt><dd><div class="para">
+ ノード間でフェーズ1ネゴシエーションの間に使用されるハッシュ・アルゴリズムを指定します。デフォルトで Secure Hash Algorithm バージョン 1 が使用されます。
+ </div></dd><dt class="varlistentry"><span class="term">authentication_method pre_shared_key</span></dt><dd><div class="para">
+ ノードのネゴシエーション中に使用される認証方式を指定します。デフォルトで Fedora は認証のために事前共有キーを使用します。
+ </div></dd><dt class="varlistentry"><span class="term">dh_group 2</span></dt><dd><div class="para">
+ 動的に生成されるセッション・キーのために Diffie-Hellman グループ番号を指定します。デフォルトで modp1024 (group 2) が使用されます。
+ </div></dd></dl></div><div class="section" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h6 class="title" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File">4.2.1.6.2.1. Racoon 設定ファイル</h6></div></div></div><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> ファイルは、<code class="command">include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</code> 命令文を<span class="emphasis"><em>除いて</em></span>、すべての <abbr class="abbrev">IPsec</abbr> ノードにおいて同一でなければいけません。この命令文(および、それが参照するファイル)が、<abbr class="abbrev">IPsec</abbr> トンネルが有効化されるときに生成されます。ワークステーションAに対して、<code class="command">include</code> 命令文\nにおける <em class="replaceable"><code>X.X.X.X</code></em> はワークステーションBの IP アドレスです。 以下は、<abbr class="abbrev">IPsec</abbr> コネクションが有効化されるとき、典型的な <code class="filename">racoon.conf</code> ファイルを示します。
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/X.X.X.X.conf";</pre><div class="para">
+ このデフォルトの <code class="filename">racoon.conf</code> ファイルは、<abbr class="abbrev">IPsec</abbr> 設定、事前共有キーファイル、および証明書に対して定義されたパスを含みます。<code class="computeroutput">sainfo anonymous</code> にあるフィールドは、<abbr class="abbrev">IPsec</abbr> ノード間でフェーズ2 SA を記載します — <abbr class="abbrev">IPsec</abbr> コネクション(使用することがサポートされた暗号化アルゴリズムを含めて)の性質およびキー交換の方式。以下のリストは、フェーズ2のフィールドを定義します:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">sainfo anonymous</span></dt><dd><div class="para">
+ SA が、<abbr class="abbrev">IPsec</abbr> クレディンシャルがマッチする、提供されたすべての相手を匿名で初期化できることを意味します。
+ </div></dd><dt class="varlistentry"><span class="term">pfs_group 2</span></dt><dd><div class="para">
+ Diffie-Hellman キー交換プロトコルを定義します。これは、<abbr class="abbrev">IPsec</abbr> ノードが <abbr class="abbrev">IPsec</abbr> コネクションの第2フェーズに対する共通の一時的セッションを確立することにより、方式を決定します。デフォルトで、Fedora の <abbr class="abbrev">IPsec</abbr> 実装は、Diffie-Hellman 暗号キー交換グループのグループ2(または、<code class="computeroutput">modp1024</code>)を使用します。グループ2は、秘密鍵が漏えいしたときさえ、攻撃者が以前の <abbr class="abbrev">IPsec</abbr> 転送を復号することを防ぐ、1024ビットのモジュールの累乗法を使用します。
+ </div></dd><dt class="varlistentry"><span class="term">lifetime time 1 hour</span></dt><dd><div class="para">
+ このパラメーターは SA の有効期間を指定します。時間またはデータのバイトにより定量化されます。デフォルトの <abbr class="abbrev">IPsec</abbr> の Fedora 導入は1時間の有効期間を指定します。
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des, blowfish 448, rijndael</span></dt><dd><div class="para">
+ フェーズ2のためにサポートされる暗号化の方式を指定します。Fedora は 3DES, 448-bit Blowfish, および Rijndael (<em class="firstterm">Advanced Encryption Standard</em>, または <acronym class="acronym">AES</acronym> で使用される暗号) をサポートします。
+ </div></dd><dt class="varlistentry"><span class="term">authentication_algorithm hmac_sha1, hmac_md5</span></dt><dd><div class="para">
+ 認証のためにサポートされたハッシュ・アルゴリズムを表示します。サポートされるモードは sha1 および md5 の hashed message authentication codes (HMAC) です。
+ </div></dd><dt class="varlistentry"><span class="term">compression_algorithm deflate</span></dt><dd><div class="para">
+ IP Payload Compression (IPCOMP) に対して Deflate 圧縮アルゴリズムを定義します。これは、低速なネットワークにおいて IP データグラムのより速い転送を潜在的にできるようにします。
+ </div></dd></dl></div><div class="para">
+ 接続を開始するために、各ホストにおいて以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~]# /sbin/ifup <nickname></pre><div class="para">
+ ここで <nickname> は <abbr class="abbrev">IPsec</abbr> 接続に対して指定した名前です。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションをテストするために、ホスト間で転送されるネットワーク・パケットを表示して、IPsec 経由で暗号化されていることを検証するために、<code class="command">tcpdump</code> ユーティリティを実行します。パケットは AH ヘッダーを含むべきであり、ESP パケットとして示されるべきです。ESP はそれが暗号化されていることを意味します。たとえば:
+ </div><pre class="screen">[root at myServer ~]# tcpdump -n -i eth0 host <targetSystem>⏎ ⏎ IP 172.16.45.107 > 172.16.44.192: AH(spi=0x0954ccb6,seq=0xbb): ESP(spi=0x0c9f2164,seq=0xbb)</pre></div></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">4.2.1.7. ネットワーク-ネットワーク間の IPsec 設定</h4></div></div></div><div class="para">
+ IPsec は、ネットワーク-ネットワーク間のコネクションを用いて、ネットワーク全体(<acronym class="acronym">LAN</acronym> や <acronym class="acronym">WAN</acronym> のような)をリモートネットワークを接続するために設定することもできます。ネットワーク-ネットワーク間のコネクションは、<acronym class="acronym">LAN</acronym> にあるノードからリモート <acronym class="acronym">LAN</acronym> にあるノードへと情報を透過的に処理して中継するために、接続しているネットワークの両側において<abbr class="abbrev">IPsec</abbr> ルーターのセットアップが必要となります。<a class="xref" href="#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection">図4.2「ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> トンネル・コネクション」</a> は
、ネットワーク-ネットワーク間 <abbr class="abbrev">IPsec</abbr> トンネル・コネクションを示します。
+ </div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="ネットワーク-ネットワーク間の IPsec トンネル・コネクション" /><div class="longdesc"><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> トンネル・コネクション
+ </div></div></div></div><h6>図4.2 ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> トンネル・コネクション</h6></div><br class="figure-break" /><div class="para">
+ ãã®ãã¤ã¢ãã°ã¯ã2ã¤ã®å¥ã
ã® <acronym class="acronym">LAN</acronym> ãã¤ã³ã¿ã¼ãããã«ããåãããã¦ãããã¨ã示ãã¦ãã¾ãããããã® <acronym class="acronym">LAN</acronym> ã¯ãã¤ã³ã¿ã¼ããããçµç±ããã»ãã¥ã¢ãªãã³ãã«ãç¨ãã¦ã³ãã¯ã·ã§ã³ãèªè¨¼ããã³åæåããããã«ã<abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã使ç¨ãã¾ãã転éä¸ã«æ¨ªåãããããã±ããã¯ããããã® <acronym class="acronym">LAN</acronym> ã®éã§ãã±ãããä¿è·ãã¦ããæå·ãã¯ã©ãã¯ããããã«ããã«ã¼ããã©ã¼ã¹å¾©å·ãå¿
è¦ã¨ãªãã¾ãã192.168.1.0/24 IP ç¯å²ã«ãããã¼ããã 192.168.2.0/24 ç¯å²ã«ããããä¸ã¤ã®ãã¼ãã¸ã¨ã³ãã¥ãã±ã¼ããããããã»ã¹ã¯ã<abbr class="abbrev">IPsec</abbr> ãã±ããã®å¦çãæå·å/復å·ãããã³ã«ã¼ãã£ã³ã°ãå®å
¨ã« <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã
¼ã§åãæ±ãããã®ã§ããã¼ãã«å¯¾ãã¦å®å
¨ã«ééçã§ãã
+ </div><div class="para">
+ ネットワーク-ネットワーク間接続に必要とされる情報は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 専用の <abbr class="abbrev">IPsec</abbr> ルーターの外部からアクセス可能な IP アドレス
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">IPsec</abbr> ルーターにより取り扱われる <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> のネットワーク・アドレス範囲 (192.168.1.0/24 や 10.0.1.0/24 のような) 。
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク・ノードからインターネットへデータをルートするゲートウェイ・デバイスの IP アドレス
+ </div></li><li class="listitem"><div class="para">
+ 一意な名前。たとえば、<code class="computeroutput">ipsec1</code>。これは <abbr class="abbrev">IPsec</abbr> コネクションを識別し、他のデバイスまたはコネクションと区別するために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ 固定暗号キーまたは <code class="command">racoon</code> により自動的に生成されたもの
+ </div></li><li class="listitem"><div class="para">
+ コネクションの初期化段階で使用され、セッション中に暗号キーを交換するために事前共有された認証キー。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection">4.2.1.7.1. ネットワーク-ネットワーク間の (<abbr class="abbrev">VPN</abbr>) コネクション</h5></div></div></div><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> コネクションは、プライベート・サブネットに対するネットワーク・トラフィックがルートされることを通して、お互いのネットワークのために、2つの <abbr class="abbrev">IPsec</abbr> ルーターを使用します。
+ </div><div class="para">
+ たとえば、<a class="xref" href="#figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec">図4.3「ネットワーク-ネットワーク間の IPsec」</a> に示されるように、192.168.1.0/24 プライベート・ネットワークが 192.168.2.0/24 プライベート・ネットワークにネットワーク・トラフィックを送信するならば、パケットは gateway0 を通り、ipsec0 へと、インターネットを経由して、ipsec1 へと、gateway1 へと、192.168.2.0/24 サブネットへと行きます。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> ルーターは、公にアドレス可能な IP アドレスとそれぞれのプライベート・ネットワークに接続された2番目のイーサネット・デバイスを必要とします。もう一方の <abbr class="abbrev">IPsec</abbr> ルーターが暗号化されたコネクションを持つことを意図しているならば、トラフィックは <abbr class="abbrev">IPsec</abbr> ルーターを経由していきます。
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="ネットワーク-ネットワーク間の IPsec" /><div class="longdesc"><div class="para">
+ ネットワーク-ネットワーク間の IPsec
+ </div></div></div></div><h6>図4.3 ネットワーク-ネットワーク間の IPsec</h6></div><br class="figure-break" /><div class="para">
+ 代ããã®ãããã¯ã¼ã¯è¨å®ãªãã·ã§ã³ã¯ãå IP ã«ã¼ã¿ã¼ããã³ã¤ã³ã¿ã¼ãããéã®ãã¡ã¤ã¢ã¦ã©ã¼ã«ãå <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ããã³ãµããããã»ã²ã¼ãã¦ã§ã¤éã®ã¤ã³ãã©ãããã»ãã¡ã¤ã¢ã¦ã©ã¼ã«ãå«ã¿ã¾ãã<abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ããã³ãµããããã®ã²ã¼ãã¦ã§ã¤ã¯ã2ã¤ã®ã¤ã¼ãµãããã»ããã¤ã¹ãæã¤1ã¤ã®ã·ã¹ãã ã§ãã<abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã¨ãã¦åä½ãã ãããªã㯠IP ã¢ãã¬ã¹ãæã¤ãã®ãããã³ãã©ã¤ãã¼ãã»ãµããããã«å¯¾ããã²ã¼ãã¦ã§ã¤ã¨ãã¦åä½ãããã©ã¤ãã¼ã IP ã¢ãã¬ã¹ãæã¤ãã®ãå <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã¯ããã©ã¤ãã¼ãã»ãããã¯ã¼ã¯ã®ããã«ã²ã¼ãã¦ã§ã¤ã使ç¨ãã¾ãããããã¯ãä»ã® <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã«ãã±ãããéãã
ãã«ãããªãã¯ã»ã²ã¼ãã¦ã§ã¤ã使ç¨ãã¾ãã
+ </div><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> コネクションを設定するために以下の手順を使用します:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="application"><strong>ネットワーク管理ツール</strong></span>を起動するために、コマンド・シェルにおいて <code class="command">system-config-network</code> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">IPsec</abbr>設定ウィザードを起動するために、<span class="guilabel"><strong>IPsec</strong></span> タブにおいて<span class="guibutton"><strong>新規</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> コネクションを設定開始するために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの一意なニックネームを入力します。たとえば、<strong class="userinput"><code>ipsec0</code></strong>。必要に応じて、コンピュータを起動するときに自動的にコネクションを有効にするチェックボックスを選択します。続けるために、<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの種類として<span class="guilabel"><strong>ネットワーク-ネットワーク間暗号化 (VPN)</strong></span> を選択します。<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n"><div class="para">
+ 使用する暗号化の種類を選択します: 手動または自動。
+ </div><div class="para">
+ 手動暗号化を選択すると、暗号キーが後のプロセスにおいて提供されなければいけません。自動暗号化を選択すると、<code class="command">racoon</code> デーモンが暗号キーを管理します。自動暗号化を使用したいならば、<code class="filename">ipsec-tools</code> パッケージがインストールされていなければいけません。
+ </div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルネットワーク</strong></span>ページにおいて、以下の情報を入力します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルネットワークアドレス</strong></span> — プライベート・ネットワークに接続された、<abbr class="abbrev">IPsec</abbr> ルータにおけるデバイスの IP アドレス。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルサブネットマスク</strong></span> — ローカルネットワーク IP アドレスのサブネットマスク。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルネットワークゲートウェイ</strong></span> — プライベートサブネットのゲートウェイ。
+ </div></li></ul></div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Local_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_local.png" width="444" alt="ローカル・ネットワーク情報" /><div class="longdesc"><div class="para">
+ ローカル・ネットワーク情報
+ </div></div></div></div><h6>図4.4 ローカル・ネットワーク情報</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモートネットワーク</strong></span>ページにおいて、以下の情報を入力します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート IP アドレス</strong></span> — <span class="emphasis"><em>他の</em></span>プライベート・ネットワークに対して<abbr class="abbrev">IPsec</abbr> ルーターのパブリックアドレス可能な IP アドレス。私たちの例では、ipsec0 に対して、ipsec1 のパブリックにアドレス可能な IP アドレスを入力します。逆もまた同様です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート・ネットワーク・アドレス</strong></span> — <span class="emphasis"><em>他の</em></span> <abbr class="abbrev">IPsec</abbr> ルーターにバインドされたプライベート・サブネットのネットワーク・アドレス。私たちの例では、ipsec1 を設定しているなら <strong class="userinput"><code>192.168.1.0</code></strong> を入力します。ipsec0 を設定しているなら <strong class="userinput"><code>192.168.2.0</code></strong> を入力します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート・サブネットマスク</strong></span> — リモート IP アドレスのサブネットマスク。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート・ネットワーク・ゲートウェイ</strong></span> — リモート・ネットワーク・アドレスに対するゲートウェイの IP アドレス。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys-n"><div class="para">
+ <a class="xref" href="#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n">6</a>の手順において手動暗号化が選択されると、使用する暗号キーを指定するか、1つ生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。
+ </div><div class="para">
+ 認証キーを指定するか、1つ生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。このキーは数字と文字のあらゆる組み合わせが可能です。
+ </div></li></ul></div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Remote_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_remote.png" width="444" alt="リモート・ネットワーク情報" /><div class="longdesc"><div class="para">
+ リモート・ネットワーク情報
+ </div></div></div></div><h6>図4.5 リモート・ネットワーク情報</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>IPsec — Summary</strong></span> ページにおいて情報を確認し、<span class="guibutton"><strong>Apply</strong></span> をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 設定を保存するために <span class="guimenu"><strong>ファイル</strong></span> => <span class="guimenuitem"><strong>保存</strong></span> を選択します。
+ </div></li><li class="listitem"><div class="para">
+ リストから <abbr class="abbrev">IPsec</abbr> コネクションを選択し、コネクションを有効にするために<span class="guibutton"><strong>有効</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ IP フォワードを有効にします:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysctl.conf</code> を編集し、<code class="computeroutput">net.ipv4.ip_forward</code> に <strong class="userinput"><code>1</code></strong> をセットします。
+ </div></li><li class="listitem"><div class="para">
+ 変更を有効にするために以下のコマンドを使用します
+ </div><pre class="screen">[root at myServer ~]# /sbin/sysctl -p /etc/sysctl.conf</pre></li></ol></div></li></ol></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションを有効化するネットワーク・スクリプトは、必要に応じて <abbr class="abbrev">IPsec</abbr> ルーターを通してパケットを送るために、ネットワーク・ルーターを自動的に作成します。
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">4.2.1.7.2. 手動の <abbr class="abbrev">IPsec</abbr> ネットワーク-ネットワーク間の設定</h5></div></div></div><div class="para">
+ <acronym class="acronym">LAN</acronym> A (lana.example.com) および <acronym class="acronym">LAN</acronym> B (lanb.example.com) がお互いに <abbr class="abbrev">IPsec</abbr> トンネルを経由して接続したいと仮定します。<acronym class="acronym">LAN</acronym> A のネットワーク・アドレスは 192.168.1.0/24 範囲にあり、<acronym class="acronym">LAN</acronym> B は 192.168.2.0/24 範囲を使用します。ゲートウェイ IP アドレスは、<acronym class="acronym">LAN</acronym> A に対して 192.168.1.254 、<acronym class="acronym">LAN</acronym> B に対して 192.168.2.254 です。<abbr class="abbrev">IPsec</abbr> ルーターは、各 <acronym class="acronym">LAN</acronym> ゲートウェイから分離されており、2つのネットワーク・デバイスを使用します: eth0 はインターネットからアクセスする外部からアクセス可能な静的 IP アドレスを割り当てられています。一方
、eth1 は処理するルーティング地点として動作して、あるネットワーク・ノードからリモート・ネットワーク・ノードへと <acronym class="acronym">LAN</acronym> パケットを転送します。
+ </div><div class="para">
+ 各ネットワークの間の <abbr class="abbrev">IPsec</abbr> コネクションは、<code class="computeroutput">r3dh4tl1nux</code> の値を持つ事前共有キーを使用します。また、A と B の管理者は、<abbr class="abbrev">IPsec</abbr> ルーターの間の認証キーを<code class="command">racoon</code> が自動的に生成および管理することに合意します。<acronym class="acronym">LAN</acronym> A の管理者が <abbr class="abbrev">IPsec</abbr> コネクションを <code class="computeroutput">ipsec0</code> と名付けることに決めます。一方、<acronym class="acronym">LAN</acronym> B の管理者が <abbr class="abbrev">IPsec</abbr> コネクションを <code class="computeroutput">ipsec1</code> と名付けます。
+ </div><div class="para">
+ 以下の例は、<acronym class="acronym">LAN</acronym> A に対するネットワーク-ネットワーク間 <abbr class="abbrev">IPsec</abbr> コネクションの <code class="filename">ifcfg</code> ファイルの内容を示します。この例においてコネクションを識別するための一意な名前は <em class="replaceable"><code>ipsec0</code></em> です。そのため、結果ファイルは <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec0</code> と呼ばれます。
+ </div><pre class="screen">TYPE=IPSEC
+ONBOOT=yes
+IKE_METHOD=PSK
+SRCGW=192.168.1.254
+DSTGW=192.168.2.254
+SRCNET=192.168.1.0/24
+DSTNET=192.168.2.0/24
+DST=<em class="replaceable"><code>X.X.X.X</code></em></pre><div class="para">
+ 以下の一覧はこのファイルの内容を説明します:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">TYPE=IPSEC</span></dt><dd><div class="para">
+ 接続の種類を指定します。
+ </div></dd><dt class="varlistentry"><span class="term">ONBOOT=yes</span></dt><dd><div class="para">
+ ブート時に接続が初期化されるかを指定します。
+ </div></dd><dt class="varlistentry"><span class="term">IKE_METHOD=PSK</span></dt><dd><div class="para">
+ 接続が使用する認証の事前共有鍵の方式を指定します。
+ </div></dd><dt class="varlistentry"><span class="term">SRCGW=192.168.1.254</span></dt><dd><div class="para">
+ 送信元ゲートウェイの IP アドレス。LAN Aに対しては LAN A のゲートウェイ、LAN B に対しては LAN B ゲートウェイ。
+ </div></dd><dt class="varlistentry"><span class="term">DSTGW=192.168.2.254</span></dt><dd><div class="para">
+ 宛て先ゲートウェイの IP アドレス。LAN A に対しては LAN B のゲートウェイ、LAN B に対しては LAN A のゲートウェイ。
+ </div></dd><dt class="varlistentry"><span class="term">SRCNET=192.168.1.0/24</span></dt><dd><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続に対する送信元ネットワークを指定します。この例では LAN A のネットワーク範囲です。
+ </div></dd><dt class="varlistentry"><span class="term">DSTNET=192.168.2.0/24</span></dt><dd><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続に対する宛て先ネットワークを指定します。この例では <acronym class="acronym">LAN</acronym> A のネットワーク範囲です。
+ </div></dd><dt class="varlistentry"><span class="term">DST=X.X.X.X</span></dt><dd><div class="para">
+ <acronym class="acronym">LAN</acronym> B の外部からアクセス可能な IP アドレス。
+ </div></dd></dl></div><div class="para">
+ 以下の例は、両方のネットワークがお互いに認証するために使用する、<code class="filename">/etc/sysconfig/network-scripts/keys-ipsec<em class="replaceable"><code>X</code></em></code> (<em class="replaceable"><code>X</code></em> は、<acronym class="acronym">LAN</acronym> A に対して0、<acronym class="acronym">LAN</acronym> B に対して1です)と呼ばれる事前共有キーファイルの内容です。このファイルの内容は同じであるべきです。また、root ユーザーだけがこのファイルを読み書きできるべきです。
+ </div><pre class="screen">IKE_PSK=r3dh4tl1nux</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ root ユーザーだけが <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> ファイルを読み込みや編集ができるよう、そのファイルを変更するため、ファイル作成後に以下のコマンドを使用します:
+ </div><pre class="screen">chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ いつでも認証キーを変更するために、両方の <abbr class="abbrev">IPsec</abbr> ルーターにおいて <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> ファイルを編集します。<span class="emphasis"><em>正しいコネクションのために両方のキーが同一でなければいけません</em></span>。
+ </div><div class="para">
+ 以下の例は、<abbr class="abbrev">IPsec</abbr> コネクションに対する <code class="filename">/etc/racoon/racoon.conf</code> 設定ファイルの内容です。ファイルの最後にある <code class="computeroutput">include</code> 行は、自動的に生成され、<abbr class="abbrev">IPsec</abbr> トンネルが実行しているときのみ表れます。
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</pre><div class="para">
+ 以下はリモート・ネットワークへの接続用の具体的な設定ファイルです。このファイルは <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> という名前です(ここで、<em class="replaceable"><code>X.X.X.X</code></em> は リモート <abbr class="abbrev">IPsec</abbr> ルーターの IP アドレスです)。このファイルは、<abbr class="abbrev">IPsec</abbr> トンネルが有効化されるときに自動的に生成され、直接編集すべきではありません。
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続を開始するに先立って、IP フォワーディングがカーネルで有効になっていなければいけません。IP フォワーディングを有効にするために:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysctl.conf</code> を編集し、<code class="computeroutput">net.ipv4.ip_forward</code> に <strong class="userinput"><code>1</code></strong> をセットします。
+ </div></li><li class="listitem"><div class="para">
+ 変更を有効にするために以下のコマンドを使用します
+ </div><pre class="screen">[root at myServer ~] # sysctl -p /etc/sysctl.conf</pre></li></ol></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続を開始するために、各ルーターにおいて以下のコマンドを使用します。
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup ipsec0</pre><div class="para">
+ コネクションが有効化され、<acronym class="acronym">LAN</acronym> A と <acronym class="acronym">LAN</acronym> B 両方がお互いにコミュニケートできます。<abbr class="abbrev">IPsec</abbr> コネクションにおいて <code class="command">ifup</code> を実行することにより、ルートが初期化スクリプト経由で自動的に作成されます。
+ </div><pre class="screen">[root at myServer ~] # /sbin/ip route list</pre><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションをテストするために、ホスト間で転送されるネットワーク・パケットを表示するために、外部からルート可能なデバイスにおいて <code class="command">tcpdump</code> ユーティリティを実行して、IPsec 経由で暗号化されていることを確認します。たとえば、<acronym class="acronym">LAN</acronym> A の <abbr class="abbrev">IPsec</abbr> コネクションをチェックするために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # tcpdump -n -i eth0 host <em class="replaceable"><code>lana.example.com</code></em></pre><div class="para">
+ パケットは AH ヘッダーを含むべきであり、ESP パケットとして示されるべきです。ESP は暗号化されているという意味です。たとえば、(バックスラッシュはある行が続くことを表します):
+ </div><pre class="screen">12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \
+ lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \
+ (ipip-proto-4)</pre></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">4.2.1.8. <abbr class="abbrev">IPsec</abbr> コネクションの開始と停止</h4></div></div></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションがブート時に有効化するよう設定されていなければ、コマンドラインから制御できます。
+ </div><div class="para">
+ コネクションを開始するために、ホスト間 IPsec に対する各ホスト、またはネットワーク間 IPsec に対する各 <abbr class="abbrev">IPsec</abbr> ルータにおいて以下のコマンドを使用します。
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup <em class="replaceable"><code><nickname></code></em></pre><div class="para">
+ ここで <em class="replaceable"><code><nickname></code></em> は、<code class="computeroutput">ipsec0</code> のような、前に設定したニックネームです。
+ </div><div class="para">
+ 接続を停止するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifdown <em class="replaceable"><code><nickname></code></em></pre></div></div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</h3></div></div></div><div class="para">
+ Secure Shell (SSH) はセキュアなチャネル上で他のシステムとコミュニケーションするために使用される強力なネットワーク・プロトコルです。SSH上の転送は、暗号化され、盗聴から保護されます。暗号のログオンは、伝統的なユーザー名とパスワード上のよりよい認証方法を提供するために活用されます。
+ </div><div class="para">
+ SSH は有効にすることが非常に簡単です。単に sshd サービスを開始することで、システムは接続を受け付けるようになり、正しいユーザー名とパスワードが接続プロセスの間に提供されるとき、システムへのアクセスを許可します。SSH サービスに対する標準的な TCP ポートは 22 です。しかしながら、設定ファイル <span class="emphasis"><em>/etc/ssh/sshd_config</em></span> を修正して、サービスを再起動することで、これを変更できます。このファイルは SSH に対する他の設定オプションも含みます。
+ </div><div class="para">
+ Secure Shell (SSH) は、1つのポートを用いるだけでなく、コンピューター間の暗号化されたトンネルも提供します。<a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software">ポートフォワードが SSH トンネル経由で実行でき</a> 、トラフィックがそのトンネルを通過するので暗号化されますが、ポートフォワードを使用することが VPN と同じくらい流動的なわけではありません。
+ </div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon">4.2.2.1. 暗号によるログオン</h4></div></div></div><div class="para">
+ SSH はコンピューターにログインするために暗号鍵の使用をサポートしています。これはパスワードを用いるよりもはるかに安全です。もし正しくセットアップされれば、複数要素認証を検討できます。
+ </div><div class="para">
+ 暗号化によるログオンをできる前に設定の変更を行う必要があります。ファイル <code class="filename">/etc/ssh/sshd_config</code> において、以下の行を次のようにアンコメントして変更します:
+<pre class="screen">PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys</pre>
+ 最初の行により SSH プログラムが公開鍵認証できるように指示します。2 行目は、認可されたキーペアの公開鍵が存在する、システムのホームディレクトリーにあるファイルを示します。
+ </div><div class="para">
+ 次に行うことは、システムに接続するために使用する、クライアントの SSH キーペアを生成することです。コマンド <code class="command">ssh-keygen</code> はシステムにログインするために設定する RSA 2048-bit キーを生成します。キーは標準状態で <code class="filename">~/.ssh</code> ディレクトリーに保存されます。キーのビット長を変更するにはスイッチ <code class="command">-b</code> を利用できます。2048-bits はおそらく問題ないですが、可能ならば 8192-bit キーまで拡張できます。
+ </div><div class="para">
+ <code class="filename">~/.ssh</code> ディレクトリーにおいて、作成された二つのキーを確認すべきです。<code class="command">ssh-keygen</code> を実行するとき初期値を使うならば、キーは秘密鍵と公開鍵に <code class="filename">id_rsa</code> および <code class="filename">id_rsa.pub</code> という名前がつけられます。常に秘密鍵がさらされることから保護するべきです。しかしながら、公開鍵はログインしようとしているシステムに転送する必要があります。一度システムにおくならば、キーを承認リストに追加する最も簡単な方法は、次の方法です:
+<pre class="screen">$ cat id_rsa.pub >> ~/.ssh/authorized_keys</pre>
+ これは、公開鍵を authorized_key ファイルに追加します。<span class="application"><strong>SSH</strong></span> アプリケーションは、ログインを試行するときに、このファイルを確認します。
+ </div><div class="para">
+ パスワードや他の認証方式と同じように、定期的に <span class="application"><strong>SSH</strong></span> キーを変更すべきです。その際、すべての使用していない鍵を authorized_key ファイルから確実に削除しておきます。
+ </div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-LUKS_Disk_Encryption" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS ディスク暗号化</h3></div></div></div><div class="para">
+ Linux Unified Key Setup-on-disk-format (or LUKS) は、Linux コンピューターのパーティションを暗号化できるようにします。これはとくに、モバイル・コンピューターやリムーバブル・メディアを使うときに重要です。LUKS は複数のユーザー・キーがパーティションの全体暗号化に対して使用されるマスター・キーを復号できるようにします。
+ </div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">4.2.3.1. Fedora における LUKS の導入</h4></div></div></div><div class="para">
+ Fedora 9 およびそれ以降は、システムシステムの暗号化を実行するために LUKS を利用します。デフォルトで、ファイルシステムを暗号化するオプションはインストール中にチェックされていません。ハードディスクを暗号化するオプションを選択すると、コンピューターを起動するたびにパスフレーズが尋ねられます。このパスフレーズは、パーティションを復号するために用いられる全体暗号鍵を "ロック解除" します。デフォルトのパーティション・テーブルを変更するために選択すると、暗号化したいパーティションを選択できます。これは、パーティション・テーブルの設定にセットされます。
+ </div><div class="para">
+ Fedora のデフォルト LUKS 実装は SHA256 ハッシュを持つ AES 128 です。利用可能な暗号は次のとおりです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ AES - Advanced Encryption Standard - <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">FIPS PUB 197</a>
+ </div></li><li class="listitem"><div class="para">
+ Twofish (A 128-bit Block Cipher)
+ </div></li><li class="listitem"><div class="para">
+ Serpent
+ </div></li><li class="listitem"><div class="para">
+ cast5 - <a href="http://www.ietf.org/rfc/rfc2144.txt">RFC 2144</a>
+ </div></li><li class="listitem"><div class="para">
+ cast6 - <a href="http://www.ietf.org/rfc/rfc2612.txt">RFC 2612</a>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">4.2.3.2. ディレクトリの手動暗号化</h4></div></div></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ この手順に従うと、暗号化するパーティションにあるすべてのデータが削除されます。すべての情報を失うでしょう!この手順を始める前にデータを外部ソースへ確実にバックアップしてください!
+ </div></div></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ この手順は、パーティションにある既存のデータを削除して、使用する LUKS 向けの乱数ベースを提供するために、<span class="package">scrub</span> を使用します。この乱数ベースは暗号化に対する特定の攻撃を防ぐために重要です。<span class="package">scrub</span> は標準ではインストールされていません。使用する前にインストールする必要があります。代わりに、同じことを達成するために、他の乱数生成器を使用することもできます。
+ </div></div></div><div class="para">
+ Fedora 9 よりも前のバージョンを実行していて、パーティションを暗号化したい、もしくは、最新版の Fedora をインストールした後でパーティションを暗号化したいならば、以下の指示はあなたのためになります。以下のサンプル・デモは /home パーティションを暗号化しますが、すべてのパーティションが使用できます。
+ </div><div class="para">
+ 以下の手順は既存のデータをすべて取り去るでしょう。そのため、始める前にテストされたバックアップを確実にします。/home が独立したパーティションである必要があります(ここでは /dev/VG00/LV_home です)。以下はすべて root として実行されなければいけません。これら手順の失敗はすべて、手順が成功するまで進んではいけません。
+ </div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">4.2.3.3. ステップ・バイ・ステップの説明</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ ランレベル 1 に入ります: <code class="code">telinit 1</code>
+ </div></li><li class="listitem"><div class="para">
+ パーティションをランダムデータで埋めます: <code class="code">scrub -p random /home</code>
+ </div></li><li class="listitem"><div class="para">
+ 既存の /home をアンマウントします: <code class="code"> umount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ もし失敗したなら、/home を独占しているプロセスを見つけて止めるために <code class="code">fuser</code> を使用します: <code class="code">fuser -mvk /home</code>
+ </div></li><li class="listitem"><div class="para">
+ /home がもうマウントされていないことを確認します: <code class="code">cat /proc/mounts | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ パーティションを初期化します: <code class="code">cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home</code>
+ </div></li><li class="listitem"><div class="para">
+ 新しく暗号化されたデバイスを開きます: <code class="code">cryptsetup luksOpen /dev/VG00/LV_home home</code>
+ </div></li><li class="listitem"><div class="para">
+ そこにあることを確認します: <code class="code">ls -l /dev/mapper | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ ファイルシステムを作成します: <code class="code">mkfs.ext3 /dev/mapper/home</code>
+ </div></li><li class="listitem"><div class="para">
+ マウントします: <code class="code">mount /dev/mapper/home /home</code>
+ </div></li><li class="listitem"><div class="para">
+ 見えることを確認します: <code class="code">df -h | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ 以下を /etc/crypttab に追加します: <code class="code">home /dev/VG00/LV_home none</code>
+ </div></li><li class="listitem"><div class="para">
+ /etc/fstab を編集して、/home の古いエントリを削除して、<code class="code">/dev/mapper/home /home ext3 defaults 1 2</code> を追加します。
+ </div></li><li class="listitem"><div class="para">
+ fstab エントリを確認します: <code class="code">mount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ デフォルトの SELinux セキュリティ・コンテキストを復元します: <code class="code">/sbin/restorecon -v -R /home</code>
+ </div></li><li class="listitem"><div class="para">
+ 再起動します: <code class="code">shutdown -r now</code>
+ </div></li><li class="listitem"><div class="para">
+ /etc/crypttab にあるエントリは、コンピューターがブート時に <code class="code">luks</code> パスフレーズを問い合わせるようにします。
+ </div></li><li class="listitem"><div class="para">
+ root としてログインして、バックアップを復元します。
+ </div></li></ol></div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">4.2.3.4. ただ何を達成したでしょうか。</h4></div></div></div><div class="para">
+ おめでとうございます、これでコンピューターをオフにしている間も安全に保管できるよう、すべてのデータに対する暗号化されたパーティションを持ちました。
+ </div></div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">4.2.3.5. 興味のリンク</h4></div></div></div><div class="para">
+ Fedora における LUKS や暗号化ハードディスクに関する詳細は、以下のリンクを訪問してください:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="https://code.google.com/p/cryptsetup/">LUKS - Linux Unified Key Setup</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="https://bugzilla.redhat.com/attachment.cgi?id=161912">HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive, pvmove, and a Fedora LiveCD</a>
+ </div></li></ul></div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip 暗号化アーカイブ</h3></div></div></div><div class="para">
+ <a href="http://www.7-zip.org/">7-Zip</a> は、アーカイブのコンテンツを保護するために強力な暗号(AES-256)も使用できる、クロスプラットフォームで次世代のファイル圧縮ツールです。異なるオペレーティングシステム(たとえば、自宅の Linux と会社の Windows)を使用する複数のコンピュータ間でデータを移送する必要があり、持ち運び可能な暗号化ソリューションが欲しいとき、これは非常に有用です。
+ </div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">4.2.4.1. Fedora における 7-Zip のインストール</h4></div></div></div><div class="para">
+ 7-Zip は Fedora の base パッケージではありませんが、ソフトウェアリポジトリで入手可能です。一度インストールすると、特別な注意を必要とせず、お使いのコンピュータにおいて更新パッケージを入手できるでしょう。
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">4.2.4.2. ステップ・バイ・ステップのインストールの説明</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 端末を開きます: <code class="code">アプリケーション -> システムツール -> 端末</code>をクリックします。または、GNOME 3 において<code class="code">アクティビティ -> アプリケーション -> 端末</code>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ sudo アクセスで 7-Zip をインストールします: <code class="code">sudo yum install p7zip</code>
+ </div></li><li class="listitem"><div class="para">
+ 端末を閉じます: <code class="code">exit</code>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">4.2.4.3. ステップ・バイ・ステップの使い方の説明</h4></div></div></div><div class="para">
+ 以下のこれらの説明により、"ドキュメント" ディレクトリを圧縮したり暗号化したりすることができるでしょう。元の "ディレクトリ" はそのまま残ります。この技術はファイルシステムにおいてアクセスすることができるすべてのディレクトリとファイルに適用できます。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 端末を開きます:<code class="code">アプリケーション -> システムツール -> 端末</code> をクリックします
+ </div></li><li class="listitem"><div class="para">
+ 圧縮または暗号化します: (プロンプトが出たときにパスワードを入力します) <code class="code">7za a -mhe=on -ms=on -p Documents.7z Documents/</code>
+ </div></li></ul></div><div class="para">
+ これで "ドキュメント" ディレクトリが圧縮され暗号化されます。以下の説明はアーカイブをどこか新しい場所に移動して、それを解凍します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 新しいディレクトリを作成します: <code class="code">mkdir newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ 暗号化ファイルを移動します: <code class="code">mv Documents.7z newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ 新しいディレクトリへ移動します: <code class="code">cd newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ ファイルを解凍します: (プロンプトが出たときにパスワードを入力します) <code class="code">7za x Documents.7z</code>
+ </div></li></ul></div><div class="para">
+ これでアーカイブは新しい場所に解凍されます。以下の説明はこれまでのステップをすべてクリーンアップして、その前の状態にコンピュータを復元します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ディレクトリを上がります: <code class="code">cd ..</code>
+ </div></li><li class="listitem"><div class="para">
+ テストのアーカイブとテストの解凍したものを削除します: <code class="code">rm -r newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ 端末を閉じます: <code class="code">exit</code>
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI">4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法</h4></div></div></div><div class="para">
+ 7-Zip アーカイブは他のいろいろなアーカイブと同じように GUI から展開できます。しかし、セキュアな 7-Zip アーカイブを作成するには、いくつかの手順が必要です。
+ </div><div class="para">
+ 以下のこれらの説明により、"ドキュメント" ディレクトリを圧縮したり暗号化したりすることができるでしょう。元の "ディレクトリ" はそのまま残ります。この技術はファイルシステムにおいてアクセスすることができるすべてのディレクトリとファイルに適用できます。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ファイルブラウザーを開きます: アクティビティ -> ファイル をクリックします
+ </div></li><li class="listitem"><div class="para">
+ "ドキュメント" フォルダーを右クリックします
+ </div></li><li class="listitem"><div class="para">
+ "圧縮" オプションを選択します
+ </div></li><li class="listitem"><div class="para">
+ ファイル拡張子として ".7z" を選択します
+ </div></li><li class="listitem"><div class="para">
+ "他のオプション" を展開します
+ </div></li><li class="listitem"><div class="para">
+ "ファイル一覧も暗号化する" をクリックします
+ </div></li><li class="listitem"><div class="para">
+ パスワードの項目にパスワードを入力します
+ </div></li><li class="listitem"><div class="para">
+ "作成" ボタンをクリックします
+ </div></li></ul></div><div class="para">
+ これでホームディレクトリーに "Documents.7z" ファイルができたことを確認できます。ファイルを開きたいならば、アーカイブの内容が表示される前にアーカイブのパスワードを尋ねられます。一度正しいパスワードが提供されると、ファイルが開きます。そうすると、アーカイブは通常通り操作できます。"Documents.7z" ファイルを削除することにより、この練習を終えて、コンピューターを元の状態に戻します。
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">4.2.4.5. 重要なこと</h4></div></div></div><div class="para">
+ 7-Zip は Microsoft Windows や Mac OS X にデフォルトで同梱されていません。それらのプラットフォームにおいて 7-Zip ファイルを使用したいならば、それらのコンピュータに適切なバージョンの 7-Zip をインストールする必要があります。7-Zip <a href="http://www.7-zip.org/download.html">download page</a> を参照してください。
+ </div></div></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Encryption-Using_GPG" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG">4.2.5. GNU Privacy Guard (GnuPG) の使用</h3></div></div></div><div class="para">
+ <span class="application"><strong>GnuPG</strong></span> (GPG) は、あなた自身を識別したり、あなたのコミュニケーション(あなたが知らない人とのものを含みます)を認証したり、するために使われます。GPG は GPG 署名された email を読んだ人がその真正性を検証できるようにします。言い換えると、GPG は、あなたにより署名されたコミュニケーションが実際にあなたからであることを、かなり確かであることを可能にします。第三者がコードを変更したり、会話を横取りしたり、メッセージを変更したりするのを防ぐ助けになるので、GPG は有用です。
+ </div><div class="para">
+ GPG は、コンピューターやネットワーク・ドライブに保存されているファイルを署名かつ/または暗号化するために使うこともできます。これにより、ファイルが認可されていない人により改ざんまたは読み込まれるのを防ぐという、さらなる保護を追加できます。
+ </div><div class="para">
+ To utilize GPG for authentication or encryption of email you must first generate your public and private keys. After generating the keys you will have to setup your email client to utilize them.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">4.2.5.1. GNOME における GPG キーの生成</h4></div></div></div><div class="para">
+ Seahorse ユーティリティにより GPG 鍵管理が容易になります。コマンド <code class="code">su -c "yum install seahorse"</code> または<span class="application"><strong>ソフトウェアの追加/削除</strong></span>を使用した GUI において、<span class="package">Seahorse</span> をインストールできます。
+ </div><div class="para">
+ 鍵を作成するには <span class="application"><strong>パスワードと暗号鍵</strong></span> を選択します。これによりアプリケーション <span class="application"><strong>Seahorse</strong></span> が起動します。<code class="code">ファイル</code>メニューから<code class="code">新規</code>を選択します。そして、<code class="code">PGP キー</code>を選択し、<code class="code">続ける</code>を選択します。あなたが誰であるかを表す、フルネーム、電子メールアドレス、およびオプションのコメント (例: John C. Smith, jsmith at example.com, 男性) を入力します。<code class="code">作成</code>を選択します。鍵のパスフレーズを問い合わせるダイアログが表示されます。強力なパスフレーズですが、覚えやすいものを選択します。<code class="code">OK</code> をクリックすると、鍵が作成されます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ パスフレーズを忘れると、鍵を使うことができなくなり、その鍵を用いて暗号化されたデータが失われます。
+ </div></div></div><div class="para">
+ GPG キー ID を見つけるために、新しく生成された鍵の次に ''キー ID'' 列を見ます。多くの場合、キー ID を要求すると、"0x6789ABCD" のように鍵 ID の前に "0x" がつきます。秘密鍵のバックアップをとり、どこか安全な場所に保管するべきです。
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">4.2.5.2. KDE における GPG キーの生成</h4></div></div></div><div class="para">
+ メインメニューから アプリケーション > ユーティリティ > 暗号ツールを選択して KGpg プログラムを起動します。これまで KGpg を使用したことがなければ、プログラムがあなた自身の GPG 鍵ペアを生成するプロセスを詳しく説明します。ダイアログボックスは、新しい鍵ペアを生成するためのプロンプトを表示します。名前、電子メールアドレス、およびオプションのコメントを入力します。鍵の長さ(ビット数)とアルゴリズム同様、鍵が失効するまでの時間も選択できます。次のダイアログはパスフレーズに対するプロンプトが表示されます。このとき、あなたの鍵がメインの <code class="code">KGpg</code> ウィンドウに表示されます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ パスフレーズを忘れると、鍵を使うことができなくなり、その鍵を用いて暗号化されたデータが失われます。
+ </div></div></div><div class="para">
+ GPG キー ID を見つけるために、新しく生成された鍵の次に ''キー ID'' 列を見ます。多くの場合、キー ID を要求すると、"0x6789ABCD" のように鍵 ID の前に "0x" がつきます。秘密鍵のバックアップをとり、どこか安全な場所に保管するべきです。
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">4.2.5.3. コマンドラインを用いた GPG 鍵の生成</h4></div></div></div><div class="para">
+ 次のシェルコマンドを使用します: <code class="code">gpg --gen-key</code>
+ </div><div class="para">
+ このコマンドは、公開鍵と秘密鍵で構成される鍵ペアを生成します。他の人々は、あなたのコミュニケーションを認証かつ/または復号するためにあなたの公開鍵を使用します。できる限り、あなたの公開鍵を配布します(メーリングリストのように、あなたから認証されたコミュニケーションを受け取りたいと考える、あなたが知っている人に対してとくに)。たとえば、Fedora Documentation Project は自己紹介において GPG 公開鍵を含めるよう参加者に対してお願いしています。
+ </div><div class="para">
+ 一連のプロンプトがプロセスを通してあなたに指示をします。必要に応じて初期値を割り当てるために <code class="code">Enter</code> キーを押します。1番目のプロンプトは、あなたが必要とする鍵の種類を選択するよう尋ねます。
+ </div><div class="para">
+
+<pre class="screen">作成したい鍵の種類を選択してください:
+ (1) RSA および RSA (初期値)
+ (2) DSA および Elgamal
+ (3) DSA (署名のみ)
+ (4) RSA (署名のみ)
+ どれにしますか?</pre>
+ ほとんどすべての場合において、初期値が正しい選択です。RSA 鍵は通信を署名するだけではなく、ファイルを暗号化できます。
+ </div><div class="para">
+ 次に、鍵の大きさを選択します:
+<pre class="screen">RSA 鍵は 1024 ~ 4096 ビットの長さにできます。
+鍵の大きさをどうしますか? (2048)</pre>
+ 再び、初期値はほとんどすべてのユーザーにとって十分です。強いレベルのセキュリティを意味します。
+ </div><div class="para">
+ 次に、鍵がいつ失効するのかを選択します。標準の "none" を使用する代わりに、失効日を選択することは素晴らしい考えです。たとえば、鍵にある電子メールアドレスが無効になると、失効日により他者が公開鍵の使用を止めることに気がつきます。
+ </div><div class="para">
+
+<pre class="screen">鍵の有効期間を指定してください。
+ 0 = 失効しません
+ d = n 日後に失効します
+ w = n 週間後に失効します
+ m = n か月後に失効します
+ y = n 年後に失効します
+ 鍵をどの期間だけ有効にしますか? (0)</pre>
+
+ </div><div class="para">
+ たとえば、<code class="code">1y</code> の値を入力すると、鍵が1年間有効になります。(もし気が変わると、鍵を生成した後でこの失効日を変更できます。)
+ </div><div class="para">
+ <code class="code">gpg</code> プログラムは署名情報を尋ねる前に、以下のプロンプトが表れます: <code class="code">Is this correct (y/n)?</code> プロセスを終わらせるために、 <code class="code">y</code> を入力します。
+ </div><div class="para">
+ 次に、名前と電子メールアドレスを入力します。このプロセスは実在の個人として認証することに関するものであると覚えてください。このため、実際の名前を含めます。アイデンティティを偽装するかわかりにくくするので、エイリアスやハンドルを使いません。
+ </div><div class="para">
+ GPG キーの電子メール実アドレスを入力します。偽の電子メールアドレスを選択すると、他者があなたの公開鍵を見つけることがより難しくなります。これはコミュニケーションを認証することを難しくします。たとえば、メーリングリストにおいて [[DocsProject/SelfIntroduction| self-introduction]] に対してこの GPG キーを使用していると、そのリストにおいて使用する電子メールアドレスを入力します。
+ </div><div class="para">
+ コメント・フィールドをエイリアスや他の情報を含めるために使用します。(ある人々は異なる目的に対して異なる鍵を使用します。そして、"オフィス" や "オープンソース・プロジェクト" のようなコメントを用いてそれぞれの鍵を識別します。)
+ </div><div class="para">
+ すべてのエントリが正しければ、確認プロンプトにおいて、続けるために文字 O を入力します。もしくは、ある問題を修正するために他のオプションを使用します。最後に、秘密鍵に対するパスフレーズを入力します。<code class="code">gpg</code> プログラムはパスフレーズを2回入力するよう尋ね、入力エラーがないことを確実にします。
+ </div><div class="para">
+ 最終的に、<code class="code">gpg</code> はできる限り一意な鍵を作るためにランダムなデータを生成します。プロセスをスピードアップするためにこの手順の間、マウスを動かします、ランダムなキーを打ちます、もしくはシステムにおいて他のタスクを実行します。この手順が完了すると、鍵が完成し、使用する準備ができます:
+ </div><pre class="screen">
+pub 1024D/1B2AFA1C 2005-03-31 John Q. Doe (Fedora Docs Project) <jqdoe at example.com>
+Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
+sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+</pre><div class="para">
+ 鍵のフィンガープリントは、あなたの鍵のための短縮形の "署名" です。あなたの実際の公開鍵が改ざんされることなく受け取ったことを、他者へ確認できるようにします。このフィンガープリントを書き留めておく必要はありません。いつでもフィンガープリントを表示するために、このコマンドをあなたの電子メールアドレスに置き換えて使用します: <code class="code"> gpg --fingerprint jqdoe at example.com </code>
+ </div><div class="para">
+ "GPG キー ID" は、公開鍵を識別する16進8文字からなります。上の例において、GPG キー ID は 1B2AFA1C です。多くの場合、キー ID を問い合わせると、"0x1B2AFA1C" にあるように、キー ID の前に "0x" がつきます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ パスフレーズを忘れると、鍵を使うことができなくなり、その鍵を用いて暗号化されたデータが失われます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">4.2.5.4. Alpine での GPG の使用</h4></div></div></div><div class="para">
+ 電子メールクライアント <span class="package">Alpine</span> または <span class="package">Pine</span> を使用していると、<span class="package">ez-pine-gpg</span> もダウンロードしてインストールする必要があります。このソフトウェアは現在 <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a> から入手可能です。一度 ez-pine-gpg をインストールすると、<code class="code">~/.pinerc</code> ファイルを修正する必要があります。以下が必要となります:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ /home/username/bin は、指定したインストール・パスで置き換えられるべきです。
+ </div></li><li class="listitem"><div class="para">
+ 2箇所において、_RECIPIENTS_ の後にある gpg-identifier はあなたの GPG 公開鍵の識別子で置き換えられるべきです。ここであなた自身の GPG 識別子を含める理由は、”Alice" へと暗号化されたメッセージを送るならば、メッセージはあなたの公開鍵も用いて暗号化されるからです。もしこれをしなければ、送信済みフォルダにあるメッセージを開けなくなり、あなた自身が書いたことを思い出せなくなります。
+ </div></li></ol></div><div class="para">
+ このように見えるでしょう:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">4.2.5.5. Evolution での GPG の使用</h4></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">4.2.5.5.1. Evolution ととに使用するための GPG の設定</h5></div></div></div><div class="para">
+ <span class="application"><strong>Evolution</strong></span> において使用するための GPG を設定するために、<span class="application"><strong>Evolution</strong></span> メインメニューから選択し、左パネルにある ツール、設定... を選択し、メール・アカウントを選択します。右パネルにおいて、Fedora Project のやり取りのために使う電子メールアカウントを選択します。そして、編集ボタンを選択します。<span class="application"><strong>Evolution</strong></span> アカウント・エディタのダイアログが表示されます。セキュリティ・タブを選択します。
+ </div><div class="para">
+ PGP/GPG キー ID フィールドにおいて、このアカウントの電子メールアドレスに対応する GPG キー ID を入力します。キー ID が何かはっきりしなければ、このコマンドを使用します: <code class="code">gpg --fingerprint EMAIL_ADDRESS</code>。キー ID はキーのフィンガープリントの後ろ8文字 (4 バイト) と同じです。暗号メールを送信するときは必ず自分自身へと暗号化するオプションをクリックすることは良いアイディアです。このアカウントを使用するとき、出ていくメッセージを常に署名するを選択したいかもしれません。
+ </div><div class="note"><div class="admonition_header"><h2>注意</h2></div><div class="admonition"><div class="para">
+ キーリングにおいて公開鍵を信頼されていると印をつけていないと、暗号化するときにキーリングにある鍵を常に信頼するオプションを選択するまで、それらの所有者への電子メールを暗号化することはできません。代わりに信頼性のチェックは失敗したことを意味するダイアログが表示されます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">4.2.5.5.2. Evolution を用いた電子メールの検証</h5></div></div></div><div class="para">
+ Evolution ã¯å
¥ã£ã¦ãã GPG ç½²åãããã¡ãã»ã¼ã¸ã®æå¹æ§ãèªåçã«ãã§ãã¯ãã¾ããEvolution ãå
¬ééµã失ãããï¼ã¾ãã¯ãæ¹ãããããï¼ããã«ã¡ãã»ã¼ã¸ã GPG æ¤è¨¼ã§ããªããã°ã赤ãããã¼ã§çµããã¾ããã¡ãã»ã¼ã¸ãæ¤è¨¼ããããããã¼ã«ã«ã«ãã°ãã¼ãã«ã«ããã¼ãç½²åãã¦ããªããã°ãããã¼ã¯é»è²ã§ããããã¡ãã»ã¼ã¸ãæ¤è¨¼ããã¦ããã¼ãç½²åããã¦ãããªãã°ãããã¼ã¯ç·è²ã§ããããã·ã¼ã«ã»ã¢ã¤ã³ã³ãã¯ãªãã¯ããã¨ããEvolution ã¯ç½²åã«é¢ããã»ãã¥ãªãã£æ
å ±ãããæã¤ãã¤ã¢ãã°ã表示ãã¾ããå
¬ééµããã¼ãªã³ã°ã«è¿½å ããããã«ããã¼ã®ææè
ã®é»åã¡ã¼ã«ã¢ãã¬ã¹ã§æ¤ç´¢æ©è½ã使ç¨ãã¾ã: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>ãæ£ãããã¼ãã¤ã³ãã¼ãããããã«ãEvolution ã«ã
ãæä¾ãããæ
å ±ãæã¤ãã¼ ID ã¨ä¸è´ãããå¿
è¦ãããããããã¾ããã
+ </div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化</h5></div></div></div><div class="para">
+ 電子メールを署名すると、電子メールが本当にあなたからきたのかを受信者が確認できるようになります。FDP(および Fedora Project 全体)は、Fedora メーリングリストを含め、あなたが他の参加者への電子メールを署名できるようにします。電子メールを暗号化すると、あなたの受信者だけが電子メールを読めるようにします。ほとんどすべての人が読むことができないので、Fedora メーリングリストに暗号化された電子メールを送らないでください。
+ </div><div class="para">
+ 電子メールを編集しているとき、セキュリティを選択し、メッセージを署名するために PGP 署名を選択します。メッセージを暗号化するために、PGP 暗号を選択します。同じように暗号化されたメッセージを署名するかもしれません。それはグッドプラクティスです。Evolution はあなたの GPG キーのパスフレーズを入力するよう促します。(3回失敗すると Evolution はエラーを発生させます。)このセッションのリマインダのためにこのパスワードを記録するオプションを選択すると、Evolution を終了するか再起動するまで、署名や復号するために再びパスワードを使う必要はありません。
+ </div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">4.2.5.6. Thunderbird を用いた GPG の使用</h4></div></div></div><div class="para">
+ Fedora は thunderbird パッケージにおいて Mozilla Thunderbird を、また、mozilla-mail パッケージが Mozilla Suite 電子メールアプリケーションを含みます。Thunderbird は推奨された Mozilla 電子メールアプリケーションです。これは、デスクトップに アプリケーション > インターネット > Thunderbird Email として表れます。
+ </div><div class="para">
+ Mozilla 製品は、メインのアプリケーションに新しい機能を追加するプラグインである拡張機能をサポートします。Enigmail 拡張は Mozilla の email 製品に GPG サポートを提供します。Enigmail のバージョンは、Mozilla Thunderbird と Mozilla Suite (Seamonkey) 両方に対して存在します。AOL の Netscape ソフトウェアは Mozilla 製品に基づき、この拡張も使用します。
+ </div><div class="para">
+ Fedora システムに Enigmail をインストールするために、以下で与えられる説明に従います。
+ </div><div class="para">
+ Enigmail は、メニュー項目とオプションにおいて OpenPGP という語を使用します。GPG は OpenPGP の実装であり、同じ意味として語を扱えます。
+ </div><div class="para">
+ Enigmail のホームページは <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a> です。
+ </div><div class="para">
+ このページは Enigmail と GPG のアクションのスクリーンショットを提供します: <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">4.2.5.6.1. Enigmail のインストール</h5></div></div></div><div class="para">
+ Enigmail は Fedora リポジトリにおいて利用可能です。コマンドラインで <code class="code">yum install thunderbird-enigmail</code> と入力することで、インストールできます。<code class="code">システム -> 管理 -> ソフトウェアの追加/削除</code>により、<span class="package">thunderbird-enigmail</span> をインストールできます。
+ </div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">4.2.5.7. 公開鍵暗号化について</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
+ </div></li></ol></div></div></div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-General_Principles_of_Information_Security" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第5章 情報セキュリティの一般原則</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. ヒント、ガイドおよびツール</a></span></dt></dl></div><div class="para">
+ 以下の一般原則は良いセキュリティ慣行の概要を提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 中間者攻撃や盗聴を防ぐ助けとするため、ネットワークで転送されるすべてのデータを暗号化します。パスワードのような認証情報を暗号化することは重要です。
+ </div></li><li class="listitem"><div class="para">
+ インストールされているソフトウェアと実行するサービスの量を最小限にします。
+ </div></li><li class="listitem"><div class="para">
+ セキュリティを強化するソフトウェアとツールを使用します。たとえば、強制アクセス制御(MAC)用の Security-Enhanced Linux (SELinux)、パケットフィルタリング(ファイアウォール)用の Netfilter iptables、ファイル暗号化用の GNU Privacy Guard (GnuPG) です。
+ </div></li><li class="listitem"><div class="para">
+ 可能ならば、ある危険にさらされたサービスが他のサービスを危険にさらすために使用されるリスクを最小限にするために、分離されたシステムにおいて各ネットワーク・サービスを実行します。
+ </div></li><li class="listitem"><div class="para">
+ ユーザーアカウントを維持します: 強いパスワードポリシーを作成して強制します; 使用していないユーザーアカウントを削除します
+ </div></li><li class="listitem"><div class="para">
+ システムとアプリケーションのログを定期的にレビューします。デフォルトで、セキュリティ関連のシステムログは <code class="filename">/var/log/secure</code> と <code class="filename">/var/log/audit/audit.log</code> に書き込まれます。注記: 専用のログサーバにログを送ることは、攻撃者が検知を避けるためにローカルのログを容易に修正することを防ぐ助けになります。
+ </div></li><li class="listitem"><div class="para">
+ 絶対に必要になるまで root としてログインしません。管理者は必要なときに root としてコマンドを実行するために <code class="command">sudo</code> を使用することが推奨されます。<code class="command">sudo</code> を実行できるユーザーは <code class="filename">/etc/sudoers</code> で指定されています。<code class="filename">/etc/sudoers</code> ファイルを編集するために <code class="command">visudo</code> ユーティリティを使用します。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. ヒント、ガイドおよびツール</h2></div></div></div><div class="para">
+ アメリカの <a href="http://www.nsa.gov/">National Security Agency (NSA)</a> は、政府機関、ビジネスおよび個人が攻撃に対してシステムをセキュアにするために、多くの異なるオペレーティングシステムに対する強化ガイドとヒントを提供します。以下のガイド(PDF 形式)は Red Hat Enterprise Linux 5 に対する手引きを提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf">Hardening Tips for the Red Hat Enterprise Linux 5</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf">Guide to the Secure Configuration of Red Hat Enterprise Linux 5</a>
+ </div></li></ul></div><div class="para">
+ <a href="http://www.disa.mil/">Defense Information Systems Agency (DISA)</a> は、システムをセキュアにする助けにするために、ドキュメント、チェックリストおよびテストを提供します (<a href="http://iase.disa.mil/index2.html">Information Assurance Support Environment</a>) 。<a href="http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf">UNIX Security Technical Implementation Guide</a> (PDF) は、UNIX セキュリティに対する非常に具体的なガイドです - UNIX と Linux の高度な知識がこのガイドを読む前に推奨されます。
+ </div><div class="para">
+ DISA <a href="http://iase.disa.mil/stigs/downloads/zip/unclassified_unix_checklist_v5r1-26_20100827.zip">UNIX Security Checklist Version 5, Release 1.26</a> は、システムファイルに対する正しい所有者とモードからパッチの制御までわたる、ドキュメントとチェックリストのコレクションを提供します。
+ </div><div class="para">
+ また、DISA は、システム管理者がシステムにおける具体的な設定をチェックできるにする、<a href="http://iase.disa.mil/stigs/SRR/unix.html">UNIX SRR scripts</a> を利用可能にします。これらのスクリプトは、あらゆる既知の脆弱な設定を一覧する XML 形式のレポートを提供します。
+ </div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Secure_Installation" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第6章 セキュアなインストール</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. ディスク・パーティション</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. LUKS パーティション暗号化の利用</a></span></dt></dl></div><div class="para">
+ セキュリティは Fedora をインストールするために CD や DVD をディスクドライブにいれた初めてのときから始まります。初めからシステムをセキュアに設定することにより、後から追加のセキュリティ設定を実装することがより簡単になります。
+ </div><div class="section" id="sect-Security_Guide-Secure_Installation-Disk_Partitions"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. ディスク・パーティション</h2></div></div></div><div class="para">
+ NSA は /boot, /, /home, /tmp, および /var/tmp に対して別々のパーティションを作成することを推奨しています。それぞれの理由は異なりますが、各パーティションに取り組みます。
+ </div><div class="para">
+ /boot - このパーティションは、ブート中にシステムにより読み込まれる最初のパーティションです。システムを Fedora へブートするために使われるブートローダーとカーネルイメージはこのパーティションに保存されます。このパーティションは暗号化すべきではありません。このパーティションが / に含まれていて、そのパーティションが暗号化されているか、もしくは別の理由で利用不能になるならば、システムはブートすることができなくなるでしょう。
+ </div><div class="para">
+ /home - ユーザーデータ (/home) が独立したパーティションの代わりに / に保存されているとき、オペレーティングシステムが不安定になる原因となる、パーティションが一杯になる可能性があります。また、システムを 次のバージョンの Fedora へアップグレードするとき、/home パーティションにあるデータをそのままにしたい場合、インストール中に上書きされないようすることが非常に簡単になります。root パーティション (/) が壊れると、データは永久に失われる可能性があります。このパーティションを頻繁なバックアップの対象にすることもできます。
+ </div><div class="para">
+ /tmp および /var/tmp - /tmp と /var/tmp ディレクトリはどちらも長期間の保存が必要とされないデータを保存するために使われます。しかしながら、これらのディレクトリの1つが多くのデータであふれると、ストレージ空間をすべて消費する可能性があります。これが起こり、これらのディレクトリが / の中に保存されていると、システムが不安定になりクラッシュする可能性があります。このため、これらのディレクトリをそれ自身のパーティションに移動することは良いアイディアです。
+ </div></div><div class="section" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. LUKS パーティション暗号化の利用</h2></div></div></div><div class="para">
+ Fedora 9 以降、<a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">Linux Unified Key Setup-on-disk-format</a>(LUKS) 暗号化の実装はより簡単になってきています。インストール・プロセス中に、パーティションを暗号化するオプションがユーザーへ表示されるでしょう。ユーザーは、パーティションのデータをセキュアにするために使われる、大量の暗号鍵を解除するための鍵となるパスフレーズを供給しなければいけません。
+ </div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Software_Maintenance" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第7ç« ã½ããã¦ã§ã¢ã®ã¡ã³ããã³ã¹</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. æå°éã®ã½ããã¦ã§ã¢ã®ã¤ã³ã¹ãã¼ã«</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. ã»ãã¥ãªãã£ã»ã¢ãããã¼ãã®è¨ç»ã¨è¨å®</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. èªåæ´æ°ã®èª¿æ´</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. ããç¥ããããªãã¸ããªããã®ç
½²åãããããã±ã¼ã¸ã®ã¤ã³ã¹ãã¼ã«</a></span></dt></dl></div><div class="para">
+ ソフトウェアのメンテナンスはセキュアなシステムを維持するために非常に重要です。攻撃者がシステムに侵入するために既知のホールを使用するのを防ぐために、ソフトウェアのパッチが利用可能になり次第できる限り早く適用することは極めて重要です。
+ </div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. 最小限のソフトウェアのインストール</h2></div></div></div><div class="para">
+ コンピュータにあるソフトウェアの各部品が脆弱性を含む可能性があるので、使用するパッケージだけをインストールすることがベストプラクティスです。もし DVD からインストールしているならば、インストール中にインストールしたいパッケージを正確に選択する機会があります。他のパッケージが必要であるとわかったときに、後からいつでもシステムへ追加することができます。
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. セキュリティ・アップデートの計画と設定</h2></div></div></div><div class="para">
+ すべてのソフトウェアはバグを含みます。しばしば、これらのバグはシステムを悪意のあるユーザーにさらす可能性がある脆弱性となります。パッチを当てていないシステムはコンピューターの侵入の一般的な原因となります。侵入できないようそれらの脆弱性をふさぐために、タイムリーにセキュリティ・パッチをインストールする計画を持つべきです。
+ </div><div class="para">
+ 自宅のユーザーにとって、セキュリティ・アップデートはできる限り早くインストールされるべきです。セキュリティ・アップデートの自動インストールの設定は、覚えておかなければいけないのを避けられますが、あるものがシステムにおける設定または他のソフトウェアと競合する原因となる可能性があるというわずかなリスクをもたらします。
+ </div><div class="para">
+ ビジネスや自宅の高度なユーザーにとって、セキュリティ・アップデートは、テストされ、インストールをスケジュールするべきです。パッチがリリースされてからシステムにインストールされるまでの間、システムを保護するために追加のコントロールを使う必要があります。これらのコントロールはその脆弱性に依存しますが、追加のファイアウォール・ルール、外部ファイアウォールの使用、およびソフトウェア設定の変更を含められます。
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. 自動更新の調整</h2></div></div></div><div class="para">
+ Fedora は日次スケジュールですべてのアップデートを適用するよう設定されています。システムがどのようにアップデートをインストールするかを変更したい場合、"ソフトウェア・アップデートの設定" により実施しなければいけません。利用可能なアップデートを適用または通知するために、スケジュールとアップデートの種類を変更できます。
+ </div><div class="para">
+ Gnome では、<code class="code">システム -> 設定 -> ソフトウェアの更新</code>においてアップデートをコントロールできます。KDE では、<code class="code">アプリケーション -> 設定 -> ソフトウェアの更新</code>にあります。
+ </div></div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. よく知られたリポジトリからの署名されたパッケージのインストール</h2></div></div></div><div class="para">
+ ソフトウェア・パッケージはリポジトリを通して公開されます。よく知られたリポジトリはすべてパッケージ署名をサポートしています。パッケージ署名は、リポジトリにより公開されているパッケージが、署名を適用されてから変更されていないことを証明するために、公開鍵の技術を使用します。これにより、パッケージが作成された後ユーザーがダウンロードする前に、悪意を持って変更されているかもしれないソフトウェアに対する保護が提供されます。
+ </div><div class="para">
+ 多く過ぎるリポジトリ、信頼できないリポジトリ、または署名のないパッケージを持つリポジトリを使用することは、システムに悪意または脆弱性のあるコードを取り込むリスクをより高くします。yum やソフトウェアの更新にリポジトリを追加するときに注意してください。
+ </div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-CVE" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第8章 共通脆弱性識別子 CVE</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin">8.1. YUM プラグイン</a></span></dt><dt><span class="section"><a href="#sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. yum-plugin-security の使い方</a></span></dt></dl></div><div class="para">
+ 共通脆弱性識別子または CVE システムは、一般に知られる情報セキュリティの脆弱性と暴露に対する参照方法を提供します。MITRE 社が、アメリカ国土安全保障省のサイバー・セキュリティ部門の資金提供を受け、システムを維持しています。
+ </div><div class="para">
+ MITRE 社はすべての脆弱性と暴露に対して CVE 識別子を割り当てます。1つの CVE が複数のソフトウェアパッケージや複数のベンダーに影響する可能性があるため、ソフトウェアの異なる部分を通して脆弱性を追跡するために使われます。
+ </div><div class="section" id="sect-Security_Guide-CVE-yum_plugin"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin">8.1. YUM プラグイン</h2></div></div></div><div class="para">
+ <span class="package">yum-plugin-security</span> パッケージは Fedora の機能です。もしインストールされていると、このパッケージにより提供される yum モジュールは、yum がセキュリティ関連のアップデートのみを検索するよう制限するために使うことができます。アップデートパッケージにより、どの Red Hat アドバイザリー、Red Hat の Bugzilla データベースにおけるどのバグ、MITRE の CVE ディレクトリのどの CVE 番号を指しているのかに関する情報を提供するためにも使われます。
+ </div><div class="para">
+ これらの機能を有効にすることは、 <code class="command">yum install yum-plugin-security</code> コマンドを実行するくらい簡単です。
+ </div></div><div class="section" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. yum-plugin-security の使い方</h2></div></div></div><div class="para">
+ これが追加した1つ目のサブコマンドは <code class="command">yum list-sec</code> です。これは <code class="command">yum check-update</code> と似ていますが、各アップデートの Red Hat アドバイザリー ID 番号と分類も“enhancement”, “bugfix” または “security” として表示します。:
+ </div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ <code class="command">yum list-sec cves</code> を使うと、Red Hat アドバイザリ ID はアップデートにより示された CVE ID で置き換えられます; <code class="command">yum list-sec bzs</code> を使うと、アドバイザリ ID はアップデートにより示された Red Hat Bugzilla ID で置き換えられます。パッケージが Bugzilla や CVE ID において複数のバグを指していると、パッケージは複数回表示されるかもしれません:
+ </div><div class="para">
+ <code class="command">yum list-sec bzs</code> の出力例:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>387431 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>345101 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Example output of <code class="command">yum list-sec cves</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ <span class="package">yum-plugin-security</span> パッケージにより追加された2つ目の新しいサブコマンドは <code class="command">info-sec</code> です。このサブコマンドは、アドバイザリ番号、CVE または Bugzilla ID を引数としてとり、問題の性質に関する短いテキストの議論またはアドバイザリにより示されている問題を含む、アドバイザリにおける詳細な情報を返します。
+ </div><div class="para">
+ これらの2つの新しい yum サブコマンドに加えて、セキュリティ関連のアップデートのみ、もしくは、特定のアドバイザリやバグに関連したアップデートのみを適用するのを助けるために、新しいオプションが <code class="command">yum update</code> に提供されます。
+ </div><div class="para">
+ すべてのセキュリティ関連のアップデートのみを適用するために:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --security</code></td></tr></table>
+
+ </div><div class="para">
+ Bugzilla バグ 410101 に関連したすべてのアップデートを適用するために:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --bz 410101</code></td></tr></table>
+
+ </div><div class="para">
+ CVE ID CVE-2007-5707 に関連したすべてのアップデートと Red Hat アドバイザリ ID RHSA-2007:1082-5 に関連したすべてのアップデートを適用するために:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5</code></td></tr></table>
+
+ </div><div class="para">
+ これらの新しい機能に関する詳細は <span class="package">yum-plugin-security</span>(8) マニュアルページにドキュメント化されています。
+ </div><div class="para">
+ Fedora セキュリティ・アップデートに関する詳細は、<a href="https://fedoraproject.org/wiki/Security">https://fedoraproject.org/wiki/Security</a> にある Fedora セキュリティページを訪問してください。
+ </div></div></div><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-References" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第9章 参考資料</h2></div></div></div><div class="para">
+ 以下の参考資料は、SELinux と Fedora に関連しますが、このガイドの範囲を越えている追加情報へのポインタです。SELinux の迅速な開発のため、このマテリアルのいくつかは Fedora の特定のリリースに対してのみ適用できるかもしれないことに注意してください。
+ </div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>書籍</h6><dl><dt class="varlistentry"><span class="term">SELinux by Example</span></dt><dd><div class="para">
+ Mayer, MacMillan, and Caplan
+ </div><div class="para">
+ Prentice Hall, 2007
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Tutorials_and_Help"><h6>チュートリアルとヘルプ</h6><dl><dt class="varlistentry"><span class="term">Understanding and Customizing the Apache HTTP SELinux Policy</span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-apache-fc3/">http://fedora.redhat.com/docs/selinux-apache-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Russell Coker のチュートリアルとお話</span></dt><dd><div class="para">
+ <a href="http://www.coker.com.au/selinux/talks/ibmtu-2004/">http://www.coker.com.au/selinux/talks/ibmtu-2004/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Generic Writing SELinux policy HOWTO</span></dt><dd><div class="para">
+ <a href="http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html">http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Red Hat Knowledgebase</span></dt><dd><div class="para">
+ <a href="http://kbase.redhat.com/">http://kbase.redhat.com/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-General_Information"><h6>一般的な情報</h6><dl><dt class="varlistentry"><span class="term">NSA SELinux メイン・ウェブサイト</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/selinux/</a>
+ </div></dd><dt class="varlistentry"><span class="term">NSA SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/faqs.shtml">http://www.nsa.gov/selinux/info/faq.cfm</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-faq-fc3/">http://fedora.redhat.com/docs/selinux-faq-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux NSA's Open Source Security Enhanced Linux (日本語訳 : SELinux システム管理-セキュア OS の基礎と運用)</span></dt><dd><div class="para">
+ <a href="http://www.oreilly.com/catalog/selinux/">http://www.oreilly.com/catalog/selinux/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Technology"><h6>技術</h6><dl><dt class="varlistentry"><span class="term">An Overview of Object Classes and Permissions</span></dt><dd><div class="para">
+ <a href="http://www.tresys.com/selinux/obj_perms_help.html">http://www.tresys.com/selinux/obj_perms_help.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf">http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">Implementing SELinux as a Linux Security Module</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">A Security Policy Configuration for the Security-Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml">http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Community"><h6>コミュニティ</h6><dl><dt class="varlistentry"><span class="term">Fedora SELinux User Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-user-guide/">http://docs.fedoraproject.org/selinux-user-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux Managing Confined Services Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide/">http://docs.fedoraproject.org/selinux-managing-confined-services-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux コミュニティ・ページ</span></dt><dd><div class="para">
+ <a href="http://selinux.sourceforge.net">http://selinux.sourceforge.net</a>
+ </div></dd><dt class="varlistentry"><span class="term">IRC</span></dt><dd><div class="para">
+ irc.freenode.net, #selinux, #fedora-selinux, #security
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-History"><h6>歴史</h6><dl><dt class="varlistentry"><span class="term">Flask の簡単な歴史</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fluke における完全な背景</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
+ </div></dd></dl></div></div><div xml:lang="ja-JP" class="appendix" id="chap-Security_Guide-Encryption_Standards" lang="ja-JP"><div class="titlepage"><div><div><h1 class="title">暗号の標準</h1></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm70220496">A.1. 同期式の暗号</h2></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm72409184">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ 暗号において、Advanced Encryption Standard (AES) はアメリカ政府によって採用された暗号標準です。この標準は、Rijndael として公開された元々のより大きなコレクションから採用された、3つのブロック暗号 AES-128, AES-192 および AES-256 から構成されます。各 AES 暗号は、それぞれキーの大きさ 128, 192 および 256 bit とともに 128-bit のブロックサイズをを持ちます。AES 暗号は詳細に分析されてきて、その前進である Data Encryption Standard (DES) と同様に、今では世界中で使用されています。<sup>[<a id="idm102654864" href="#ftn.idm102654864" class="footnote">15</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm73539568">A.1.1.1. AES の使用</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm82386032">A.1.1.2. AES の歴史</h4></div></div></div><div class="para">
+ AES は、5年間の標準化プロセスの後、2001年11月26日に U.S. FIPS PUB 197 (FIPS 197) として National Institute of Standards and Technology (NIST) によりアナウンスされました。そこでは、Rijndael が最適であると選択される前に、15の競合する設計が提案され、評価されました。2002年5月26日に標準として有効になりました。多くの異なる暗号化パッケージにおいて利用可能です。AES は、初めて一般にアクセス可能であり、トップシークレット情報のために NSA により承認されたオープンな暗号です(以下にある AES のセキュリティを参照してください)。<sup>[<a id="idm80117552" href="#ftn.idm80117552" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ Rijndael は2人のベルギー人暗号学者 Joan Daemon と Vincent Rijmen により開発され、彼らにより AES 選定プロセスへ投稿されました。Rijndael ([rɛindaːl] と発音) は発明者2人の名前のかばん語です。<sup>[<a id="idm93405552" href="#ftn.idm93405552" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm79640928">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ Data Encryption Standard (DES) は、1976年にアメリカに対する公式な Federal Information Processing Standard (FIPS) として National Bureau of Standards により選択され、その後国際的に広く恩恵を受けている、ブロック暗号(共有秘密暗号の形式)です。56-bit 鍵を使用する対称鍵アルゴリズムに基づいています。アルゴリズムは当初、秘密の設計要素、相対的に短い鍵長および National Security Agency (NSA) のバックドアに関する疑惑とともに議論の的になりました。結果として、DES はブロック暗号と暗号解析の現代の知識に動機づけられた学術的な厳しい詳細な調査を受けました。<sup>[<a id="idm91005776" href="#ftn.idm91005776" class="footnote">18</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm91454704">A.1.2.1. DES の</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm82341264">A.1.2.2. DES の歴史</h4></div></div></div><div class="para">
+ DESは今や多くのアプリケーションに対して安全ではないと考えられています。おもに 56-bit 鍵の大きさが小さすぎることによります; 1999年1月、distributed.net と Electronic Frontier Foundation は公に協力して、DES 鍵を22時間15分で解読しました(年表参照)。また、実際には実装できませんが、暗号において理論的に弱いことが説明されるという、いくつかの解析的な結論があります。理論的な攻撃があるにも関わらず、アルゴリズムは 3-DES の形でほとんど安全であると考えられています。近年、暗号は Advanced Encryption Standard (AES) に置き換えられてきています。<sup>[<a id="idm82339408" href="#ftn.idm82339408" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ いくつかのドキュメントにおいて、標準としての DES と DEA (the Data Encryption Algorithm) として参照される DES アルゴリズムを区別しています。発音されるとき、"DES" は、省略形としてスペルされたものとしても (/ˌdiːˌiːˈɛs/) 、1音節の略語としても (/ˈdɛz/) 発音されます。<sup>[<a id="idm88150544" href="#ftn.idm88150544" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm88821296">A.2. 公開鍵暗号</h2></div></div></div><div class="para">
+ 公開鍵暗号は、多くの暗号アルゴリズムと暗号化システムにより採用されている、暗号的なアプローチです。その際立った特徴は、対象の鍵アルゴリズムの代わりに、またはそれに加えて、非対称の鍵アルゴリズムを使用することです。公開鍵-秘密鍵暗号の技術を使用することで、以前は知られていなかった、コミュニケーションや認証メッセージを保護する多くの方法が実用的になりました。対称鍵アルゴリズムを使うときに必要となるような、1つかそれより多い秘密鍵の始めの安全な交換が必要なくなりました。電子署名を作成するためにも使用されます。<sup>[<a id="idm62886048" href="#ftn.idm62886048" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ 公開鍵暗号は、世界中で基本的かつ広範囲に使用される技術です。また、Transport Layer Security (TLS) (SSL の後継), PGP および GPG のようなインターネット標準として基礎となるアプローチです。<sup>[<a id="idm5028400" href="#ftn.idm5028400" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ 公開鍵暗号において使用される特徴的な技術は非対称の鍵アルゴリズムの使用です。ここで、メッセージを暗号化するために使われる鍵は、復号するために使われる鍵を同じではありません。各ユーザーは、一組の暗号鍵— 公開鍵と秘密鍵を持ちます。公開鍵が広く配布されるかもしれないのに対して、秘密鍵は秘密にしておきます。メッセージは受信者の公開鍵で暗号化され、対応する秘密鍵でのみ復号することができます。鍵は数学的に関連していますが、秘密鍵は公開鍵からうまく導くことができません(つまり、実際のまたは計画された実践)。1970年代半ばに始まった暗号の実践の変革をもたらす、そのようなアルゴリズムを発見しました。<sup>[<a id="idm79075216" href="#ftn.idm79075216" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ 対照的に、数千年の間使用されてきたバリエーションである、対称鍵暗号は、暗号化と復号のために送信者と受信者により共有される1つの秘密鍵(プライベートに保たなければいけない、このように共通の用語の曖昧さの原因であるもの)を使用します。対称の暗号化スキーマを使用するために、送信者と受信者が前もって安全に鍵を共有しなければいけません。<sup>[<a id="idm87545584" href="#ftn.idm87545584" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ 対称鍵アルゴリズムがほとんど常に計算的に集約的であるので、鍵交換アルゴリズムを用いて鍵を交換して、その鍵と対称鍵アルゴリズムを用いてデータを転送します。たとえば、PGP、およびスキームの SSL/TLS ファミリーはこれをします。結果としてハイブリッド暗号システムと呼ばれます。<sup>[<a id="idm87894064" href="#ftn.idm87894064" class="footnote">25</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm98829024">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Diffie–Hellman 鍵交換 (D–H) は、お互いに事前に知識を持たない2者が、安全ではないコミュニケーション・チャネル上で共有の秘密鍵を共同で確立できるようにする、暗号のプロトコルです。そして、この鍵は対称鍵暗号を用いて以降のコミュニケーションを暗号化するために使用されます。<sup>[<a id="idm98827520" href="#ftn.idm98827520" class="footnote">26</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm73999120">A.2.1.1. Diffie-Hellman の歴史</h4></div></div></div><div class="para">
+ スキーマは1976年に Whitfield Diffie と Martin Hellman により初めて公開されました。しかしながら後から、GCHQ の British signals intelligence agency の中で Malcolm J. Williamson によりまったく別に数年早く発明されていたが、秘密にされていたことがわかりました。2002年、Hellman は、公開鍵暗号の発明に対する貢献を認めて Diffie–Hellman–Merkle 鍵交換と呼ばれるアルゴリズムを提案しました(Hellman, 2002)。<sup>[<a id="idm98877552" href="#ftn.idm98877552" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Diffie–Hellman 鍵合意それ自身は、匿名の(認証されない)鍵合意プロトコルであるにも関わらず、いろいろな認証されたプロトコルに対する基礎を提供し、Transport Layer Security の超短期モード (暗号スイートに依存して EDH または DHE として参照されます)において、完全な順方向の秘密を提供するために使用されます。<sup>[<a id="idm88234688" href="#ftn.idm88234688" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ U.S. Patent 4,200,770 (現在、失効) は、アルゴリズムが説明されていて、発明者として Hellman, Diffie と Merkle がクレジットされています。<sup>[<a id="idm12202160" href="#ftn.idm12202160" class="footnote">29</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm12199664">A.2.2. RSA</h3></div></div></div><div class="para">
+ 暗号学において、RSA (初めて公的にそれを説明した Rivest, Shamir および Adleman を意味します。以下参照。) は公開鍵暗号のアルゴリズムです。それは、暗号と同様に署名にも適しているとして知られる最初のアルゴリズムで、公開鍵暗号において始めての大きな優位性の1つでした。RSA は、電子商取引のプロトコルにおいて広く使用され、十分に長い鍵が与えられ、更新の実装が使われていて、安全であると考えれらています。<sup>[<a id="idm98833264" href="#ftn.idm98833264" class="footnote">30</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm96109120">A.2.3. DSA</h3></div></div></div><div class="para">
+ Digital Signature Algorithm (DSA) は電子署名に対する United States Federal Government standard または FIPS です。Digital Signature Standard (DSS) で使用するために、1991年8月に National Institute of Standards and Technology (NIST) により提案され、FIPS 186 で指定され、1993年に適用されました。わずかな改訂が FIPS 186-1 として1996年に発行されました。この標準は、さらに FIPS 186-2 として2000年に、再び FIPS 186-3 として2009年に、拡張されました。<sup>[<a id="idm96107472" href="#ftn.idm96107472" class="footnote">31</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm67320000">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ Transport Layer Security (TLS) とその前進である Secure Socket Layer (SSL) は、インターネットのようなネットワークにおけるコミュニケーションに対してセキュリティを提供する暗号プロトコルです。TLS と SSL は、エンドからエンドへのトランスポート層におけるネットワーク接続のセグメントを暗号化します。プロトコルのいくつかのバージョンは、ウェブ閲覧、電子メール、インターネット FAX、インスタント・メッセージおよび voice-over-IP (VoIP) のようなアプリケーションにおいて広く使われます。TLS は IETF 標準トラックプロトコルです。それは、Netscape 社により開発された以前の SSL 仕様に基づいた、RFC 5246 で最終更新されました。
+ </div><div class="para">
+ TLS プロトコルは、クライアント/サーバーのアプリケーションが、盗聴や改ざんを防ぐために設計された方法で、ネットワークを越えたコミュニケーションできるようにします。TLS は暗号を用いてインターネット上でエンドポイント認証と通信の秘密を提供します。TLS は 1024 bit および 2048 bit 強度を持つ RSA セキュリティを提供します。
+ </div><div class="para">
+ 一般的なエンドユーザー/ブラウザの使い方において、TLS 認証は一方的です: サーバーのみが認証されます(クライアントはサーバーのアイデンティティを知っています)が、逆は真ではありません(クライアントは認証されないか、匿名のままです)。
+ </div><div class="para">
+ TLS はより安全な相互接続モード(一般的にエンタープライズ・アプリケーションで使われます)もサポートします。それは、"対話" の両端が誰とコミュニケーションしているか保証できます(それらが相手方の証明書にあるアイデンティティ情報を入念に精査することが提供されます)。これは相互認証または 2SSL として知られています。相互認証は、TLS のクライアント側も証明書を持つ必要があります(一般にエンドユーザー/ブラウザのシナリオの場合ではありません)。TLS-PSK、Secure Remote Password (SRP) プロトコルまたはいくつかの他のプロトコルが使われている場合を除き、証明書なしで強力な相互認証を提供できます。
+ </div><div class="para">
+ 一般的に、TLS に対して不可欠な鍵情報と証明書は X.509 証明書(必要なフィールドとデータのフォーマットを定義します)の形式で取り扱われます。
+ </div><div class="para">
+ SSL は近代的な流儀で機能します。上位・下位互換およびピア間のネゴシエーションに対するサポートとともに、設計により拡張可能です。\n<sup>[<a id="idm9752800" href="#ftn.idm9752800" class="footnote">32</a>]</sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm87972224">A.2.5. Cramer-Shoup 暗号システム</h3></div></div></div><div class="para">
+ Cramer–Shoup システムは非対称暗号アルゴリズムです。そして、標準的な暗号推測を用いた適応的選択暗号文攻撃に対して安全であると証明された、初めての効果的なスキーマでした。そのセキュリティは、決定的 Diffie–Hellman 仮定の計算的な難しさ(広く考えられていますが、証明されていません)に基づいています。1998年に Ronald Cramer と Victor Shoup により開発された、Elgamal 暗号の拡張です。極めて柔軟である Elgamal と比べて、Cramer–Shoup は資源の豊富な攻撃者に対してさえも柔軟ではないことを確定する追加の要素を追加しました。この非柔軟性は、衝突耐性のあるハッシュ機能と追加の計算の使用により達成されました。結果として Elgamal の2倍の暗号文になりました。<sup>[<a id="idm87971168" href="#ftn.idm87971168" class="footnote">33</a>]</
sup>
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm56441328">A.2.6. ElGamal 暗号</h3></div></div></div><div class="para">
+ 暗号学において、ElGamal 暗号システムは Diffie-Hellman 鍵合意に基づいた公開鍵暗号に対する非対称鍵暗号アルゴリズムです。1985年に Taher Elgamal により説明されました。[1] Elgamal 暗号は、フリーの GNU Privacy Guard ソフトウェア、最近のバージョンの PGP および他の暗号システムにおいて使用されています。Digital Signature Algorithm は ElGamal 署名スキーマ(ElGamal 暗号と混同してはいけません)の変種です。<sup>[<a id="idm56439680" href="#ftn.idm56439680" class="footnote">34</a>]</sup>
+ </div></div></div><div class="footnotes"><br /><hr width="100" align="left" /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm102654864" href="#idm102654864" class="para">15</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm80117552" href="#idm80117552" class="para">16</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm93405552" href="#idm93405552" class="para">17</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm91005776" href="#idm91005776" class="para">18</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm82339408" href="#idm82339408" class="para">19</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm88150544" href="#idm88150544" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm62886048" href="#idm62886048" class="para">21</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm5028400" href="#idm5028400" class="para">22</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm79075216" href="#idm79075216" class="para">23</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm87545584" href="#idm87545584" class="para">24</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm87894064" href="#idm87894064" class="para">25</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm98827520" href="#idm98827520" class="para">26</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm98877552" href="#idm98877552" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm88234688" href="#idm88234688" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm12202160" href="#idm12202160" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm98833264" href="#idm98833264" class="para">30</a>] </sup>
+ "RSA" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/RSA">http://en.wikipedia.org/wiki/RSA</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm96107472" href="#idm96107472" class="para">31</a>] </sup>
+ "Digital Signature Algorithm" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">http://en.wikipedia.org/wiki/Digital_Signature_Algorithm</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm9752800" href="#idm9752800" class="para">32</a>] </sup>
+ "Transport Layer Security" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">http://en.wikipedia.org/wiki/Transport_Layer_Security</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm87971168" href="#idm87971168" class="para">33</a>] </sup>
+ "Cramer–Shoup cryptosystem" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem">http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idm56439680" href="#idm56439680" class="para">34</a>] </sup>
+ "ElGamal encryption" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/ElGamal_encryption">http://en.wikipedia.org/wiki/ElGamal_encryption</a>
+ </div></div></div></div><div xml:lang="ja-JP" class="appendix" id="appe-Publican-Revision_History" lang="ja-JP"><div class="titlepage"><div><div><h1 class="title">改訂履歴</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><strong>改訂履歴</strong></th></tr><tr><td align="left">改訂 18.0-1</td><td align="left">Sat October 6 2012</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>基本的な強化の章を修正しました (BZ 841825 および 693620)。</td></tr><tr><td>LUKS のリンク切れを修正しました (BZ 846299)。</td></tr><tr><td>7 Zip の章に GUI のセクションを追加しました (BZ 854781)。</td></tr><tr><td>yum-plugin-security の章を修正しました (BZ 723282)。</td></tr><tr><td>GPG CLI コマンド画面を修正しました (BZ 590493)。</td></tr><tr><td>Yubikey のセクションを改善しました (BZ 644238)。</td></tr><tr><td>誤字を修正しました (BZ 863636)。</td></tr><tr><td>いくつかの章において wiki のマークアップを削除しました。</td></tr><tr><td>Seahorse の説明を更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 17.0-1</td><td align="left">Tue January 24 2012</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 17 向けブランチ。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 16.0-1</td><td align="left">Fri September 09 2011</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 16 用に分岐しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.3-1</td><td align="left">Sat Apr 02 2011</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>VPN テキストを暗号の章に移動しておよび再フォーマットしました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.2-1</td><td align="left">Wed Oct 20 2010</td><td align="left"><span class="author"><span class="surname">Oglesby</span> <span class="firstname">Zach</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ローカル認証とともに Fedora において Yubikey を使用するためにテキストを追加しました。 (BZ 644999)</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.2-0</td><td align="left">Fri Oct 6 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ドキュメントのソースにあるすべての変数を削除しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.1-2</td><td align="left">Fri Oct 1 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>DISA Unix Checklist へのリンクと更新されたリンクを訂正しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.1-1</td><td align="left">Wed Jul 8 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE の章を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.0-1</td><td align="left">Fri May 28 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 14 用に分岐しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-7</td><td align="left">Fri May 14 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>bug 591980 により 7-zip の章から "バグ" のあるテキストを削除しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-6</td><td align="left">Wed Apr 14 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>暗号標準の付録を完成させました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>"Alpine での GPG の使用" を追加しました。</td></tr><tr><td>"Evolution での GPG の使用" を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>パラグラフにおいて翻訳できないテキストに関する問題を修復しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 12 に見られる PackageKit の脆弱性のテキストを削除しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ドキュメントの最後に改訂履歴を追加しました。</td></tr><tr><td>暗号標準の付録を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 の分岐をしました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>再びセクション "ローカルユーザーが信頼されるパッケージをインストールするかもしれません" を最新の修正へと更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>セクション "ローカルユーザーが信頼されるパッケージをインストールするかもしれません" を最新の修正へと更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>セクション "ローカルユーザーが信頼されるパッケージをインストールするかもしれません" を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Wikipedia から暗号標準の付録へと情報を追加しました。</td></tr><tr><td>7-zip 部分の開発における役割に対して執筆者ページに Adam Ligas を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ライセンスを CC-BY-SA に更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Bug 515043 に関連した問題を修正しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>SPEC におけるベンダ情報を修復しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="surname">Release Engineering</span> <span class="firstname">Fedora</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild のために再構築しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>spec における BUILDREQUIRES へと "desktop-file-utils" を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>rhel 固有事項を削除して、ドラフトの大まかなレビューと削除をして、プッシュの準備ができました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>多くの軽微な修正。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>既存/古いスクリーンショットを F11 の新しいものに置き換えました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 9 の LUKS 固有事項を以降のリリースも同様に含めるよう修正しました。</td></tr><tr><td>参考資料セクションにおける 404 を修正しました、おもに無効な NSA リンクです。</td></tr><tr><td>フォーマットの軽微な変更をしました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>失われたファイアウォールのスクリーンショットを修正しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>検証の間に不適切であることがわかった項目を修正しました。多くの Red Hat の参考資料は Fedora の参考資料に変更されました。</td></tr></table>
+
+ </td></tr></table></div>
+ </div></div></div></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/common.css b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..d7dc3f2
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/common.css
@@ -0,0 +1,1528 @@
+* {
+ widows: 2 !important;
+ orphans: 2 !important;
+}
+
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+ line-height: 1.29em;
+}
+
+body {
+ background-color: white;
+ margin:0 auto;
+ font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+ font-size:12px;
+ max-width:55em;
+ color:black;
+}
+
+body.toc_embeded {
+ /*for web hosting system only*/
+ margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+ /*for web hosting system only*/
+ border-style:none;
+ position:fixed;
+ width:290px;
+ height:99.99%;
+ top:0;
+ left:0;
+ z-index: 100;
+ border-style:none;
+ border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+ margin-left: 3em;
+}
+
+iframe.notoc {
+ border-style:none;
+ border: none;
+ padding: 0em;
+ position:fixed;
+ width: 21px;
+ height: 29px;
+ top: 0px;
+ left:0;
+ overflow: hidden;
+ margin: 0em;
+ margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+ margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+ display:block;
+ width:24em;
+ height:99%;
+ position:fixed;
+ overflow:auto;
+ top:0px;
+ left:0px;
+ padding-left:1em;
+ background-color:#EEEEEE;
+}
+
+.toc {
+ line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+ margin-top:1em;
+}
+
+.toc .part {
+ margin-top:1em;
+ display:block;
+}
+
+span.glossary,
+span.appendix {
+ display:block;
+ margin-top:0.5em;
+}
+
+div {
+ padding-top:0px;
+}
+
+div.section {
+ padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+ padding-top:0px;
+ margin-top:0.3em;
+ padding-bottom:0px;
+ margin-bottom:1em;
+}
+
+/*Links*/
+a {
+ outline: none;
+}
+
+a:link {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#3366cc;
+}
+
+a:visited {
+ text-decoration:none;
+ border-bottom: 1px dotted ;
+ color:#003366;
+}
+
+div.longdesc-link {
+ float:right;
+ color:#999;
+}
+
+.toc a, .qandaset a {
+ font-weight:normal;
+ border:none;
+}
+
+.toc a:hover, .qandaset a:hover
+{
+ border-bottom: 1px dotted;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+ color: #336699;
+ margin-top: 0em;
+ margin-bottom: 0em;
+ background-color: transparent;
+ page-break-inside: avoid;
+ page-break-after: avoid;
+}
+
+h1 {
+ font-size:2.0em;
+}
+
+.titlepage h1.title {
+ font-size: 3.0em;
+ padding-top: 1em;
+ text-align:left;
+}
+
+.book > .titlepage h1.title {
+ text-align:center;
+}
+
+.article > .titlepage h1.title {
+ text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+ text-align:center;
+}
+
+.producttitle {
+ margin-top: 0em;
+ margin-bottom: 0em;
+ font-size: 3.0em;
+ font-weight: bold;
+ background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+ color: white;
+ text-align: center;
+ padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+ margin-top: 1em;
+ text-align: center;
+}
+
+.section h1.title {
+ font-size: 1.6em;
+ padding: 0em;
+ color: #336699;
+ text-align: left;
+ background: white;
+}
+
+h2 {
+ font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+.appendix h2 {
+ margin-top: 1em;
+ font-size: 2.0em;
+}
+
+
+
+h3 {
+ font-size:1.3em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+h4 {
+ font-size:1.1em;
+ padding-top:0em;
+ padding-bottom:0em;
+}
+
+h5 {
+ font-size:1em;
+}
+
+h6 {
+ font-size:1em;
+}
+
+h5.formalpara {
+ font-size:1em;
+ margin-top:2em;
+ margin-bottom:.8em;
+}
+
+.abstract h6 {
+ margin-top:1em;
+ margin-bottom:.5em;
+ font-size:2em;
+}
+
+/*element rules*/
+hr {
+ border-collapse: collapse;
+ border-style:none;
+ border-top: 1px dotted #ccc;
+ width:100%;
+ margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+ display:inline;
+ padding:0em;
+}
+
+.languages li a {
+ padding:0em .5em;
+ text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+ display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+ color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+ color:black;
+}
+
+ul.languages {
+ display:block;
+ background-color:#eee;
+ padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+ position:relative;
+}
+
+.versions li {
+ width:100%;
+ clear:both;
+ display:block;
+}
+
+a.version {
+ font-size:2em;
+ text-decoration:none;
+ width:100%;
+ display:block;
+ padding:1em 0em .2em 0em;
+ clear:both;
+}
+
+a.version:before {
+ content:"Version";
+ font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+ color:#666;
+}
+
+a.version:focus, a.version:hover {
+ color:black;
+}
+
+.books {
+ display:block;
+ position:relative;
+ clear:both;
+ width:100%;
+}
+
+.books li {
+ display:block;
+ width:200px;
+ float:left;
+ position:relative;
+ clear: none ;
+}
+
+.books .html {
+ width:170px;
+ display:block;
+}
+
+.books .pdf {
+ position:absolute;
+ left:170px;
+ top:0px;
+ font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+ color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+ color:#000;
+}
+
+.books li a {
+ text-decoration:none;
+}
+
+.books li a:hover {
+ color:black;
+}
+
+/*products*/
+.products li {
+ display: block;
+ width:300px;
+ float:left;
+}
+
+.products li a {
+ width:300px;
+ padding:.5em 0em;
+}
+
+.products ul {
+ clear:both;
+}
+
+/*revision history*/
+.revhistory {
+ display:block;
+}
+
+.revhistory table {
+ background-color:transparent;
+ border-color:#fff;
+ padding:0em;
+ margin: 0;
+ border-collapse:collapse;
+ border-style:none;
+}
+
+.revhistory td {
+ text-align :left;
+ padding:0em;
+ border: none;
+ border-top: 1px solid #fff;
+ font-weight: bold;
+}
+
+.revhistory .simplelist td {
+ font-weight: normal;
+}
+
+.revhistory .simplelist {
+ margin-bottom: 1.5em;
+ margin-left: 1em;
+}
+
+.revhistory table th {
+ display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+ clear:both;
+ text-align: center;
+}
+
+h3.author {
+ margin: 0em;
+ padding: 0em;
+ padding-top: 1em;
+}
+
+.authorgroup h4 {
+ padding: 0em;
+ margin: 0em;
+ padding-top: 1em;
+ margin-top: 1em;
+}
+
+.author,
+.editor,
+.translator,
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
+}
+
+.othercredit h3 {
+ padding-top: 1em;
+}
+
+
+.othercredit {
+ margin:0em;
+ padding:0em;
+}
+
+.releaseinfo {
+ clear: both;
+}
+
+.copyright {
+ margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+ margin-bottom:1em;
+ border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+ border-bottom:1px dotted #ccc;
+}
+
+.question {
+ font-weight:bold;
+}
+
+.answer .data, .question .data {
+ padding-left: 2.6em;
+}
+
+.answer label, .question label {
+ float:left;
+ font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+ color: #0000ff;
+}
+
+.perl_BaseN {
+ color: #007f00;
+}
+
+.perl_BString {
+ color: #5C3566;
+}
+
+.perl_Char {
+ color: #ff00ff;
+}
+
+.perl_Comment {
+ color: #FF00FF;
+}
+
+
+.perl_DataType {
+ color: #0000ff;
+}
+
+
+.perl_DecVal {
+ color: #00007f;
+}
+
+
+.perl_Error {
+ color: #ff0000;
+}
+
+
+.perl_Float {
+ color: #00007f;
+}
+
+
+.perl_Function {
+ color: #007f00;
+}
+
+
+.perl_IString {
+ color: #5C3566;
+}
+
+
+.perl_Keyword {
+ color: #002F5D;
+}
+
+
+.perl_Operator {
+ color: #ffa500;
+}
+
+
+.perl_Others {
+ color: #b03060;
+}
+
+
+.perl_RegionMarker {
+ color: #96b9ff;
+}
+
+
+.perl_Reserved {
+ color: #9b30ff;
+}
+
+
+.perl_String {
+ color: #5C3566;
+}
+
+
+.perl_Variable {
+ color: #0000ff;
+}
+
+
+.perl_Warning {
+ color: #0000ff;
+}
+
+/*Lists*/
+ul {
+ padding-left:1.6em;
+ list-style-image:url(../images/dot.png);
+ list-style-type: circle;
+}
+
+ul ul {
+ list-style-image:url(../images/dot2.png);
+ list-style-type: circle;
+}
+
+ol {
+ list-style-image:none;
+ list-style-type: decimal;
+}
+
+ol ol {
+ list-style-type: lower-alpha;
+}
+
+ol.arabic {
+ list-style-type: decimal;
+}
+
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
+dt {
+ font-weight:bold;
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+dd {
+ margin:0em;
+ margin-left:2em;
+ padding-top:0em;
+ padding-bottom: 1em;
+}
+
+li {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.4em;
+}
+
+li p, li div.para {
+ padding-top:0px;
+ margin-top:0em;
+ padding-bottom:0px;
+ margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+ display:block;
+ margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+ display:inline;
+ margin:0em;
+}
+
+.figure img {
+ display:block;
+ margin:0;
+ page-break-inside: avoid;
+}
+
+.figure .title {
+ margin:0em;
+ margin-bottom:2em;
+ padding:0px;
+}
+
+/*document modes*/
+.confidential {
+ background-color:#900;
+ color:White;
+ padding:.5em .5em;
+ text-transform:uppercase;
+ text-align:center;
+}
+
+.longdesc-link {
+ display:none;
+}
+
+.longdesc {
+ display:none;
+}
+
+.prompt {
+ padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+ font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight: bold;
+ white-space: nowrap;
+}
+
+.example {
+ background-color: #ffffff;
+ border-left: 3px solid #aaaaaa;
+ padding-top: 1em;
+ padding-bottom: 0.1em;
+}
+
+.example h6 {
+ padding-left: 10px;
+}
+
+.example-contents {
+ padding-left: 10px;
+ background-color: #ffffff;
+}
+
+.example-contents .para {
+/* padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput,
+.option {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+.replaceable {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+ font-weight: inherit;
+}
+
+pre {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+ display:block;
+ background-color: #f5f5f5;
+ color: #000000;
+ border: 1px solid #aaaaaa;
+ margin-bottom: 0.3em;
+ padding:.5em 1em;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+ font-size: 0.9em;
+}
+
+pre .replaceable,
+pre .keycap {
+}
+
+code {
+ font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+/* white-space: nowrap;*/
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-weight:bold;
+}
+
+.parameter code {
+ display: inline;
+ white-space: pre-wrap; /* css-3 */
+ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+ content:url(../images/warning.png);
+ padding-left: 5px;
+}
+
+div.note:before {
+ content:url(../images/note.png);
+ padding-left: 5px;
+}
+
+div.important:before {
+ content:url(../images/important.png);
+ padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+ color: black;
+ margin: 0em;
+ padding: 0em;
+ background: none;
+ background-color: white;
+ margin-bottom: 1em;
+ border-bottom: 1px solid #aaaaaa;
+ page-break-inside: avoid;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+ margin: 0em;
+ padding: 0em;
+ color: #eeeeec;
+ padding-top: 0px;
+ padding-bottom: 0px;
+ height: 1.4em;
+ line-height: 1.4em;
+ font-size: 1.4em;
+ display:inline;
+}
+
+div.admonition_header {
+ clear: both;
+ margin: 0em;
+ padding: 0em;
+ margin-top: -3.3em;
+ padding-left: 58px;
+ line-height: 1.0em;
+ font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+ background: url(../images/red.png) top left repeat-x;
+ background-color: #590000;
+}
+
+div.note div.admonition_header {
+ background: url(../images/green.png) top right repeat-x;
+ background-color: #597800;
+}
+
+div.important div.admonition_header {
+ background: url(../images/yellow.png) top right repeat-x;
+ background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+ padding: 0em;
+ margin: 0em;
+}
+
+div.admonition {
+ border: none;
+ border-left: 1px solid #aaaaaa;
+ border-right: 1px solid #aaaaaa;
+ padding:0em;
+ margin:0em;
+ padding-top: 1.5em;
+ padding-bottom: 1em;
+ padding-left: 2em;
+ padding-right: 1em;
+ background-color: #eeeeec;
+ -moz-border-radius: 0px;
+ -webkit-border-radius: 0px;
+ border-radius: 0px;
+}
+
+/*Page Title*/
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
+}
+
+#title a.left{
+ display:inline;
+ border:none;
+}
+
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
+ padding-bottom:1em;
+}
+
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+ margin-top:.7em;
+}
+
+/*Table*/
+div.table {
+ page-break-inside: avoid;
+}
+
+table {
+ border:1px solid #6c614b;
+ width:100%;
+ border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+ border-style: none;
+}
+
+table th {
+ text-align:left;
+ background-color:#6699cc;
+ padding:.3em .5em;
+ color:white;
+}
+
+table td {
+ padding:.15em .5em;
+}
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
+ margin-top:0em;
+ padding-top:0em;
+ display:inline;
+}
+
+th, td {
+ border-style:none;
+ vertical-align: top;
+ border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+ border: none;
+}
+
+table table td {
+ border-bottom:1px dotted #aaa;
+ background-color:white;
+ padding:.6em 0em;
+}
+
+table table {
+ border:1px solid white;
+}
+
+td.remarkval {
+ color:#444;
+}
+
+td.fieldval {
+ font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+ color:white;
+ font-weight:bold;
+ background-color:#999;
+ width:120px;
+}
+
+td.remarkval {
+ width:230px;
+}
+
+td.tname {
+ font-weight:bold;
+}
+
+th.dbfield {
+ width:120px;
+}
+
+th.dbtype {
+ width:70px;
+}
+
+th.dbdefault {
+ width:70px;
+}
+
+th.dbnul {
+ width:70px;
+}
+
+th.dbkey {
+ width:70px;
+}
+
+span.book {
+ margin-top:4em;
+ display:block;
+ font-size:11pt;
+}
+
+span.book a{
+ font-weight:bold;
+}
+span.chapter {
+ display:block;
+ margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+ border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+ content:" ";
+}
+
+#breadcrumbs {
+ color:#900;
+ padding:3px;
+ margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+ margin-left:0;
+ padding-left:0;
+ display:inline;
+ border:none;
+}
+
+#breadcrumbs ul li {
+ margin-left:0;
+ padding-left:2px;
+ border:none;
+ list-style:none;
+ display:inline;
+}
+
+#breadcrumbs ul li:before {
+ content:"\0020 \0020 \0020 \00BB \0020";
+ color:#333;
+}
+
+/*index*/
+.glossary h3,
+.index h3 {
+ font-size: 2em;
+ color:#aaa;
+ margin:0em;
+}
+
+.indexdiv {
+ margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+ color:#444;
+ padding-top:.5em;
+}
+
+.glossary dl dl dt,
+.index dl dl dt {
+ color:#777;
+ font-weight:normal;
+ padding-top:0em;
+}
+
+.index dl dl dt:before {
+ content:"- ";
+ color:#ccc;
+}
+
+/*changes*/
+.footnote {
+ font-size: .7em;
+ margin:0em;
+ color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+ color:#999;
+ margin:0em;
+ padding:0em;
+ line-height: .4em;
+ font-size: 1em;
+ padding-left:0em;
+}
+
+.footnote {
+ position:relative;
+}
+
+.footnote sup {
+ color:#e3dcc0;
+ position:absolute;
+ left: .4em;
+}
+
+.footnote sup a:link,
+.footnote sup a:visited {
+ color:#92917d;
+ text-decoration:none;
+}
+
+.footnote:hover sup a {
+ text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+ padding-left:2em;
+}
+
+.footnote a:link,
+.footnote a:visited {
+ color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+ margin-top:3em;
+ page-break-inside: avoid;
+}
+
+div.preface {
+ page-break-inside: avoid;
+}
+
+div.section {
+ margin-top:1em;
+ page-break-inside: auto;
+}
+
+div.note .replaceable,
+div.important .replaceable,
+div.warning .replaceable,
+div.note .keycap,
+div.important .keycap,
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+ margin-bottom:0em;
+ padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+ border:none;
+ text-decoration:none;
+ font-weight:normal;
+}
+
+.docnav {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ position:relative;
+ width:100%;
+ padding-bottom:2em;
+ padding-top:1em;
+ border-top:1px dotted #ccc;
+}
+
+.docnav li {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+ display:inline;
+ font-size:.8em;
+}
+
+.docnav li:before {
+ content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+ position:absolute;
+ top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+ margin:0em 1.5em;
+}
+
+.docnav li.previous {
+ left:0px;
+ text-align:left;
+}
+
+.docnav li.next {
+ right:0px;
+ text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+ height:22px;
+ display:block;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+.docnav li.next a strong {
+ background: url(../images/stock-go-forward.png) top right no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-right:28px;
+ font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+ background: url(../images/stock-go-back.png) top left no-repeat;
+ padding-top:3px;
+ padding-bottom:4px;
+ padding-left:28px;
+ padding-right:0.5em;
+ font-size:1.2em;
+}
+
+.docnav li.home a strong {
+ background: url(../images/stock-home.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav li.up a strong {
+ background: url(../images/stock-go-up.png) top left no-repeat;
+ padding:5px;
+ padding-left:28px;
+ font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+ color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+ color:black;
+}
+
+.docnav a {
+ max-width: 10em;
+ overflow:hidden;
+}
+
+.docnav a:link strong {
+ text-decoration:none;
+}
+
+.docnav {
+ margin:0 auto;
+ text-align:center;
+}
+
+ul.docnav {
+ margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.reports li{
+ margin:0em;
+ padding:0em;
+}
+
+.reports li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.reports dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+ max-width:57em ;
+ padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+ display:block;
+ float:left;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ height:1em;
+}
+
+div.progress span {
+ height:1em;
+ float:left;
+}
+
+div.progress span.translated {
+ background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+ background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+ list-style:none;
+ margin:0em;
+ padding:0em;
+}
+
+.results li{
+ margin:0em;
+ padding:0em;
+}
+
+.results li.odd {
+ background-color: #eeeeee;
+ margin:0em;
+ padding:0em;
+}
+
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
+}
+
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
+}
+
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
+}
+
+.results h2, .results h3 {
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
+}
+
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+ -moz-border-radius:11px;
+ -webkit-border-radius:11px;
+ border-radius: 11px;
+ page-break-inside: avoid;
+}
+
+.example {
+ -moz-border-radius:0px;
+ -webkit-border-radius:0px;
+ border-radius: 0px;
+ page-break-inside: avoid;
+}
+
+.package, .citetitle {
+ font-style: italic;
+}
+
+.titlepage .edition {
+ color: #336699;
+ background-color: transparent;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ font-size: 1.4em;
+ font-weight: bold;
+ text-align: center;
+}
+
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
+}
+
+
+.strikethrough {
+ text-decoration: line-through;
+}
+
+.underline {
+ text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+ padding: 0em;
+ margin: 0em;
+ width: 12pt;
+ display: inline;
+ vertical-align: middle;
+}
+
+.stepalternatives {
+ list-style-image: none;
+ list-style-type: none;
+}
+
+
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/default.css b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/default.css
new file mode 100644
index 0000000..bf38ebb
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/default.css
@@ -0,0 +1,3 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/lang.css b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..057be29
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,51 @@
+a:link {
+ color:#0066cc;
+}
+
+a:hover, a:active {
+ color:#003366;
+}
+
+a:visited {
+ color:#6699cc;
+}
+
+
+h1 {
+ color:#3c6eb4
+}
+
+.producttitle {
+ background: #3c6eb4 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+ color:#3c6eb4;
+}
+
+
+h2,h3,h4,h5,h6 {
+ color:#3c6eb4;
+}
+
+table {
+ border:1px solid #3c6eb4;
+}
+
+table th {
+ background-color:#3c6eb4;
+}
+
+
+table tr.even td {
+ background-color:#f5f5f5;
+}
+
+.revhistory table th {
+ color:#3c6eb4;
+}
+
+.titlepage .edition {
+ color: #3c6eb4;
+}
+
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/print.css b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/print.css
new file mode 100644
index 0000000..773d8ae
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/css/print.css
@@ -0,0 +1,16 @@
+ at import url("common.css");
+ at import url("overrides.css");
+ at import url("lang.css");
+
+#tocframe {
+ display: none;
+}
+
+body.toc_embeded {
+ margin-left: 30px;
+}
+
+.producttitle {
+ color: #336699;
+}
+
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/1.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..c21d7a3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/1.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/1.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..a2b3903
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/10.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..15b81da
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/10.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/10.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..af015ab
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/11.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..2fcc2dd
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/11.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/11.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..cb82b70
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/12.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..edebe20
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/12.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/12.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..3b6d822
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/13.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..ec48cef
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/13.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/13.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..226e461
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/14.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..33d5637
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/14.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/14.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..5aaa3a3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/15.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..f1a4eb2
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/15.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/15.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..f51dd96
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2839"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2841"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/16.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..d38a155
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/16.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/16.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..cb7e2f5
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/17.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d83e898
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/17.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/17.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..5d6f0ad
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/18.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..9e39de4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/18.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/18.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..9ea672c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/19.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..9eeedfb
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/19.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/19.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..80d1d09
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/2.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..ff9cc57
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/2.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/2.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..8e94260
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/20.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b28b4aa
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/20.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/20.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..409ac6e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/21.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..eda952c
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/21.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/21.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..7bc03af
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/22.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..90b14b0
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/22.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/22.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..fe086f6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/23.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..8b35a74
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/23.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/23.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..f17ec29
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/24.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..6041b02
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/24.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/24.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..42a5333
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/25.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..ecb15e6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/25.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/25.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..a8d4672
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/26.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..4b2f560
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/26.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/26.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..3cf00ec
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/27.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..ecf058e
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/27.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/27.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..c8d6440
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/28.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..e64efb2
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/28.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/28.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..5acce93
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/29.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..dbbca1b
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/29.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/29.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..507dd44
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/3.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..4febe43
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/3.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/3.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..5e87e1f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/30.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..f4ffb14
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/30.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/30.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..434e663
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/31.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..0b29e87
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/31.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/31.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..08c3f2d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/32.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..a4740a3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/32.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/32.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..aa099c3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/33.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..f23ccea
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/33.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/33.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..fce979c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/34.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..7e2ab31
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/34.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/34.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..c67f8ec
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/35.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..02118e3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/35.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/35.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..da7780a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/36.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..30f4fdf
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/36.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/36.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..348549a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
.556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/37.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..6174706
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/37.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/37.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..7bc04d9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/38.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..161661d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/38.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/38.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..ec2ad98
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/39.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..2d46b24
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/39.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/39.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..664ffdd
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
.4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/4.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..9b9dd88
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/4.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/4.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..bc06c73
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/40.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..fe2a68f
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/40.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/40.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..5a94d1b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ <path
+ d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+ id="path2820"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/5.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..f239fb6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/5.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/5.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..82fb03d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/6.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..18866e6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/6.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/6.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..e2f62af
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+ id="path2846"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/7.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..52c3a18
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/7.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/7.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..a43460f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+ id="path2832"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/8.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..8a8cb21
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/8.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/8.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..2c82d3f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/9.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..0ae412f
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/9.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/9.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..b0f04c4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg2">
+ <defs
+ id="defs15" />
+ <circle
+ cx="16"
+ cy="16"
+ r="14"
+ id="circle"
+ style="fill:#3c6eb4" />
+ <g
+ id="text2820"
+ style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+ <path
+ d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+ id="path2818"
+ style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png
new file mode 100644
index 0000000..2333a6d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/bkgrnd_greydots.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png
new file mode 100644
index 0000000..c235534
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/bullet_arrowblue.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..79d0a80
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/dot.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/dot.png
new file mode 100644
index 0000000..36a6859
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/dot.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png
new file mode 100644
index 0000000..40aff92
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/dot2.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/green.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/green.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..a2aad24
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..e8fe7a4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..f7bd972
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/important.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..f7594a3
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/important.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/important.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..2d33045
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/important.svg
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="important.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/important.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2611">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="681"
+ inkscape:window-width="738"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2613" />
+ </defs>
+ <g
+ transform="matrix(0.4626799,0,0,0.4626799,-5.2934127,-3.3160376)"
+ id="g5485">
+ <path
+ d="M 29.97756,91.885882 L 55.586992,80.409826 L 81.231619,91.807015 L 78.230933,63.90468 L 96.995009,43.037218 L 69.531053,37.26873 L 55.483259,12.974592 L 41.510292,37.311767 L 14.064204,43.164717 L 32.892392,63.97442 L 29.97756,91.885882 z"
+ id="path6799"
+ style="fill:#f3de82;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.536215,56.538729 L 55.48324,12.974601 L 41.51028,37.311813 L 55.536215,56.538729 z"
+ id="path6824"
+ style="opacity:0.91005291;fill:#f9f2cb;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 78.241135,63.937979 L 96.976198,43.044318 L 55.57947,56.614318 z"
+ id="use6833"
+ style="opacity:1;fill:#d0bc64;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 55.667994,80.684281 L 81.379011,91.931065 L 55.523838,56.869126 z"
+ id="use6835"
+ style="opacity:1;fill:#e0c656;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 13.877363,43.200977 L 32.640089,64.069652 L 55.283346,56.742618 z"
+ id="use6831"
+ style="opacity:1;fill:#d1ba59;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 55.32792,80.684281 L 29.616903,91.931065 L 55.472076,56.869126 z"
+ id="use6837"
+ style="opacity:1;fill:#d2b951;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.57947,56.614318 L 96.976198,43.044318 L 69.504294,37.314027 L 55.57947,56.614318 z"
+ id="path7073"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.523838,56.869126 L 81.379011,91.931065 L 78.214821,64.046881 L 55.523838,56.869126 z"
+ id="path7075"
+ style="opacity:1;fill:#f6e7a3;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.283346,56.742618 L 41.341708,37.434209 L 13.877363,43.200977 L 55.283346,56.742618 z"
+ id="path7077"
+ style="opacity:1;fill:#f6e59d;fill-opacity:1;enable-background:new" />
+ <path
+ d="M 55.472076,56.869126 L 29.616903,91.931065 L 32.781093,64.046881 L 55.472076,56.869126 z"
+ id="path7079"
+ style="opacity:1;fill:#f3df8b;fill-opacity:1;enable-background:new" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/logo.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/logo.png
new file mode 100644
index 0000000..66a3104
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/logo.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/note.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..d6c4518
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/note.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/note.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..70e43b6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/note.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="note.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/note.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata16">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="1024"
+ inkscape:window-width="1205"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="22.217181"
+ inkscape:cy="20"
+ inkscape:window-x="334"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective18" />
+ </defs>
+ <g
+ transform="matrix(0.468275,0,0,0.468275,-5.7626904,-7.4142703)"
+ id="layer1">
+ <g
+ transform="matrix(0.115136,0,0,0.115136,9.7283,21.77356)"
+ id="g8014"
+ style="enable-background:new">
+ <g
+ id="g8518"
+ style="opacity:1">
+ <path
+ d="M -2512.4524,56.33197 L 3090.4719,56.33197 L 3090.4719,4607.3813 L -2512.4524,4607.3813 L -2512.4524,56.33197 z"
+ transform="matrix(0.1104659,-2.3734892e-2,2.2163258e-2,0.1031513,308.46782,74.820675)"
+ id="rect8018"
+ style="fill:#ffe680;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ <g
+ transform="matrix(0.5141653,-7.1944682e-2,7.1944682e-2,0.5141653,146.04015,-82.639785)"
+ id="g8020">
+ <path
+ d="M 511.14114,441.25315 C 527.3248,533.52772 464.31248,622.82928 370.39916,640.71378 C 276.48584,658.59828 187.23462,598.29322 171.05095,506.01865 C 154.86728,413.74408 217.8796,324.44253 311.79292,306.55803 C 405.70624,288.67353 494.95747,348.97858 511.14114,441.25315 z"
+ id="path8022"
+ style="opacity:1;fill:#e0c96f;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(1.2585415,-0.2300055,0.2168789,1.1867072,-248.76141,68.254424)"
+ id="path8024"
+ style="opacity:1;fill:#c00000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.0804934;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 358.5625,281.15625 C 348.09597,281.05155 337.43773,281.94729 326.71875,283.90625 C 240.96686,299.57789 183.37901,377.92385 198.15625,458.78125 C 209.70749,521.98673 262.12957,567.92122 325.40625,577.5625 L 357.25,433.6875 L 509.34375,405.875 C 509.14405,404.58166 509.0804,403.29487 508.84375,402 C 495.91366,331.24978 431.82821,281.88918 358.5625,281.15625 z"
+ id="path8026"
+ style="opacity:1;fill:#b60000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.1;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 294.2107,361.9442 L 282.79367,370.38482 L 261.73414,386.13346 C 253.13706,404.40842 254.3359,423.7989 259.7176,444.39774 C 273.6797,497.83861 313.42636,523.96124 369.50989,517.58957 C 398.21848,514.32797 424.51832,504.67345 440.64696,484.15958 L 469.89512,447.48298 L 294.2107,361.9442 z"
+ id="path8028"
+ style="fill:#750000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.09999999;stroke-linecap:butt;stroke-miterlimit:4;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-78.013985,79.234385)"
+ id="path8030"
+ style="opacity:1;fill:#d40000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <path
+ d="M 527.8214,393.1416 C 527.8214,461.31268 472.55783,516.57625 404.38675,516.57625 C 336.21567,516.57625 280.9521,461.31268 280.9521,393.1416 C 280.9521,324.97052 336.21567,269.70695 404.38675,269.70695 C 472.55783,269.70695 527.8214,324.97052 527.8214,393.1416 z"
+ transform="matrix(0.9837071,-0.1797787,0.1695165,0.9275553,-69.306684,71.273294)"
+ id="path8032"
+ style="opacity:1;fill:#e11212;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.10298239;stroke-linecap:butt;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ </g>
+ </g>
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/red.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/red.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/shade.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/shade.png
new file mode 100644
index 0000000..a73afdf
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/shade.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/shine.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/shine.png
new file mode 100644
index 0000000..a18f7c4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/shine.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..d320f26
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..1ee5a29
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..1cd7332
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..122536d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..d5182b4
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..e8fd52b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ version="1.0"
+ width="220"
+ height="70"
+ id="svg6180">
+ <defs
+ id="defs6182" />
+ <g
+ transform="translate(-266.55899,-345.34488)"
+ id="layer1">
+ <path
+ d="m 316.7736,397.581 c 0,0 0,0 -20.53889,0 0.3327,4.45245 3.92157,7.77609 8.70715,7.77609 3.38983,0 6.31456,-1.39616 8.64094,-3.65507 0.46553,-0.46679 0.99726,-0.59962 1.59519,-0.59962 0.79781,0 1.59561,0.39932 2.12692,1.06388 0.3327,0.46553 0.53216,0.99726 0.53216,1.52857 0,0.73118 -0.3327,1.52857 -0.93106,2.12734 -2.7919,2.99052 -7.51086,4.98503 -12.16403,4.98503 -8.44149,0 -15.22074,-6.77967 -15.22074,-15.22158 0,-8.44149 6.58022,-15.22074 15.02171,-15.22074 8.37529,0 14.62323,6.51317 14.62323,15.08749 0,1.26418 -1.12924,2.12861 -2.39258,2.12861 z m -12.23065,-11.76512 c -4.45329,0 -7.51085,2.92473 -8.17499,7.17731 10.03626,0 16.35083,0 16.35083,0 -0.59836,-4.05355 -3.78874,-7.17731 -8.17584,-7.17731 z"
+ id="path11"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 375.46344,410.80807 c -8.44106,0 -15.22074,-6.77968 -15.22074,-15.22159 0,-8.44149 6.77968,-15.22074 15.22074,-15.22074 8.44234,0 15.22159,6.77925 15.22159,15.22074 -4.2e-4,8.44149 -6.77968,15.22159 -15.22159,15.22159 z m 0,-24.65992 c -5.31688,0 -8.77377,4.25427 -8.77377,9.43833 0,5.18364 3.45689,9.43833 8.77377,9.43833 5.31731,0 8.77504,-4.25469 8.77504,-9.43833 -4.2e-4,-5.18406 -3.45773,-9.43833 -8.77504,-9.43833 z"
+ id="path13"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 412.66183,380.36574 c -4.45963,0 -7.40966,1.319 -10.01391,4.62956 l -0.24036,-1.53995 0,0 c -0.20198,-1.60743 -1.57326,-2.84926 -3.23382,-2.84926 -1.80139,0 -3.26206,1.459 -3.26206,3.26081 0,0.003 0,0.005 0,0.008 l 0,0 0,0.003 0,0 0,23.40712 c 0,1.79464 1.46194,3.25743 3.257,3.25743 1.79465,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-12.56209 c 0,-5.71621 4.98502,-8.57432 10.23613,-8.57432 1.59519,0 2.85726,-1.32953 2.85726,-2.92515 0,-1.59561 -1.26207,-2.85726 -2.85768,-2.85726 z"
+ id="path15"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 447.02614,395.58648 c 0.0666,-8.17541 -5.78326,-15.22074 -15.222,-15.22074 -8.44192,0 -15.28779,6.77925 -15.28779,15.22074 0,8.44191 6.64684,15.22159 14.68985,15.22159 4.01434,0 7.62682,-2.06621 9.23846,-4.22518 l 0.79359,2.01434 0,0 c 0.42589,1.13177 1.5176,1.93717 2.7978,1.93717 1.65001,0 2.98756,-1.33671 2.99009,-2.98545 l 0,0 0,-7.80687 0,0 0,-4.1556 z m -15.222,9.43833 c -5.31773,0 -8.77419,-4.25469 -8.77419,-9.43833 0,-5.18406 3.45604,-9.43833 8.77419,-9.43833 5.3173,0 8.77419,4.25427 8.77419,9.43833 0,5.18364 -3.45689,9.43833 -8.77419,9.43833 z"
+ id="path17"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 355.01479,368.3337 c 0,-1.7938 -1.46194,-3.18997 -3.25659,-3.18997 -1.79422,0 -3.25743,1.39659 -3.25743,3.18997 l 0,17.1499 c -1.66097,-3.05756 -5.25026,-5.11786 -9.50495,-5.11786 -8.64052,0 -14.42336,6.51318 -14.42336,15.22074 0,8.70757 5.98229,15.22159 14.42336,15.22159 3.76555,0 7.03057,-1.55429 8.98587,-4.25554 l 0.72317,1.83428 c 0.44782,1.25912 1.64917,2.16024 3.06051,2.16024 1.78621,0 3.24984,-1.45435 3.24984,-3.24815 0,-0.005 0,-0.009 0,-0.0139 l 0,0 0,-38.95128 -4.2e-4,0 z m -15.22116,36.69111 c -5.31731,0 -8.70715,-4.25469 -8.70715,-9.43833 0,-5.18406 3.38984,-9.43833 8.70715,-9.43833 5.31773,0 8.70714,4.0544 8.70714,9.43833 0,5.38309 -3.38941,9.43833 -8.70714,9.43833 z"
+ id="path19"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 287.21553,365.34023 c -0.59414,-0.0877 -1.19966,-0.13198 -1.80097,-0.13198 -6.73118,0 -12.20746,5.4767 -12.20746,12.20788 l 0,3.8132 -3.98903,0 c -1.46237,0 -2.65908,1.19671 -2.65908,2.65781 0,1.46321 1.19671,2.93738 2.65908,2.93738 l 3.98819,0 0,20.46004 c 0,1.79464 1.46236,3.25743 3.25658,3.25743 1.79507,0 3.25744,-1.46279 3.25744,-3.25743 l 0,-20.46004 4.40986,0 c 1.46194,0 2.65823,-1.47417 2.65823,-2.93738 0,-1.46152 -1.19629,-2.65823 -2.65823,-2.65823 l -4.40733,0 0,-3.8132 c 0,-3.13852 2.55323,-6.11469 5.69175,-6.11469 0.28294,0 0.56757,0.0211 0.84672,0.062 1.78031,0.26355 3.4358,-0.54269 3.70019,-2.32342 0.2627,-1.77904 -0.96606,-3.43538 -2.74594,-3.69935 z"
+ id="path21"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 482.01243,363.57426 c 0,-10.06788 -8.16108,-18.22938 -18.22897,-18.22938 -10.06282,0 -18.22179,8.15475 -18.22854,18.21631 l -4.2e-4,-4.2e-4 0,14.1071 4.2e-4,4.2e-4 c 0.005,2.28463 1.85832,4.13409 4.14463,4.13409 0.007,0 0.0127,-8.4e-4 0.0194,-8.4e-4 l 0.001,8.4e-4 14.07083,0 0,0 c 10.06409,-0.004 18.22138,-8.16276 18.22138,-18.22812 z"
+ id="path25"
+ style="fill:#294172" />
+ <path
+ d="m 469.13577,349.66577 c -4.72528,0 -8.55576,3.83049 -8.55576,8.55577 0,0.002 0,0.004 0,0.006 l 0,4.52836 -4.51444,0 c -8.5e-4,0 -8.5e-4,0 -0.001,0 -4.72528,0 -8.55576,3.81193 -8.55576,8.53678 0,4.72528 3.83048,8.55577 8.55576,8.55577 4.72486,0 8.55534,-3.83049 8.55534,-8.55577 0,-0.002 0,-0.004 0,-0.006 l 0,-4.54733 4.51444,0 c 8.5e-4,0 0.001,0 0.002,0 4.72486,0 8.55534,-3.79296 8.55534,-8.51781 0,-4.72528 -3.83048,-8.55577 -8.55534,-8.55577 z m -8.55576,21.63483 c -0.004,2.48998 -2.02446,4.50811 -4.51571,4.50811 -2.49378,0 -4.53426,-2.02193 -4.53426,-4.5157 0,-2.49421 2.04048,-4.55366 4.53426,-4.55366 0.002,0 0.004,4.2e-4 0.006,4.2e-4 l 3.86971,0 c 0.001,0 0.002,-4.2e-4 0.003,-4.2e-4 0.35209,0 0.63799,0.28505 0.63799,0.63715 0,4.2e-4 -4.2e-4,8.4e-4 -4.2e-4,0.001 l 0,3.92284 -4.2e-4,0 z m 8.55534,-8.5448 c -0.001,0 -0.003,0 -0.004,0 l -3.87223,0 c -8.4e-4,0 -0.002,0 -0.002,0 -0.35252,0 -0.63757,-0.28506 -0.63757,-0.63758 l 0,-4.2e-4 0,-3.90343 c 0.004,-2.49083 2.02
446,-4.50854 4.51571,-4.50854 2.49378,0 4.53468,2.02193 4.53468,4.51613 4.2e-4,2.49336 -2.04048,4.53384 -4.53426,4.53384 z"
+ id="path29"
+ style="fill:#3c6eb4" />
+ <path
+ d="m 460.58001,362.7558 0,-4.52836 c 0,-0.002 0,-0.004 0,-0.006 0,-4.72528 3.83048,-8.55577 8.55576,-8.55577 0.71685,0 1.22623,0.0805 1.88952,0.25469 0.96774,0.25385 1.75796,1.04618 1.75838,1.96922 4.2e-4,1.11575 -0.80919,1.92621 -2.0194,1.92621 -0.57642,0 -0.78473,-0.11048 -1.62892,-0.11048 -2.49125,0 -4.51149,2.01771 -4.51571,4.50854 l 0,3.90385 0,4.2e-4 c 0,0.35252 0.28505,0.63758 0.63757,0.63758 4.3e-4,0 0.001,0 0.002,0 l 2.96521,0 c 1.10521,0 1.99747,0.88467 1.99832,1.99283 0,1.10816 -0.89353,1.99114 -1.99832,1.99114 l -3.60489,0 0,4.54733 c 0,0.002 0,0.004 0,0.006 0,4.72485 -3.83048,8.55534 -8.55534,8.55534 -0.71684,0 -1.22623,-0.0805 -1.88952,-0.25469 -0.96774,-0.25343 -1.75838,-1.04618 -1.7588,-1.9688 0,-1.11575 0.80919,-1.92663 2.01982,-1.92663 0.576,0 0.78473,0.11048 1.6285,0.11048 2.49125,0 4.51191,-2.01771 4.51613,-4.50811 0,0 0,-3.92368 0,-3.9241 0,-0.35168 -0.2859,-0.63673 -0.63799,-0.63673 -4.3e-4,0 -8.5e-4,0 -0.002,0 l -2.96521,-4.2e-4 c -1.10521,0 -1.
99831,-0.88214 -1.99831,-1.9903 -4.3e-4,-1.11533 0.90238,-1.99367 2.01939,-1.99367 l 3.58339,0 0,0 z"
+ id="path31"
+ style="fill:#ffffff" />
+ <path
+ d="m 477.41661,378.55292 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="text6223"
+ style="fill:#294172;enable-background:new" />
+ </g>
+ <path
+ d="m 181.98344,61.675273 2.81558,0 0,0.37898 -1.18152,0 0,2.94935 -0.45254,0 0,-2.94935 -1.18152,0 0,-0.37898 m 3.26144,0 0.67101,0 0.84937,2.26496 0.85381,-2.26496 0.67102,0 0,3.32833 -0.43917,0 0,-2.9226 -0.85828,2.28279 -0.45255,0 -0.85827,-2.28279 0,2.9226 -0.43694,0 0,-3.32833"
+ id="path2391"
+ style="fill:#294172;enable-background:new" />
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/warning.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..ce09951
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..5f2612c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="48"
+ height="48"
+ id="svg5921"
+ sodipodi:version="0.32"
+ inkscape:version="0.46"
+ sodipodi:docname="warning.svg"
+ inkscape:output_extension="org.inkscape.output.svg.inkscape"
+ inkscape:export-filename="/home/jfearn/Build/src/fedora/publican/trunk/publican-fedora/en-US/images/warning.png"
+ inkscape:export-xdpi="111.32"
+ inkscape:export-ydpi="111.32">
+ <metadata
+ id="metadata2482">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="910"
+ inkscape:window-width="1284"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ showgrid="false"
+ inkscape:zoom="11.5"
+ inkscape:cx="20"
+ inkscape:cy="20"
+ inkscape:window-x="0"
+ inkscape:window-y="51"
+ inkscape:current-layer="svg5921" />
+ <defs
+ id="defs5923">
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 20 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="40 : 20 : 1"
+ inkscape:persp3d-origin="20 : 13.333333 : 1"
+ id="perspective2484" />
+ </defs>
+ <g
+ transform="matrix(0.4536635,0,0,0.4536635,-5.1836431,-4.6889387)"
+ id="layer1">
+ <g
+ transform="translate(2745.6887,-1555.5977)"
+ id="g8304"
+ style="enable-background:new">
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.8233528,8.9983906e-3,-8.9983906e-3,0.8233528,-1398.5561,740.7914)"
+ id="path8034"
+ style="opacity:1;fill:#efd259;fill-opacity:1;stroke:#efd259;stroke-opacity:1" />
+ <path
+ d="M -1603,1054.4387 L -1577.0919,1027.891 L -1540,1027.4387 L -1513.4523,1053.3468 L -1513,1090.4387 L -1538.9081,1116.9864 L -1576,1117.4387 L -1602.5477,1091.5306 L -1603,1054.4387 z"
+ transform="matrix(0.6467652,7.0684723e-3,-7.0684723e-3,0.6467652,-1675.7492,927.16391)"
+ id="path8036"
+ style="opacity:1;fill:#a42324;fill-opacity:1;stroke:#a42324;stroke-opacity:1" />
+ <path
+ d="M -2686.7886,1597.753 C -2686.627,1596.5292 -2686.5462,1595.6987 -2686.5462,1595.218 C -2686.5462,1593.1637 -2688.0814,1592.0711 -2690.9899,1592.0711 C -2693.8985,1592.0711 -2695.4336,1593.12 -2695.4336,1595.218 C -2695.4336,1595.961 -2695.3528,1596.7914 -2695.1912,1597.753 L -2692.929,1614.4491 L -2689.0508,1614.4491 L -2686.7886,1597.753"
+ id="path8038"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ <path
+ d="M -2690.9899,1617.8197 C -2693.6124,1617.8197 -2695.8118,1619.9346 -2695.8118,1622.6416 C -2695.8118,1625.3486 -2693.6124,1627.4635 -2690.9899,1627.4635 C -2688.2829,1627.4635 -2686.168,1625.264 -2686.168,1622.6416 C -2686.168,1619.9346 -2688.2829,1617.8197 -2690.9899,1617.8197"
+ id="path8040"
+ style="font-size:107.13574219px;font-style:normal;font-weight:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Charter" />
+ </g>
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..0ead5af
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
new file mode 100644
index 0000000..1198490
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.2. Secure Shell</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. 動作しているデータ" /><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. 動作しているデータ" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS ディスク暗号化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="
Security_Guide-Encryption-Data_in_Motion.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>次へ</strong></a></li></ul><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">4.2.2. Secure Shell</h3></div></div></div><div class="para">
+ Secure Shell (SSH) はセキュアなチャネル上で他のシステムとコミュニケーションするために使用される強力なネットワーク・プロトコルです。SSH上の転送は、暗号化され、盗聴から保護されます。暗号のログオンは、伝統的なユーザー名とパスワード上のよりよい認証方法を提供するために活用されます。
+ </div><div class="para">
+ SSH は有効にすることが非常に簡単です。単に sshd サービスを開始することで、システムは接続を受け付けるようになり、正しいユーザー名とパスワードが接続プロセスの間に提供されるとき、システムへのアクセスを許可します。SSH サービスに対する標準的な TCP ポートは 22 です。しかしながら、設定ファイル <span class="emphasis"><em>/etc/ssh/sshd_config</em></span> を修正して、サービスを再起動することで、これを変更できます。このファイルは SSH に対する他の設定オプションも含みます。
+ </div><div class="para">
+ Secure Shell (SSH) は、1つのポートを用いるだけでなく、コンピューター間の暗号化されたトンネルも提供します。<a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-tunneling-we-dont-need-no-stinking-vpn-software">ポートフォワードが SSH トンネル経由で実行でき</a> 、トラフィックがそのトンネルを通過するので暗号化されますが、ポートフォワードを使用することが VPN と同じくらい流動的なわけではありません。
+ </div><div class="section" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell-Cryptographic_Logon">4.2.2.1. 暗号によるログオン</h4></div></div></div><div class="para">
+ SSH はコンピューターにログインするために暗号鍵の使用をサポートしています。これはパスワードを用いるよりもはるかに安全です。もし正しくセットアップされれば、複数要素認証を検討できます。
+ </div><div class="para">
+ 暗号化によるログオンをできる前に設定の変更を行う必要があります。ファイル <code class="filename">/etc/ssh/sshd_config</code> において、以下の行を次のようにアンコメントして変更します:
+<pre class="screen">PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys</pre>
+ 最初の行により SSH プログラムが公開鍵認証できるように指示します。2 行目は、認可されたキーペアの公開鍵が存在する、システムのホームディレクトリーにあるファイルを示します。
+ </div><div class="para">
+ 次に行うことは、システムに接続するために使用する、クライアントの SSH キーペアを生成することです。コマンド <code class="command">ssh-keygen</code> はシステムにログインするために設定する RSA 2048-bit キーを生成します。キーは標準状態で <code class="filename">~/.ssh</code> ディレクトリーに保存されます。キーのビット長を変更するにはスイッチ <code class="command">-b</code> を利用できます。2048-bits はおそらく問題ないですが、可能ならば 8192-bit キーまで拡張できます。
+ </div><div class="para">
+ <code class="filename">~/.ssh</code> ディレクトリーにおいて、作成された二つのキーを確認すべきです。<code class="command">ssh-keygen</code> を実行するとき初期値を使うならば、キーは秘密鍵と公開鍵に <code class="filename">id_rsa</code> および <code class="filename">id_rsa.pub</code> という名前がつけられます。常に秘密鍵がさらされることから保護するべきです。しかしながら、公開鍵はログインしようとしているシステムに転送する必要があります。一度システムにおくならば、キーを承認リストに追加する最も簡単な方法は、次の方法です:
+<pre class="screen">$ cat id_rsa.pub >> ~/.ssh/authorized_keys</pre>
+ これは、公開鍵を authorized_key ファイルに追加します。<span class="application"><strong>SSH</strong></span> アプリケーションは、ログインを試行するときに、このファイルを確認します。
+ </div><div class="para">
+ パスワードや他の認証方式と同じように、定期的に <span class="application"><strong>SSH</strong></span> キーを変更すべきです。その際、すべての使用していない鍵を authorized_key ファイルから確実に削除しておきます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>戻る</strong>4.2. 動作しているデータ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>次へ</strong>4.2.3. LUKS ディスク暗号化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html
new file mode 100644
index 0000000..6d386be
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/Security_Guide-Encryption-Data_in_Motion.html
@@ -0,0 +1,401 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. 動作しているデータ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Encryption.html" title="第4章 暗号化" /><link rel="prev" href="chap-Security_Guide-Encryption.html" title="第4章 暗号化" /><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="4.2.2. Secure Shell" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>戻る
</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>次へ</strong></a></li></ul><div class="section" id="Security_Guide-Encryption-Data_in_Motion"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">4.2. 動作しているデータ</h2></div></div></div><div class="para">
+ 動作しているデータとは、ネットワークを越えて転送されているデータです。動作しているデータに対する最大の脅威は盗聴と改ざんです。ユーザー名とパスワードは、なりすましをする、もしくは機密情報へのアクセスを得るために、誰かにより盗聴されて使用される可能性があるので、保護なしでネットワークを越えて転送されるべきではありません。銀行アカウント情報のような他のプライベートな情報もネットワークを越えて転送されるときに保護されるべきです。ネットワーク・セッションが暗号化されているならば、転送されているときにデータが危険にさらされていることをあまり心配する必要はありません。
+ </div><div class="para">
+ 動作しているデータは、攻撃者がデータが保存されているコンピューターの近くにいる必要がなく、経路のどこかにいればよいため、特に攻撃者へ脆弱です。暗号化トンネルはコミュニケーションの経路に沿ってデータを保護できます。
+ </div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</h3></div></div></div><div class="para">
+ いくつかのサテライト・オフィスを持つ組織は、転送中に機密データの効率性と保護に対して専用線を用いてお互いに接続します。たとえば、多くの企業は、あるオフィスを他とつなぐためにエンド間のネットワーク・ソリューションとして、フレームリレーまたは <em class="firstterm">Asynchronous Transfer Mode</em> (<acronym class="acronym">ATM</acronym>) 回線を使用します。これは高価な提案です、とくに高いコストを払うことなくエンタープライズ・レベルの専用デジタル回線を結びつける拡張を期待する中小企業 (<acronym class="acronym">SMB</acronym>: small to medium sized businesses) にとってはそうです。
+ </div><div class="para">
+ このニーズに取り組むために、<em class="firstterm">Virtual Private Networks</em> (<abbr class="abbrev">VPN</abbr>) が開発されました。専用線と同じ機能原則に従うことで、<abbr class="abbrev">VPN</abbr> は、既存の <em class="firstterm">Local Area Networks</em> (<acronym class="acronym">LAN</acronym>) から <em class="firstterm">Wide Area Network</em> (<acronym class="acronym">WAN</acronym>) を作成する、2者(またはネットワーク)間でセキュアなデジタル・コミュニケーションが可能になります。フレームリレーや ATM との違いは、その転送メディアです。<abbr class="abbrev">VPN</abbr> はトランスポート層としてデータグラムを使用して、意図した宛て先へとインターネットを経由してセキュアなトンネルにする IP 上で転送されます。最もフリーなソフトウェアの <abbr class="abbrev">VPN</abbr> 実装は、転送に
おいてデータをさらにマスクするために、オープンで標準的な暗号方式を組み込んでいます。
+ </div><div class="para">
+ ããã¤ãã®çµç¹ã¯ã»ãã¥ãªãã£ãå¼·åããããã«ãã¼ãã¦ã§ã¢ <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ã使ç¨ãã¾ããä¸æ¹ããã以å¤ã®çµç¹ã¯ã½ããã¦ã§ã¢ãããã¯ãããã³ã«ã»ãã¼ã¹ã®å®è£
ã使ç¨ãã¾ããCisco, Nortel, IBM, ã Checkpoint ã®ãããªãããã¤ãã®ãã³ãã¼ã¯ãã¼ãã¦ã§ã¢ <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ãæä¾ãã¾ããæ¨æºåããã <em class="firstterm">Internet Protocol Security</em> (<abbr class="abbrev">IPsec</abbr>) å®è£
ãå©ç¨ãã FreeS/Wan ã¨å¼ã°ãã Linux åãã®ããªã¼ã®ã½ããã¦ã§ã¢ã»ãã¼ã¹ã® <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ãããã¾ãããããã® <abbr class="abbrev">VPN</abbr> ã½ãªã¥ã¼ã·ã§ã³ã¯ããã¼ãã¦ã§ã¢ãã½ããã¦ã§ã¢ã»ãã¼ã¹ãã«ãããããããªãã£ã¹ãããã1ã¤ã¸ã® IP ã³ãã¯ã·ã§ã³éã«åå¨ããå°ç¨ã®ã«ã¼ã¿ã¼ã¨ã
ã¦åä½ãã¾ãã
+ </div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">4.2.1.1. VPN はどのように機能しますか?</h4></div></div></div><div class="para">
+ パケットがクライアントから転送されるとき、ルーティングと認証のために <em class="firstterm">Authentication Header</em> (<abbr class="abbrev">AH</abbr>) を追加する、<abbr class="abbrev">VPN</abbr> ルーターまたはゲートウェイを通過して送られます。データは暗号化され、最終的に <em class="firstterm">Encapsulating Security Payload</em> (<abbr class="abbrev">ESP</abbr>) に囲い込まれます。後者は復号とハンドリング指示を取り扱います。
+ </div><div class="para">
+ 受信している <abbr class="abbrev">VPN</abbr> ルーターはヘッダー情報を分離して、データを復号して、そしてそれを意図した宛て先(ワークステーションもしくはネットワークにある他のノード)にルートします。ネットワーク-ネットワーク間のコネクションを使用していると、ローカルネットワークにある受信ノードは、すでに復号されて、処理する準備ができているパケットを受け取ります。ネットワーク-ネットワーク間の <abbr class="abbrev">VPN</abbr> コネクションにおいて暗号化/復号プロセスはローカルノードに透過的です。
+ </div><div class="para">
+ そのように高くされたレベルのセキュリティを用いると、攻撃者はパケットを横取りしてはいけないだけでなく、パケットを復号してはいけません。サーバーとクライアント間で中間者攻撃を使用する侵入者は、認証セッションに対する秘密鍵を少なくとも1つにアクセスできなければいけません。認証と暗号化のいくつかの層を使用するので、<abbr class="abbrev">VPN</abbr> は単一化されたイントラネットとして動作するために、複数のリモートノードを接続するセキュアかつ効果的な手段です。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">4.2.1.2. VPN と Fedora</h4></div></div></div><div class="para">
+ Fedora は <acronym class="acronym">WAN</acronym> をセキュアに接続するために、ソフトウェア・ソリューションの実装に関してさまざまなオプションを提供します。<em class="firstterm">Internet Protocol Security</em> (<acronym class="acronym">IPsec</acronym>) は、Fedora のためのサポートされた <abbr class="abbrev">VPN</abbr> 実装です。また、支店やリモート・ユーザーとともに組織の利便性のニーズを十分に取り組みます。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">4.2.1.3. IPsec</h4></div></div></div><div class="para">
+ Fedora は、インターネットのような一般的なキャリア・ネットワークにおいてセキュアなトンネルを使用して、お互いにリモートのホストとネットワークを接続するために <abbr class="abbrev">IPsec</abbr> をサポートします。<abbr class="abbrev">IPsec</abbr> は、ホスト-ホスト間(あるコンピュータ・ワークステーションともう一方)またはネットワーク-ネットワーク間(ある <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> ともう一方)の設定を使用して導入されます。
+ </div><div class="para">
+ Fedora における <abbr class="abbrev">IPsec</abbr> 実装は、接続しているシステム間で相互認証およびセキュアな関連づけのために使用される、Internet Engineering Task Force (<acronym class="acronym">IETF</acronym>) により実装されたプロトコル、<em class="firstterm">Internet Key Exchange</em> (<em class="firstterm">IKE</em>) を使用します。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">4.2.1.4. <abbr class="abbrev">IPsec</abbr> 接続の作成</h4></div></div></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションは、2つの論理的なフェーズに分かれています。フェーズ1は、<abbr class="abbrev">IPsec</abbr> ノードがリモートのホストまたはネットワークとコネクションを初期化します。リモートのノードまたはネットワークは、リクエストしているノードのクレディンシャルをチェックして、両当事者はコネクションの認証方式をネゴシエーションします。
+ </div><div class="para">
+ Fedora システムにおいては、<abbr class="abbrev">IPsec</abbr> コネクションは <abbr class="abbrev">IPsec</abbr> ノード認証の <em class="firstterm">事前共有キー</em> 方式を使用します。事前共有キー <abbr class="abbrev">IPsec</abbr> コネクションにおいて、両方のホストは <abbr class="abbrev">IPsec</abbr> コネクションのフェーズ2に移行するために同じキーを使用しなければいけません。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションのフェーズ2は、<em class="firstterm">Security Association</em> (<acronym class="acronym">SA</acronym>) が <abbr class="abbrev">IPsec</abbr> ノード間に作成されるところです。このフェーズは、暗号化方式、秘密セッションキーの交換パラメーター、およびその他のような、設定情報を持つ <abbr class="abbrev">SA</abbr> データベースを確立します。このフェーズは、リモートノードとネットワーク間で実際の <abbr class="abbrev">IPsec</abbr> コネクションを管理します。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> の Fedora 実装は、インターネットを越えるホスト間でキーを共有するために IKE を使用します。<code class="command">racoon</code> キー管理デーモンは、IKE キーの配布と交換を取り扱います。このデーモンの詳細は <code class="command">racoon</code> マニュアル・ページを参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">4.2.1.5. IPsec のインストール</h4></div></div></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> を実装するには、すべての <abbr class="abbrev">IPsec</abbr> ホスト(ホスト-ホスト間の設定なら)またはルーター(ネットワーク-ネットワーク間の設定なら)において、<code class="filename">ipsec-tools</code> RPM パッケージがインストールされている必要があります。RPM パッケージは、<abbr class="abbrev">IPsec</abbr> コネクションをセットアップするために、以下を含めて基本的なライブラリ、デーモンおよび設定ファイルを含みます。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/setkey</code> — カーネルにおける <abbr class="abbrev">IPsec</abbr> のキー管理およびセキュリティ属性を操作します。この実行コマンドは <code class="command">racoon</code> キー管理デーモンにより制御されます。詳細は <code class="command">setkey</code>(8) マニュアル・ページを参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/racoon</code> — IKE キー管理デーモン。IPsec 接続されたシステム間でセキュリティ・アソシエーションとキー共有を管理および制御するために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> — <code class="command">racoon</code> デーモンの設定ファイル。コネクションに使用される認証方式および暗号化アルゴリズムを含む <abbr class="abbrev">IPsec</abbr> 接続のさまざまな観点を設定するために使用されます。利用可能なディレクティブの完全な一覧は <code class="filename">racoon.conf</code>(5) を参照してください。
+ </div></li></ul></div><div class="para">
+ Fedora において <abbr class="abbrev">IPsec</abbr> を設定するために、<span class="application"><strong>ネットワーク管理ツール</strong></span> を使用できます、もしくはネットワーク および <abbr class="abbrev">IPsec</abbr> 設定ファイルを手で編集します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ IPsec 経由でネットワーク接続された2つのホストを接続するために、<a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">「ホスト-ホスト間 IPsec の設定」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ IPsec 経由である <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> ともう一方を接続するために、<a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">「ネットワーク-ネットワーク間の IPsec 設定」</a> を参照してください。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">4.2.1.6. ホスト-ホスト間 IPsec の設定</h4></div></div></div><div class="para">
+ IPsec は、あるデスクトップまたはワークステーション(ホスト)が他のものと、ホスト-ホスト間コネクションを使用して接続するために設定されます。この種類のコネクションは、各ホスト間でセキュアなトンネルを作成するために、各ホストが接続されるネットワークを使用します。ホスト-ホスト間コネクションの必要要件は、各ホストにおいて <abbr class="abbrev">IPsec</abbr> の設定をする、という最小のものです。ホストは(インターネットのような)キャリアのネットワークへの専用のコネクションと <abbr class="abbrev">IPsec</abbr> コネクションを作成するための Fedora のみを必要とします。
+ </div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">4.2.1.6.1. ホスト-ホスト間コネクション</h5></div></div></div><div class="para">
+ ホスト-ホスト間 <abbr class="abbrev">IPsec</abbr> コネクションは、どちらも同じ認証キーを用いて <abbr class="abbrev">IPsec</abbr> を実行している、2つのシステム間の暗号化されたコネクションです。<abbr class="abbrev">IPsec</abbr> コネクションをアクティブにすると、2つのホスト間のネットワーク・トラフィックはすべて暗号化されます。
+ </div><div class="para">
+ ホスト-ホスト間 <abbr class="abbrev">IPsec</abbr> コネクションを設定するために、各ホストに対して以下の手順を使用します:
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 設定している実際のマシンにおいて以下の手順を実行すべきです。リモートで設定して、<abbr class="abbrev">IPsec</abbr> 接続を確立しようとする試みは避けるべきです。
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="application"><strong>ネットワーク管理ツール</strong></span>を起動するために、コマンド・シェルにおいて <code class="command">system-config-network</code> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">IPsec</abbr>設定ウィザードを起動するために、<span class="guilabel"><strong>IPsec</strong></span> タブにおいて<span class="guibutton"><strong>新規</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ ホスト-ホスト間の <abbr class="abbrev">IPsec</abbr> コネクションの設定を開始するために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションのための一意な名前、たとえば <strong class="userinput"><code>ipsec0</code></strong> を入力します。必要に応じて、コンピュータが開始するときに自動的にコネクションを有効化するためにチェックボックスを選択します。続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの種類として <span class="guilabel"><strong>ホスト-ホスト間暗号化</strong></span> を選択して、<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type"><div class="para">
+ 使用する暗号化の種類を選択します: 手動または自動。
+ </div><div class="para">
+ 手動暗号化を選択すると、暗号キーが後のプロセスにおいて提供されなければいけません。自動暗号化を選択すると、<code class="command">racoon</code> デーモンが暗号キーを管理します。自動暗号化を使用したいならば、<code class="filename">ipsec-tools</code> パッケージがインストールされていなければいけません。
+ </div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ リモートホストの IP アドレスを入力します。
+ </div><div class="para">
+ リモートホストの IP アドレスを決めるために、<span class="emphasis"><em>リモートホストで</em></span>以下のコマンドを使用します。:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifconfig <em class="replaceable"><code><device></code></em></pre><div class="para">
+ ここで <em class="replaceable"><code><device></code></em> は <abbr class="abbrev">VPN</abbr> 接続のために使用したいイーサネット・デバイスです。
+ </div><div class="para">
+ システムに1つだけイーサネットカードが存在するならば、デバイス名は一般的に eth0 です。以下の例はこのコマンドに関連する情報を表示します(これは出力のみの例であることに注意してください)。
+ </div><pre class="screen">eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
+ inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0</pre><div class="para">
+ IP アドレスは <code class="computeroutput">inet addr:</code> ラベルに続く番号です。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ホスト-ホスト間コネクションのために、どちらのホストもパブリックで、ルート可能なアドレスを持つ必要があります。代わりに、どちらも同じ LAN にある限り、プライベートで、ルート不可能なアドレス(たとえば、10.x.x.x または 192.168.x.x 範囲から)を持つことができます。
+ </div><div class="para">
+ ホストが異なる LAN にあるならば、もしくは、一方がパブリック・アドレスを持ち、他方がプライベート・アドレスを持つならば、<a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">「ネットワーク-ネットワーク間の IPsec 設定」</a> を参照してください。
+ </div></div></div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys"><div class="para">
+ 手順 <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type">6</a> において手動の暗号化を選択していると、使用する暗号キーを指定するか、それを生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ 認証キーを指定します。もしくはそれを生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。数字と文字のあらゆる組み合わせが可能です。
+ </div></li><li class="listitem"><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li></ol></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>IPsec — Summary</strong></span> ページにおいて情報を確認し、<span class="guibutton"><strong>Apply</strong></span> をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 設定を保存するために <span class="guimenu"><strong>ファイル</strong></span> => <span class="guimenuitem"><strong>保存</strong></span> をクリックします。
+ </div><div class="para">
+ 変更を有効にするために、ネットワークを再起動する必要があるかもしれません。ネットワークを再起動するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~]# service network restart</pre></li><li class="listitem"><div class="para">
+ リストから <abbr class="abbrev">IPsec</abbr> コネクションを選択して、 <span class="guibutton"><strong>Activate</strong></span> ボタンをクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 他のホストに対しても手順全体を繰り返します。手順 <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys">8</a> からの同じキーを他のホストにおいて使うことが不可欠です。さもなければ、<abbr class="abbrev">IPsec</abbr> はうまく動作しません。
+ </div></li></ol></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションを設定した後、<a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection">図4.1「IPsec 接続」</a> に示されるように <abbr class="abbrev">IPsec</abbr> リストに表示されます。
+ </div><div class="figure" id="figu-Security_Guide-Host_to_Host_Connection-IPsec_Connection"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_host2host.png" width="444" alt="IPsec 接続" /><div class="longdesc"><div class="para">
+ IPsec 接続
+ </div></div></div></div><h6>図4.1 IPsec 接続</h6></div><br class="figure-break" /><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続が設定されたとき、以下のファイルが作成されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/ifcfg-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysconfig/network-scripts/keys-<em class="replaceable"><code><nickname></code></em></code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/<em class="replaceable"><code><remote-ip></code></em>.conf</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/racoon/psk.txt</code>
+ </div></li></ul></div><div class="para">
+ 自動暗号化が選択されていると、<code class="filename">/etc/racoon/racoon.conf</code> も作成されます。
+ </div><div class="para">
+ インタフェースが起動するとき、<code class="filename"><em class="replaceable"><code><remote-ip></code></em>.conf</code> を含めるために、<code class="filename">/etc/racoon/racoon.conf</code>が修正されます。
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">4.2.1.6.2. 手動のホスト-ホスト間 <abbr class="abbrev">IPsec</abbr> の設定</h5></div></div></div><div class="para">
+ コネクションを設定する第一歩は、各ワークステーションからシステムとネットワークの情報を集めることです。ホスト-ホスト間コネクションに対して、以下が必要になります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 各ホストの IP アドレス
+ </div></li><li class="listitem"><div class="para">
+ 一意な名前。たとえば、<code class="computeroutput">ipsec1</code>。これは <abbr class="abbrev">IPsec</abbr> コネクションを識別し、他のデバイスまたはコネクションと区別するために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ 固定された暗号キーまたは <code class="command">racoon</code> により自動的に生成されたもの。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの初期化段階で使用され、セッション中に暗号キーを交換するために事前共有された認証キー。
+ </div></li></ul></div><div class="para">
+ たとえば、ワークステーションAとワークステーションBが <abbr class="abbrev">IPsec</abbr> トンネルを通してお互いに接続していると仮定してください。<code class="computeroutput">Key_Value01</code> の値を持つ事前共有キーを用いて接続したく、<code class="command">racoon</code> が各ホスト間の認証キーを自動的に生成および共有できるようにすることをユーザーが賛成します。どちらのホストもそのコネクションを <code class="computeroutput">ipsec1</code> と名づけることに決めます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 大文字、小文字、数字および句読点の混在を使用する PSK を選択すべきです。推測が容易な PSK がセキュリティ・リスクを構成します。
+ </div><div class="para">
+ 各ホストに対して同じコネクション名を使用する必要はありません。インストールに便利でふさわしい名前を選択すべきです。
+ </div></div></div><div class="para">
+ 以下はワークステーションに対する <abbr class="abbrev">IPsec</abbr> 設定ファイルです。ワークステーション B とのホスト-ホスト間の <abbr class="abbrev">IPsec</abbr> コネクションのために A。この例においてコネクションを識別するための一意な名前が <em class="replaceable"><code>ipsec1</code></em> です。そのため、結果ファイルは <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec1</code> と呼ばれます。
+ </div><pre class="screen">DST=<em class="replaceable"><code>X.X.X.X</code></em>TYPE=IPSEC
+ONBOOT=no
+IKE_METHOD=PSK</pre><div class="para">
+ ワークステーション A に対して、<em class="replaceable"><code>X.X.X.X</code></em> はワークステーション B の IP アドレスです。ワークステーション B に対して、<em class="replaceable"><code>X.X.X.X</code></em> はワークステーション A の IP アドレスです。この接続はブート時に初期化するよう設定されていません (<code class="computeroutput">ONBOOT=no</code>) 。また、事前共有キー認証方式を使用します (<code class="computeroutput">IKE_METHOD=PSK</code>) 。
+ </div><div class="para">
+ 以下は、両方のワークステーションがお互いを認証するために必要となる、事前共有キーファイル(<code class="filename">/etc/sysconfig/network-scripts/keys-ipsec1</code> と呼ばれます)のコンテンツです。このファイルのコンテンツは両方のワークステーションで同じであるべきです。また、root ユーザーだけがこのファイルを読み書きできるべきです。
+ </div><pre class="screen">IKE_PSK=Key_Value01</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ root ユーザーのみがファイルを読み込みおよび編集できるように <code class="filename">keys-ipsec1</code> ファイルを変更するために、ファイルを作成した後で以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ いつでも認証キーを変更するために、両方のワークステーションにおいて <code class="filename">keys-ipsec1</code> ファイルを編集します。<span class="emphasis"><em>両方の認証キーは正しいコネクションのために同一でなければいけません</em></span>。
+ </div><div class="para">
+ 次の例は、リモート・ホストへのフェーズ1コネクションに対する具体的な設定を示します。このファイルは <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> と呼ばれます。ここで、<em class="replaceable"><code>X.X.X.X</code></em> はリモート <abbr class="abbrev">IPsec</abbr> ホストの IP アドレスです。このファイルは <abbr class="abbrev">IPsec</abbr> トンネルが有効化されるとき自動的に作成され、直接編集すべきではありません。
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションが初期化されるときに作成される、デフォルトのフェーズ1設定ファイルは、IPsec の Fedora 実装により使用される以下の命令文を含みます:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">remote <em class="replaceable"><code>X.X.X.X</code></em></span></dt><dd><div class="para">
+ この設定ファイルの以降の節は <em class="replaceable"><code>X.X.X.X</code></em> IP アドレスにより識別されるリモート・ホストに対してのみ適用されることを指定します。
+ </div></dd><dt class="varlistentry"><span class="term">exchange_mode aggressive</span></dt><dd><div class="para">
+ Fedora における <abbr class="abbrev">IPsec</abbr> のデフォルトの設定は、複数のホストを用いたいくつかの <abbr class="abbrev">IPsec</abbr> コネクションの設定を許可する、コネクションのオーバーヘッドがより少ない、アグレッシブ認証モードを使用します。
+ </div></dd><dt class="varlistentry"><span class="term">my_identifier address</span></dt><dd><div class="para">
+ ノードを認証するときに使用するための識別方式を指定します。Fedora はノードを識別するために IP アドレスを使用します。
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des</span></dt><dd><div class="para">
+ 認証の間に使用される暗号化の方式を指定します。デフォルトで <em class="firstterm">Triple Data Encryption Standard</em> (<acronym class="acronym">3DES</acronym>) が使用されます。
+ </div></dd><dt class="varlistentry"><span class="term">hash_algorithm sha1;</span></dt><dd><div class="para">
+ ノード間でフェーズ1ネゴシエーションの間に使用されるハッシュ・アルゴリズムを指定します。デフォルトで Secure Hash Algorithm バージョン 1 が使用されます。
+ </div></dd><dt class="varlistentry"><span class="term">authentication_method pre_shared_key</span></dt><dd><div class="para">
+ ノードのネゴシエーション中に使用される認証方式を指定します。デフォルトで Fedora は認証のために事前共有キーを使用します。
+ </div></dd><dt class="varlistentry"><span class="term">dh_group 2</span></dt><dd><div class="para">
+ 動的に生成されるセッション・キーのために Diffie-Hellman グループ番号を指定します。デフォルトで modp1024 (group 2) が使用されます。
+ </div></dd></dl></div><div class="section" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h6 class="title" id="sect-Security_Guide-Manual_IPsec_Host_to_Host_Configuration-The_Racoon_Configuration_File">4.2.1.6.2.1. Racoon 設定ファイル</h6></div></div></div><div class="para">
+ <code class="filename">/etc/racoon/racoon.conf</code> ファイルは、<code class="command">include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</code> 命令文を<span class="emphasis"><em>除いて</em></span>、すべての <abbr class="abbrev">IPsec</abbr> ノードにおいて同一でなければいけません。この命令文(および、それが参照するファイル)が、<abbr class="abbrev">IPsec</abbr> トンネルが有効化されるときに生成されます。ワークステーションAに対して、<code class="command">include</code> 命令文\nにおける <em class="replaceable"><code>X.X.X.X</code></em> はワークステーションBの IP アドレスです。 以下は、<abbr class="abbrev">IPsec</abbr> コネクションが有効化されるとき、典型的な <code class="filename">racoon.conf</code> ファイルを示します。
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/X.X.X.X.conf";</pre><div class="para">
+ このデフォルトの <code class="filename">racoon.conf</code> ファイルは、<abbr class="abbrev">IPsec</abbr> 設定、事前共有キーファイル、および証明書に対して定義されたパスを含みます。<code class="computeroutput">sainfo anonymous</code> にあるフィールドは、<abbr class="abbrev">IPsec</abbr> ノード間でフェーズ2 SA を記載します — <abbr class="abbrev">IPsec</abbr> コネクション(使用することがサポートされた暗号化アルゴリズムを含めて)の性質およびキー交換の方式。以下のリストは、フェーズ2のフィールドを定義します:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">sainfo anonymous</span></dt><dd><div class="para">
+ SA が、<abbr class="abbrev">IPsec</abbr> クレディンシャルがマッチする、提供されたすべての相手を匿名で初期化できることを意味します。
+ </div></dd><dt class="varlistentry"><span class="term">pfs_group 2</span></dt><dd><div class="para">
+ Diffie-Hellman キー交換プロトコルを定義します。これは、<abbr class="abbrev">IPsec</abbr> ノードが <abbr class="abbrev">IPsec</abbr> コネクションの第2フェーズに対する共通の一時的セッションを確立することにより、方式を決定します。デフォルトで、Fedora の <abbr class="abbrev">IPsec</abbr> 実装は、Diffie-Hellman 暗号キー交換グループのグループ2(または、<code class="computeroutput">modp1024</code>)を使用します。グループ2は、秘密鍵が漏えいしたときさえ、攻撃者が以前の <abbr class="abbrev">IPsec</abbr> 転送を復号することを防ぐ、1024ビットのモジュールの累乗法を使用します。
+ </div></dd><dt class="varlistentry"><span class="term">lifetime time 1 hour</span></dt><dd><div class="para">
+ このパラメーターは SA の有効期間を指定します。時間またはデータのバイトにより定量化されます。デフォルトの <abbr class="abbrev">IPsec</abbr> の Fedora 導入は1時間の有効期間を指定します。
+ </div></dd><dt class="varlistentry"><span class="term">encryption_algorithm 3des, blowfish 448, rijndael</span></dt><dd><div class="para">
+ フェーズ2のためにサポートされる暗号化の方式を指定します。Fedora は 3DES, 448-bit Blowfish, および Rijndael (<em class="firstterm">Advanced Encryption Standard</em>, または <acronym class="acronym">AES</acronym> で使用される暗号) をサポートします。
+ </div></dd><dt class="varlistentry"><span class="term">authentication_algorithm hmac_sha1, hmac_md5</span></dt><dd><div class="para">
+ 認証のためにサポートされたハッシュ・アルゴリズムを表示します。サポートされるモードは sha1 および md5 の hashed message authentication codes (HMAC) です。
+ </div></dd><dt class="varlistentry"><span class="term">compression_algorithm deflate</span></dt><dd><div class="para">
+ IP Payload Compression (IPCOMP) に対して Deflate 圧縮アルゴリズムを定義します。これは、低速なネットワークにおいて IP データグラムのより速い転送を潜在的にできるようにします。
+ </div></dd></dl></div><div class="para">
+ 接続を開始するために、各ホストにおいて以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~]# /sbin/ifup <nickname></pre><div class="para">
+ ここで <nickname> は <abbr class="abbrev">IPsec</abbr> 接続に対して指定した名前です。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションをテストするために、ホスト間で転送されるネットワーク・パケットを表示して、IPsec 経由で暗号化されていることを検証するために、<code class="command">tcpdump</code> ユーティリティを実行します。パケットは AH ヘッダーを含むべきであり、ESP パケットとして示されるべきです。ESP はそれが暗号化されていることを意味します。たとえば:
+ </div><pre class="screen">[root at myServer ~]# tcpdump -n -i eth0 host <targetSystem>⏎ ⏎ IP 172.16.45.107 > 172.16.44.192: AH(spi=0x0954ccb6,seq=0xbb): ESP(spi=0x0c9f2164,seq=0xbb)</pre></div></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">4.2.1.7. ネットワーク-ネットワーク間の IPsec 設定</h4></div></div></div><div class="para">
+ IPsec は、ネットワーク-ネットワーク間のコネクションを用いて、ネットワーク全体(<acronym class="acronym">LAN</acronym> や <acronym class="acronym">WAN</acronym> のような)をリモートネットワークを接続するために設定することもできます。ネットワーク-ネットワーク間のコネクションは、<acronym class="acronym">LAN</acronym> にあるノードからリモート <acronym class="acronym">LAN</acronym> にあるノードへと情報を透過的に処理して中継するために、接続しているネットワークの両側において<abbr class="abbrev">IPsec</abbr> ルーターのセットアップが必要となります。<a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection">図4.2「ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr>
トンネル・コネクション」</a> は、ネットワーク-ネットワーク間 <abbr class="abbrev">IPsec</abbr> トンネル・コネクションを示します。
+ </div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="ネットワーク-ネットワーク間の IPsec トンネル・コネクション" /><div class="longdesc"><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> トンネル・コネクション
+ </div></div></div></div><h6>図4.2 ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> トンネル・コネクション</h6></div><br class="figure-break" /><div class="para">
+ ãã®ãã¤ã¢ãã°ã¯ã2ã¤ã®å¥ã
ã® <acronym class="acronym">LAN</acronym> ãã¤ã³ã¿ã¼ãããã«ããåãããã¦ãããã¨ã示ãã¦ãã¾ãããããã® <acronym class="acronym">LAN</acronym> ã¯ãã¤ã³ã¿ã¼ããããçµç±ããã»ãã¥ã¢ãªãã³ãã«ãç¨ãã¦ã³ãã¯ã·ã§ã³ãèªè¨¼ããã³åæåããããã«ã<abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã使ç¨ãã¾ãã転éä¸ã«æ¨ªåãããããã±ããã¯ããããã® <acronym class="acronym">LAN</acronym> ã®éã§ãã±ãããä¿è·ãã¦ããæå·ãã¯ã©ãã¯ããããã«ããã«ã¼ããã©ã¼ã¹å¾©å·ãå¿
è¦ã¨ãªãã¾ãã192.168.1.0/24 IP ç¯å²ã«ãããã¼ããã 192.168.2.0/24 ç¯å²ã«ããããä¸ã¤ã®ãã¼ãã¸ã¨ã³ãã¥ãã±ã¼ããããããã»ã¹ã¯ã<abbr class="abbrev">IPsec</abbr> ãã±ããã®å¦çãæå·å/復å·ãããã³ã«ã¼ãã£ã³ã°ãå®å
¨ã« <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã
¼ã§åãæ±ãããã®ã§ããã¼ãã«å¯¾ãã¦å®å
¨ã«ééçã§ãã
+ </div><div class="para">
+ ネットワーク-ネットワーク間接続に必要とされる情報は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 専用の <abbr class="abbrev">IPsec</abbr> ルーターの外部からアクセス可能な IP アドレス
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">IPsec</abbr> ルーターにより取り扱われる <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> のネットワーク・アドレス範囲 (192.168.1.0/24 や 10.0.1.0/24 のような) 。
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク・ノードからインターネットへデータをルートするゲートウェイ・デバイスの IP アドレス
+ </div></li><li class="listitem"><div class="para">
+ 一意な名前。たとえば、<code class="computeroutput">ipsec1</code>。これは <abbr class="abbrev">IPsec</abbr> コネクションを識別し、他のデバイスまたはコネクションと区別するために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ 固定暗号キーまたは <code class="command">racoon</code> により自動的に生成されたもの
+ </div></li><li class="listitem"><div class="para">
+ コネクションの初期化段階で使用され、セッション中に暗号キーを交換するために事前共有された認証キー。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Network_to_Network_VPN_Connection">4.2.1.7.1. ネットワーク-ネットワーク間の (<abbr class="abbrev">VPN</abbr>) コネクション</h5></div></div></div><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> コネクションは、プライベート・サブネットに対するネットワーク・トラフィックがルートされることを通して、お互いのネットワークのために、2つの <abbr class="abbrev">IPsec</abbr> ルーターを使用します。
+ </div><div class="para">
+ たとえば、<a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec">図4.3「ネットワーク-ネットワーク間の IPsec」</a> に示されるように、192.168.1.0/24 プライベート・ネットワークが 192.168.2.0/24 プライベート・ネットワークにネットワーク・トラフィックを送信するならば、パケットは gateway0 を通り、ipsec0 へと、インターネットを経由して、ipsec1 へと、gateway1 へと、192.168.2.0/24 サブネットへと行きます。
+ </div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> ルーターは、公にアドレス可能な IP アドレスとそれぞれのプライベート・ネットワークに接続された2番目のイーサネット・デバイスを必要とします。もう一方の <abbr class="abbrev">IPsec</abbr> ルーターが暗号化されたコネクションを持つことを意図しているならば、トラフィックは <abbr class="abbrev">IPsec</abbr> ルーターを経由していきます。
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Network_to_Network_IPsec"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" width="444" alt="ネットワーク-ネットワーク間の IPsec" /><div class="longdesc"><div class="para">
+ ネットワーク-ネットワーク間の IPsec
+ </div></div></div></div><h6>図4.3 ネットワーク-ネットワーク間の IPsec</h6></div><br class="figure-break" /><div class="para">
+ 代ããã®ãããã¯ã¼ã¯è¨å®ãªãã·ã§ã³ã¯ãå IP ã«ã¼ã¿ã¼ããã³ã¤ã³ã¿ã¼ãããéã®ãã¡ã¤ã¢ã¦ã©ã¼ã«ãå <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ããã³ãµããããã»ã²ã¼ãã¦ã§ã¤éã®ã¤ã³ãã©ãããã»ãã¡ã¤ã¢ã¦ã©ã¼ã«ãå«ã¿ã¾ãã<abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ããã³ãµããããã®ã²ã¼ãã¦ã§ã¤ã¯ã2ã¤ã®ã¤ã¼ãµãããã»ããã¤ã¹ãæã¤1ã¤ã®ã·ã¹ãã ã§ãã<abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã¨ãã¦åä½ãã ãããªã㯠IP ã¢ãã¬ã¹ãæã¤ãã®ãããã³ãã©ã¤ãã¼ãã»ãµããããã«å¯¾ããã²ã¼ãã¦ã§ã¤ã¨ãã¦åä½ãããã©ã¤ãã¼ã IP ã¢ãã¬ã¹ãæã¤ãã®ãå <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã¯ããã©ã¤ãã¼ãã»ãããã¯ã¼ã¯ã®ããã«ã²ã¼ãã¦ã§ã¤ã使ç¨ãã¾ãããããã¯ãä»ã® <abbr class="abbrev">IPsec</abbr> ã«ã¼ã¿ã¼ã«ãã±ãããéãã
ãã«ãããªãã¯ã»ã²ã¼ãã¦ã§ã¤ã使ç¨ãã¾ãã
+ </div><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> コネクションを設定するために以下の手順を使用します:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="application"><strong>ネットワーク管理ツール</strong></span>を起動するために、コマンド・シェルにおいて <code class="command">system-config-network</code> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">IPsec</abbr>設定ウィザードを起動するために、<span class="guilabel"><strong>IPsec</strong></span> タブにおいて<span class="guibutton"><strong>新規</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク-ネットワーク間の <abbr class="abbrev">IPsec</abbr> コネクションを設定開始するために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの一意なニックネームを入力します。たとえば、<strong class="userinput"><code>ipsec0</code></strong>。必要に応じて、コンピュータを起動するときに自動的にコネクションを有効にするチェックボックスを選択します。続けるために、<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ コネクションの種類として<span class="guilabel"><strong>ネットワーク-ネットワーク間暗号化 (VPN)</strong></span> を選択します。<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n"><div class="para">
+ 使用する暗号化の種類を選択します: 手動または自動。
+ </div><div class="para">
+ 手動暗号化を選択すると、暗号キーが後のプロセスにおいて提供されなければいけません。自動暗号化を選択すると、<code class="command">racoon</code> デーモンが暗号キーを管理します。自動暗号化を使用したいならば、<code class="filename">ipsec-tools</code> パッケージがインストールされていなければいけません。
+ </div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルネットワーク</strong></span>ページにおいて、以下の情報を入力します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルネットワークアドレス</strong></span> — プライベート・ネットワークに接続された、<abbr class="abbrev">IPsec</abbr> ルータにおけるデバイスの IP アドレス。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルサブネットマスク</strong></span> — ローカルネットワーク IP アドレスのサブネットマスク。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ローカルネットワークゲートウェイ</strong></span> — プライベートサブネットのゲートウェイ。
+ </div></li></ul></div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Local_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_local.png" width="444" alt="ローカル・ネットワーク情報" /><div class="longdesc"><div class="para">
+ ローカル・ネットワーク情報
+ </div></div></div></div><h6>図4.4 ローカル・ネットワーク情報</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモートネットワーク</strong></span>ページにおいて、以下の情報を入力します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート IP アドレス</strong></span> — <span class="emphasis"><em>他の</em></span>プライベート・ネットワークに対して<abbr class="abbrev">IPsec</abbr> ルーターのパブリックアドレス可能な IP アドレス。私たちの例では、ipsec0 に対して、ipsec1 のパブリックにアドレス可能な IP アドレスを入力します。逆もまた同様です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート・ネットワーク・アドレス</strong></span> — <span class="emphasis"><em>他の</em></span> <abbr class="abbrev">IPsec</abbr> ルーターにバインドされたプライベート・サブネットのネットワーク・アドレス。私たちの例では、ipsec1 を設定しているなら <strong class="userinput"><code>192.168.1.0</code></strong> を入力します。ipsec0 を設定しているなら <strong class="userinput"><code>192.168.2.0</code></strong> を入力します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート・サブネットマスク</strong></span> — リモート IP アドレスのサブネットマスク。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>リモート・ネットワーク・ゲートウェイ</strong></span> — リモート・ネットワーク・アドレスに対するゲートウェイの IP アドレス。
+ </div></li><li class="listitem" id="list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-to-host-keys-n"><div class="para">
+ <a class="xref" href="Security_Guide-Encryption-Data_in_Motion.html#list-Security_Guide-list-Security_Guide-list-Security_Guide-st-host-encrypt-type-n">6</a>の手順において手動暗号化が選択されると、使用する暗号キーを指定するか、1つ生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。
+ </div><div class="para">
+ 認証キーを指定するか、1つ生成するために<span class="guibutton"><strong>生成</strong></span>をクリックします。このキーは数字と文字のあらゆる組み合わせが可能です。
+ </div></li></ul></div><div class="para">
+ 続けるために<span class="guibutton"><strong>進む</strong></span>をクリックします。
+ </div><div class="figure" id="figu-Security_Guide-Network_to_Network_VPN_Connection-Remote_Network_Information"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-ipsec_n_to_n_remote.png" width="444" alt="リモート・ネットワーク情報" /><div class="longdesc"><div class="para">
+ リモート・ネットワーク情報
+ </div></div></div></div><h6>図4.5 リモート・ネットワーク情報</h6></div><br class="figure-break" /></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>IPsec — Summary</strong></span> ページにおいて情報を確認し、<span class="guibutton"><strong>Apply</strong></span> をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 設定を保存するために <span class="guimenu"><strong>ファイル</strong></span> => <span class="guimenuitem"><strong>保存</strong></span> を選択します。
+ </div></li><li class="listitem"><div class="para">
+ リストから <abbr class="abbrev">IPsec</abbr> コネクションを選択し、コネクションを有効にするために<span class="guibutton"><strong>有効</strong></span>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ IP フォワードを有効にします:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysctl.conf</code> を編集し、<code class="computeroutput">net.ipv4.ip_forward</code> に <strong class="userinput"><code>1</code></strong> をセットします。
+ </div></li><li class="listitem"><div class="para">
+ 変更を有効にするために以下のコマンドを使用します
+ </div><pre class="screen">[root at myServer ~]# /sbin/sysctl -p /etc/sysctl.conf</pre></li></ol></div></li></ol></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションを有効化するネットワーク・スクリプトは、必要に応じて <abbr class="abbrev">IPsec</abbr> ルーターを通してパケットを送るために、ネットワーク・ルーターを自動的に作成します。
+ </div></div><div class="section" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">4.2.1.7.2. 手動の <abbr class="abbrev">IPsec</abbr> ネットワーク-ネットワーク間の設定</h5></div></div></div><div class="para">
+ <acronym class="acronym">LAN</acronym> A (lana.example.com) および <acronym class="acronym">LAN</acronym> B (lanb.example.com) がお互いに <abbr class="abbrev">IPsec</abbr> トンネルを経由して接続したいと仮定します。<acronym class="acronym">LAN</acronym> A のネットワーク・アドレスは 192.168.1.0/24 範囲にあり、<acronym class="acronym">LAN</acronym> B は 192.168.2.0/24 範囲を使用します。ゲートウェイ IP アドレスは、<acronym class="acronym">LAN</acronym> A に対して 192.168.1.254 、<acronym class="acronym">LAN</acronym> B に対して 192.168.2.254 です。<abbr class="abbrev">IPsec</abbr> ルーターは、各 <acronym class="acronym">LAN</acronym> ゲートウェイから分離されており、2つのネットワーク・デバイスを使用します: eth0 はインターネットからアクセスする外部からアクセス可能な静的 IP アドレスを割り当てられています。一方
、eth1 は処理するルーティング地点として動作して、あるネットワーク・ノードからリモート・ネットワーク・ノードへと <acronym class="acronym">LAN</acronym> パケットを転送します。
+ </div><div class="para">
+ 各ネットワークの間の <abbr class="abbrev">IPsec</abbr> コネクションは、<code class="computeroutput">r3dh4tl1nux</code> の値を持つ事前共有キーを使用します。また、A と B の管理者は、<abbr class="abbrev">IPsec</abbr> ルーターの間の認証キーを<code class="command">racoon</code> が自動的に生成および管理することに合意します。<acronym class="acronym">LAN</acronym> A の管理者が <abbr class="abbrev">IPsec</abbr> コネクションを <code class="computeroutput">ipsec0</code> と名付けることに決めます。一方、<acronym class="acronym">LAN</acronym> B の管理者が <abbr class="abbrev">IPsec</abbr> コネクションを <code class="computeroutput">ipsec1</code> と名付けます。
+ </div><div class="para">
+ 以下の例は、<acronym class="acronym">LAN</acronym> A に対するネットワーク-ネットワーク間 <abbr class="abbrev">IPsec</abbr> コネクションの <code class="filename">ifcfg</code> ファイルの内容を示します。この例においてコネクションを識別するための一意な名前は <em class="replaceable"><code>ipsec0</code></em> です。そのため、結果ファイルは <code class="filename">/etc/sysconfig/network-scripts/ifcfg-ipsec0</code> と呼ばれます。
+ </div><pre class="screen">TYPE=IPSEC
+ONBOOT=yes
+IKE_METHOD=PSK
+SRCGW=192.168.1.254
+DSTGW=192.168.2.254
+SRCNET=192.168.1.0/24
+DSTNET=192.168.2.0/24
+DST=<em class="replaceable"><code>X.X.X.X</code></em></pre><div class="para">
+ 以下の一覧はこのファイルの内容を説明します:
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">TYPE=IPSEC</span></dt><dd><div class="para">
+ 接続の種類を指定します。
+ </div></dd><dt class="varlistentry"><span class="term">ONBOOT=yes</span></dt><dd><div class="para">
+ ブート時に接続が初期化されるかを指定します。
+ </div></dd><dt class="varlistentry"><span class="term">IKE_METHOD=PSK</span></dt><dd><div class="para">
+ 接続が使用する認証の事前共有鍵の方式を指定します。
+ </div></dd><dt class="varlistentry"><span class="term">SRCGW=192.168.1.254</span></dt><dd><div class="para">
+ 送信元ゲートウェイの IP アドレス。LAN Aに対しては LAN A のゲートウェイ、LAN B に対しては LAN B ゲートウェイ。
+ </div></dd><dt class="varlistentry"><span class="term">DSTGW=192.168.2.254</span></dt><dd><div class="para">
+ 宛て先ゲートウェイの IP アドレス。LAN A に対しては LAN B のゲートウェイ、LAN B に対しては LAN A のゲートウェイ。
+ </div></dd><dt class="varlistentry"><span class="term">SRCNET=192.168.1.0/24</span></dt><dd><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続に対する送信元ネットワークを指定します。この例では LAN A のネットワーク範囲です。
+ </div></dd><dt class="varlistentry"><span class="term">DSTNET=192.168.2.0/24</span></dt><dd><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続に対する宛て先ネットワークを指定します。この例では <acronym class="acronym">LAN</acronym> A のネットワーク範囲です。
+ </div></dd><dt class="varlistentry"><span class="term">DST=X.X.X.X</span></dt><dd><div class="para">
+ <acronym class="acronym">LAN</acronym> B の外部からアクセス可能な IP アドレス。
+ </div></dd></dl></div><div class="para">
+ 以下の例は、両方のネットワークがお互いに認証するために使用する、<code class="filename">/etc/sysconfig/network-scripts/keys-ipsec<em class="replaceable"><code>X</code></em></code> (<em class="replaceable"><code>X</code></em> は、<acronym class="acronym">LAN</acronym> A に対して0、<acronym class="acronym">LAN</acronym> B に対して1です)と呼ばれる事前共有キーファイルの内容です。このファイルの内容は同じであるべきです。また、root ユーザーだけがこのファイルを読み書きできるべきです。
+ </div><pre class="screen">IKE_PSK=r3dh4tl1nux</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ root ユーザーだけが <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> ファイルを読み込みや編集ができるよう、そのファイルを変更するため、ファイル作成後に以下のコマンドを使用します:
+ </div><pre class="screen">chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1</pre></div></div><div class="para">
+ いつでも認証キーを変更するために、両方の <abbr class="abbrev">IPsec</abbr> ルーターにおいて <code class="filename">keys-ipsec<em class="replaceable"><code>X</code></em></code> ファイルを編集します。<span class="emphasis"><em>正しいコネクションのために両方のキーが同一でなければいけません</em></span>。
+ </div><div class="para">
+ 以下の例は、<abbr class="abbrev">IPsec</abbr> コネクションに対する <code class="filename">/etc/racoon/racoon.conf</code> 設定ファイルの内容です。ファイルの最後にある <code class="computeroutput">include</code> 行は、自動的に生成され、<abbr class="abbrev">IPsec</abbr> トンネルが実行しているときのみ表れます。
+ </div><pre class="screen"># Racoon IKE daemon configuration file.
+# See 'man racoon.conf' for a description of the format and entries.
+path include "/etc/racoon";
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+sainfo anonymous
+{
+ pfs_group 2;
+ lifetime time 1 hour ;
+ encryption_algorithm 3des, blowfish 448, rijndael ;
+ authentication_algorithm hmac_sha1, hmac_md5 ;
+ compression_algorithm deflate ;
+}
+include "/etc/racoon/<em class="replaceable"><code>X.X.X.X</code></em>.conf"</pre><div class="para">
+ 以下はリモート・ネットワークへの接続用の具体的な設定ファイルです。このファイルは <code class="filename"><em class="replaceable"><code>X.X.X.X</code></em>.conf</code> という名前です(ここで、<em class="replaceable"><code>X.X.X.X</code></em> は リモート <abbr class="abbrev">IPsec</abbr> ルーターの IP アドレスです)。このファイルは、<abbr class="abbrev">IPsec</abbr> トンネルが有効化されるときに自動的に生成され、直接編集すべきではありません。
+ </div><pre class="screen">remote <em class="replaceable"><code>X.X.X.X</code></em>{
+ exchange_mode aggressive, main;
+ my_identifier address;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method pre_shared_key;
+ dh_group 2 ;
+ }
+}</pre><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続を開始するに先立って、IP フォワーディングがカーネルで有効になっていなければいけません。IP フォワーディングを有効にするために:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <code class="filename">/etc/sysctl.conf</code> を編集し、<code class="computeroutput">net.ipv4.ip_forward</code> に <strong class="userinput"><code>1</code></strong> をセットします。
+ </div></li><li class="listitem"><div class="para">
+ 変更を有効にするために以下のコマンドを使用します
+ </div><pre class="screen">[root at myServer ~] # sysctl -p /etc/sysctl.conf</pre></li></ol></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> 接続を開始するために、各ルーターにおいて以下のコマンドを使用します。
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup ipsec0</pre><div class="para">
+ コネクションが有効化され、<acronym class="acronym">LAN</acronym> A と <acronym class="acronym">LAN</acronym> B 両方がお互いにコミュニケートできます。<abbr class="abbrev">IPsec</abbr> コネクションにおいて <code class="command">ifup</code> を実行することにより、ルートが初期化スクリプト経由で自動的に作成されます。
+ </div><pre class="screen">[root at myServer ~] # /sbin/ip route list</pre><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションをテストするために、ホスト間で転送されるネットワーク・パケットを表示するために、外部からルート可能なデバイスにおいて <code class="command">tcpdump</code> ユーティリティを実行して、IPsec 経由で暗号化されていることを確認します。たとえば、<acronym class="acronym">LAN</acronym> A の <abbr class="abbrev">IPsec</abbr> コネクションをチェックするために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # tcpdump -n -i eth0 host <em class="replaceable"><code>lana.example.com</code></em></pre><div class="para">
+ パケットは AH ヘッダーを含むべきであり、ESP パケットとして示されるべきです。ESP は暗号化されているという意味です。たとえば、(バックスラッシュはある行が続くことを表します):
+ </div><pre class="screen">12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \
+ lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \
+ (ipip-proto-4)</pre></div></div><div class="section" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">4.2.1.8. <abbr class="abbrev">IPsec</abbr> コネクションの開始と停止</h4></div></div></div><div class="para">
+ <abbr class="abbrev">IPsec</abbr> コネクションがブート時に有効化するよう設定されていなければ、コマンドラインから制御できます。
+ </div><div class="para">
+ コネクションを開始するために、ホスト間 IPsec に対する各ホスト、またはネットワーク間 IPsec に対する各 <abbr class="abbrev">IPsec</abbr> ルータにおいて以下のコマンドを使用します。
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifup <em class="replaceable"><code><nickname></code></em></pre><div class="para">
+ ここで <em class="replaceable"><code><nickname></code></em> は、<code class="computeroutput">ipsec0</code> のような、前に設定したニックネームです。
+ </div><div class="para">
+ 接続を停止するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # /sbin/ifdown <em class="replaceable"><code><nickname></code></em></pre></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>戻る</strong>第4章 暗号化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>次へ</strong>4.2.2. Secure Shell</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02.html
new file mode 100644
index 0000000..bcb8028
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2. 公開鍵暗号</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Encryption_Standards.html" title="付録A 暗号の標準" /><link rel="prev" href="chap-Security_Guide-Encryption_Standards.html" title="付録A 暗号の標準" /><link rel="next" href="apas02s02.html" title="A.2.2. RSA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption_Standards.html"><strong>戻る</strong></
a></li><li class="next"><a accesskey="n" href="apas02s02.html"><strong>次へ</strong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idp16692144">A.2. 公開鍵暗号</h2></div></div></div><div class="para">
+ 公開鍵暗号は、多くの暗号アルゴリズムと暗号化システムにより採用されている、暗号的なアプローチです。その際立った特徴は、対象の鍵アルゴリズムの代わりに、またはそれに加えて、非対称の鍵アルゴリズムを使用することです。公開鍵-秘密鍵暗号の技術を使用することで、以前は知られていなかった、コミュニケーションや認証メッセージを保護する多くの方法が実用的になりました。対称鍵アルゴリズムを使うときに必要となるような、1つかそれより多い秘密鍵の始めの安全な交換が必要なくなりました。電子署名を作成するためにも使用されます。<sup>[<a id="idp16694016" href="#ftn.idp16694016" class="footnote">21</a>]</sup>
+ </div><div class="para">
+ 公開鍵暗号は、世界中で基本的かつ広範囲に使用される技術です。また、Transport Layer Security (TLS) (SSL の後継), PGP および GPG のようなインターネット標準として基礎となるアプローチです。<sup>[<a id="idp7274432" href="#ftn.idp7274432" class="footnote">22</a>]</sup>
+ </div><div class="para">
+ 公開鍵暗号において使用される特徴的な技術は非対称の鍵アルゴリズムの使用です。ここで、メッセージを暗号化するために使われる鍵は、復号するために使われる鍵を同じではありません。各ユーザーは、一組の暗号鍵— 公開鍵と秘密鍵を持ちます。公開鍵が広く配布されるかもしれないのに対して、秘密鍵は秘密にしておきます。メッセージは受信者の公開鍵で暗号化され、対応する秘密鍵でのみ復号することができます。鍵は数学的に関連していますが、秘密鍵は公開鍵からうまく導くことができません(つまり、実際のまたは計画された実践)。1970年代半ばに始まった暗号の実践の変革をもたらす、そのようなアルゴリズムを発見しました。<sup>[<a id="idp7277792" href="#ftn.idp7277792" class="footnote">23</a>]</sup>
+ </div><div class="para">
+ 対照的に、数千年の間使用されてきたバリエーションである、対称鍵暗号は、暗号化と復号のために送信者と受信者により共有される1つの秘密鍵(プライベートに保たなければいけない、このように共通の用語の曖昧さの原因であるもの)を使用します。対称の暗号化スキーマを使用するために、送信者と受信者が前もって安全に鍵を共有しなければいけません。<sup>[<a id="idp16801616" href="#ftn.idp16801616" class="footnote">24</a>]</sup>
+ </div><div class="para">
+ 対称鍵アルゴリズムがほとんど常に計算的に集約的であるので、鍵交換アルゴリズムを用いて鍵を交換して、その鍵と対称鍵アルゴリズムを用いてデータを転送します。たとえば、PGP、およびスキームの SSL/TLS ファミリーはこれをします。結果としてハイブリッド暗号システムと呼ばれます。<sup>[<a id="idp42514016" href="#ftn.idp42514016" class="footnote">25</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp42516192">A.2.1. Diffie-Hellman</h3></div></div></div><div class="para">
+ Diffie–Hellman 鍵交換 (D–H) は、お互いに事前に知識を持たない2者が、安全ではないコミュニケーション・チャネル上で共有の秘密鍵を共同で確立できるようにする、暗号のプロトコルです。そして、この鍵は対称鍵暗号を用いて以降のコミュニケーションを暗号化するために使用されます。<sup>[<a id="idp42517696" href="#ftn.idp42517696" class="footnote">26</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idp30966768">A.2.1.1. Diffie-Hellman の歴史</h4></div></div></div><div class="para">
+ スキーマは1976年に Whitfield Diffie と Martin Hellman により初めて公開されました。しかしながら後から、GCHQ の British signals intelligence agency の中で Malcolm J. Williamson によりまったく別に数年早く発明されていたが、秘密にされていたことがわかりました。2002年、Hellman は、公開鍵暗号の発明に対する貢献を認めて Diffie–Hellman–Merkle 鍵交換と呼ばれるアルゴリズムを提案しました(Hellman, 2002)。<sup>[<a id="idp30968368" href="#ftn.idp30968368" class="footnote">27</a>]</sup>
+ </div><div class="para">
+ Diffie–Hellman 鍵合意それ自身は、匿名の(認証されない)鍵合意プロトコルであるにも関わらず、いろいろな認証されたプロトコルに対する基礎を提供し、Transport Layer Security の超短期モード (暗号スイートに依存して EDH または DHE として参照されます)において、完全な順方向の秘密を提供するために使用されます。<sup>[<a id="idp22949632" href="#ftn.idp22949632" class="footnote">28</a>]</sup>
+ </div><div class="para">
+ U.S. Patent 4,200,770 (現在、失効) は、アルゴリズムが説明されていて、発明者として Hellman, Diffie と Merkle がクレジットされています。<sup>[<a id="idp22952288" href="#ftn.idp22952288" class="footnote">29</a>]</sup>
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp16694016" href="#idp16694016" class="para">21</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp7274432" href="#idp7274432" class="para">22</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp7277792" href="#idp7277792" class="para">23</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp16801616" href="#idp16801616" class="para">24</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp42514016" href="#idp42514016" class="para">25</a>] </sup>
+ "Public-key Encryption." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">http://en.wikipedia.org/wiki/Public-key_cryptography</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp42517696" href="#idp42517696" class="para">26</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp30968368" href="#idp30968368" class="para">27</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp22949632" href="#idp22949632" class="para">28</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp22952288" href="#idp22952288" class="para">29</a>] </sup>
+ "Diffie-Hellman." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Diffie-Hellman">http://en.wikipedia.org/wiki/Diffie-Hellman</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption_Standards.html"><strong>戻る</strong>付録A 暗号の標準</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="apas02s02.html"><strong>次へ</strong>A.2.2. RSA</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s02.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s02.html
new file mode 100644
index 0000000..c4d1e12
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s02.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.2. RSA</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="apas02.html" title="A.2. 公開鍵暗号" /><link rel="prev" href="apas02.html" title="A.2. 公開鍵暗号" /><link rel="next" href="apas02s03.html" title="A.2.3. DSA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="apas02s03.html"><strong>次へ</strong></a></li></ul><div cla
ss="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp36614096">A.2.2. RSA</h3></div></div></div><div class="para">
+ 暗号学において、RSA (初めて公的にそれを説明した Rivest, Shamir および Adleman を意味します。以下参照。) は公開鍵暗号のアルゴリズムです。それは、暗号と同様に署名にも適しているとして知られる最初のアルゴリズムで、公開鍵暗号において始めての大きな優位性の1つでした。RSA は、電子商取引のプロトコルにおいて広く使用され、十分に長い鍵が与えられ、更新の実装が使われていて、安全であると考えれらています。<sup>[<a id="idp36615776" href="#ftn.idp36615776" class="footnote">30</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp36615776" href="#idp36615776" class="para">30</a>] </sup>
+ "RSA" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/RSA">http://en.wikipedia.org/wiki/RSA</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02.html"><strong>戻る</strong>A.2. 公開鍵暗号</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="apas02s03.html"><strong>次へ</strong>A.2.3. DSA</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s03.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s03.html
new file mode 100644
index 0000000..fefdb7c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s03.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.3. DSA</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="apas02.html" title="A.2. 公開鍵暗号" /><link rel="prev" href="apas02s02.html" title="A.2.2. RSA" /><link rel="next" href="apas02s04.html" title="A.2.4. SSL/TLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s02.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="apas02s04.html"><strong>次へ</strong></a></li></ul><div cla
ss="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp2701408">A.2.3. DSA</h3></div></div></div><div class="para">
+ Digital Signature Algorithm (DSA) は電子署名に対する United States Federal Government standard または FIPS です。Digital Signature Standard (DSS) で使用するために、1991年8月に National Institute of Standards and Technology (NIST) により提案され、FIPS 186 で指定され、1993年に適用されました。わずかな改訂が FIPS 186-1 として1996年に発行されました。この標準は、さらに FIPS 186-2 として2000年に、再び FIPS 186-3 として2009年に、拡張されました。<sup>[<a id="idp2703056" href="#ftn.idp2703056" class="footnote">31</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp2703056" href="#idp2703056" class="para">31</a>] </sup>
+ "Digital Signature Algorithm" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Digital_Signature_Algorithm">http://en.wikipedia.org/wiki/Digital_Signature_Algorithm</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s02.html"><strong>戻る</strong>A.2.2. RSA</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="apas02s04.html"><strong>次へ</strong>A.2.4. SSL/TLS</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s04.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s04.html
new file mode 100644
index 0000000..87396cf
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s04.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.4. SSL/TLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="apas02.html" title="A.2. 公開鍵暗号" /><link rel="prev" href="apas02s03.html" title="A.2.3. DSA" /><link rel="next" href="apas02s05.html" title="A.2.5. Cramer-Shoup 暗号システム" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s03.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="apas02s05.html"><strong>次へ</stron
g></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp41561392">A.2.4. SSL/TLS</h3></div></div></div><div class="para">
+ Transport Layer Security (TLS) とその前進である Secure Socket Layer (SSL) は、インターネットのようなネットワークにおけるコミュニケーションに対してセキュリティを提供する暗号プロトコルです。TLS と SSL は、エンドからエンドへのトランスポート層におけるネットワーク接続のセグメントを暗号化します。プロトコルのいくつかのバージョンは、ウェブ閲覧、電子メール、インターネット FAX、インスタント・メッセージおよび voice-over-IP (VoIP) のようなアプリケーションにおいて広く使われます。TLS は IETF 標準トラックプロトコルです。それは、Netscape 社により開発された以前の SSL 仕様に基づいた、RFC 5246 で最終更新されました。
+ </div><div class="para">
+ TLS プロトコルは、クライアント/サーバーのアプリケーションが、盗聴や改ざんを防ぐために設計された方法で、ネットワークを越えたコミュニケーションできるようにします。TLS は暗号を用いてインターネット上でエンドポイント認証と通信の秘密を提供します。TLS は 1024 bit および 2048 bit 強度を持つ RSA セキュリティを提供します。
+ </div><div class="para">
+ 一般的なエンドユーザー/ブラウザの使い方において、TLS 認証は一方的です: サーバーのみが認証されます(クライアントはサーバーのアイデンティティを知っています)が、逆は真ではありません(クライアントは認証されないか、匿名のままです)。
+ </div><div class="para">
+ TLS はより安全な相互接続モード(一般的にエンタープライズ・アプリケーションで使われます)もサポートします。それは、"対話" の両端が誰とコミュニケーションしているか保証できます(それらが相手方の証明書にあるアイデンティティ情報を入念に精査することが提供されます)。これは相互認証または 2SSL として知られています。相互認証は、TLS のクライアント側も証明書を持つ必要があります(一般にエンドユーザー/ブラウザのシナリオの場合ではありません)。TLS-PSK、Secure Remote Password (SRP) プロトコルまたはいくつかの他のプロトコルが使われている場合を除き、証明書なしで強力な相互認証を提供できます。
+ </div><div class="para">
+ 一般的に、TLS に対して不可欠な鍵情報と証明書は X.509 証明書(必要なフィールドとデータのフォーマットを定義します)の形式で取り扱われます。
+ </div><div class="para">
+ SSL は近代的な流儀で機能します。上位・下位互換およびピア間のネゴシエーションに対するサポートとともに、設計により拡張可能です。\n<sup>[<a id="idp36153408" href="#ftn.idp36153408" class="footnote">32</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp36153408" href="#idp36153408" class="para">32</a>] </sup>
+ "Transport Layer Security" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">http://en.wikipedia.org/wiki/Transport_Layer_Security</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s03.html"><strong>戻る</strong>A.2.3. DSA</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="apas02s05.html"><strong>次へ</strong>A.2.5. Cramer-Shoup 暗号システム</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s05.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s05.html
new file mode 100644
index 0000000..22fe1d4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s05.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.5. Cramer-Shoup 暗号システム</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="apas02.html" title="A.2. 公開鍵暗号" /><link rel="prev" href="apas02s04.html" title="A.2.4. SSL/TLS" /><link rel="next" href="apas02s06.html" title="A.2.6. ElGamal 暗号" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s04.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="apas02s06.html"><strong>次へ</strong></a></li></
ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp36155616">A.2.5. Cramer-Shoup 暗号システム</h3></div></div></div><div class="para">
+ Cramer–Shoup システムは非対称暗号アルゴリズムです。そして、標準的な暗号推測を用いた適応的選択暗号文攻撃に対して安全であると証明された、初めての効果的なスキーマでした。そのセキュリティは、決定的 Diffie–Hellman 仮定の計算的な難しさ(広く考えられていますが、証明されていません)に基づいています。1998年に Ronald Cramer と Victor Shoup により開発された、Elgamal 暗号の拡張です。極めて柔軟である Elgamal と比べて、Cramer–Shoup は資源の豊富な攻撃者に対してさえも柔軟ではないことを確定する追加の要素を追加しました。この非柔軟性は、衝突耐性のあるハッシュ機能と追加の計算の使用により達成されました。結果として Elgamal の2倍の暗号文になりました。<sup>[<a id="idm31840" href="#ftn.idm31840" class="footnote">33</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idm31840" href="#idm31840" class="para">33</a>] </sup>
+ "Cramer–Shoup cryptosystem" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem">http://en.wikipedia.org/wiki/Cramer-Shoup_cryptosystem</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s04.html"><strong>戻る</strong>A.2.4. SSL/TLS</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="apas02s06.html"><strong>次へ</strong>A.2.6. ElGamal 暗号</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s06.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s06.html
new file mode 100644
index 0000000..c84b297
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/apas02s06.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>A.2.6. ElGamal 暗号</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="apas02.html" title="A.2. 公開鍵暗号" /><link rel="prev" href="apas02s05.html" title="A.2.5. Cramer-Shoup 暗号システム" /><link rel="next" href="appe-Publican-Revision_History.html" title="付録B 改訂履歴" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s05.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="appe-P
ublican-Revision_History.html"><strong>次へ</strong></a></li></ul><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm29632">A.2.6. ElGamal 暗号</h3></div></div></div><div class="para">
+ 暗号学において、ElGamal 暗号システムは Diffie-Hellman 鍵合意に基づいた公開鍵暗号に対する非対称鍵暗号アルゴリズムです。1985年に Taher Elgamal により説明されました。[1] Elgamal 暗号は、フリーの GNU Privacy Guard ソフトウェア、最近のバージョンの PGP および他の暗号システムにおいて使用されています。Digital Signature Algorithm は ElGamal 署名スキーマ(ElGamal 暗号と混同してはいけません)の変種です。<sup>[<a id="idp42616032" href="#ftn.idp42616032" class="footnote">34</a>]</sup>
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp42616032" href="#idp42616032" class="para">34</a>] </sup>
+ "ElGamal encryption" <span class="emphasis"><em>Wikipedia</em></span> 14 April 2010 <a href="http://en.wikipedia.org/wiki/ElGamal_encryption">http://en.wikipedia.org/wiki/ElGamal_encryption</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s05.html"><strong>戻る</strong>A.2.5. Cramer-Shoup 暗号システム</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="appe-Publican-Revision_History.html"><strong>次へ</strong>付録B 改訂履歴</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html
new file mode 100644
index 0000000..b76277d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/appe-Publican-Revision_History.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>付録B 改訂履歴</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="apas02s06.html" title="A.2.6. ElGamal 暗号" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s06.html"><strong>戻る</strong></a></li><li class="next"></li></ul><div xml:lang="ja-JP" class="appendix" id="appe-Publican-Revision_History" lang="ja-JP"><div class="titlepage"><div><div>
<h1 class="title">改訂履歴</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><strong>改訂履歴</strong></th></tr><tr><td align="left">改訂 18.0-1</td><td align="left">Sat October 6 2012</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>基本的な強化の章を修正しました (BZ 841825 および 693620)。</td></tr><tr><td>LUKS のリンク切れを修正しました (BZ 846299)。</td></tr><tr><td>7 Zip の章に GUI のセクションを追加しました (BZ 854781)。</td></tr><tr><td>yum-plugin-security の章を修正しました (BZ 723282)。</td></tr><tr><td>GPG CLI コマンド画面を修正しました (BZ 590493)。</td></tr><tr><td>Yubikey のセクションを改善しました (BZ 644238)。</td></tr><tr><td>誤字を修正しました (BZ 863636)。</td></tr><tr><td>いくつかの章において wiki のマークアップを削除しました。</td></tr><tr><td>Seahorse の説明を更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 17.0-1</td><td align="left">Tue January 24 2012</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 17 向けブランチ。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 16.0-1</td><td align="left">Fri September 09 2011</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 16 用に分岐しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.3-1</td><td align="left">Sat Apr 02 2011</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>VPN テキストを暗号の章に移動しておよび再フォーマットしました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.2-1</td><td align="left">Wed Oct 20 2010</td><td align="left"><span class="author"><span class="surname">Oglesby</span> <span class="firstname">Zach</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ローカル認証とともに Fedora において Yubikey を使用するためにテキストを追加しました。 (BZ 644999)</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.2-0</td><td align="left">Fri Oct 6 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ドキュメントのソースにあるすべての変数を削除しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.1-2</td><td align="left">Fri Oct 1 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>DISA Unix Checklist へのリンクと更新されたリンクを訂正しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.1-1</td><td align="left">Wed Jul 8 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE の章を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 14.0-1</td><td align="left">Fri May 28 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 14 用に分岐しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-7</td><td align="left">Fri May 14 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>bug 591980 により 7-zip の章から "バグ" のあるテキストを削除しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-6</td><td align="left">Wed Apr 14 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>暗号標準の付録を完成させました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-5</td><td align="left">Fri Apr 09 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>"Alpine での GPG の使用" を追加しました。</td></tr><tr><td>"Evolution での GPG の使用" を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-4</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>パラグラフにおいて翻訳できないテキストに関する問題を修復しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-3</td><td align="left">Tue Apr 06 2010</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 12 に見られる PackageKit の脆弱性のテキストを削除しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-2</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ドキュメントの最後に改訂履歴を追加しました。</td></tr><tr><td>暗号標準の付録を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 13.0-1</td><td align="left">Fri Nov 20 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 13 の分岐をしました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-23</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>再びセクション "ローカルユーザーが信頼されるパッケージをインストールするかもしれません" を最新の修正へと更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-22</td><td align="left">Thu Nov 19 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>セクション "ローカルユーザーが信頼されるパッケージをインストールするかもしれません" を最新の修正へと更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-21</td><td align="left">Wed Nov 18 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>セクション "ローカルユーザーが信頼されるパッケージをインストールするかもしれません" を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-20</td><td align="left">Sat Nov 14 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Wikipedia から暗号標準の付録へと情報を追加しました。</td></tr><tr><td>7-zip 部分の開発における役割に対して執筆者ページに Adam Ligas を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-19</td><td align="left">Mon Oct 26 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ライセンスを CC-BY-SA に更新しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-18</td><td align="left">Wed Aug 05 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Bug 515043 に関連した問題を修正しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-17</td><td align="left">Mon Jul 27 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>SPEC におけるベンダ情報を修復しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-16</td><td align="left">Fri Jul 24 2009</td><td align="left"><span class="author"><span class="surname">Release Engineering</span> <span class="firstname">Fedora</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild のために再構築しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-15</td><td align="left">Tue Jul 14 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>spec における BUILDREQUIRES へと "desktop-file-utils" を追加しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-14</td><td align="left">Tue Mar 10 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>rhel 固有事項を削除して、ドラフトの大まかなレビューと削除をして、プッシュの準備ができました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-13</td><td align="left">Mon Mar 2 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>多くの軽微な修正。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-12</td><td align="left">Wed Feb 11 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>既存/古いスクリーンショットを F11 の新しいものに置き換えました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-11</td><td align="left">Tue Feb 03 2009</td><td align="left"><span class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Fedora 9 の LUKS 固有事項を以降のリリースも同様に含めるよう修正しました。</td></tr><tr><td>参考資料セクションにおける 404 を修正しました、おもに無効な NSA リンクです。</td></tr><tr><td>フォーマットの軽微な変更をしました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-10</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>失われたファイアウォールのスクリーンショットを修正しました。</td></tr></table>
+
+ </td></tr><tr><td align="left">改訂 1.0-9</td><td align="left">Wed Jan 27 2009</td><td align="left"><span class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>検証の間に不適切であることがわかった項目を修正しました。多くの Red Hat の参考資料は Fedora の参考資料に変更されました。</td></tr></table>
+
+ </td></tr></table></div>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="apas02s06.html"><strong>戻る</strong>A.2.6. ElGamal 暗号</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
new file mode 100644
index 0000000..d5c3c8a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第2章 基本強化ガイド</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html" title="1.5.4. 変更の適用" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html" title="2.2. これはなぜ重要なのでしょうか?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Basic_Hardening" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第2章 基本強化ガイド</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Basic_Hardening.html#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. 基本原則</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html">2.2. これはなぜ重要なのでしょうか?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security.html">2.3. 物理セキュリティ</a></span></dt><dt><s
pan class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html">2.4. これはなぜ重要なのでしょうか?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html">2.5. 他に何ができるでしょうか?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html">2.6. ネットワーク</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html">2.6.2. IPv6</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Up_to_date.html">2.7. ソフトウェアの最新化維持</a></span></dt><dt><span class="section"><a href="sect-Security_Guid
e-Basic_Hardening-Services.html">2.8. サービス</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-NTP.html">2.9. NTP</a></span></dt></dl></div><div class="para">
+ <a href="http://www.nsa.gov">US National Security Agency</a> (NSA) は Red Hat Enterprise Linux 5 のデフォルトインストールを強化するための2つのガイドを開発してきました。これらのガイドで提供される多くのヒントは Fedora のインストールに対しても有効です。この基本強化ガイドは、NSA の強化ヒントの一部分を取り扱い、これらのヒントを実装することがなぜ重要であるかを説明します。
+ </div><div class="para">
+ システムに対するあらゆる変更と同じように、これらの変更は意図しない結果を引き起こすことがあります。変更が実装される前にあなたのシステムにおいて適切であることを評価されるべきです。
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles">2.1. 基本原則</h2></div></div></div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ãããã¯ã¼ã¯çµç±ã§è»¢éããããã¹ã¦ã®ãã¼ã¿ãæå·åãã¾ããèªè¨¼æ
å ±ï¼ãã¹ã¯ã¼ããªã©ï¼ãæå·åãããã¨ã¯ã¨ãã«éè¦ã§ãã</td></tr><tr><td>èå¼±æ§ãæå°åããããã«ãã¤ã³ã¹ãã¼ã«ããã³å®è¡ããã¦ããã½ããã¦ã§ã¢ã®éãæå°åãã¾ãã</td></tr><tr><td>å©ç¨å¯è½ãªã¨ãã¯ã»ãã¥ãªãã£å¼·åãããã½ããã¦ã§ã¢ããã³ãã¼ã«ï¼ä¾ãã°ãSELinux ã IPTablesï¼ã使ç¨ãã¾ãã</td></tr><tr><td>åãããã¯ã¼ã¯ãµã¼ãã¹ãã§ããéãå¥ã
ã®ãµã¼ãã¼ã«ããã¦å®è¡ãã¾ããããã«ããããããµã¼ãã¹ã®ã»ãã¥ãªãã£ä¾µå®³ã«ããä»ã®ãã®ã¸ã®ä¾µå®³ã«ã¤ãªãããªã¹ã¯ãæå°åãã¾ãã</td></tr><tr><td>ã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ããç¶æãã¾ããè¯ããã¹ã¯ã¼ãããªã·ã¼ãä½æãã¦ããã®ä½¿ç¨ãå¼·å¶ãã¾ãã使ç
¨ãã¦ããªãã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ããåé¤ãã¾ãã</td></tr><tr><td>å®å¸¸æ¥åã¨ãã¦ã·ã¹ãã ãã°ã¨ã¢ããªã±ã¼ã·ã§ã³ãã°ã確èªãã¾ãããã°ãéä¸ãã°ãµã¼ãã¼ã«éä¿¡ãã¾ããããã«ãããä¾µå
¥è
ããã¼ã«ã«ãã°ãæ¹ãããããã¨ã«ãããç°¡åã«æ¤ç¥ãããªãããã«ãããã¨ãé²ãã¾ãã</td></tr><tr><td>絶対ã«å¿
è¦ãªã¨ã以å¤ã¯ãç´æ¥ root ã¨ãã¦ãã°ã¤ã³ãã¾ããã管çè
ã¯ãå¿
è¦ãªã¨ãã« root ã¨ãã¦ã³ãã³ããå®è¡ããããã« <code class="command">sudo</code> ã使ç¨ãã¹ãã§ããsudo ã使ç¨ããè½åã®ããã¢ã«ã¦ã³ã㯠<code class="filename">/etc/sudoers</code> ã«æå®ããã¾ãããã㯠visudo ã¦ã¼ãã£ãªãã£ãç¨ãã¦ç·¨éããã¾ããé¢é£ãããã°ã¯æ¨æºã§ <code class="filename">/var/log/secure</code> ã«æ¸ãè¾¼ã¾ãã¾ãã</td></tr></table>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>戻る</strong>1.5.4. 変更の適用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>次へ</strong>2.2. これはなぜ重要なのでしょうか?</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html
new file mode 100644
index 0000000..0788ef4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-CVE.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第8章 共通脆弱性識別子 CVE</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="7.4. よく知られたリポジトリからの署名されたパッケージのインストール" /><link rel="next" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html" title="8.2. yum-plugin-security の使い方" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-CVE" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第8章 共通脆弱性識別子 CVE</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">8.1. YUM プラグイン</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html">8.2. yum-plugin-security の使い方</a></span></dt></dl></div><div class="para">
+ 共通脆弱性識別子または CVE システムは、一般に知られる情報セキュリティの脆弱性と暴露に対する参照方法を提供します。MITRE 社が、アメリカ国土安全保障省のサイバー・セキュリティ部門の資金提供を受け、システムを維持しています。
+ </div><div class="para">
+ MITRE 社はすべての脆弱性と暴露に対して CVE 識別子を割り当てます。1つの CVE が複数のソフトウェアパッケージや複数のベンダーに影響する可能性があるため、ソフトウェアの異なる部分を通して脆弱性を追跡するために使われます。
+ </div><div class="section" id="sect-Security_Guide-CVE-yum_plugin"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin">8.1. YUM プラグイン</h2></div></div></div><div class="para">
+ <span class="package">yum-plugin-security</span> パッケージは Fedora の機能です。もしインストールされていると、このパッケージにより提供される yum モジュールは、yum がセキュリティ関連のアップデートのみを検索するよう制限するために使うことができます。アップデートパッケージにより、どの Red Hat アドバイザリー、Red Hat の Bugzilla データベースにおけるどのバグ、MITRE の CVE ディレクトリのどの CVE 番号を指しているのかに関する情報を提供するためにも使われます。
+ </div><div class="para">
+ これらの機能を有効にすることは、 <code class="command">yum install yum-plugin-security</code> コマンドを実行するくらい簡単です。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>戻る</strong>7.4. よく知られたリポジトリからの署名されたパッケージのインストール</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>次へ</strong>8.2. yum-plugin-security の使い方</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html
new file mode 100644
index 0000000..89c190e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第4章 暗号化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="3.9.6.2. 有用な IPTables のウェブサイト" /><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. 動作しているデータ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Encryption" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第4章 暗号化</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">4.1. 静止しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. 完全なディスク暗号化</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. ファイルベースの暗号化</
a></span></dt></dl></dd><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html">4.2. 動作しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">4.2.3. LUKS ディスク暗号化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">4.2.4. 7-Zip 暗号化アーカイブ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">4.2.5. GNU Privacy Guard (GnuPG) の使用</a></span></dt></dl></dd></dl></div><div class="para">
+ 保護されなければいけない、主な2種類のデータがあります: 静止しているデータと動作しているデータ。これらの異なる種類のデータは同じ技術を用いて同じ方法で保護されますが、実装は完全に異なります。同じ情報が静止していて、同時に異なる場所で動作しているかもしれないので、1つの保護の実装が、すべてのありえる漏えいの方法を防ぐことはできません。
+ </div><div class="section" id="sect-Security_Guide-Encryption-Data_at_Rest"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">4.1. 静止しているデータ</h2></div></div></div><div class="para">
+ 静止しているデータとは、ハードディスク、テープ、CD、DVD および他のメディアに保存されているデータです。この情報の最大の脅威は物理的な盗難から起こります。
+ </div><div class="section" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. 完全なディスク暗号化</h3></div></div></div><div class="para">
+ 完全なディスクまたはパーティションの暗号化はデータを保護する最良の方法の1つです。各ファイルが保護されるだけでなく、これらのファイルの一部が含まれるかもしれない一時的なストレージも保護されます。完全ディスク暗号化はすべてのファイルを保護するので、保護したいものを選択すること、およびファイルを見落とすかもしれないことについて心配する必要がありません。
+ </div><div class="para">
+ Fedora 9 およびそれ以降は、ネイティブに LUKS 暗号化をサポートします。LUKS は、コンピューターがオフの間にデータを保護するよう、ハードディスクのパーティションを大量に暗号化します。これにより、攻撃者がコンピューターにログインするためにシングルユーザーモードを使用しようとしたり、他のアクセスを得ようとしたりすることからコンピューターを保護します。
+ </div><div class="para">
+ LUKS のような完全ディスク暗号化ソリューションはコンピューターがオフのときにだけデータを保護します。コンピューターがオンになり、LUKS がディスクを復号すると、ディスクにあるファイルはそれらに普通にアクセスできるすべての人が利用可能になります。コンピューターがオンのときにファイルを保護するために、ファイルベースの暗号化のような他のソリューションと組み合わせて完全ディスク暗号化を使用します。また、コンピューターから離れるときに、ロックすることを忘れないようにします。スクリーンセーバーを保護するパスフレーズが数分の未使用でアクティブになるよう設定することは、侵入者を追いやるために良い方法です。
+ </div></div><div class="section" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. ファイルベースの暗号化</h3></div></div></div><div class="para">
+ GnuPG (GPG) は、ファイルや電子メールメッセージを署名かつ/または暗号化を可能にする PGP のオープンソース・バージョンです。メッセージやファイルの完全性を維持するために有用です。また、ファイルや電子メールに含まれる情報の機密性も保護します。電子メールの場合、GPG は二重の保護を提供します。メッセージがネットワークを越えて送信されると、静止しているデータだけでなく動作しているデータを保護します。
+ </div><div class="para">
+ ファイルベースの暗号化は、ファイルがコンピューターを離れた後(郵送で CD を送るときのように)保護することを意図しています。いくつかのファイルベースの暗号化ソリューションは、コンピューターへ物理的にアクセスした攻撃者がある環境において復元できる、暗号化されたファイルの残りをそのままにします。コンピューターにアクセスした攻撃者からそれらのファイルのコンテンツを保護するために、完全ディスク暗号化のような他のソリューションと組み合わせてファイルベースの暗号化を使用します。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>戻る</strong>3.9.6.2. 有用な IPTables のウェブサイト</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>次へ</strong>4.2. 動作しているデータ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html
new file mode 100644
index 0000000..42f63f0
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Encryption_Standards.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>付録A 暗号の標準</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="chap-Security_Guide-References.html" title="第9章 参考資料" /><link rel="next" href="apas02.html" title="A.2. 公開鍵暗号" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-References.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="
apas02.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="appendix" id="chap-Security_Guide-Encryption_Standards" lang="ja-JP"><div class="titlepage"><div><div><h1 class="title">暗号の標準</h1></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idp36480832">A.1. 同期式の暗号</h2></div></div></div><div class="para">
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp23816704">A.1.1. Advanced Encryption Standard - AES</h3></div></div></div><div class="para">
+ 暗号において、Advanced Encryption Standard (AES) はアメリカ政府によって採用された暗号標準です。この標準は、Rijndael として公開された元々のより大きなコレクションから採用された、3つのブロック暗号 AES-128, AES-192 および AES-256 から構成されます。各 AES 暗号は、それぞれキーの大きさ 128, 192 および 256 bit とともに 128-bit のブロックサイズをを持ちます。AES 暗号は詳細に分析されてきて、その前進である Data Encryption Standard (DES) と同様に、今では世界中で使用されています。<sup>[<a id="idp18606352" href="#ftn.idp18606352" class="footnote">15</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idp39295872">A.1.1.1. AES の使用</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idp19564416">A.1.1.2. AES の歴史</h4></div></div></div><div class="para">
+ AES は、5年間の標準化プロセスの後、2001年11月26日に U.S. FIPS PUB 197 (FIPS 197) として National Institute of Standards and Technology (NIST) によりアナウンスされました。そこでは、Rijndael が最適であると選択される前に、15の競合する設計が提案され、評価されました。2002年5月26日に標準として有効になりました。多くの異なる暗号化パッケージにおいて利用可能です。AES は、初めて一般にアクセス可能であり、トップシークレット情報のために NSA により承認されたオープンな暗号です(以下にある AES のセキュリティを参照してください)。<sup>[<a id="idp12408672" href="#ftn.idp12408672" class="footnote">16</a>]</sup>
+ </div><div class="para">
+ Rijndael は2人のベルギー人暗号学者 Joan Daemon と Vincent Rijmen により開発され、彼らにより AES 選定プロセスへ投稿されました。Rijndael ([rɛindaːl] と発音) は発明者2人の名前のかばん語です。<sup>[<a id="idp38156656" href="#ftn.idp38156656" class="footnote">17</a>]</sup>
+ </div></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp44515904">A.1.2. Data Encryption Standard - DES</h3></div></div></div><div class="para">
+ Data Encryption Standard (DES) は、1976年にアメリカに対する公式な Federal Information Processing Standard (FIPS) として National Bureau of Standards により選択され、その後国際的に広く恩恵を受けている、ブロック暗号(共有秘密暗号の形式)です。56-bit 鍵を使用する対称鍵アルゴリズムに基づいています。アルゴリズムは当初、秘密の設計要素、相対的に短い鍵長および National Security Agency (NSA) のバックドアに関する疑惑とともに議論の的になりました。結果として、DES はブロック暗号と暗号解析の現代の知識に動機づけられた学術的な厳しい詳細な調査を受けました。<sup>[<a id="idp8544832" href="#ftn.idp8544832" class="footnote">18</a>]</sup>
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idp10278240">A.1.2.1. DES の</h4></div></div></div><div class="para">
+ </div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idp14436992">A.1.2.2. DES の歴史</h4></div></div></div><div class="para">
+ DESは今や多くのアプリケーションに対して安全ではないと考えられています。おもに 56-bit 鍵の大きさが小さすぎることによります; 1999年1月、distributed.net と Electronic Frontier Foundation は公に協力して、DES 鍵を22時間15分で解読しました(年表参照)。また、実際には実装できませんが、暗号において理論的に弱いことが説明されるという、いくつかの解析的な結論があります。理論的な攻撃があるにも関わらず、アルゴリズムは 3-DES の形でほとんど安全であると考えられています。近年、暗号は Advanced Encryption Standard (AES) に置き換えられてきています。<sup>[<a id="idp14438848" href="#ftn.idp14438848" class="footnote">19</a>]</sup>
+ </div><div class="para">
+ いくつかのドキュメントにおいて、標準としての DES と DEA (the Data Encryption Algorithm) として参照される DES アルゴリズムを区別しています。発音されるとき、"DES" は、省略形としてスペルされたものとしても (/ˌdiːˌiːˈɛs/) 、1音節の略語としても (/ˈdɛz/) 発音されます。<sup>[<a id="idp8674720" href="#ftn.idp8674720" class="footnote">20</a>]</sup>
+ </div></div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp18606352" href="#idp18606352" class="para">15</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp12408672" href="#idp12408672" class="para">16</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp38156656" href="#idp38156656" class="para">17</a>] </sup>
+ "Advanced Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">http://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp8544832" href="#idp8544832" class="para">18</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp14438848" href="#idp14438848" class="para">19</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp8674720" href="#idp8674720" class="para">20</a>] </sup>
+ "Data Encryption Standard." <span class="emphasis"><em>Wikipedia.</em></span> 14 November 2009 <a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">http://en.wikipedia.org/wiki/Data_Encryption_Standard</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-References.html"><strong>戻る</strong>第9章 参考資料</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="apas02.html"><strong>次へ</strong>A.2. 公開鍵暗号</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html
new file mode 100644
index 0000000..9108762
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-General_Principles_of_Information_Security.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第5章 情報セキュリティの一般原則</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="4.2.5.7. 公開鍵暗号化について" /><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="第6章 セキュアなインストール" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-General_Principles_of_Information_Security" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第5章 情報セキュリティの一般原則</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. ヒント、ガイドおよびツール</a></span></dt></dl></div><div class="para">
+ 以下の一般原則は良いセキュリティ慣行の概要を提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 中間者攻撃や盗聴を防ぐ助けとするため、ネットワークで転送されるすべてのデータを暗号化します。パスワードのような認証情報を暗号化することは重要です。
+ </div></li><li class="listitem"><div class="para">
+ インストールされているソフトウェアと実行するサービスの量を最小限にします。
+ </div></li><li class="listitem"><div class="para">
+ セキュリティを強化するソフトウェアとツールを使用します。たとえば、強制アクセス制御(MAC)用の Security-Enhanced Linux (SELinux)、パケットフィルタリング(ファイアウォール)用の Netfilter iptables、ファイル暗号化用の GNU Privacy Guard (GnuPG) です。
+ </div></li><li class="listitem"><div class="para">
+ 可能ならば、ある危険にさらされたサービスが他のサービスを危険にさらすために使用されるリスクを最小限にするために、分離されたシステムにおいて各ネットワーク・サービスを実行します。
+ </div></li><li class="listitem"><div class="para">
+ ユーザーアカウントを維持します: 強いパスワードポリシーを作成して強制します; 使用していないユーザーアカウントを削除します
+ </div></li><li class="listitem"><div class="para">
+ システムとアプリケーションのログを定期的にレビューします。デフォルトで、セキュリティ関連のシステムログは <code class="filename">/var/log/secure</code> と <code class="filename">/var/log/audit/audit.log</code> に書き込まれます。注記: 専用のログサーバにログを送ることは、攻撃者が検知を避けるためにローカルのログを容易に修正することを防ぐ助けになります。
+ </div></li><li class="listitem"><div class="para">
+ 絶対に必要になるまで root としてログインしません。管理者は必要なときに root としてコマンドを実行するために <code class="command">sudo</code> を使用することが推奨されます。<code class="command">sudo</code> を実行できるユーザーは <code class="filename">/etc/sudoers</code> で指定されています。<code class="filename">/etc/sudoers</code> ファイルを編集するために <code class="command">visudo</code> ユーティリティを使用します。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. ヒント、ガイドおよびツール</h2></div></div></div><div class="para">
+ アメリカの <a href="http://www.nsa.gov/">National Security Agency (NSA)</a> は、政府機関、ビジネスおよび個人が攻撃に対してシステムをセキュアにするために、多くの異なるオペレーティングシステムに対する強化ガイドとヒントを提供します。以下のガイド(PDF 形式)は Red Hat Enterprise Linux 5 に対する手引きを提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-pamphlet-i731.pdf">Hardening Tips for the Red Hat Enterprise Linux 5</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf">Guide to the Secure Configuration of Red Hat Enterprise Linux 5</a>
+ </div></li></ul></div><div class="para">
+ <a href="http://www.disa.mil/">Defense Information Systems Agency (DISA)</a> は、システムをセキュアにする助けにするために、ドキュメント、チェックリストおよびテストを提供します (<a href="http://iase.disa.mil/index2.html">Information Assurance Support Environment</a>) 。<a href="http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf">UNIX Security Technical Implementation Guide</a> (PDF) は、UNIX セキュリティに対する非常に具体的なガイドです - UNIX と Linux の高度な知識がこのガイドを読む前に推奨されます。
+ </div><div class="para">
+ DISA <a href="http://iase.disa.mil/stigs/downloads/zip/unclassified_unix_checklist_v5r1-26_20100827.zip">UNIX Security Checklist Version 5, Release 1.26</a> は、システムファイルに対する正しい所有者とモードからパッチの制御までわたる、ドキュメントとチェックリストのコレクションを提供します。
+ </div><div class="para">
+ また、DISA は、システム管理者がシステムにおける具体的な設定をチェックできるにする、<a href="http://iase.disa.mil/stigs/SRR/unix.html">UNIX SRR scripts</a> を利用可能にします。これらのスクリプトは、あらゆる既知の脆弱な設定を一覧する XML 形式のレポートを提供します。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>戻る</strong>4.2.5.7. 公開鍵暗号化について</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>次へ</strong>第6章 セキュアなインストール</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html
new file mode 100644
index 0000000..5dd9086
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-References.html
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第9章 参考資料</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html" title="8.2. yum-plugin-security の使い方" /><link rel="next" href="chap-Security_Guide-Encryption_Standards.html" title="付録A 暗号の標準" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-CVE-y
um_plugin-using_yum_plugin_security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption_Standards.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-References" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第9章 参考資料</h2></div></div></div><div class="para">
+ 以下の参考資料は、SELinux と Fedora に関連しますが、このガイドの範囲を越えている追加情報へのポインタです。SELinux の迅速な開発のため、このマテリアルのいくつかは Fedora の特定のリリースに対してのみ適用できるかもしれないことに注意してください。
+ </div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>書籍</h6><dl><dt class="varlistentry"><span class="term">SELinux by Example</span></dt><dd><div class="para">
+ Mayer, MacMillan, and Caplan
+ </div><div class="para">
+ Prentice Hall, 2007
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Tutorials_and_Help"><h6>チュートリアルとヘルプ</h6><dl><dt class="varlistentry"><span class="term">Understanding and Customizing the Apache HTTP SELinux Policy</span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-apache-fc3/">http://fedora.redhat.com/docs/selinux-apache-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Russell Coker のチュートリアルとお話</span></dt><dd><div class="para">
+ <a href="http://www.coker.com.au/selinux/talks/ibmtu-2004/">http://www.coker.com.au/selinux/talks/ibmtu-2004/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Generic Writing SELinux policy HOWTO</span></dt><dd><div class="para">
+ <a href="http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html">http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Red Hat Knowledgebase</span></dt><dd><div class="para">
+ <a href="http://kbase.redhat.com/">http://kbase.redhat.com/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-General_Information"><h6>一般的な情報</h6><dl><dt class="varlistentry"><span class="term">NSA SELinux メイン・ウェブサイト</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/selinux/</a>
+ </div></dd><dt class="varlistentry"><span class="term">NSA SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/selinux/faqs.shtml">http://www.nsa.gov/selinux/info/faq.cfm</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux FAQ</span></dt><dd><div class="para">
+ <a href="http://fedora.redhat.com/docs/selinux-faq-fc3/">http://fedora.redhat.com/docs/selinux-faq-fc3/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux NSA's Open Source Security Enhanced Linux (日本語訳 : SELinux システム管理-セキュア OS の基礎と運用)</span></dt><dd><div class="para">
+ <a href="http://www.oreilly.com/catalog/selinux/">http://www.oreilly.com/catalog/selinux/</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Technology"><h6>技術</h6><dl><dt class="varlistentry"><span class="term">An Overview of Object Classes and Permissions</span></dt><dd><div class="para">
+ <a href="http://www.tresys.com/selinux/obj_perms_help.html">http://www.tresys.com/selinux/obj_perms_help.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf">http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">Implementing SELinux as a Linux Security Module</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf">http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf</a>
+ </div></dd><dt class="varlistentry"><span class="term">A Security Policy Configuration for the Security-Enhanced Linux</span></dt><dd><div class="para">
+ <a href="http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml">http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml</a>
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-Community"><h6>コミュニティ</h6><dl><dt class="varlistentry"><span class="term">Fedora SELinux User Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-user-guide/">http://docs.fedoraproject.org/selinux-user-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fedora SELinux Managing Confined Services Guide</span></dt><dd><div class="para">
+ <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide/">http://docs.fedoraproject.org/selinux-managing-confined-services-guide/</a>
+ </div></dd><dt class="varlistentry"><span class="term">SELinux コミュニティ・ページ</span></dt><dd><div class="para">
+ <a href="http://selinux.sourceforge.net">http://selinux.sourceforge.net</a>
+ </div></dd><dt class="varlistentry"><span class="term">IRC</span></dt><dd><div class="para">
+ irc.freenode.net, #selinux, #fedora-selinux, #security
+ </div></dd></dl></div><div class="variablelist" id="vari-Security_Guide-References-History"><h6>歴史</h6><dl><dt class="varlistentry"><span class="term">Flask の簡単な歴史</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/flask.html">http://www.cs.utah.edu/flux/fluke/html/flask.html</a>
+ </div></dd><dt class="varlistentry"><span class="term">Fluke における完全な背景</span></dt><dd><div class="para">
+ <a href="http://www.cs.utah.edu/flux/fluke/html/index.html">http://www.cs.utah.edu/flux/fluke/html/index.html</a>
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html"><strong>戻る</strong>8.2. yum-plugin-security の使い方</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption_Standards.html"><strong>次へ</strong>付録A 暗号の標準</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html
new file mode 100644
index 0000000..61f7644
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Secure_Installation.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第6章 セキュアなインストール</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="第5章 情報セキュリティの一般原則" /><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="6.2. LUKS パーティション暗号化の利用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Secure_Installation" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第6章 セキュアなインストール</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. ディスク・パーティション</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">6.2. LUKS パーティション暗号化の利用</a></span></dt></dl></div><div class="para">
+ セキュリティは Fedora をインストールするために CD や DVD をディスクドライブにいれた初めてのときから始まります。初めからシステムをセキュアに設定することにより、後から追加のセキュリティ設定を実装することがより簡単になります。
+ </div><div class="section" id="sect-Security_Guide-Secure_Installation-Disk_Partitions"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. ディスク・パーティション</h2></div></div></div><div class="para">
+ NSA は /boot, /, /home, /tmp, および /var/tmp に対して別々のパーティションを作成することを推奨しています。それぞれの理由は異なりますが、各パーティションに取り組みます。
+ </div><div class="para">
+ /boot - このパーティションは、ブート中にシステムにより読み込まれる最初のパーティションです。システムを Fedora へブートするために使われるブートローダーとカーネルイメージはこのパーティションに保存されます。このパーティションは暗号化すべきではありません。このパーティションが / に含まれていて、そのパーティションが暗号化されているか、もしくは別の理由で利用不能になるならば、システムはブートすることができなくなるでしょう。
+ </div><div class="para">
+ /home - ユーザーデータ (/home) が独立したパーティションの代わりに / に保存されているとき、オペレーティングシステムが不安定になる原因となる、パーティションが一杯になる可能性があります。また、システムを 次のバージョンの Fedora へアップグレードするとき、/home パーティションにあるデータをそのままにしたい場合、インストール中に上書きされないようすることが非常に簡単になります。root パーティション (/) が壊れると、データは永久に失われる可能性があります。このパーティションを頻繁なバックアップの対象にすることもできます。
+ </div><div class="para">
+ /tmp および /var/tmp - /tmp と /var/tmp ディレクトリはどちらも長期間の保存が必要とされないデータを保存するために使われます。しかしながら、これらのディレクトリの1つが多くのデータであふれると、ストレージ空間をすべて消費する可能性があります。これが起こり、これらのディレクトリが / の中に保存されていると、システムが不安定になりクラッシュする可能性があります。このため、これらのディレクトリをそれ自身のパーティションに移動することは良いアイディアです。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>戻る</strong>第5章 情報セキュリティの一般原則</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>次へ</strong>6.2. LUKS パーティション暗号化の利用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html
new file mode 100644
index 0000000..0a5959d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Securing_Your_Network.html
@@ -0,0 +1,528 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第3章 ネットワークのセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-NTP.html" title="2.9. NTP" /><link rel="next" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>戻る</strong
></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>次ã¸</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Securing_Your_Network" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第3ç« ãããã¯ã¼ã¯ã®ã»ãã¥ã¢å</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">3.1. ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã®ã»ãã¥ãªãã£</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã®ã»ãã¥ãªãã£ã®è©ä¾¡</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS ã¨ãã¼ããã¼ã
ã®ã»ãã¥ãªãã£</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. ãã¹ã¯ã¼ãã®ã»ãã¥ãªãã£</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. 管ççã³ã³ããã¼ã«</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. å©ç¨å¯è½ãªãããã¯ã¼ã¯ã»ãµã¼ãã¹</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. ãã¼ã½ãã«ã»ãã¡ã¤ã¢ã¦ã©ã¼ã«</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security
-Security_Enhanced_Communication_Tools">3.1.7. セキュリティ強化したコミュニケーション・ツール</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html">3.2. サーバのセキュリティ</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. TCP Wrappers と xinetd を用いたサービスのセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">3.2.2. Portmap のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">3.2.3. NIS のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">3.2.4. NFS のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_
Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">3.2.5. Apache HTTP Server のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">3.2.6. FTP のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">3.2.7. Sendmail のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">3.2.8. リッスンしているポートの確認</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. 概要</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_C
ard.html">3.3.2. æ°ããã¹ãã¼ãã«ã¼ãã®éå§æ¹æ³</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">3.3.3. ã¹ãã¼ãã«ã¼ãã®ç»é²ã¯ã©ã®ããã«åä½ãã¾ãã</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">3.3.4. ã¹ãã¼ãã«ã¼ãã®ãã°ã¤ã³ã¯ã©ã®ããã«åä½ãã¾ãã</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">3.3.5. Firefox ã SSO ç¨ã« Kerberos ã使ç¨ããããè¨å®ãã¾ã</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html">3.4. YubiKey</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. ã»ã³ã¿ã¼ã»ãµã¼ãã¼ãç¨ãã YubiKey ã®ä½¿ç
¨</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Yubikey-Web_Sites.html">3.4.2. YubiKey ãç¨ããã¦ã§ããµã¤ãã®èªè¨¼</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. PAM ã®å©ç¹</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">3.5.2. PAM è¨å®ãã¡ã¤ã«</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">3.5.3. PAM è¨å®ãã¡ã¤ã«ã®å½¢å¼</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_P
AM-Sample_PAM_Configuration_Files.html">3.5.4. サンプル PAM 設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">3.5.5. PAM モジュールの作成</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">3.5.6. PAM と管理クレディンシャルのキャッシュ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">3.5.7. PAM とデバイスの所有</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">3.5.8. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">3.6. TCP Wrappers と xinetd</a></span></dt><dd><dl><dt><span class="se
ction"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">3.6.2. TCP Wrappers の設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">3.6.4. xinetd 設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">3.6.5. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Ke
rberos">3.7.1. Kerberos とは何でしょうか?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">3.7.2. Kerberos の用語</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">3.7.3. Kerberos はどのように動作しますか</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">3.7.4. Kerberos と PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">3.7.5. Kerberos 5 サーバーの設定</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">3.7.6. Kerberos 5 クライアントの設定</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">3.7.7. ドメイン-レルムのマッピング</a></span></dt><dt><span class="section"><a h
ref="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">3.7.8. セカンダリ KDC のセットアップ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">3.7.9. クロス・レルム認証のセットアップ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">3.7.10. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">3.8. ファイアウォール</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter と IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">3.8.2. 基本的なファイアウォールの設定</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IP
Tables.html">3.8.3. IPTables の使用</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">3.8.4. 一般的な IPTables フィルタ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">3.8.5. <code class="computeroutput">FORWARD</code> および <acronym class="acronym">NAT</acronym> ルール</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">3.8.7. IPTables とコネクション追跡</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">
3.8.9. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. パケット・フィルタリング</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html">3.9.2. IPTables のコマンド・オプション</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">3.9.3. IPTables ルールの保存</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">3.9.4. IPTables 制御スクリプト</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">3.9.5. IPTables IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_
Resources.html">3.9.6. 追加のリソース</a></span></dt></dl></dd></dl></div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Workstation_Security" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Workstation_Security">3.1. ワークステーションのセキュリティ</h2></div></div></div><div class="para">
+ Linux 環境をセキュアにすることはワークステーションから始めます。個人のマシンをロックするか企業システムをセキュアにするかどちらかに関わらず、健全なセキュリティ・ポリシーが個々のコンピュータから始まります。コンピュータ・ネットワークも最も弱いノードと同じくらいだけの安全性しかありません。
+ </div><div class="section" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. ワークステーションのセキュリティの評価</h3></div></div></div><div class="para">
+ Fedora ワークステーションのセキュリティを評価するとき、以下の事項を考慮します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>BIOS とブートローダのセキュリティ</em></span> — 認可されないユーザーがマシンに物理的にアクセスして、パスワードなしでシングルユーザーモードまたはレスキューモードにてブートできますか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パスワードのセキュリティ</em></span> — マシンのユーザー・アカウントのパスワードはどのくらいセキュアですか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>管理的コントロール</em></span> — 誰がシステムにアカウントを持ちますか、そしてどのくらいの管理的コントロールを持ちますか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>利用可能なネットワーク・サービス</em></span> — どのサービスがネットワークからのリクエストを待ち受けていますか、またそれらはすべて実行すべきですか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パーソナル・ファイアウォール</em></span> — もしあれば、どのタイプのファイアウォールが必要とされますか?
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>セキュリティ強化された通信ツール</em></span> — どのツールがワークステーション間の通信に使用され、どれが避けられるべきでしょうか?
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS とブートローダのセキュリティ</h3></div></div></div><div class="para">
+ BIOS とブートローダに対するパスワードの保護は、システムに物理的にアクセスできる認可されないユーザーが、リムーバブル・メディアを使用してブートしたり、シングルユーザーモードで root 特権を得たりすることを防げます。そのような攻撃に対する保護を得るためにとるべきセキュリティ対策は、ワークステーションにおける情報の機密性とマシンの場所に依存します。
+ </div><div class="para">
+ たとえば、信頼された人々のみがアクセスできる安全な場所においてマシンが使用され、コンピュータが機密情報を含まないならば、そのような攻撃を防ぐことは致命的ではないかもしれません。しかしながら、会社のネットワークに対するプライベートな暗号化されていない SSH キーを持つ従業員のラップトップが展示会に出席されずに残っているならば、会社全体に対する分岐を持つ主要なセキュリティ侵害につながるでしょう。
+ </div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-BIOS_Passwords">3.1.2.1. BIOS パスワード</h4></div></div></div><div class="para">
+ コンピュータの BIOS をパスワードで保護するおもな2つの理由は次のとおりです<sup>[<a id="idp19089552" href="#ftn.idp19089552" class="footnote">11</a>]</sup>:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>BIOS 設定の変更を防ぐ</em></span> — 侵入者が BIOS へのアクセス権を持つならば、ディスクや CD-ROM からブートするよう設定できます。これにより、システムにおいて任意のプロセスを開始したり機密データをコピーしたりできるようにする、レスキューモードやシングルユーザーモードに入ることができるようになります。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>システムのブートを防ぐ</em></span> — いくつかの BIOS はブート・プロセスのパスワード保護を許可します。有効化されたとき、攻撃者は BIOS がブートローダを起動する前にパスワードを入力することが強制されます。
+ </div></li></ol></div><div class="para">
+ BIOS パスワードを設定する方法はコンピュータ製造者間で異なるため、詳細な説明はコンピュータのマニュアルを参照してください。
+ </div><div class="para">
+ もし BIOS パスワードを忘れたならば、マザーボードにあるジャンパーを用いてリセットします、または CMOS バッテリーを外します。このため、可能ならばコンピュータのケースをロックすることはグッド・プラクティスです。しかし、CMOS バッテリーを外そうとする前にコンピュータまたはマザーボードのマニュアルを参照してください。
+ </div><div class="section" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-BIOS_Passwords-Securing_Non_x86_Platforms">3.1.2.1.1. 非 x86 プラットフォームのセキュア化</h5></div></div></div><div class="para">
+ 他のアーキテクチャは低レベルのタスク(x86 システムにおける BIOS のそれらとほぼ同等)を実行するために異なるプログラムを使用します。たとえば、 <span class="trademark">Intel</span>® <span class="trademark">Itanium</span>™ コンピュータは <em class="firstterm">Extensible Firmware Interface</em> (<em class="firstterm">EFI</em>) シェルを使用します。
+ </div><div class="para">
+ 他のアーキテクチャにおける BIOS のようなプログラムをパスワード保護することの説明は、製造者の説明書を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">3.1.2.2. ブートローダのパスワード</h4></div></div></div><div class="para">
+ Linux ブートローダをパスワードで保護する主要な理由は以下のとおりです:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em>シングルユーザーモードにアクセスすることを防ぎます</em></span> — 攻撃者がシングルユーザーモードでシステムをブートできるならば、root パスワードを聞かれることなく自動的に root としてログインされます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>GRUB コンソールへのアクセスを防ぎます</em></span> — マシンがブートローダとして GRUB を使用していると、攻撃者は <code class="command">cat</code> コマンドを用いて、設定を変更したり情報を集めたりするために、GRUB 編集インタフェースを使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>セキュアではないオペレーティングシステムへのアクセスを防ぎます</em></span> — もしデュアルブートのシステムであれば、攻撃者は、アクセス制御とファイル・パーミッションを無視して、ブート時にオペレーティングシステム(たとえば、DOS)を選択できます。
+ </div></li></ol></div><div class="para">
+ Fedora は x86 プラットフォームにおいて GRUB ブートローダを同梱しています。GRUB に関する詳細は Red Hat Installation Guide を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Boot_Loader_Passwords-Password_Protecting_GRUB">3.1.2.2.1. GRUB のパスワード保護</h5></div></div></div><div class="para">
+ You can configure GRUB to address the first two issues listed in <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">「ブートローダのパスワード」</a> 。これをするために、まず強いパスワードを選択し、シェルを開き、root としてログインし、そして以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">/sbin/grub-md5-crypt</code></pre><div class="para">
+ プロンプトが出たとき、GRUB パスワードを入力し、<span class="keycap"><strong>Enter</strong></span> を押します。これはパスワードの MD5 ハッシュを返します。
+ </div><div class="para">
+ 次に、GRUB 設定ファイル <code class="filename">/boot/grub/grub.conf</code> を編集します。ファイルを開き、main セクションにある <code class="command">timeout</code> 行の下に以下の行を追加します:
+ </div><pre class="screen"><code class="command">password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><password-hash></code></em> を <code class="command">/sbin/grub-md5-crypt</code><sup>[<a id="idp10683008" href="#ftn.idp10683008" class="footnote">12</a>]</sup> により返された値に置き換えます。
+ </div><div class="para">
+ システムが次回起動するとき、GRUB メニューが <span class="keycap"><strong>p</strong></span> に続けて GRUB パスワードをまず入力するまで、エディタまたはコマンド・インタフェースにアクセスするのを防ぎます。
+ </div><div class="para">
+ 不幸にも、このソリューションは攻撃者がデュアルブート環境でセキュアではないオペレーティング・システムからブートするのを防げません。このため、<code class="filename">/boot/grub/grub.conf</code> ファイルの違う部分を編集しなければいけません。
+ </div><div class="para">
+ セキュアにしたいオペレーティング・システムの <code class="computeroutput">title</code> 行を探します。そして、そのすぐ後ろに <code class="command">lock</code> ディレクティブを行に追加します。
+ </div><div class="para">
+ DOS システムのために、その節は以下と似たように始まるでしょう:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock</code></pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ この方法が正しく動作するために、<code class="computeroutput">password</code> 行が <code class="filename">/boot/grub/grub.conf</code> ファイルの main セクションに存在しなければいけません。さもなければ、攻撃者が GRUB 編集インタフェースにアクセスでき、lock 行を削除できます。
+ </div></div></div><div class="para">
+ 特定のカーネルやオペレーティング・システムに対して異なるパスワードを作成するために、password 行に続けて <code class="command">lock</code> 行を節に追加します。
+ </div><div class="para">
+ 一意なパスワードで保護される各節は、以下のサンプルと似たような行で始まるでしょう:
+ </div><pre class="screen"><code class="computeroutput">title DOS lock password --md5 <em class="replaceable"><code><password-hash></code></em></code></pre></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Password_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. パスワードのセキュリティ</h3></div></div></div><div class="para">
+ パスワードは Fedora がユーザーのアイデンティティを検証するために使用される第一の方法です。これは、パスワード・セキュリティがユーザー、ワークステーション、およびネットワークの保護のために非常に重要である理由です。
+ </div><div class="para">
+ セキュリティ目的のために、インストール・プログラムはシステムが <em class="firstterm">Message-Digest Algorithm</em> (<span class="emphasis"><em>MD5</em></span>) および shadow パスワードを使用するよう設定します。これらの設定を変更しないことが強く推奨されます。
+ </div><div class="para">
+ MD5 パスワードがインストール中に選択解除されていると、古い <em class="firstterm">Data Encryption Standard</em> (<em class="firstterm"><acronym class="acronym">DES</acronym></em>) 形式が使用されます。この形式はパスワードを英数字8文字に制限し、少量の56ビット・レベルの暗号化を提供します。
+ </div><div class="para">
+ shadow パスワードがインストール中に選択解除されていると、すべてのパスワードが全ユーザーが読み込める <code class="filename">/etc/passwd</code> ファイルに一方向ハッシュとして保存されます。それは、システムをオフライン・パスワード・クラック攻撃に対して脆弱にします。侵入者が通常のユーザーとしてマシンへのアクセス権を得られると、<code class="filename">/etc/passwd</code> ファイルを自分自身のマシンにコピーして、それに対してパスワード・クラック・プログラムをいくらでも実行できます。ファイルにセキュアではないパスワードがあると、パスワード・クラッカーがそれを発見するのは時間の問題です。
+ </div><div class="para">
+ shadow パスワードは、root ユーザーのみが読み込める、<code class="filename">/etc/shadow</code> ファイルにパスワード・ハッシュを保存することにより、この種類の攻撃を取り除きます。
+ </div><div class="para">
+ これは、マシンにおける SSH や FTP のようなネットワーク・サービスにログインすることにより、潜在的な攻撃者がパスワード・クラックをリモートで試みることを強制します。この種のブルートフォース攻撃は、より遅く、数百ものログイン失敗の試みがシステムファイルに書き込まれるので、明らかな証拠を残します。もちろん、クラッカーが弱いパスワードを持つシステムに夜の中ごろに攻撃を始めると、クラッカーは夜明け前にアクセス権を得て、形跡を覆い隠すためにログファイルを編集しているかもしれません。
+ </div><div class="para">
+ 形式と保存に関する考慮点に加えて、コンテンツの問題があります。ユーザーがパスワード・クラック攻撃に対して自分のアカウントを保護するためにできる、最も重要なことの1つは、強いパスワードを生成することです。
+ </div><div class="section" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_Strong_Passwords">3.1.3.1. 強いパスワードの作成</h4></div></div></div><div class="para">
+ 安全なパスワードを作成するとき、これらのガイドラインに従うことは素晴らしいアイディアです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>単語のみまたは数字のみを使用しない</em></span> — パスワードにおいて数字のみまたは単語のみを使用してはいけません。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 8675309
+ </div></li><li class="listitem"><div class="para">
+ juan
+ </div></li><li class="listitem"><div class="para">
+ hackme
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>認識可能な単語を使用しない</em></span> — 固有名詞、辞書の単語、またはテレビ番組や小説からの単語さえ、そのような単語は最後に番号をつけたとしても避けるべきです。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ john1
+ </div></li><li class="listitem"><div class="para">
+ DS-9
+ </div></li><li class="listitem"><div class="para">
+ mentat123
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>外国語の単語を使用しない</em></span> — パスワード・クラッキング・プログラムはしばしば多くの言語の辞書を網羅する単語リストをチェックします。セキュアなパスワードのために外国語に依存することは、セキュアではありません。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ cheguevara
+ </div></li><li class="listitem"><div class="para">
+ bienvenido1
+ </div></li><li class="listitem"><div class="para">
+ 1dumbKopf
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>ハッカー用語を使用しない</em></span> — ハッカー用語(l337 (LEET) speak とも言われます)を使用するので、あなたがエリートであると考えているならば、パスワードにおいては考え直してください。多くの単語リストは LEET speak を含みます。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ H4X0R
+ </div></li><li class="listitem"><div class="para">
+ 1337
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>個人情報を使用しない</em></span> — パスワードにあらゆる個人情報を使用するのを避けます。攻撃者があなたのアイデンティティを知っているならば、パスワードを推測する作業はより簡単になります。以下はパスワードを作成するときに避ける情報の種類の一覧です:
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ あなたの名前
+ </div></li><li class="listitem"><div class="para">
+ ペットの名前
+ </div></li><li class="listitem"><div class="para">
+ 家族の名前
+ </div></li><li class="listitem"><div class="para">
+ すべての誕生日
+ </div></li><li class="listitem"><div class="para">
+ 電話番号や郵便番号
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>認識可能な単語を逆順にしない</em></span> — 良いパスワード・チェッカーは常に一般的な単語を逆順にします。そのため、悪いパスワードを逆順にすることはまったくセキュアにしません。
+ </div><div class="para">
+ いくつかの安全ではない例は以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ R0X4H
+ </div></li><li class="listitem"><div class="para">
+ nauj
+ </div></li><li class="listitem"><div class="para">
+ 9-DS
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パスワードを書き留めない</em></span> — パスワードを紙に保存しない。記録することはよりずっと安全です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>すべてのマシンに対して同じパスワードを使用しない</em></span> — 各マシンに対して別々のパスワードを作ることは重要です。このように、あるシステムが危険にさらされているならば、すべてのマシンが直ちにリスクにさらされることはありません。
+ </div></li></ul></div><div class="para">
+ 以下のガイドラインは強いパスワードを作成する助けになります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>パスワードを8文字以上にする</em></span> — パスワードは長ければ長いほど良いです。MD5 パスワードを使用しているならば、15文字かそれより長くするべきです。DES パスワードを使用しているならば、最大長(8文字)を使用します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>大文字と小文字を混ぜる</em></span> — Fedora は大文字小文字を区別します。そのため、パスワードの強度を向上させるために大文字小文字を混ぜます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>文字と数字を混ぜる</em></span> — パスワードに数字を追加すること、とくに(単に最初または最後ではなく)真ん中に追加するとき、パスワードの強度を向上させることができます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>英数字以外の文字を含める</em></span> — &, $, および > のような特別な文字はパスワードの強度を非常に上げます(DES パスワードを使用していると、これはできません)。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>覚えられるパスワードを選ぶ</em></span> — あなたがパスワードを覚えられなければ、世界で最も良いパスワードはほとんど良くありません。パスワードを記憶する助けにするために頭文字または他の記憶装置を使用します。
+ </div></li></ul></div><div class="para">
+ これらのルールすべてを用いて、悪いものの特徴を避ける一方で、素晴らしいパスワードの基準のすべてに適合するパスワードを作成することは難しいかもしれません。幸運にも、覚えることが簡単かつセキュアなパスワードを生成するためにとることができるいくつかの手順があります。
+ </div><div class="section" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_Strong_Passwords-Secure_Password_Creation_Methodology">3.1.3.1.1. セキュアなパスワードの作成方法</h5></div></div></div><div class="para">
+ 人々がセキュアなパスワードを作成するために使う方法がいくつもあります。最も一般的な方法の1つは頭文字を含めることです。たとえば:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 以下のような簡単で覚えやすいフレーズを考えます:
+ </div><div class="para">
+ "over the river and through the woods, to grandmother's house we go."
+ </div></li><li class="listitem"><div class="para">
+ 次に、(句読点を含めて)頭文字にします。
+ </div><div class="para">
+ <strong class="userinput"><code>otrattw,tghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ 頭文字にある文字を数字と記号に置き換えることにより複雑さを追加します。たとえば、<strong class="userinput"><code>t</code></strong> を <strong class="userinput"><code>7</code></strong> に、<strong class="userinput"><code>a</code></strong> をアットマーク記号 (<strong class="userinput"><code>@</code></strong>) に置き換えます:
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7ghwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ <strong class="userinput"><code>H</code></strong> のように、少なくとも1文字を大文字にすることでさらに複雑性を追加します。
+ </div><div class="para">
+ <strong class="userinput"><code>o7r at 77w,7gHwg.</code></strong>
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>最後に、この例のパスワードはどのシステムに対しても決し使わないでください</em></span>。
+ </div></li></ul></div><div class="para">
+ セキュアなパスワードを作成することが不可欠である一方、それらを適切に管理することも重要です。とくに、大きな組織の中のシステム管理者にとってはそうです。以下のセクションは、組織の中においてユーザー・パスワードを作成および管理することのグッド・プラクティスを詳細に説明します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Password_Security-Creating_User_Passwords_Within_an_Organization">3.1.3.2. 組織内でのユーザー・パスワードの作成</h4></div></div></div><div class="para">
+ 組織が多くのユーザーを持っているならば、システム管理者は良いパスワードの使用を強制するために利用可能な基本的なオプションが2つあります。ユーザーのためにパスワードを作成できます。もしくは、パスワードが受け入れられる質であることを検証している間、ユーザー自身がパスワードを作成できるようにします。
+ </div><div class="para">
+ ユーザーのためにパスワードを作成することは、パスワードが良いものであることを確実にしますが、組織が大きくなるにつれて気の重い作業になります。ユーザーが自分のパスワードを書きとめるリスクも上昇します。
+ </div><div class="para">
+ これらの理由により、多くのシステム管理者は、ユーザー自身がパスワードを作成することを好みますが、パスワードが良いものであることを実際に確認します。いくつかの場合では、パスワード・エージングを通してユーザーが定期的にパスワードを変更することを強制します。
+ </div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Forcing_Strong_Passwords">3.1.3.2.1. 強いパスワードの強制</h5></div></div></div><div class="para">
+ 侵入からネットワークを保護するために、システム管理者が組織の中で使われるパスワードが強いものであることを検証することは素晴らしいアイディアです。ユーザーがパスワードを生成または変更したいとき、コマンドライン・アプリケーション <code class="command">passwd</code> を使用できます。これは、<em class="firstterm">Pluggable Authentication Manager</em> (<em class="firstterm">PAM</em>) に対応していて、そのためパスワードが短すぎたり、さもなければクラックしやすいかったりするかを確認するためにチェックします。このチェックは <code class="filename">pam_cracklib.so</code> PAM モジュールを使用することにより実行されます。PAM はカスタマイズ可能なので、<code class="filename">pam_passwdqc</code> (<a href="http://www.openwall.com/passwdqc/">http://www.openwall.com/passwd
qc/</a> から利用可能) のようなパスワード完全性チェッカーを追加することが可能です、または新しいモジュールを書くことが可能です。利用可能な PAM モジュールのリストのために、<a href="http://www.kernel.org/pub/linux/libs/pam/modules.html">http://www.kernel.org/pub/linux/libs/pam/modules.html</a> を参照してください。PAM の詳細は <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">「Pluggable Authentication Modules (PAM)」</a> を参照してください。
+ </div><div class="para">
+ パスワードチェックは作成されるときに実行され、パスワードに対してパスワード・クラック・プログラムを実行するように効果的に悪いパスワードを発見できません。
+ </div><div class="para">
+ 多くのパスワード・クラック・プログラムは、オペレーティングシステムに同梱されていないにも関わらず、Fedora で実行するものが利用可能です。以下は最も一般的なパスワード・クラック・プログラムのいくつかの簡単なリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>John The Ripper</strong></span></em></span> — 速くて柔軟なパスワード・クラック・プログラム。複数の単語リストを使用でき、ブルートフォース・パスワード・クラックをできます。<a href="http://www.openwall.com/john/">http://www.openwall.com/john/</a> においてオンラインで利用可能です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Crack</strong></span></em></span> — おそらく最もよく知られたパスワード・クラック・ソフトウェア。<span class="application"><strong>Crack</strong></span> は非常に速いですが、<span class="application"><strong>John The Ripper</strong></span> ほど使うのが簡単ではありません。<a href="http://www.crypticide.com/alecm/security/crack/c50-faq.html">http://www.crypticide.com/alecm/security/crack/c50-faq.html</a> においてオンラインで利用可能です。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><span class="application"><strong>Slurpie</strong></span></em></span> — <span class="application"><strong>Slurpie</strong></span> は <span class="application"><strong>John The Ripper</strong></span> および <span class="application"><strong>Crack</strong></span> と似ていますが、分散パスワード・クラック攻撃を生成して、並行して複数のコンピューターで実行するよう設計されています。<a href="http://www.ussrback.com/distributed.htm">http://www.ussrback.com/distributed.htm</a> においてオンラインで、数多くの他の分散攻撃セキュリティ評価ツールとともに見つけられます。
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 組織内でパスワードをクラックする試行を始める前に常に書面で認可を得てください。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Passphrases"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Passphrases">3.1.3.2.2. パスフレーズ</h5></div></div></div><div class="para">
+ パスフレーズとパスワードは今日のシステムの多くにおいてセキュリティの基礎です。不幸にも、バイオメトリクスや2要素認証のような技術は、多くのシステムにおいて主流になってきていません。パスワードがシステムをセキュアにするために使われるようになってくると、パスフレーズの使用が検討されるべきです。パスフレーズは、数字や記号のような標準的ではない文字とともに導入されるとき、パスワードよりも長く、パスワードよりも良い保護を提供します。
+ </div></div><div class="section" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Creating_User_Passwords_Within_an_Organization-Password_Aging">3.1.3.2.3. パスワード・エージング</h5></div></div></div><div class="para">
+ パスワード・エージングは、組織の中で悪いパスワードを防御するためにシステム管理者により使用されるもう1つのテクニックです。パスワード・エージングは、指定された期間(通常90日)経過後、ユーザーは新しいパスワードを作成するようプロンプトが出されることを意味します。この後ろにある理論は、ユーザーが定期的にパスワードを変更することを強制されるならば、クラックされたパスワードが限られた期間のみ侵入者にとって有用である、というものです。しかしながら、パスワード・エージングの不利な面は、ユーザーがパスワードをより書きとめるかもしれないことです。
+ </div><div class="para">
+ Fedora でパスワード・エージングを指定するために使用される主要なプログラムが2つあります。<code class="command">chage</code> コマンドまたはグラフィカルな<span class="application"><strong>ユーザー管理</strong></span> (<code class="command">system-config-users</code>) アプリケーション。
+ </div><div class="para">
+ <code class="command">chage</code> コマンドの <code class="option">-M</code> オプションは、パスワードが有効である最大日数を指定します。たとえば、ユーザーのパスワードを90日で期限切れに設定するために、以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">chage -M 90 <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ 上のコマンドで、<em class="replaceable"><code><username></code></em> をユーザーの名前で置き換えます。パスワードの期限切れを無効にするために、伝統的に <code class="option">-M</code> オプションの後ろに <code class="command">99999</code> の値(273年と少しと同じです)を使用します。
+ </div><div class="para">
+ 複数のパスワード・エージングとアカウントの詳細を変更するためにインタラクティブ・モードにおいて <code class="command">chage</code> コマンドを使用することもできます。インタラクティブ・モードに入るために以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">chage <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ 以下はこのコマンドを用いたインタラクティブなセッションのサンプルです:
+ </div><pre class="screen">[root at myServer ~]# chage davido
+Changing the aging information for davido
+Enter the new value, or press ENTER for the default
+Minimum Password Age [0]: 10
+Maximum Password Age [99999]: 90
+Last Password Change (YYYY-MM-DD) [2006-08-18]:
+Password Expiration Warning [7]:
+Password Inactive [-1]:
+Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
+[root at myServer ~]#</pre><div class="para">
+ 利用可能なオプションの詳細は chage のマニュアル・ページを参照してください。
+ </div><div class="para">
+ パスワード・エージング・ポリシーを作成するために、グラフィカルな<span class="application"><strong>ユーザー・マネージャー</strong></span>・アプリケーション を使用することもできます。注記:この手順を実行するために管理者特権が必要になります。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ ユーザー・マネージャーを表示するために、パネルにある<span class="guimenu"><strong>システム</strong></span>メニューをクリックして、<span class="guisubmenu"><strong>管理</strong></span>をポイントして、<span class="guimenuitem"><strong>ユーザーとグループ</strong></span>をクリックします。代わりに、シェル・プロンプトにおいて <code class="command">system-config-users</code> コマンドを入力します。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>ユーザー</strong></span>タブをクリックして、ユーザーのリストにおいて必要なユーザーを選択します。
+ </div></li><li class="step"><div class="para">
+ ユーザー・プロパティのダイアログ・ボックスを表示するためにツールバーにおいて<span class="guibutton"><strong>プロパティ</strong></span>をクリックします(または、<span class="guimenu"><strong>ファイル</strong></span>メニューの<span class="guimenuitem"><strong>プロパティ</strong></span>を選択します)。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>パスワード情報</strong></span>タブをクリックして、<span class="guilabel"><strong>パスワードの有効期限を有効にする</strong></span>ためにチェックボックスを選択します。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>変更が必要になるまでの日数</strong></span>フィールドに必要な値を入力して、<span class="guibutton"><strong>OK</strong></span>をクリックします。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Password_Aging-Specifying_password_aging_options"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_info.png" width="444" alt="パスワード・エージングのオプションの指定" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>パスワード情報</strong></span>パネルのイラスト。
+ </div></div></div></div><h6>図3.1 パスワード・エージングのオプションの指定</h6></div><br class="figure-break" /></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. 管理的コントロール</h3></div></div></div><div class="para">
+ 自宅のマシンを管理しているとき、root ユーザーとして、または <code class="command">sudo</code> や <code class="command">su</code> のような <em class="firstterm">setuid</em> プログラムを経由して効果的な root 特権を取得することにより、ユーザーはいくつかのタスクを実行しなければいけません。setuid プログラムは、プログラムを実行しているユーザーではなく、プログラムの所有者のユーザー ID (<span class="emphasis"><em>UID</em></span>) で実行されるものです。そのようなプログラムは、以下の例にあるように、ロング形式リストの所有者セクションに <code class="computeroutput">s</code> により表現されます:
+ </div><pre class="screen"><code class="computeroutput">-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su</code></pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="computeroutput">s</code> は大文字または小文字かもしれません。大文字で表示されるならば、基礎となるパーミッション・ビットがセットされていないことを意味します。
+ </div></div></div><div class="para">
+ しかしながら、組織のシステム管理者に対して、組織の中のユーザーがマシンへどのくらいの管理的アクセスを持たせるかの選択をしなければいけません。<code class="filename">pam_console.so</code> と呼ばれる PAM モジュールを通して、リブートやリムーバブル・メディアのマウントのような、通常 root ユーザーに対してのみ指定されたいくつかのアクティビティは、物理コンソールにログインした最初のユーザーに対して許可されます。(<code class="filename">pam_console.so</code> モジュールの詳細は <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">「Pluggable Authentication Modules (PAM)」</a> を参照してください。)しかしながら、ネットワーク設定の変更、新しいマウスの設定やネットワーク・デバイスのマウントのような、他のシステ
ム管理的タスクは管理特権なしでは不可能です。結果として、システム管理者はネットワークにおけるどのくらいのユーザーがアクセス権を受け取るかを決めなければいけません。
+ </div><div class="section" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Allowing_Root_Access">3.1.4.1. root アクセスの許可</h4></div></div></div><div class="para">
+ 組織内のユーザーが信頼され、コンピューター・リテラシがあるならば、root アクセスを許可することは問題ないかもしれません。ユーザーによる root アクセス権を許可することは、デバイスの追加またはネットワークインタフェースの設定のような軽微な活動が個々のユーザにより取り扱われることを意味します。システム管理者をネットワーク・セキュリティおよび他の重要な問題を取り扱うことから開放します。
+ </div><div class="para">
+ 他方、個々のユーザーに root アクセス権を与えることは、以下の問題につながる可能性があります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>マシンの設定誤り</em></span> — root アクセス権を持つユーザーは、マシンの設定を誤り、問題を解決するために支援を必要とする可能性があります。さらに悪いことに、意識せずにセキュリティ・ホールを開けるかもしれません。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>セキュアではないサービスの実行</em></span> — root アクセス権を持つユーザーは、潜在的にユーザー名とパスワードをリスクにさらす、FTP や Telnet のようなセキュアではないサーバーをマシンにおいて実行するかもしれません。これらのサービスはこの情報をネットワーク上で平文で転送します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>root としての email 添付の実行</em></span> — 珍しいことですが、Linux に影響する email ウイルスが存在します。しかしながら、それらが脅威である唯一のときは、それらが root ユーザーとして実行されたときです。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Disallowing_Root_Access">3.1.4.2. root アクセスの不許可</h4></div></div></div><div class="para">
+ 管理者はユーザーに root としてログインできるようにすることが気持ち悪ければ、root パスワードは秘密にしておくべきです。また、ランレベル1やシングルユーザーモードへのアクセスはブートローダー・パスワード保護を通して無効にされるべきです。(この話題の詳細は <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-BIOS_and_Boot_Loader_Security-Boot_Loader_Passwords">「ブートローダのパスワード」</a> を参照してください。)
+ </div><div class="para">
+ <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account">表3.1「root アクセスを無効化する」</a> は、管理者が root ログインを無効にされていることをさらに確実にすることができる方法について説明しています:
+ </div><div class="table" id="tabl-Security_Guide-Disallowing_Root_Access-Methods_of_Disabling_the_Root_Account"><h6>表3.1 root アクセスを無効化する</h6><div class="table-contents"><table summary="root アクセスを無効化する" border="1"><colgroup><col width="12%" class="method" /><col width="29%" class="description" /><col width="29%" class="effect" /><col width="29%" class="noaffect" /></colgroup><thead><tr><th>
+ 方法
+ </th><th>
+ 説明
+ </th><th>
+ 効果
+ </th><th>
+ 影響なし
+ </th></tr></thead><tbody><tr><td>
+ root シェルの変更
+ </td><td>
+ <code class="filename">/etc/passwd</code> ファイルを編集して、シェルを <code class="command">/bin/bash</code> から <code class="command">/sbin/nologin</code> に変更します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>root シェルへのアクセスを防ぎ、そのような試行をすべて記録する。</td></tr><tr><td>以下のプログラムは root アカウントへのアクセスを防がれます:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>FTP クライアント、メール・クライアント、および多くの setuid プログラムのような、シェルを必要としないプログラム。</td></tr><tr><td>以下のプログラムは root アカウントへのアクセスを防ぎ<span class="emphasis"><em>ません</em></span>:</td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· FTP クライアント</td></tr><tr><td>· Email クライアント</td></tr></table>
+
+ </td></tr><tr><td>
+ すべてのコンソール・デバイス (tty) 経由の root アクセスの無効化
+ </td><td>
+ 空の <code class="filename">/etc/securetty</code> ファイルは、コンピュータに接続されたすべてのデバイスに root ログオンするのを防ぎます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>コンソールまたはネットワーク経由で root アカウントへアクセスするのを防ぎます。以下のプログラムは root アカウントにアクセスするのを防ぎます:</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· tty を開く他のネットワーク・サービス</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>root としてログインしないが、setuid や他のメカニズムを通して管理的なタスクを実行するプログラム。</td></tr><tr><td>以下のプログラムは root アカウントへのアクセスを防ぎ<span class="emphasis"><em>ません</em></span>:</td></tr><tr><td>· <code class="command">su</code></td></tr><tr><td>· <code class="command">sudo</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td></tr><tr><td>
+ root SSH ログインの無効化
+ </td><td>
+ <code class="filename">/etc/ssh/sshd_config</code> ファイルを編集して、<code class="command">PermitRootLogin</code> パラメータを <code class="command">no</code> にセットします。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>OpenSSH スイートのツール経由による root アクセスを防ぎます。以下のプログラムは root アカウントにアクセスするのを</td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>これは OpenSSH スイートのツールのみへと root アクセスを防ぎます。</td></tr></table>
+
+ </td></tr><tr><td>
+ サービスへの root アクセスを制限するために PAM の使用
+ </td><td>
+ <code class="filename">/etc/pam.d/</code> ディレクトリにある対象サービスのファイルを編集します。<code class="filename">pam_listfile.so</code> が認証のために必要であることを確実にします。<sup>[<a id="idp26203072" href="#ftn.idp26203072" class="footnote">a</a>]</sup>
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>PAM に対応するネットワーク・サービスへの root アクセスを防ぎます。</td></tr><tr><td>以下のサービスは root アカウントへのアクセスを防ぎます:</td></tr><tr><td>· FTP クライアント</td></tr><tr><td>· Email クライアント</td></tr><tr><td>· <code class="command">login</code></td></tr><tr><td>· <code class="command">gdm</code></td></tr><tr><td>· <code class="command">kdm</code></td></tr><tr><td>· <code class="command">xdm</code></td></tr><tr><td>· <code class="command">ssh</code></td></tr><tr><td>· <code class="command">scp</code></td></tr><tr><td>· <code class="command">sftp</code></td></tr><tr><td>· すべての PAM 対応アプリケーション</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>PAM に対応しないプログラムおよびサービス。</td></tr></table>
+
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="4"><div class="footnote"><div class="para"><sup>[<a id="ftn.idp26203072" href="#idp26203072" class="para">a</a>] </sup>
+ 詳細は<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">「PAM を用いた root の無効化」</a>を参照してください。
+ </div></div></td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">3.1.4.2.1. root シェルの無効化</h5></div></div></div><div class="para">
+ ユーザーが root として直接ログインすることを防ぐために、システム管理者は <code class="filename">/etc/passwd</code> ファイルにおいて root アカウントのシェルを <code class="command">/sbin/nologin</code> に設定できます。これにより、<code class="command">su</code> や <code class="command">ssh</code> コマンドのような、シェルを要求するコマンドを通して root アカウントにアクセスすることを防ぎます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ email クライアントや <code class="command">sudo</code> コマンドのような、シェルへのアクセスを必要としないプログラムは、まだ root アカウントにアクセスすることができます。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Logins">3.1.4.2.2. root ログインの無効化</h5></div></div></div><div class="para">
+ root アカウントへのアクセスをさらに制限するために、管理者は <code class="filename">/etc/securetty</code> ファイルを編集することにより、コンソールに root ログインすることを無効にできます。このファイルは root ユーザーがログインを許可されているすべてのデバイスをリストします。ファイルがまったく存在しなければ、root ユーザーは、コンソール経由かロー・ネットワーク・デバイスかによらず、システムにあるすべてのコミュニケーション・デバイスを通してログインできます。ネットワーク上に平文でパスワードを転送する、Telnet 経由で root としてマシンにログインできるので、これは危険です。デフォルトで、Fedora の<code class="filename">/etc/securetty</code> ファイルは、root ユーザーがマシンに物理的に接続されたコンソールの
みにログインできます。root がログインするのを防ぐため、以下のコマンドを入力することによりこのファイルの内容を削除します:
+ </div><pre class="screen"><code class="command">echo <username> /etc/securetty</code></pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 空の <code class="filename">/etc/securetty</code> ファイルは、コンソールが認証される後まで開かれないので、root ユーザーが OpenSSH スイートのツールを用いてリモートログインするのを防ぎ<span class="emphasis"><em>ません</em></span>。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_SSH_Logins">3.1.4.2.3. root SSH ログインの無効化</h5></div></div></div><div class="para">
+ SSH プロトコル経由の root ログインは Fedora においてデフォルトで無効化されています。しかし、このオプションが有効化されているならば、SSH デーモンの設定ファイル (<code class="filename">/etc/ssh/sshd_config</code>) を編集することにより再び無効化できます。それが読み込む行を変更します:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin yes</code></pre><div class="para">
+ 以下のように読み込むために:
+ </div><pre class="screen"><code class="computeroutput">PermitRootLogin no</code></pre><div class="para">
+ これらの変更が効くために、SSH デーモンが再起動されなければいけません。これは以下のコマンドを通して実行できます。
+ </div><pre class="screen"><code class="computeroutput">kill -HUP `cat /var/run/sshd.pid`</code></pre></div><div class="section" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">3.1.4.2.4. PAM を用いた root の無効化</h5></div></div></div><div class="para">
+ <code class="filename">/lib/security/pam_listfile.so</code> モジュールを通して PAM は特定のアカウントを拒否するときに大きな柔軟性を許します。管理者はログインが許可されないユーザーのリストを参照するためにこのモジュールを使用できます。以下は、モジュールが <code class="filename">/etc/pam.d/vsftpd</code> PAM 設定ファイルにおいて <code class="command">vsftpd</code> FTP サーバーのためにどのように使用されるかの例です。(以下の例で最初の行の最後にある <code class="computeroutput">\</code> 文字は、ディレクティブが1行にあるならば必要<span class="emphasis"><em>ありません</em></span>):
+ </div><pre class="screen">auth required /lib/security/pam_listfile.so item=user \
+sense=deny file=/etc/vsftpd.ftpusers onerr=succeed</pre><div class="para">
+ これは PAM に <code class="filename">/etc/vsftpd.ftpusers</code> ファイルを参照して、リストされたユーザーすべてをサービスへのアクセスを拒否するよう指示します。管理者はこのファイルの名前を変更できます。また、複数のサービスへのアクセスを拒否するために、各サービスに対して別々のリストを保つことも、1つの集中したライスとを使用することもできます。
+ </div><div class="para">
+ 管理者が複数のサービスへのアクセスを拒否したいならば、次の同じような行が PAM 設定ファイルに追加されます。メールクライアントに対しては <code class="filename">/etc/pam.d/pop</code> および <code class="filename">/etc/pam.d/imap</code>、SSH クライアントに対して <code class="filename">/etc/pam.d/ssh</code> です。
+ </div><div class="para">
+ PAM の詳細は <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">「Pluggable Authentication Modules (PAM)」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Administrative_Controls-Limiting_Root_Access">3.1.4.3. root アクセスの制限</h4></div></div></div><div class="para">
+ 管理者は root ユーザーへのアクセスを完全に拒否するより、<code class="command">su</code> や <code class="command">sudo</code> のような、setuid プログラム経由でのみアクセスを許可したいと考えるかもしれません。
+ </div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_su_Command">3.1.4.3.1. <code class="command">su</code> コマンド</h5></div></div></div><div class="para">
+ ユーザーが <code class="command">su</code> コマンドを実行するとき、root パスワードに対するプロンプトが出されます。認証後、root シェルプロンプトが与えられます。
+ </div><div class="para">
+ 一度 <code class="command">su</code> コマンド経由でログインすると、ユーザーは root ユーザー<span class="emphasis"><em>であり</em></span>、システムへの絶対的な管理アクセス権を持ちます。 <sup>[<a id="idp40091568" href="#ftn.idp40091568" class="footnote">13</a>]</sup>. さらに、一度ユーザーが root になると、パスワードをプロンプトされることなくシステムにある他のすべてのユーザーに変更するために <code class="command">su</code> コマンドを使用できます。
+ </div><div class="para">
+ このプログラムは非常に強力であるため、組織の中にいる管理者はコマンドにアクセス権を持つ者を制限したいと思うかもしれません。
+ </div><div class="para">
+ これを実行する最も簡単な方法の1つは、<em class="firstterm">wheel</em> と呼ばれる特別な管理グループにユーザーを追加することです。これをするために、root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">usermod -G wheel <em class="replaceable"><code><username></code></em></code></pre><div class="para">
+ 前のコマンドにおいて、<em class="replaceable"><code><username></code></em> を <code class="command">wheel</code> グループに追加したいユーザー名で置き換えます。
+ </div><div class="para">
+ グループメンバーを変更するために、以下のように<span class="application"><strong>ユーザー管理</strong></span>を使用することもできます。注記:この手順を実行するために管理者権限を必要とします。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ ユーザー・マネージャーを表示するために、パネルにある<span class="guimenu"><strong>システム</strong></span>メニューをクリックして、<span class="guisubmenu"><strong>管理</strong></span>をポイントして、<span class="guimenuitem"><strong>ユーザーとグループ</strong></span>をクリックします。代わりに、シェル・プロンプトにおいて <code class="command">system-config-users</code> コマンドを入力します。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>ユーザー</strong></span>タブをクリックして、ユーザーのリストにおいて必要なユーザーを選択します。
+ </div></li><li class="step"><div class="para">
+ ユーザー・プロパティのダイアログ・ボックスを表示するためにツールバーにおいて<span class="guibutton"><strong>プロパティ</strong></span>をクリックします(または、<span class="guimenu"><strong>ファイル</strong></span>メニューの<span class="guimenuitem"><strong>プロパティ</strong></span>を選択します)。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>グループ</strong></span> タブをクリックして、wheel グループのチェックボックスを選択して、<span class="guibutton"><strong>OK</strong></span> をクリックします。<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group.">図3.2「ユーザーを "wheel" グループに追加します。」</a> を参照してください。
+ </div></li><li class="step"><div class="para">
+ <code class="command">su</code> に対する PAM 設定ファイル (<code class="filename">/etc/pam.d/su</code>) をテキストエディターで開き、以下の行からコメント <span class="keycap"><strong>#</strong></span> を削除します:
+ </div><pre class="screen">auth required /lib/security/$ISA/pam_wheel.so use_uid</pre><div class="para">
+ この変更は、管理グループ <code class="computeroutput">wheel</code> のメンバーだけがこのプログラムを使用できることを意味します。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-The_su_Command-Adding_users_to_the_wheel_group."><div class="figure-contents"><div class="mediaobject"><img src="images/fed-user_pass_groups.png" width="444" alt="ユーザーを "wheel" グループに追加します。" /><div class="longdesc"><div class="para">
+ <span class="guilabel"><strong>グループ</strong></span>のパネル・アイコン
+ </div></div></div></div><h6>図3.2 ユーザーを "wheel" グループに追加します。</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ root ユーザーはデフォルトで <code class="computeroutput">wheel</code> グループの一部です。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Limiting_Root_Access-The_sudo_Command">3.1.4.3.2. <code class="command">sudo</code> コマンド</h5></div></div></div><div class="para">
+ <code class="command">sudo</code> コマンドは、ユーザーに管理アクセス権を与えるために他のアプローチを提供します。信頼されたユーザーが管理コマンドの前に <code class="command">sudo</code> をつけるとき、<span class="emphasis"><em>自分自身の</em></span>パスワードに対するプロンプトが出されます。そして、認証され、コマンドが許可されると考えられるとき、管理コマンドは root ユーザーであるかのように実行されます。
+ </div><div class="para">
+ <code class="command">sudo</code> コマンドの基本的な形式は以下のとおりです:
+ </div><pre class="screen"><code class="command">sudo <em class="replaceable"><code><command></code></em></code></pre><div class="para">
+ 上の例において、<em class="replaceable"><code><command></code></em> は、<code class="command">mount</code> のように、通常 root ユーザーのために取ってあるコマンドで置き換えられます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">sudo</code> コマンドのユーザーは、sudoers が5分以内はパスワードを聞かれることなく、再びコマンドを使用することができるので、マシンから離れる前にさらに注意深くログアウトするべきです。この設定は設定ファイル <code class="filename">/etc/sudoers</code> 経由で変更できます。
+ </div></div></div><div class="para">
+ <code class="command">sudo</code> コマンドは高いレベルの柔軟性を許します。たとえば、<code class="filename">/etc/sudoers</code> 設定ファイルにリストされたユーザーのみが <code class="command">sudo</code> コマンドを使用できます。また、コマンドは<span class="emphasis"><em>ユーザーの</em></span>シェルで実行され、root シェルではありません。このことは、<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_the_Root_Shell">「root シェルの無効化」</a> に示されるように、root シェルが完全に無効にできることを意味します。
+ </div><div class="para">
+ <code class="command">sudo</code> コマンドは完全な監査証跡も提供します。それぞれの成功の認証は <code class="filename">/var/log/messages</code> に記録されます。また、発行されたコマンドは発行したユーザー名とともに <code class="filename">/var/log/secure</code> ファイルに記録されます。
+ </div><div class="para">
+ <code class="command">sudo</code> コマンドの他の利点は、管理者が異なるユーザーに対してそのニーズに基づいて特定のコマンドにアクセスを許可できることです。
+ </div><div class="para">
+ <code class="command">sudo</code> 設定ファイル (<code class="filename">/etc/sudoers</code>) を編集したい管理者は、<code class="command">visudo</code> コマンドを使用すべきです。
+ </div><div class="para">
+ 誰かに完全な管理特権を与えるために、<code class="command">visudo</code> を入力して、ユーザー権限指定セクションに以下のような行を追加します:
+ </div><pre class="screen"><code class="command">juan ALL=(ALL) ALL</code></pre><div class="para">
+ この例は、ユーザー <code class="computeroutput">juan</code> がすべてのホストから <code class="command">sudo</code> を使用でき、すべてのコマンドを実行できます。
+ </div><div class="para">
+ 以下の例は、<code class="command">sudo</code> を設定するときに、可能な粒度を説明します:
+ </div><pre class="screen"><code class="command">%users localhost=/sbin/shutdown -h now</code></pre><div class="para">
+ この例は、すべてのユーザーがコンソールから発行される限り <code class="command">/sbin/shutdown -h now</code> コマンドを発行できます。
+ </div><div class="para">
+ <code class="filename">sudoers</code> のマニュアル・ページに、このファイルのオプションの詳細なリストがあります。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Available_Network_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. 利用可能なネットワーク・サービス</h3></div></div></div><div class="para">
+ 管理的コントロールへのユーザー・アクセスが組織内でシステム管理者に対して重要な問題である間、ネットワーク・サービスが有効であることを監視することは、Linux システムを管理して運用する誰かにとって最高の重要事項です。
+ </div><div class="para">
+ Fedora の下で多くのサービスはネットワーク・サービスとして動作します。ネットワーク・サービスがマシンで実行されると、サーバー・アプリケーション(<em class="firstterm">daemon</em> と呼ばれます)が1つかそれより多いネットワーク・ポートをリッスンしています。これらのサービスはそれぞれ攻撃の潜在的な経路として取り扱われるべきです。
+ </div><div class="section" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Risks_To_Services">3.1.5.1. サービスへのリスク</h4></div></div></div><div class="para">
+ ネットワーク・サービスは Linux システムに対して多くのリスクをもたらす可能性があります。以下は主要な問題のいくつかのリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>サービス妨害攻撃 (DoS: Denial of Service Attacks)</em></span> — リクエストを用いてサービスを溢れさせることにより、ログとリクエストへの応答を試すので、サービス妨害攻撃はシステムを使用不能にすることができます。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>分散サービス妨害攻撃 (DDoS: Distributed Denial of Service Attack)</em></span> — リクエストでサービスを溢れさせ、使用不能にする、サービスに協調した攻撃を指示するために、複数の侵入されたマシン(しばしば数千かそれより多い数です)を使用する DoS 攻撃の一種。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>スクリプト脆弱性攻撃</em></span> — サーバーが、ウェブサーバーで一般的に実行しているように、サーバーサイドアクションを実行するためにスクリプトを使用しているなら、クラッカーは不適切に書かれたスクリプトを攻撃できます。これらのスクリプト脆弱性攻撃はバッファーオーバーフローの条件に導き、攻撃者がシステムにあるファイルを改ざんできるようにする可能性があります。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>バッファー・オーバーフロー攻撃</em></span> — 0番から1023番までのポートに接続するサービスは、管理ユーザーとして実行しなければいけません。アプリケーションがエクスプロイット可能なバッファー・オーバーフローを持つならば、攻撃者はデーモンを実行しているユーザーとしてシステムへのアクセス権をけることができます。エクスプロイット可能なバッファー・オーバーフローが存在するので、クラッカーは脆弱性を持つシステムを識別するために自動化されたツールを使用します。そして、一度アクセス権を得ると、システムへのアクセス権を維持するために自動化された rootkit を使用します。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ バッファー・オーバーフロー脆弱性の脅威は、Fedora において <em class="firstterm">ExecShield</em> により軽減されます。これは、x86 互換のシングル・プロセッサーおよびマルチ・プロセッサーのカーネルによりサポートされる実行可能なメモリー分割および保護の技術です。ExecShield は、仮想メモリーを実行可能および実行不可能のセグメントに分割することにより、バッファー・オーバーフローのリスクを減らします。バッファー・オーバーフローのエクスプロイトから注入された悪意のあるコードのように、実行可能セグメントの外側で実行しようとするすべてのプログラム・コードは、セグメンテーション・フォールトを引き起こし、終了します。
+ </div><div class="para">
+ Execshield は、AMD64 プラットフォームにおける <em class="firstterm">No eXecute</em> (<acronym class="acronym">NX</acronym>) 技術と、 Itanium および <span class="trademark">Intel</span>® 64 システムにおける <em class="firstterm">eXecute Disable</em> (<acronym class="acronym">XD</acronym>) 技術に対するサポートも含みます。これらの技術は、悪意のあるコードが実行可能コードの 4KB の粒度を持つ、仮想メモリーの実行可能部分で実行されるのを防ぐために、ExecShield とともに動作して、ステルス型のバッファー・オーバーフローのエクスプロイットから攻撃のリスクを減らします。
+ </div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ ネットワーク上の攻撃にさらされることを制限するため、使用していないすべてのサービスをオフにするべきです。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Identifying_and_Configuring_Services">3.1.5.2. サービスの識別と設定</h4></div></div></div><div class="para">
+ セキュリティを向上させるために、Fedora とともにインストールされた多くのネットワーク・サービスはデフォルトでオフにされています。しかしながら、いくつかの注意すべき例外があります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">cupsd</code> — Fedora のデフォルトのプリント・サーバ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">lpd</code> — 代替のプリント・サーバ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">xinetd</code> — <code class="command">gssftp</code> や <code class="command">telnet</code> のような、従属するサーバの範囲へのコネクションを制御するスーパー・サーバです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code> — Sendmail <em class="firstterm">Mail Transport Agent</em> (<abbr class="abbrev">MTA</abbr>) はデフォルトで有効にされていますが、<span class="interface">localhost</span> からのコネクションのみをリッスンします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sshd</code> — Telnet のセキュアな代替である OpenSSH サーバ。
+ </div></li></ul></div><div class="para">
+ これらのサービスを実行したままにしておくかどうかを決めるとき、一般的なセンスを使用するのが最もよく、注意が過ぎると誤ります。たとえば、プリンターが利用できなければ、<code class="command">cupsd</code> を実行したままにしておきません。<code class="command">portmap</code> に対しても同じことが当てはまります。NFSv3 ボリュームをマウントしていない、もしくは NIS (<code class="command">ypbind</code> サービス) を使用していなければ、<code class="command">portmap</code> は無効にすべきです。
+ </div><div class="figure" id="figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-service_config.png" width="444" alt="サービス設定ツール" /><div class="longdesc"><div class="para">
+ <span class="application"><strong>サービス設定ツール</strong></span>のイラスト
+ </div></div></div></div><h6>図3.3 <span class="application">サービス設定ツール</span></h6></div><br class="figure-break" /><div class="para">
+ 特定のサービスの目的が確かでなければ、<span class="application"><strong>サービス設定ツール</strong></span> が、<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#figu-Security_Guide-Identifying_and_Configuring_Services-Services_Configuration_Tool">図3.3「<span class="application">サービス設定ツール</span>」</a> に説明されている、追加の情報を提供する説明フィールドを持ちます。
+ </div><div class="para">
+ ネットワーク・サービスがブート時に開始して利用可能かどうかを調べることは、話の一部です。どのポートが開いていて、リッスンしているかも調べるべきです。詳細は <a class="xref" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">「リッスンしているポートの確認」</a> を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Available_Network_Services-Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Available_Network_Services-Insecure_Services">3.1.5.3. セキュアではないサービス</h4></div></div></div><div class="para">
+ 潜在的に、すべてのネットワーク・サービスはセキュアではありません。このため、使用していないサービスをオフにすることは非常に重要です。サービスに対するエクスプロイットは、定期的に公開およびパッチ提供がされ、すべてのネットワーク・サービスに関連するパッケージを定期的にアップデートすることは非常に重要になります。詳細は<a class="xref" href="sect-Security_Guide-Security_Updates.html">「セキュリティ・アップデート」</a>を参照してください。
+ </div><div class="para">
+ いくつかのネットワーク・プロトコルは他のものよりも本質的によりセキュアではありません。これらは以下のようなあらゆるサービスを含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>暗号化されないネットワーク上でユーザ名とパスワードを転送する</em></span> — Telnet や FTP のような古いプロトコルの多くは、認証セッションを暗号化せず、可能なときはいつでも避けられるべきです。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>暗号化されないネットワーク上で機密情報を転送する</em></span> — 多くのプロトコルは暗号化されないネットワーク上でデータを転送します。これらのプロトコルは Telnet, FTP, HTTP, および SMTP を含みます。NFS や SMB のような多くのネットワーク・ファイル・システムも暗号化されないネットワーク上で情報を転送します。これらのプロトコルを使用するとき、ユーザーのリポジトリはどの形式のデータが転送されるかを制限します。
+ </div><div class="para">
+ <code class="command">netdump</code> のようなリモート・メモリー・ダンプ・サービスは、暗号化されないネットワーク上でメモリーの内容を転送します。メモリー・ダンプはパスワード、悪ければデータベース・エントリーや他の機密情報を含む可能性があります。
+ </div><div class="para">
+ <code class="command">finger</code> や <code class="command">rwhod</code> のような他のサービスは、システムのユーザーに関する情報を明らかにします。
+ </div></li></ul></div><div class="para">
+ 比較的セキュアではない例として <code class="command">rlogin</code>, <code class="command">rsh</code>, <code class="command">telnet</code>, および <code class="command">vsftpd</code> があります。
+ </div><div class="para">
+ すべてのリモートログインとシェルプログラムは (<code class="command">rlogin</code>, <code class="command">rsh</code>, および <code class="command">telnet</code>) は、SSH を選んで、避けるべきです。<code class="command">sshd</code> の詳細は<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">「セキュリティ強化したコミュニケーション・ツール」</a>を参照してください。
+ </div><div class="para">
+ FTP はシステムのセキュリティに関してリモート・シェルほど本質的に危険ではありません。しかし、FTP サーバーは問題を避けるために注意深く設定され、監視されなければいけません。FTP サーバーをセキュアにすることに関する詳細は <a class="xref" href="sect-Security_Guide-Server_Security-Securing_FTP.html">「FTP のセキュア化」</a> を参照してください。
+ </div><div class="para">
+ 注意深く導入され、ファイアウォールの後ろに置かれるべきサービスは以下です。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">finger</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">authd</code> (これは以前の Fedora リリースにおいて <code class="command">identd</code> と呼ばれていました。)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">netdump-server</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">nfs</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rwhod</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sendmail</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">smb</code> (Samba)
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">yppasswdd</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypserv</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">ypxfrd</code>
+ </div></li></ul></div><div class="para">
+ ネットワーク・サービスをセキュアにすることに関する詳細は<a class="xref" href="sect-Security_Guide-Server_Security.html">「サーバのセキュリティ」</a>を参照してください。
+ </div><div class="para">
+ 次のセクションは簡単なファイアウォールをセットアップするために利用可能なツールについて議論します。
+ </div></div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. パーソナル・ファイアウォール</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>必要な</em></span>ネットワーク・サービスが設定した後、ファイアウォールを導入することは重要です。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ インターネットやあなたが信頼できない他のあらゆるネットワークに接続する<span class="emphasis"><em>前に</em></span>、必要なサービスを設定し、ファイアウォールを導入すべきです。
+ </div></div></div><div class="para">
+ ファイアウォールはネットワーク・パケットがシステムのネットワーク・インターフェースにアクセスするのを防ぎます。リクエストがファイアウォールによりブロックされたポート宛てならば、パケットを受け取らず、効果的に無効化されます。この理由により、使っていないポートへのアクセスをブロックする一方、設定されたサービスにより使われるポートへのアクセスをブロックしないようにするためにファイアウォールを設定するとき注意すべきです。
+ </div><div class="para">
+ 多くのユーザーにとって、シンプルなファイアウォールを設定するための最も良いツールは、Fedora に同梱されているグラフィカルなファイアウォール設定ツールです: <span class="application"><strong>ファイアウォール管理ツール</strong></span> (<code class="command">system-config-firewall</code>)。このツールはコントロール・パネル・インターフェースを用いて一般的な目的のファイアウォールに対する幅広い <code class="command">iptables</code> ルールを作成します。
+ </div><div class="para">
+ このアプリケーションと利用可能なオプションを使用法に関する詳細は<a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">「基本的なファイアウォールの設定」</a>を参照してください。
+ </div><div class="para">
+ 高度なユーザーおよびサーバー管理者に対して、<code class="command">iptables</code> を用いてファイアウォールを手動で設定することは、おそらくより良いオプションです。詳細は<a class="xref" href="sect-Security_Guide-Firewalls.html">「ファイアウォール」</a>を参照してください。<code class="command">iptables</code> コマンドの完全なガイドは<a class="xref" href="sect-Security_Guide-IPTables.html">「IPTables」</a>を参照してください。
+ </div></div><div class="section" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. セキュリティ強化したコミュニケーション・ツール</h3></div></div></div><div class="para">
+ インターネットの規模と人気が拡大するにつれて、コミュニケーションの盗聴の脅威があります。何年にもわたり、それらがネットワーク上で転送されるので、ツールは暗号化されたコミュニケーションのために開発されてきました。
+ </div><div class="para">
+ Fedora は、情報がネットワーク上で送られるので、それを保護するために高いレベルの公開鍵暗号ベースの暗号化アルゴリズムを使用する基本的なツールを2つ同梱しています。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>OpenSSH</em></span> — ネットワーク通信を暗号化するための SSH プロトコルのフリー実装。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Gnu Privacy Guard (GPG)</em></span> — データを暗号化するための暗号アプリケーション PGP (Pretty Good Privacy) のフリー実装。
+ </div></li></ul></div><div class="para">
+ OpenSSH は、リモートマシンにアクセスするより安全な方法で、<code class="command">telnet</code> や <code class="command">rsh</code> のようなより古い暗号化されないサービスを置き換えます。OpenSSH は <code class="command">sshd</code> というネットワーク・サービスおよび3つのコマンドライン・クライアント・アプリケーションを含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — リモート・コンソールのセキュアなアクセス・クライアント
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">scp</code> — セキュアなリモート・コピーのコマンド
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sftp</code> — インタラクティブなファイル転送セッションを可能にする、セキュアな擬似 ftp クライアント
+ </div></li></ul></div><div class="para">
+ OpenSSHに関する詳細は<a class="xref" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">「Secure Shell」</a>を参照してください。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">sshd</code> サービスは本質的にセキュアであるにも関わらず、サービスはセキュリティの脅威を防ぐために常に最新にしておかなければ<span class="emphasis"><em>いけません</em></span>。詳細は <a class="xref" href="sect-Security_Guide-Security_Updates.html">「セキュリティ・アップデート」</a> を参照してください。
+ </div></div></div><div class="para">
+ GPG はプライベートな email コミュニケーションを確実にする1つの方法です。パブリック・ネットワーク上で秘密データを email するためや、ハードディスクにある秘密データを保護するためのどちらにも使用されます。
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp19089552" href="#idp19089552" class="para">11</a>] </sup>
+ システム BIOS は製造者間で異なるので、いくつかはどちらのタイプのパスワード保護もサポートしないかもしれません。一方、他のものは1つのタイプをサポートするかもしれませんが、さらに他のものはそうでないかもしれません。
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp10683008" href="#idp10683008" class="para">12</a>] </sup>
+ GRUB は暗号化されていないパスワードも受け付けますが、さらなるセキュリティのために MD5 ハッシュを使用することは推奨されます。
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp40091568" href="#idp40091568" class="para">13</a>] </sup>
+ このアクセス権は SELinux が有効ならば、それにより課される制限をまだ受けます。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>戻る</strong>2.9. NTP</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>次へ</strong>3.2. サーバのセキュリティ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html
new file mode 100644
index 0000000..3bc6b91
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Security_Overview.html
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第1章 セキュリティの概要</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="pr01s02.html" title="2. フィードバック" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. 攻撃者と脆弱性" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n"
href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Security_Overview" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第1章 セキュリティの概要</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. セキュリティのイントロダクション</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. コンピューター・セキュリティとは?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#
sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. セキュリティ・コントロール</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. 結論</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.2. 攻撃者と脆弱性</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. ハッカーの簡単な歴史</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.2.2. ネットワーク・セキュリティへの脅威</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.2.3. サーバ
ー・セキュリティへの脅威</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.3. 脆弱性のアセスメント</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. 敵のような考え</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.3.2. アセスメントとテストの定義</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.3.3. ツールの評価</a></span></dt></dl></dd><dt><span c
lass="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. 一般的なエクスプロイトと攻撃</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. セキュリティ・アップデート</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. パッケージの更新</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html">1.5.2. 署名されたパッケージの検証</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html">1.5.3. 署名されたパッケージのインストール</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">1.5.4. 変更の適用</a></span></dt></dl></dd></dl></div><div class="para
">
+ ビジネスの経営および個人情報の記録のために、パワフルかつネットワーク化されたコンピューターに依存してきているため、すべての産業はネットワークとコンピューターのセキュリティの実践を中心として組成されてきています。企業は、運用している組織の要求事項を適合させるために、適切にシステムを監査して、ソリューションを仕立てるために、セキュリティ専門家の知識とスキルを求めるようになってきています。多くの組織は実際にますます変化が激しくなるので、労働者がローカルまたはリモートで会社の IT リソースへアクセスするとともに、セキュアなコンピューティング環境に対するニーズはより明確になってきています。
+ </div><div class="para">
+ 不幸にも、多くの組織(および個人ユーザー)はセキュリティを、結果論や増大するパワーにより見落とすプロセス、生産性および予算的な懸念としてみなしています。適切なセキュリティの導入は、しばしば事後に賛成されます — 認可されない侵入者がすでに占拠した <span class="emphasis"><em>後で</em></span>。セキュリティ専門家は、インターネットのような信頼されないネットワークにサイトを接続する前に適切な対策をとることは、侵入者に多くの試みを挫折させる効果的な方法であるということに賛成します。
+ </div><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Introduction_to_Security" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Introduction_to_Security">1.1. セキュリティのイントロダクション</h2></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. コンピューター・セキュリティとは?</h3></div></div></div><div class="para">
+ コンピューター・セキュリティは、コンピューティングと情報処理の幅広い領域を取り扱う一般的な用語です。日々のビジネス取引を行い、極めて重要な情報にアクセスするために、コンピューターシステムとネットワークに依存する産業は、それらのデータを全体の資産の最も重要な部分であると見なしています。いくつかの用語と評価指標が、Total Cost of Ownership (TCO) や Quality of Service (QoS) のように、日常のビジネス会話に入ってきています。これらの評価指標を用いることで、計画とプロセス管理のコストの一部として、データの完全性や高可用性のような観点を産業が計算できるようになります。電子商取引のようないくつかの産業において、データの可用性と信頼性は成功と失敗の分かれ目になりえます。
+ </div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-How_did_Computer_Security_Come_about">1.1.1.1. コンピューター・セキュリティはどのように起こるのでしょうか?</h4></div></div></div><div class="para">
+ 情報セキュリティは、個人情報、金融情報、および他の制限された情報が暴露されないようにするため、パブリック・ネットワークへの増大する依存のため何年もかけて進歩してきました。すべての業種にわたる組織が取り扱う情報だけでなくその転送や暴露について再検討するよう促す、Mitnick <sup>[<a id="idp3174144" href="#ftn.idp3174144" class="footnote">1</a>]</sup> や Vladimir Levin <sup>[<a id="idp3172928" href="#ftn.idp3172928" class="footnote">2</a>]</sup> の事件のような数多くの事例があります。インターネットの普及は、データ・セキュリティにおける大きな努力を促す最も重要な開発の1つでした。
+ </div><div class="para">
+ インターネットが提供するリソースへアクセスするために、いまだ増え続ける人々が PC を使用しています。研究や情報探索から電子メールや電子商取引まで、インターネットは20世紀の最も重要な開発の1つとみなされるようになってきました。
+ </div><div class="para">
+ しかしながら、インターネットおよびそれ以前のプロトコルは、<em class="firstterm">信頼を前提とする</em>システムとして開発されました。つまり、インターネットプロトコル (Internet Protocol) 自身はセキュアには設計されていません。TCP/IP 通信階層に組み込まれている公式のセキュリティ標準はありません。それは、ネットワーク越しに潜在的に悪意のあるユーザーやプロセスに開かれたままです。最近の開発はインターネット通信をよりセキュアにしてきましたが、国中の注目を集め、私たちに完全に安全なものは何もないという事実を警告する、いくつかのインシデントがいまだにあります。
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Security_Today"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Security_Today">1.1.1.2. 今日のセキュリティ</h4></div></div></div><div class="para">
+ 2000年2月、分散サービス妨害 (DDoS: Distributed Denial of Service) 攻撃が、インターネットにある最も高トラフィックのサイトのいくつかに対して行われました。攻撃者は <em class="firstterm">ping flood</em> とも呼ばれる大きな ICMP パケットを送信することにより数時間ルータを使用不能し、yahoo.com, cnn.com, amazon.com, fbi.gov, および他のいくつかのサイトを通常のユーザーから完全にアクセス不能にしました。攻撃は、脆弱性のあるネットワーク・サーバーをスキャンする、特別に作成された広く利用可能なプログラムを使用している未知の攻撃者によりもたらされ、サーバーに<em class="firstterm">トロイの木馬</em>と呼ばれるクライアント・アプリケーションをインストールし、犠牲サイトをあふれさせ利用不可能にするあらゆる感染したサーバーで、
攻撃の時間を計りました。多くの人は、パケットが送られたどんなところでも、どんな目的に対しても、すべての入力データを受け付けるために構成されるよう、ルーターとプロトコルが使われる方法で基本的な欠陥にある攻撃を非難しました。
+ </div><div class="para">
+ 2007年、Wired Equivalent Privacy (WEP) 無線暗号化プロトコルの広く知られる脆弱性をエクスプロイトするデータ侵害により、世界中の金融機関から4500万を越えるクレジットカード番号が盗まれました。<sup>[<a id="idp4558656" href="#ftn.idp4558656" class="footnote">3</a>]</sup>
+ </div><div class="para">
+ 別のインシデントにおいて、バックアップ・テープに保存された、220万人の患者の請求記録が配送者のフロントシートから盗まれました。<sup>[<a id="idp4557040" href="#ftn.idp4557040" class="footnote">4</a>]</sup>
+ </div><div class="para">
+ 現在、世界中で推定18億人がインターネットを使用しています、または使用していました。<sup>[<a id="idp4555968" href="#ftn.idp4555968" class="footnote">5</a>]</sup> 同時に:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ある特定の日に、CERT Coordination Center at Carnegie Mellon University<sup>[<a id="idp21197936" href="#ftn.idp21197936" class="footnote">6</a>]</sup> へと報告されたセキュリティ違反のメジャー・インシデントは推定225あります。
+ </div></li><li class="listitem"><div class="para">
+ 2003年、CERT に報告されたインシデントの数は、2001年の52,658、2002年の82,094から跳ね上がりました。<sup>[<a id="idp21197424" href="#ftn.idp21197424" class="footnote">7</a>]</sup>
+ </div></li><li class="listitem"><div class="para">
+ ここ3年の最も危険なインターネット・ウイルスに関するワールドワイドの経済的影響は、132億アメリカドルと見積もられました。<sup>[<a id="idp21194768" href="#ftn.idp21194768" class="footnote">8</a>]</sup>
+ </div></li></ul></div><div class="para">
+ 2008年のグローバルなビジネスと技術のエグゼクティブ調査 "The Global State of Information Security"<sup>[<a id="idp28652304" href="#ftn.idp28652304" class="footnote">9</a>]</sup> から、<span class="emphasis"><em>CIO Magazine</em></span> により断言された、いくつかのポイントは以下です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 43%のみがユーザー・コンプライアンスの監査または監視とセキュリティ・ポリシーが一致します
+ </div></li><li class="listitem"><div class="para">
+ 22%のみがデータを使用する外部企業の一覧を維持しています
+ </div></li><li class="listitem"><div class="para">
+ 約半数のセキュリティ・インシデントはソースが "Unknown" と印がつけられました
+ </div></li><li class="listitem"><div class="para">
+ 回答者の44%が翌年にセキュリティ予算を増やす計画をします
+ </div></li><li class="listitem"><div class="para">
+ 59%は情報セキュリティ戦略を持ちます
+ </div></li></ul></div><div class="para">
+ これらの結果は、コンピューター・セキュリティが IT 予算に対する支出を定量化して正当化するようになってきたことの現実性を強調します。データの完全性と高可用性を必要とする組織は、システム、サービスおよび情報の 24x7 の信頼性を確実にするために、システム管理者、開発者、および技術者のスキルを引き出します。犠牲者が悪意のあるユーザー、プロセスおよび協調された攻撃に落とされると、組織の成功に対する直接の脅威になります。
+ </div><div class="para">
+ 不幸にも、システムとネットワークのセキュリティは、組織が情報をどのようにみなし、使用し、処理し、転送するかの複雑な知識を必要とする、難しい命題になるでしょう。組織(および組織を構成する人々)がビジネスを実施する方法を理解することは、適切なセキュリティ計画を導入することに優先します。
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">1.1.1.3. セキュリティの標準化</h4></div></div></div><div class="para">
+ すべての産業における企業は、アメリカ医師会 (AMA: American Medical Association) や IEEE (Institute of Electrical and Electronics Engineers ) のような標準化推進団体により作られた規制やルールに依存します。同じ理念が情報セキュリティにも有効です。多くのセキュリティ・コンサルタント・ベンダーは CIA (機密性、完全性および可用性) として知られる標準的なセキュリティ・モデルについて意見が一致します。この3階層モデルは、機密情報のリスクアセスメントやセキュリティ方針の確立のために、一般的に受け入れられたコンポーネントです。以下は、 CIA モデルをさらに詳細に説明します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 機密性 — 機密情報は事前に定義された個人の組に対してのみ利用可能でなければいけません。情報の認可されない送信や使用は制限されなければいけません。たとえば、情報の機密性は、顧客情報や金融情報が個人情報の盗難や信用詐欺のような悪意のある目的のために認可されない個人により得られないよう、確実にします。
+ </div></li><li class="listitem"><div class="para">
+ 完全性 — 情報が不完全または不正確に与えられる情報で変更されないようすべきです。認可されないユーザーが機密情報を変更または破壊する能力から制限されなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ 可用性 — 情報は、認可されたユーザーが必要なときいつでもアクセス可能でなければいけません。可用性は情報が合意された頻度とタイムリーさで得られることの保証です。これはしばしば、パーセンテージの観点で測定され、Service Level Agreements (SLA) において公式に合意されます。
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-SELinux"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</h3></div></div></div><div class="para">
+ Fedora は SELinux と呼ばれる Linux カーネルの強化を含みます。それは、システムにあるファイル、プロセス、ユーザーおよびアプリケーションに高精細なレベルの制御を提供する、強制アクセス制御 (MAC: Mandatory Access Control) アーキテクチャーを実装します。SELinux の詳細な議論はこのドキュメントの範囲を超えています。しかし、SELinux の詳細と Fedora における使用法は、<a href="http://docs.fedoraproject.org/">http://docs.fedoraproject.org/</a> で入手可能な Fedora SELinux User Guide を参照してください。SELinux により保護される Fedora におけるサービスの設定と実行に関する詳細は、<a href="http://docs.fedoraproject.org">http://docs.fedoraproject.org/</a> で入手可能な SELinux Managing Confined Services Guide を参照してください。SELinux に対する他の利用可能なリソースは <a class="xre
f" href="chap-Security_Guide-References.html">9章<em>参考資料</em></a> にリストされています。
+ </div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Security_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. セキュリティ・コントロール</h3></div></div></div><div class="para">
+ コンピューター・セキュリティはしばしば、一般的に<em class="wordasword">コントロール</em>として参照される、3つの異なるマスター・カテゴリに分割されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 物理的
+ </div></li><li class="listitem"><div class="para">
+ 技術的
+ </div></li><li class="listitem"><div class="para">
+ 管理的
+ </div></li></ul></div><div class="para">
+ これら3つの幅広いカテゴリは、適切なセキュリティ導入の主な目的を定義します。これらのコントロールの中で、コントロールとそれらを実装する方法をさらに詳細化するサブカテゴリです。
+ </div><div class="section" id="sect-Security_Guide-Security_Controls-Physical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Physical_Controls">1.1.3.1. 物理的コントロール</h4></div></div></div><div class="para">
+ 物理的コントロールは、機密なマテリアルへの認可されないアクセスを阻止または防止するために使用される、定義された構造におけるセキュリティ対策の実装です。物理的コントロールの例は以下です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 有線監視カメラ
+ </div></li><li class="listitem"><div class="para">
+ 動作・温度警告システム
+ </div></li><li class="listitem"><div class="para">
+ 警備員
+ </div></li><li class="listitem"><div class="para">
+ 写真付き身分証明書
+ </div></li><li class="listitem"><div class="para">
+ ロックされた錠前をかけられたスチールドア
+ </div></li><li class="listitem"><div class="para">
+ バイオメトリクス(指紋、声、顔、虹彩、筆跡、および個人を認識するために使われる他の自動化された方法を含みます)
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Technical_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Technical_Controls">1.1.3.2. 技術的コントロール</h4></div></div></div><div class="para">
+ 技術的コントロールは、物理構造やネットワークにおいて機密データのアクセスと制御を制御するために基礎となる技術を使用します。技術的コントロールは広範囲で以下のような技術を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 暗号化
+ </div></li><li class="listitem"><div class="para">
+ スマートカード
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク認証
+ </div></li><li class="listitem"><div class="para">
+ アクセス制御リスト (ACL: Access control lists)
+ </div></li><li class="listitem"><div class="para">
+ ファイル完全性監査ソフトウェア
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Security_Controls-Administrative_Controls"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Security_Controls-Administrative_Controls">1.1.3.3. 管理的コントロール</h4></div></div></div><div class="para">
+ 管理的コントロールはセキュリティの人間的要素を定義します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ トレーニングおよび意識向上
+ </div></li><li class="listitem"><div class="para">
+ 災害準備および復旧計画
+ </div></li><li class="listitem"><div class="para">
+ 要員採用および退職戦略
+ </div></li><li class="listitem"><div class="para">
+ 要員登録およびアカウンティング
+ </div></li></ul></div></div></div><div class="section" id="sect-Security_Guide-Introduction_to_Security-Conclusion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. 結論</h3></div></div></div><div class="para">
+ 今、セキュリティの起源、理由および観点について学んできたので、Fedora に関する適切な行動指針をより簡単に決定するようになることがわかります。どの要素と条件が適切な戦略を計画・導入するためにセキュリティを作り上げるかを知ることは重要です。セキュリティ・プロセスの細部のより深いところを調べるとき、この情報を心に留めておくと、プロセスを正式化して、パスがより明確になります。
+ </div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp3174144" href="#idp3174144" class="para">1</a>] </sup>
+ http://law.jrank.org/pages/3791/Kevin-Mitnick-Case-1999.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp3172928" href="#idp3172928" class="para">2</a>] </sup>
+ http://www.livinginternet.com/i/ia_hackers_levin.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp4558656" href="#idp4558656" class="para">3</a>] </sup>
+ http://www.theregister.co.uk/2007/05/04/txj_nonfeasance/
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp4557040" href="#idp4557040" class="para">4</a>] </sup>
+ http://www.healthcareitnews.com/story.cms?id=9408
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp4555968" href="#idp4555968" class="para">5</a>] </sup>
+ http://www.internetworldstats.com/stats.htm
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp21197936" href="#idp21197936" class="para">6</a>] </sup>
+ http://www.cert.org
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp21197424" href="#idp21197424" class="para">7</a>] </sup>
+ http://www.cert.org/stats/fullstats.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp21194768" href="#idp21194768" class="para">8</a>] </sup>
+ http://www.newsfactor.com/perl/story/16407.html
+ </div></div><div class="footnote"><div class="para"><sup>[<a id="ftn.idp28652304" href="#idp28652304" class="para">9</a>] </sup>
+ http://www.csoonline.com/article/454939/The_Global_State_of_Information_Security_
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>戻る</strong>2. フィードバック</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>次へ</strong>1.2. 攻撃者と脆弱性</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html
new file mode 100644
index 0000000..719c373
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/chap-Security_Guide-Software_Maintenance.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>第7章 ソフトウェアのメンテナンス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="6.2. LUKS パーティション暗号化の利用" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="7.2. セキュリティ・アップデートの計画と設定" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="chapter" id="chap-Security_Guide-Software_Maintenance" lang="ja-JP"><div class="titlepage"><div><div><h2 class="title">第7章 ソフトウェアのメンテナンス</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. 最小限のソフトウェアのインストール</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">7.2. セキュリティ・アップデートの計画と設定</a
></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">7.3. 自動更新の調整</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">7.4. よく知られたリポジトリからの署名されたパッケージのインストール</a></span></dt></dl></div><div class="para">
+ ソフトウェアのメンテナンスはセキュアなシステムを維持するために非常に重要です。攻撃者がシステムに侵入するために既知のホールを使用するのを防ぐために、ソフトウェアのパッチが利用可能になり次第できる限り早く適用することは極めて重要です。
+ </div><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. 最小限のソフトウェアのインストール</h2></div></div></div><div class="para">
+ コンピュータにあるソフトウェアの各部品が脆弱性を含む可能性があるので、使用するパッケージだけをインストールすることがベストプラクティスです。もし DVD からインストールしているならば、インストール中にインストールしたいパッケージを正確に選択する機会があります。他のパッケージが必要であるとわかったときに、後からいつでもシステムへ追加することができます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>戻る</strong>6.2. LUKS パーティション暗号化の利用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>次へ</strong>7.2. セキュリティ・アップデートの計画と設定</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/SCLogin.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/SCLogin.png
new file mode 100644
index 0000000..5bdef58
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/SCLogin.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png
new file mode 100644
index 0000000..2809b32
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/SCLoginEnrollment.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/auth-panel.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/auth-panel.png
new file mode 100644
index 0000000..6335d2f
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/auth-panel.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/authicon.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/authicon.png
new file mode 100644
index 0000000..e397b63
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/authicon.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png
new file mode 100644
index 0000000..1dbf27d
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-firefox_kerberos_SSO.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-firewall_config.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-firewall_config.png
new file mode 100644
index 0000000..6abd4b0
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-firewall_config.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png
new file mode 100644
index 0000000..4a236a7
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_host2host.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png
new file mode 100644
index 0000000..e49a5c1
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_local.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png
new file mode 100644
index 0000000..5457d97
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-ipsec_n_to_n_remote.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-service_config.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-service_config.png
new file mode 100644
index 0000000..71b4c21
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-service_config.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png
new file mode 100644
index 0000000..9527476
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-user_pass_groups.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png
new file mode 100644
index 0000000..54ccc33
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/fed-user_pass_info.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/icon.svg b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/icon.svg
new file mode 100644
index 0000000..c471a60
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/icon.svg
@@ -0,0 +1,3936 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
+ xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ version="1.0"
+ width="32"
+ height="32"
+ id="svg3017"
+ sodipodi:version="0.32"
+ inkscape:version="0.44+devel"
+ sodipodi:docname="book.svg"
+ sodipodi:docbase="/home/andy/Desktop">
+ <metadata
+ id="metadata489">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ inkscape:window-height="480"
+ inkscape:window-width="858"
+ inkscape:pageshadow="0"
+ inkscape:pageopacity="0.0"
+ guidetolerance="10.0"
+ gridtolerance="10.0"
+ objecttolerance="10.0"
+ borderopacity="1.0"
+ bordercolor="#666666"
+ pagecolor="#ffffff"
+ id="base"
+ inkscape:zoom="1"
+ inkscape:cx="16"
+ inkscape:cy="15.944056"
+ inkscape:window-x="0"
+ inkscape:window-y="33"
+ inkscape:current-layer="svg3017" />
+ <defs
+ id="defs3019">
+ <linearGradient
+ id="linearGradient2381">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop2383" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop2385" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="XMLID_1758_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop3903" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3905" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3890" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3892" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1755_">
+ <use
+ id="use3874"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3877" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3879" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3881" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3883" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="XMLID_1754_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop3863" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop3865" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop3867" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop3869" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop3851" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop3853" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_1751_">
+ <use
+ id="use3837"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3840" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3842" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3844" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3846" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="XMLID_1750_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3830" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3832" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop3818" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop3820" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="XMLID_1748_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop3803" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop3805" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop3807" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop3809" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="XMLID_2275_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9947" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9949" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9951" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9953" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="XMLID_2273_">
+ <use
+ id="use9933"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="XMLID_2274_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9936" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9938" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9940" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9942" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="XMLID_2272_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop9917" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop9919" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop9921" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop9923" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleInM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(-0.4,-0.4)"
+ style="fill:#5c5c4f"
+ id="path3197" />
+ </marker>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="XMLID_3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#bfbfbf;stop-opacity:1"
+ offset="0"
+ id="stop20103" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop20105" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#BFBFBF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="200.7363"
+ y1="100.4028"
+ x2="211.99519"
+ y2="89.143997"
+ id="linearGradient36592"
+ xlink:href="#XMLID_3298_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="XMLID_3297_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop20096" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20098" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="181.2925"
+ y1="110.8481"
+ x2="192.6369"
+ y2="99.5037"
+ id="linearGradient36595"
+ xlink:href="#XMLID_3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="XMLID_3296_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#0f6124;stop-opacity:1"
+ offset="0"
+ id="stop20087" />
+ <stop
+ style="stop-color:#219630;stop-opacity:1"
+ offset="1"
+ id="stop20089" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#0F6124" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#219630" />
+ </linearGradient>
+ <linearGradient
+ x1="211.77589"
+ y1="105.7749"
+ x2="212.6619"
+ y2="108.2092"
+ id="linearGradient36677"
+ xlink:href="#XMLID_3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="XMLID_3295_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20076" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.5"
+ id="stop20078" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20080" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="208.9834"
+ y1="116.8296"
+ x2="200.0811"
+ y2="96.834602"
+ id="linearGradient36604"
+ xlink:href="#XMLID_3295_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="XMLID_3294_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop20069" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop20071" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="195.5264"
+ y1="97.911102"
+ x2="213.5213"
+ y2="115.9061"
+ id="linearGradient36607"
+ xlink:href="#XMLID_3294_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="XMLID_3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20056" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20058" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20060" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20062" />
+ <stop
+ style="stop-color:#c2c2c2;stop-opacity:1"
+ offset="0.5"
+ id="stop20064" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C2C2C2" />
+ </linearGradient>
+ <linearGradient
+ x1="186.1938"
+ y1="109.1343"
+ x2="206.6881"
+ y2="88.639999"
+ id="linearGradient36610"
+ xlink:href="#XMLID_3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="XMLID_3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop20043" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.16850001"
+ id="stop20045" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.23029999"
+ id="stop20047" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0.2809"
+ id="stop20049" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop20051" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.1685"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.2303"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.2809"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="184.8569"
+ y1="112.2676"
+ x2="211.94099"
+ y2="89.541397"
+ id="linearGradient36613"
+ xlink:href="#XMLID_3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.029078,0,0,1,-183.2624,-79.44655)" />
+ <marker
+ refX="0"
+ refY="0"
+ orient="auto"
+ style="overflow:visible"
+ id="TriangleOutM">
+ <path
+ d="M 5.77,0 L -2.88,5 L -2.88,-5 L 5.77,0 z "
+ transform="scale(0.4,0.4)"
+ style="fill:#5c5c4f;fill-rule:evenodd;stroke-width:1pt;marker-start:none"
+ id="path3238" />
+ </marker>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="XMLID_3457_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="stop8309" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8311" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="stop8313" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#999999" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#B2B2B2" />
+ </linearGradient>
+ <linearGradient
+ x1="165.3"
+ y1="99.5"
+ x2="165.3"
+ y2="115.9"
+ id="lg1997"
+ xlink:href="#XMLID_3457_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="XMLID_3456_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="stop8300" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8302" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8304" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="175"
+ y1="99.800003"
+ x2="175"
+ y2="112.5"
+ id="lg2000"
+ xlink:href="#XMLID_3456_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="XMLID_3455_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8291" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="0.69999999"
+ id="stop8293" />
+ <stop
+ style="stop-color:#191919;stop-opacity:1"
+ offset="1"
+ id="stop8295" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.7"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#191919" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#191919" />
+ </linearGradient>
+ <linearGradient
+ x1="168.8"
+ y1="107.1"
+ x2="164.5"
+ y2="110"
+ id="lg2003"
+ xlink:href="#XMLID_3455_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ id="lg63694">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop63696" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="stop63698" />
+ </linearGradient>
+ <linearGradient
+ x1="458"
+ y1="483"
+ x2="465.20001"
+ y2="271.39999"
+ id="lg2006"
+ xlink:href="#lg63694"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(6.3e-2,0,0,6.3e-2,-1.3,-9.8)" />
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="XMLID_3453_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="0"
+ id="stop8271" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0.2"
+ id="stop8273" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8275" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#666666" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#737373" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="176.3"
+ y1="110.1"
+ x2="158.7"
+ y2="105"
+ id="lg2009"
+ xlink:href="#XMLID_3453_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="XMLID_3449_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8232" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="0.60000002"
+ id="stop8234" />
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="1"
+ id="stop8236" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.6"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFF95E" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#ECD600" />
+ </linearGradient>
+ <linearGradient
+ x1="173.60001"
+ y1="118.9"
+ x2="172.8"
+ y2="128.2"
+ id="lg2016"
+ xlink:href="#XMLID_3449_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8219" />
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8221" />
+ <stop
+ style="stop-color:#c96b00;stop-opacity:1"
+ offset="0.89999998"
+ id="stop8223" />
+ <stop
+ style="stop-color:#9a5500;stop-opacity:1"
+ offset="1"
+ id="stop8225" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.9"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#C96B00" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#9A5500" />
+ </radialGradient>
+ <radialGradient
+ cx="284.60001"
+ cy="172.60001"
+ r="6.5"
+ fx="284.60001"
+ fy="172.60001"
+ id="rg2020"
+ xlink:href="#XMLID_3448_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.513992,0,0,2.347576,-689.1621,-378.5717)" />
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="XMLID_3447_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecd600;stop-opacity:1"
+ offset="0"
+ id="stop8204" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8206" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop8208" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECD600" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="158.10001"
+ y1="123"
+ x2="164.2"
+ y2="126.6"
+ id="lg2026"
+ xlink:href="#XMLID_3447_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.4,0,0,1.4,-237.3,-126.8)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop8197" />
+ <stop
+ style="stop-color:#fff95e;stop-opacity:1"
+ offset="1"
+ id="stop8199" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#FFF95E" />
+ </radialGradient>
+ <radialGradient
+ cx="280.89999"
+ cy="163.7"
+ r="10.1"
+ fx="280.89999"
+ fy="163.7"
+ id="rg2029"
+ xlink:href="#XMLID_3446_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.7,0,0,1.7,-457.5,-266.8)" />
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="XMLID_3445_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8184" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8186" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8188" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8190" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8192" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.5"
+ y1="122.7"
+ x2="180.10001"
+ y2="122.7"
+ id="lg2032"
+ xlink:href="#XMLID_3445_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="XMLID_3444_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ecb300;stop-opacity:1"
+ offset="0"
+ id="stop8171" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.2"
+ id="stop8173" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.30000001"
+ id="stop8175" />
+ <stop
+ style="stop-color:#ffe900;stop-opacity:1"
+ offset="0.40000001"
+ id="stop8177" />
+ <stop
+ style="stop-color:#d68100;stop-opacity:1"
+ offset="1"
+ id="stop8179" />
+ <a:midPointstop
+ offset="0"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#ECB300" />
+ <a:midPointstop
+ offset="0.2"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.3"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFFFB3" />
+ <a:midPointstop
+ offset="0.4"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="0.5"
+ style="stop-color:#FFE900" />
+ <a:midPointstop
+ offset="1"
+ style="stop-color:#D68100" />
+ </linearGradient>
+ <linearGradient
+ x1="156.39999"
+ y1="115.4"
+ x2="180.10001"
+ y2="115.4"
+ id="lg2035"
+ xlink:href="#XMLID_3444_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.2,0,0,1.2,-175.9,-114.6)" />
+ <linearGradient
+ x1="379.70001"
+ y1="167.89999"
+ x2="383.89999"
+ y2="172.89999"
+ id="lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16159" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16161" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s16163" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="379.60001"
+ y1="167.8"
+ x2="383.79999"
+ y2="172"
+ id="lg6416"
+ xlink:href="#lg4286_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.622156,0.623859,-0.623859,2.62182,-882.9706,-673.7921)" />
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="0"
+ id="s16152" />
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="1"
+ id="s16154" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#737373"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="384.20001"
+ y1="169.8"
+ x2="384.79999"
+ y2="170.39999"
+ id="lg6453"
+ xlink:href="#lg4285_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8,0.2,-0.2,0.8,78.8,38.1)">
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="0"
+ id="s16145" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="s16147" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#808080"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#E5E5E5"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="380.5"
+ y1="172.60001"
+ x2="382.79999"
+ y2="173.7"
+ id="lg6456"
+ xlink:href="#lg4284_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.6,0.6,-0.6,2.6,-883,-673.8)" />
+ <radialGradient
+ cx="347.29999"
+ cy="244.5"
+ r="5.1999998"
+ fx="347.29999"
+ fy="244.5"
+ id="lg4282_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#333;stop-opacity:1"
+ offset="0"
+ id="s16135" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s16137" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#333333"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0"
+ id="s16111" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.60000002"
+ id="s16113" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="1"
+ id="s16115" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.6" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.39999"
+ y1="397.70001"
+ x2="310.89999"
+ y2="399.5"
+ id="lg6467"
+ xlink:href="#lg4280_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16100" />
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0.40000001"
+ id="s16102" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="0.89999998"
+ id="s16104" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16106" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.9" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="310.89999"
+ y1="395.79999"
+ x2="313.29999"
+ y2="403.10001"
+ id="lg6465"
+ xlink:href="#lg4279_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="307.79999"
+ y1="395.20001"
+ x2="313.79999"
+ y2="413.60001"
+ id="lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.7,-0.7,0.7,0.7,-153.4,180.6)">
+ <stop
+ style="stop-color:#ffffb3;stop-opacity:1"
+ offset="0"
+ id="s16091" />
+ <stop
+ style="stop-color:#fcd72f;stop-opacity:1"
+ offset="0.40000001"
+ id="s16093" />
+ <stop
+ style="stop-color:#ffcd00;stop-opacity:1"
+ offset="1"
+ id="s16095" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFB3"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.4" />
+ <ns:midPointStop
+ style="stop-color:#FCD72F"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFCD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="306.5"
+ y1="393"
+ x2="309"
+ y2="404"
+ id="lg6400"
+ xlink:href="#lg4278_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.4,-2.4,2.4,2.4,-1663.6,-195)" />
+ <linearGradient
+ x1="352.10001"
+ y1="253.60001"
+ x2="348.5"
+ y2="237.8"
+ id="lg4276_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16077" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16079" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s16057" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.80000001"
+ id="s16059" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="s16061" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.8" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="335.60001"
+ y1="354.79999"
+ x2="337.89999"
+ y2="354.79999"
+ id="lg6463"
+ xlink:href="#lg4275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16048" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.1"
+ id="s16050" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16052" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.1" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="337.39999"
+ y1="353.10001"
+ x2="339.39999"
+ y2="357.10001"
+ id="lg6461"
+ xlink:href="#lg4274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9,-0.5,0.5,0.9,-121.7,105.1)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s16041" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s16043" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="5.6e-003" />
+ <ns:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="334.39999"
+ y1="355.5"
+ x2="335.5"
+ y2="356.79999"
+ id="lg6381"
+ xlink:href="#lg4273_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.9,-1.7,1.7,2.9,-1557,-448.7)" />
+ <linearGradient
+ x1="348.39999"
+ y1="247.39999"
+ x2="354.10001"
+ y2="242"
+ id="lg4271_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s16025" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.40000001"
+ id="s16027" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="s16029" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#000000"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg4270_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffff87;stop-opacity:1"
+ offset="0"
+ id="s16007" />
+ <stop
+ style="stop-color:#ffad00;stop-opacity:1"
+ offset="1"
+ id="s16009" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0" />
+ <ns:midPointStop
+ style="stop-color:#FFFF87"
+ offset="0.5" />
+ <ns:midPointStop
+ style="stop-color:#FFAD00"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="351.29999"
+ y1="257.29999"
+ x2="346.29999"
+ y2="235.5"
+ id="lg6459"
+ xlink:href="#lg4270_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(3.4,0,0,3.4,-1148,-802)" />
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="XMLID_2708_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="stop75318" />
+ <stop
+ style="stop-color:#fffcea;stop-opacity:1"
+ offset="1"
+ id="stop75320" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#FFFCEA"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="43.799999"
+ y1="32.5"
+ x2="63.299999"
+ y2="66.400002"
+ id="lg1907"
+ xlink:href="#XMLID_2708_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="XMLID_2707_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#ffdea0;stop-opacity:1"
+ offset="0"
+ id="stop75305" />
+ <stop
+ style="stop-color:#ffd89e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75307" />
+ <stop
+ style="stop-color:#ffd79e;stop-opacity:1"
+ offset="0.30000001"
+ id="stop75309" />
+ <stop
+ style="stop-color:#dbaf6d;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75311" />
+ <stop
+ style="stop-color:#6f4c24;stop-opacity:1"
+ offset="1"
+ id="stop75313" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#FFDEA0"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.3" />
+ <a:midPointStop
+ style="stop-color:#FFD79E"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#DBAF6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6F4C24"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="52.5"
+ y1="40.400002"
+ x2="58.200001"
+ y2="64"
+ id="lg1910"
+ xlink:href="#XMLID_2707_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="58"
+ y1="73.199997"
+ x2="44.5"
+ y2="19"
+ id="XMLID_2704_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)">
+ <stop
+ style="stop-color:#d4a96c;stop-opacity:1"
+ offset="0.5"
+ id="stop75284" />
+ <stop
+ style="stop-color:#dcb273;stop-opacity:1"
+ offset="0.60000002"
+ id="stop75286" />
+ <stop
+ style="stop-color:#f0ca87;stop-opacity:1"
+ offset="0.80000001"
+ id="stop75288" />
+ <stop
+ style="stop-color:#ffdc96;stop-opacity:1"
+ offset="0.69999999"
+ id="stop75290" />
+ <stop
+ style="stop-color:#c18a42;stop-opacity:1"
+ offset="1"
+ id="stop75292" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D4A96C"
+ offset="0.6" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.7" />
+ <a:midPointStop
+ style="stop-color:#FFDC96"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C18A42"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="XMLID_2703_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0"
+ id="stop75268" />
+ <stop
+ style="stop-color:#e5c9b0;stop-opacity:1"
+ offset="0.40000001"
+ id="stop75270" />
+ <stop
+ style="stop-color:#c0aa94;stop-opacity:1"
+ offset="1"
+ id="stop75272" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.4" />
+ <a:midPointStop
+ style="stop-color:#E5C9B0"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#C0AA94"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="53.700001"
+ y1="32"
+ x2="53.700001"
+ y2="64.599998"
+ id="lg1916"
+ xlink:href="#XMLID_2703_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-29,-22.6)" />
+ <linearGradient
+ x1="224.31"
+ y1="19.450001"
+ x2="214.33"
+ y2="11.46"
+ id="XMLID_419_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#404040;stop-opacity:1"
+ offset="0"
+ id="s1903" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1905" />
+ <stop
+ style="stop-color:#e9e9e9;stop-opacity:1"
+ offset="1"
+ id="s1907" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#404040" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E9E9E9" />
+ </linearGradient>
+ <linearGradient
+ x1="221.84"
+ y1="32.779999"
+ x2="212.2"
+ y2="20.27"
+ id="lg1988"
+ xlink:href="#XMLID_419_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1900"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s1902" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s1906" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#575757"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.33" />
+ <a:midPointStop
+ style="stop-color:#6D6D6D"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#D3D3D3"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="234.81"
+ y1="33.279999"
+ x2="228.27"
+ y2="33.279999"
+ id="lg1908"
+ xlink:href="#lg1900"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="XMLID_416_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#575757;stop-opacity:1"
+ offset="0"
+ id="s1874" />
+ <stop
+ style="stop-color:#6d6d6d;stop-opacity:1"
+ offset="0.33000001"
+ id="s1876" />
+ <stop
+ style="stop-color:#d3d3d3;stop-opacity:1"
+ offset="1"
+ id="s1878" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#575757" />
+ <a:midPointStop
+ offset="0.33"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#6D6D6D" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#D3D3D3" />
+ </linearGradient>
+ <linearGradient
+ x1="228.35001"
+ y1="33.279999"
+ x2="215.42999"
+ y2="33.279999"
+ id="lg1991"
+ xlink:href="#XMLID_416_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.33,0,0,1.31,-274.2,-5.2)" />
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.1,0,0,1.1,-54.33,-75.4)">
+ <stop
+ style="stop-color:#c9ffc9;stop-opacity:1"
+ offset="0"
+ id="stop29201" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="stop29203" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#C9FFC9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#23A11F" />
+ </radialGradient>
+ <radialGradient
+ cx="603.19"
+ cy="230.77"
+ r="1.67"
+ fx="603.19"
+ fy="230.77"
+ id="radialGradient5711"
+ xlink:href="#x5010_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.23,0,0,1.23,-709.93,-245.02)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5722"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="x5002_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29134" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0.2"
+ id="stop29136" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="stop29138" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.20"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#FFFFFF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#999999" />
+ </linearGradient>
+ <linearGradient
+ x1="601.48999"
+ y1="170.16"
+ x2="613.84003"
+ y2="170.16"
+ id="lg5725"
+ xlink:href="#x5002_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29157" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29159" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.23"
+ id="lg5728"
+ xlink:href="#x5004_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="x5003_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="stop29143" />
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="1"
+ id="stop29145" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#E5E5E5" />
+ </linearGradient>
+ <linearGradient
+ x1="592.31"
+ y1="162.60001"
+ x2="609.32001"
+ y2="145.59"
+ id="lg5732"
+ xlink:href="#x5003_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop29124" />
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="1"
+ id="stop29126" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#FFFFFF" />
+ </linearGradient>
+ <linearGradient
+ x1="592.20001"
+ y1="156.45"
+ x2="609.98999"
+ y2="174.24001"
+ id="lg5735"
+ xlink:href="#x5000_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.12,0,0,1.12,-649.08,-160.62)" />
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="XMLID_2433_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d6d6d6;stop-opacity:1"
+ offset="0"
+ id="71615" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71617" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D6D6D6" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="308.54999"
+ y1="149.89999"
+ x2="299.72"
+ y2="148.83"
+ id="lg1952"
+ xlink:href="#XMLID_2433_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.98,0,0,0.98,2.88,2.75)">
+ <stop
+ style="stop-color:#d2d2d2;stop-opacity:1"
+ offset="0.19"
+ id="71592" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.44999999"
+ id="71594" />
+ <stop
+ style="stop-color:#c7c7c7;stop-opacity:1"
+ offset="0.60000002"
+ id="71596" />
+ <stop
+ style="stop-color:#b9b9b9;stop-opacity:1"
+ offset="0.74000001"
+ id="71598" />
+ <stop
+ style="stop-color:#a4a4a4;stop-opacity:1"
+ offset="0.86000001"
+ id="71600" />
+ <stop
+ style="stop-color:#8a8a8a;stop-opacity:1"
+ offset="0.95999998"
+ id="71602" />
+ <stop
+ style="stop-color:gray;stop-opacity:1"
+ offset="1"
+ id="71604" />
+ <a:midPointStop
+ offset="0.19"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="0.8"
+ style="stop-color:#D2D2D2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#808080" />
+ </radialGradient>
+ <radialGradient
+ cx="307.39999"
+ cy="121"
+ r="23.35"
+ fx="307.39999"
+ fy="121"
+ id="radialGradient2331"
+ xlink:href="#XMLID_2432_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-276.62,-121.54)" />
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="XMLID_2430_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#b5d8ff;stop-opacity:1"
+ offset="0"
+ id="71582" />
+ <stop
+ style="stop-color:black;stop-opacity:1"
+ offset="1"
+ id="71584" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B5D8FF" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#000000" />
+ </linearGradient>
+ <linearGradient
+ x1="294.13"
+ y1="127.07"
+ x2="294.13"
+ y2="142.2"
+ id="lg2820"
+ xlink:href="#XMLID_2430_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="XMLID_2429_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0"
+ id="71564" />
+ <stop
+ style="stop-color:#e1e1e1;stop-opacity:1"
+ offset="0.25"
+ id="71566" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="0.44"
+ id="71568" />
+ <stop
+ style="stop-color:#a5a5a5;stop-opacity:1"
+ offset="1"
+ id="71570" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.25"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E1E1E1" />
+ <a:midPointStop
+ offset="0.44"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#A5A5A5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A5A5A5" />
+ </linearGradient>
+ <linearGradient
+ x1="279.10999"
+ y1="148.03"
+ x2="309.16"
+ y2="148.03"
+ id="lg2818"
+ xlink:href="#XMLID_2429_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.03,0,0,1.03,-279.57,-124.36)" />
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.851,0,0,0.849,69.297,51.658)">
+ <stop
+ style="stop-color:#23468e;stop-opacity:1"
+ offset="0"
+ id="stop10972" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10974" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#23468E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </radialGradient>
+ <radialGradient
+ cx="622.34302"
+ cy="14.449"
+ r="26.496"
+ fx="622.34302"
+ fy="14.449"
+ id="rg5791"
+ xlink:href="#lg3499_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.858,0,0,0.857,-511.7,9.02)" />
+ <linearGradient
+ x1="616.112"
+ y1="76.247002"
+ x2="588.14099"
+ y2="60.742001"
+ id="lg3497_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#01326e;stop-opacity:1"
+ offset="0"
+ id="stop10962" />
+ <stop
+ style="stop-color:#012859;stop-opacity:1"
+ offset="1"
+ id="stop10964" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#01326E" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#012859" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg3496_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="stop10950" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10952" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#E5E5E5" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="617.698"
+ y1="82.445999"
+ x2="585.95203"
+ y2="54.848999"
+ id="lg5794"
+ xlink:href="#lg3496_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg3495_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10941" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10943" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10945" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="601.39001"
+ y1="55.341"
+ x2="588.29199"
+ y2="71.515999"
+ id="lg5771"
+ xlink:href="#lg3495_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.615,-43.098)" />
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg3494_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="stop10932" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.52200001"
+ id="stop10934" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="stop10936" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#D9D9D9" />
+ <a:midPointStop
+ offset="0.522"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#F2F2F2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#CCCCCC" />
+ </linearGradient>
+ <linearGradient
+ x1="611.34601"
+ y1="55.279999"
+ x2="590.39001"
+ y2="81.157997"
+ id="lg5774"
+ xlink:href="#lg3494_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.009,0,0,1.009,-581.616,-43.098)" />
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="g3302_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#005e00;stop-opacity:1"
+ offset="0"
+ id="s6504" />
+ <stop
+ style="stop-color:#23a11f;stop-opacity:1"
+ offset="1"
+ id="s6506" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#005E00"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#23A11F"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="798.72998"
+ y1="69.839996"
+ x2="799.04999"
+ y2="70.709999"
+ id="lg5851"
+ xlink:href="#g3302_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0"
+ id="s6483" />
+ <stop
+ style="stop-color:#eee;stop-opacity:1"
+ offset="0.17"
+ id="s6485" />
+ <stop
+ style="stop-color:#e3e3e3;stop-opacity:1"
+ offset="0.34"
+ id="s6487" />
+ <stop
+ style="stop-color:#cfcfcf;stop-opacity:1"
+ offset="0.50999999"
+ id="s6489" />
+ <stop
+ style="stop-color:#b4b4b4;stop-opacity:1"
+ offset="0.67000002"
+ id="s6491" />
+ <stop
+ style="stop-color:#919191;stop-opacity:1"
+ offset="0.83999997"
+ id="s6493" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6495" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.71" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="779.19"
+ y1="122.73"
+ x2="811.69"
+ y2="149.74001"
+ id="lg5855"
+ xlink:href="#g3301_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,103.123)" />
+ <clipPath
+ id="g3299_">
+ <use
+ id="use6469"
+ x="0"
+ y="0"
+ width="1005.92"
+ height="376.97"
+ xlink:href="#g101_" />
+ </clipPath>
+ <radialGradient
+ cx="1189.9301"
+ cy="100.05"
+ r="40.400002"
+ fx="1189.9301"
+ fy="100.05"
+ id="g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,-8.46e-2,0,0.34,394.16,137.13)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6472" />
+ <stop
+ style="stop-color:white;stop-opacity:0"
+ offset="1"
+ id="s6474" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#000000"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1199.74"
+ cy="97.150002"
+ r="40.400002"
+ fx="1199.74"
+ fy="97.150002"
+ id="rg5860"
+ xlink:href="#g3300_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.409,-0.107,0,0.429,-451.489,113.149)" />
+ <linearGradient
+ x1="796.38"
+ y1="67.580002"
+ x2="781.28003"
+ y2="58.549999"
+ id="g3298_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#4c8bca;stop-opacity:1"
+ offset="0"
+ id="s6462" />
+ <stop
+ style="stop-color:#b7e9ff;stop-opacity:1"
+ offset="1"
+ id="s6464" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#4C8BCA"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B7E9FF"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6448" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6450" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="800.97998"
+ y1="140.72"
+ x2="777.71997"
+ y2="121.76"
+ id="lg5890"
+ xlink:href="#g3297_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,129.19)" />
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(0,70.17)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6439" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.51999998"
+ id="s6441" />
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="1"
+ id="s6443" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.52" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#CCCCCC"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="790.03998"
+ y1="-16.33"
+ x2="779.84003"
+ y2="-3.73"
+ id="lg5866"
+ xlink:href="#g3296_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,28.6)" />
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="g3293_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6412" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6414" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="785.84003"
+ y1="72.989998"
+ x2="785.26001"
+ y2="76.279999"
+ id="lg5871"
+ xlink:href="#g3293_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="g3292_"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="0"
+ id="s6403" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="0.28"
+ id="s6405" />
+ <stop
+ style="stop-color:#666;stop-opacity:1"
+ offset="1"
+ id="s6407" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.28" />
+ <a:midPointstop
+ style="stop-color:#F2F2F2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#666666"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="789.37"
+ y1="69.879997"
+ x2="791.03998"
+ y2="77.120003"
+ id="lg5874"
+ xlink:href="#g3292_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,0,0,1.263,-926.036,-60.001)" />
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1,-0.25,0,1,0,137.29)">
+ <stop
+ style="stop-color:#d9d9d9;stop-opacity:1"
+ offset="0"
+ id="s6380" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="1"
+ id="s6382" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#D9D9D9"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="786.65997"
+ y1="136.12"
+ x2="786.71002"
+ y2="134.33"
+ id="lg5878"
+ xlink:href="#g3290_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(1.204,-0.316,0,1.263,-926.036,113.351)" />
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:white;stop-opacity:1"
+ offset="0"
+ id="s6371" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6373" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#FFFFFF"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1458.77"
+ cy="-5.0999999"
+ r="35.130001"
+ fx="1458.77"
+ fy="-5.0999999"
+ id="rg5881"
+ xlink:href="#g3289_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.34,0,0,0.36,238.56,86.87)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6362" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.63999999"
+ id="s6364" />
+ <stop
+ style="stop-color:#737373;stop-opacity:1"
+ offset="1"
+ id="s6366" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.64" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#737373"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1612.98"
+ cy="-4.4699998"
+ r="36.580002"
+ fx="1612.98"
+ fy="-4.4699998"
+ id="rg5884"
+ xlink:href="#g3288_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.408,0,0,0.448,-638.943,49.495)" />
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.42,0,0,0.42,167.09,79.84)">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1"
+ offset="0"
+ id="s6347" />
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0.38999999"
+ id="s6349" />
+ <stop
+ style="stop-color:#b1b1b1;stop-opacity:1"
+ offset="0.75"
+ id="s6351" />
+ <stop
+ style="stop-color:#aaa;stop-opacity:1"
+ offset="0.88"
+ id="s6353" />
+ <stop
+ style="stop-color:#9e9e9e;stop-opacity:1"
+ offset="0.97000003"
+ id="s6355" />
+ <stop
+ style="stop-color:#999;stop-opacity:1"
+ offset="1"
+ id="s6357" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0" />
+ <a:midPointstop
+ style="stop-color:#E5E5E5"
+ offset="0.5" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.39" />
+ <a:midPointstop
+ style="stop-color:#B2B2B2"
+ offset="0.87" />
+ <a:midPointstop
+ style="stop-color:#999999"
+ offset="1" />
+ </radialGradient>
+ <radialGradient
+ cx="1470.5"
+ cy="-10.21"
+ r="33.290001"
+ fx="1470.5"
+ fy="-10.21"
+ id="rg5887"
+ xlink:href="#g3287_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.505,0,0,0.53,-724.957,40.636)" />
+ <pattern
+ patternTransform="matrix(0.592927,0,0,0.592927,78,462)"
+ id="cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-365.3146,-513.505)"
+ id="g3047">
+ id="path2858" />
+ <path
+ inkscape:label="#path2854"
+ sodipodi:nodetypes="czzzz"
+ style="fill:#e3dcc0"
+ id="path3060"
+ d="M 390.31462,529.50504 C 390.31462,534.47304 386.28262,538.50504 381.31462,538.50504 C 376.34662,538.50504 372.31462,534.47304 372.31462,529.50504 C 372.31462,524.53704 376.34662,520.50504 381.31462,520.50504 C 386.28262,520.50504 390.31462,524.53704 390.31462,529.50504 z " />
+</g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.733751,0,0,0.733751,67,367)"
+ id="dark-cream-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-408.0946,-513.505)"
+ id="dark-cream-spot"
+ inkscape:label="#g3043">
+ <path
+ sodipodi:nodetypes="czzzz"
+ style="fill:#c8c5ac"
+ d="M 433.09458,529.50504 C 433.09458,534.47304 429.06258,538.50504 424.09458,538.50504 C 419.12658,538.50504 415.09458,534.47304 415.09458,529.50504 C 415.09458,524.53704 419.12658,520.50504 424.09458,520.50504 C 429.06258,520.50504 433.09458,524.53704 433.09458,529.50504 z "
+ id="path2953" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.375,0,0,0.375,379,400)"
+ id="white-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-484.3997,-513.505)"
+ id="white-spot"
+ inkscape:label="#g3035">
+ <path
+ style="opacity:0.25;fill:white"
+ id="path3033"
+ d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+ sodipodi:nodetypes="czzzz" />
+ </g>
+ </pattern>
+ <pattern
+ patternTransform="matrix(0.455007,0,0,0.455007,-5e-5,1.9e-5)"
+ id="black-spots"
+ height="32"
+ width="32"
+ patternUnits="userSpaceOnUse">
+ <g
+ transform="translate(-448.3997,-513.505)"
+ id="black-spot"
+ inkscape:label="#g3039">
+ <path
+ sodipodi:nodetypes="czzzz"
+ d="M 473.39967,529.50504 C 473.39967,534.47304 469.36767,538.50504 464.39967,538.50504 C 459.43167,538.50504 455.39967,534.47304 455.39967,529.50504 C 455.39967,524.53704 459.43167,520.50504 464.39967,520.50504 C 469.36767,520.50504 473.39967,524.53704 473.39967,529.50504 z "
+ id="path2961"
+ style="opacity:0.25;fill:black" />
+ </g>
+ </pattern>
+ <linearGradient
+ x1="501.0903"
+ y1="-19.2544"
+ x2="531.85413"
+ y2="0.72390002"
+ id="linearGradient17334"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17336" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17338" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17340" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17342" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5112"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B4DAEA" />
+ <a:midPointStop
+ offset="0.6461"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#16336E" />
+ </linearGradient>
+ <linearGradient
+ x1="415.73831"
+ y1="11.854"
+ x2="418.13361"
+ y2="18.8104"
+ id="linearGradient17426"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
+ <stop
+ style="stop-color:#ccc;stop-opacity:1"
+ offset="0"
+ id="stop17428" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17430" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#CCCCCC" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="478.21341"
+ y1="-131.9297"
+ x2="469.85818"
+ y2="-140.28481"
+ id="linearGradient17434"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.5592,0.829,-0.829,0.5592,101.3357,-104.791)">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17436" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17438" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17440" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17442" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="0.4213"
+ style="stop-color:#F3403F" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#A6100C" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17709"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17711"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17713"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17715"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17717"
+ xlink:href="#XMLID_1757_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17721"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17723"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ x1="500.70749"
+ y1="-13.2441"
+ x2="513.46442"
+ y2="-2.1547"
+ id="linearGradient17416"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17418" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17420" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <defs
+ id="defs9929">
+ <path
+ d="M 489.21,209.35 L 485.35,203.63 C 483.63,204.25 473.47,208.93 471.5,210.18 C 470.57,210.77 470.17,211.16 469.72,212.48 C 470.93,212.31 471.72,212.49 473.42,213.04 C 473.26,214.77 473.24,215.74 473.57,218.2 C 474.01,216.88 474.41,216.49 475.34,215.9 C 477.33,214.65 487.49,209.97 489.21,209.35 z "
+ id="XMLID_960_" />
+ </defs>
+ <clipPath
+ id="clipPath17448">
+ <use
+ id="use17450"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_960_" />
+ </clipPath>
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17452"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17454" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17456" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17458" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17460" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17463"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#f3403f;stop-opacity:1"
+ offset="0"
+ id="stop17465" />
+ <stop
+ style="stop-color:#d02a28;stop-opacity:1"
+ offset="0.37889999"
+ id="stop17467" />
+ <stop
+ style="stop-color:#b21714;stop-opacity:1"
+ offset="0.77649999"
+ id="stop17469" />
+ <stop
+ style="stop-color:#a6100c;stop-opacity:1"
+ offset="1"
+ id="stop17471" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#F3403F"
+ offset="0.4213" />
+ <a:midPointStop
+ style="stop-color:#A6100C"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="481.23969"
+ y1="212.5742"
+ x2="472.92981"
+ y2="207.4967"
+ id="linearGradient17807"
+ xlink:href="#XMLID_2275_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="473.7681"
+ y1="209.17529"
+ x2="486.98099"
+ y2="213.2001"
+ id="linearGradient17810"
+ xlink:href="#XMLID_2274_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="translate(-177.1654,35.43307)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17812"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)" />
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17814"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17816"
+ xlink:href="#XMLID_1753_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17818"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17347"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,11.0227,-35.6159)">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17349" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17351" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#5387BA" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#96BAD6" />
+ </linearGradient>
+ <linearGradient
+ x1="516.57672"
+ y1="-15.769"
+ x2="516.57672"
+ y2="0.84280002"
+ id="linearGradient17379"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b2b2b2;stop-opacity:1"
+ offset="0"
+ id="stop17381" />
+ <stop
+ style="stop-color:#f2f2f2;stop-opacity:1"
+ offset="1"
+ id="stop17383" />
+ <a:midPointStop
+ offset="0"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="0.5"
+ style="stop-color:#B2B2B2" />
+ <a:midPointStop
+ offset="1"
+ style="stop-color:#F2F2F2" />
+ </linearGradient>
+ <linearGradient
+ x1="502.70749"
+ y1="115.3013"
+ x2="516.39001"
+ y2="127.1953"
+ id="linearGradient17862"
+ xlink:href="#XMLID_1749_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.9703,0.2419,-0.2419,0.9703,-166.1427,-0.18283)" />
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17864"
+ xlink:href="#XMLID_1756_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3859">
+ <polygon
+ points="465.54,213.52 481.94,217.46 482.74,216.71 487.46,198.05 471.08,194.07 470.26,194.83 465.54,213.52 "
+ id="XMLID_343_" />
+ </defs>
+ <linearGradient
+ x1="471.0806"
+ y1="201.07761"
+ x2="481.91711"
+ y2="210.4977"
+ id="linearGradient17389"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#6498c1;stop-opacity:1"
+ offset="0.005618"
+ id="stop17391" />
+ <stop
+ style="stop-color:#79a9cc;stop-opacity:1"
+ offset="0.2332"
+ id="stop17393" />
+ <stop
+ style="stop-color:#a4cde2;stop-opacity:1"
+ offset="0.74049997"
+ id="stop17395" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="1"
+ id="stop17397" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="5.618000e-003" />
+ <a:midPointStop
+ style="stop-color:#6498C1"
+ offset="0.4438" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17400">
+ <use
+ id="use17402"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_343_" />
+ </clipPath>
+ <linearGradient
+ x1="505.62939"
+ y1="-14.9526"
+ x2="527.49402"
+ y2="-0.7536"
+ id="linearGradient17404"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17406" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17408" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17410" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17412" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17882"
+ xlink:href="#XMLID_1752_"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
+ <defs
+ id="defs3826">
+ <polygon
+ points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
+ id="XMLID_338_" />
+ </defs>
+ <linearGradient
+ x1="468.2915"
+ y1="204.7612"
+ x2="479.39871"
+ y2="214.4166"
+ id="linearGradient17357"
+ gradientUnits="userSpaceOnUse">
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0"
+ id="stop17359" />
+ <stop
+ style="stop-color:#96bad6;stop-opacity:1"
+ offset="1"
+ id="stop17361" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#96BAD6"
+ offset="1" />
+ </linearGradient>
+ <clipPath
+ id="clipPath17364">
+ <use
+ id="use17366"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="600"
+ xlink:href="#XMLID_338_" />
+ </clipPath>
+ <linearGradient
+ x1="506.09909"
+ y1="-11.5137"
+ x2="527.99609"
+ y2="2.7063999"
+ id="linearGradient17368"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0"
+ id="stop17370" />
+ <stop
+ style="stop-color:#b4daea;stop-opacity:1"
+ offset="0.51120001"
+ id="stop17372" />
+ <stop
+ style="stop-color:#5387ba;stop-opacity:1"
+ offset="0.64609998"
+ id="stop17374" />
+ <stop
+ style="stop-color:#16336e;stop-opacity:1"
+ offset="1"
+ id="stop17376" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5112" />
+ <a:midPointStop
+ style="stop-color:#B4DAEA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.6461" />
+ <a:midPointStop
+ style="stop-color:#5387BA"
+ offset="0.5" />
+ <a:midPointStop
+ style="stop-color:#16336E"
+ offset="1" />
+ </linearGradient>
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient2387"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5105"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398"
+ id="linearGradient5145"
+ xlink:href="#linearGradient2381"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient2381"
+ id="linearGradient2371"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
+ x1="296.4996"
+ y1="188.81061"
+ x2="317.32471"
+ y2="209.69398" />
+ </defs>
+ <g
+ transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
+ id="g5089">
+ <path
+ d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
+ transform="translate(282.8327,227.1903)"
+ style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
+ id="path5091" />
+ <rect
+ width="27.85074"
+ height="29.369793"
+ rx="1.1414107"
+ ry="1.1414107"
+ x="286.96509"
+ y="227.63805"
+ style="fill:#032c87"
+ id="rect5093" />
+ <path
+ d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
+ style="fill:white"
+ id="rect5095" />
+ <path
+ d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
+ style="fill:#a70000;fill-opacity:1;stroke-width:2"
+ id="path5097" />
+ <rect
+ width="25.241802"
+ height="29.736675"
+ rx="0.89682275"
+ ry="0.89682275"
+ x="290.73544"
+ y="220.92249"
+ style="fill:#809cc9"
+ id="rect5099" />
+ <path
+ d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
+ transform="matrix(0.499065,-0.866565,0,1,0,0)"
+ style="fill:#4573b3;fill-opacity:1"
+ id="rect5101" />
+ <path
+ d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
+ style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
+ id="path5103" />
+ </g>
+</svg>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png
new file mode 100644
index 0000000..281afd6
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/n-t-n-ipsec-diagram.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png
new file mode 100644
index 0000000..38ee5ea
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/html/Security_Guide/images/tcp_wrap_diagram.png differ
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/index.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/index.html
new file mode 100644
index 0000000..49a0661
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/index.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>ã»ãã¥ãªãã£ã¬ã¤ã</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><meta name="description" content="Fedora ã»ãã¥ãªãã£ã¬ã¤ãã¯ããã¼ã«ã«ã¾ãã¯ãªã¢ã¼ãããã®ä¾µå
¥ã侵害ããã³æªæã®ããæ´»åã«å¯¾ãã¦ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã¨ãµã¼ãã¼ãã»ãã¥ã¢ã«ããããã»ã¹ã¨ãã©ã¯ãã£ã¹ã«ã¤ãã¦ãFedora ã®ã¦ã¼ã¶ã¼ãå¦ç¿ããæ¯æ´ãããããã«è¨è¨ããã¦ãã¾ããFedora Linux ã«ç¦ç¹ãåããã¦ããããã¹ã¦ã® Linux ã·ã¹ãã ã«å¯¾ãã¦æå¹ãªæ¦å¿µãæè¡ã詳細ã«èª¬æãããã¨ã§ã¯ããã¾ãã
ãFedora ã»ãã¥ãªãã£ã¬ã¤ãã¯ãã¼ã¿ã»ã³ã¿ã¼ãä»äºå ´ããã³èªå®
ç¨ã«å®å
¨ãªã³ã³ãã¥ã¼ãã£ã³ã°ç°å¢ãæ§ç¯ãããã¨ã«é¢é£ããè¨ç»ã¨ãã¼ã«ã詳細ã«èª¬æãã¾ããé©åãªç¥èãè¦æããã³ãã¼ã«ãç¨ãã¦ãLinux ãå®è¡ãã¦ããã·ã¹ãã ãå®å
¨ã«æ©è½ãã¦ããã¤å¤ãã®ä¸è¬çãªä¾µå
¥ã侵害æ¹æ³ããå®å
¨ã«ãããã¨ãã§ãã¾ãã" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="next" href="pref-Security_Guide-Preface.html" title="序文" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="book" id="idp14285568" lang="ja-JP"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-we
ight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora</span> <span class="productnumber">18</span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idp14285568" class="title">セキュリティガイド</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">Fedora Linux をセキュアにするためのガイド</h2></div><p class="edition">エディッション 18.0.1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ <span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> Logo</object></span>
+
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="ja-JP" class="authorgroup" lang="ja-JP"><div class="author"><h3 class="author"><span class="surname">Fuller</span> <span class="firstname">Johnray</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller at redhat.com">jrfuller at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">Ha</span> <span class="firstname">John</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha at redhat.com">jha at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">O'Brien</span> <span class="firstname">David</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email">
<a class="email" href="mailto:daobrien at redhat.com">daobrien at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">Radvan</span> <span class="firstname">Scott</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan at redhat.com">sradvan at redhat.com</a></code></div><div class="author"><h3 class="author"><span class="surname">Christensen</span> <span class="firstname">Eric</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks at fedoraproject.org">sparks at fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="surname">Ligas</span> <span class="firstname">Adam</span> [FAMILY Given]</h3><div class="affiliation"><span class="orgname">Fedora Project</span></div><code class="email"><a
class="email" href="mailto:gent86 at fedoraproject.org">gent86 at fedoraproject.org</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idp6422704" class="legalnotice"><h1 class="legalnotice">法律上の通知</h1><div class="para">
+ Copyright <span class="trademark"></span>© 2007-2012 Fedora Project Contributors.
+ </div><div class="para">
+ The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+ </div><div class="para">
+ Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+ </div><div class="para">
+ Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+ </div><div class="para">
+ For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+ </div><div class="para">
+ <span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+ </div><div class="para">
+ <span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+ </div><div class="para">
+ <span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+ </div><div class="para">
+ <span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+ </div><div class="para">
+ All other trademarks are the property of their respective owners.
+ </div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>概要</h6><div class="para">
+ Fedora セキュリティガイドは、ローカルまたはリモートからの侵入、侵害および悪意のある活動に対してワークステーションとサーバーをセキュアにするプロセスとプラクティスについて、Fedora のユーザーが学習する支援をするために設計されています。Fedora Linux に焦点を合わせており、すべての Linux システムに対して有効な概念や技術を詳細に説明することではありません。Fedora セキュリティガイドはデータセンター、仕事場および自宅用に安全なコンピューティング環境を構築することに関連する計画とツールを詳細に説明します。適切な知識、警戒およびツールを用いて、Linux を実行しているシステムが完全に機能して、かつ多くの一般的な侵入や侵害方法から安全にすることができます。
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="pref-Security_Guide-Preface.html">序文</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idp4168896">1. 表記方法</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idp23936928">1.1. 印刷における表記方法</a></span></dt><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idp12402080">1.2. 引用における表記方法</a></span></dt><dt><span class="section"><a href="pref-Security_Guide-Preface.html#idp22171968">1.3. 注記および警告</a></span></dt></dl></dd><dt><span class="section"><a href="pr01s02.html">2. フィードバック</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Security_Overview.html">1. セキュリティの概要</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-
Security_Guide-Introduction_to_Security">1.1. ã»ãã¥ãªãã£ã®ã¤ã³ãããã¯ã·ã§ã³</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. ã³ã³ãã¥ã¼ã¿ã¼ã»ã»ãã¥ãªãã£ã¨ã¯ï¼</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-SELinux">1.1.2. SELinux</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.3. ã»ãã¥ãªãã£ã»ã³ã³ããã¼ã«</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Conclusion">1.1.4. çµè«</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.2. æ»æè
ã
¨èå¼±æ§</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. ããã«ã¼ã®ç°¡åãªæ´å²</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.2.2. ãããã¯ã¼ã¯ã»ã»ãã¥ãªãã£ã¸ã®è
å¨</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.2.3. ãµã¼ãã¼ã»ã»ãã¥ãªãã£ã¸ã®è
å¨</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.2.4. ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã¨ãã¼ã PC ã®ã»ãã¥ãªãã£ã¸ã®è
å¨</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.3. èå¼±æ§ã®ã¢ã»ã
¹ã¡ã³ã</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. æµã®ãããªèã</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.3.2. ã¢ã»ã¹ã¡ã³ãã¨ãã¹ãã®å®ç¾©</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.3.3. ãã¼ã«ã®è©ä¾¡</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. ä¸è¬çãªã¨ã¯ã¹ããã¤ãã¨æ»æ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. ã»ãã¥ãªãã£ã»ã¢ãããã¼ã</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updati
ng_Packages">1.5.1. ããã±ã¼ã¸ã®æ´æ°</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html">1.5.2. ç½²åãããããã±ã¼ã¸ã®æ¤è¨¼</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html">1.5.3. ç½²åãããããã±ã¼ã¸ã®ã¤ã³ã¹ãã¼ã«</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">1.5.4. å¤æ´ã®é©ç¨</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Basic_Hardening.html">2. åºæ¬å¼·åã¬ã¤ã</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Basic_Hardening.html#sect-Security_Guide-Basic_Hardening-General_Principles">2.1. åºæ¬åå</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html">2.2. ããã¯ã
ªãéè¦ãªã®ã§ããããï¼</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security.html">2.3. ç©çã»ãã¥ãªãã£</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html">2.4. ããã¯ãªãéè¦ãªã®ã§ããããï¼</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html">2.5. ä»ã«ä½ãã§ããã§ããããï¼</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html">2.6. ãããã¯ã¼ã¯</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking.html#sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html">2.6.2. IPv6</a></span></dt></dl></dd><d
t><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Up_to_date.html">2.7. ソフトウェアの最新化維持</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-Services.html">2.8. サービス</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Basic_Hardening-NTP.html">2.9. NTP</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Securing_Your_Network.html">3. ネットワークのセキュア化</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">3.1. ワークステーションのセキュリティ</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">3.1.1. ワークステーションのセキュリティの評価</a></span></dt><dt><span class="section"><a
href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">3.1.2. BIOS ã¨ãã¼ããã¼ãã®ã»ãã¥ãªãã£</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">3.1.3. ãã¹ã¯ã¼ãã®ã»ãã¥ãªãã£</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">3.1.4. 管ççã³ã³ããã¼ã«</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">3.1.5. å©ç¨å¯è½ãªãããã¯ã¼ã¯ã»ãµã¼ãã¹</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">3.1.6. ãã¼ã½ãã«ã»ãã
¡ã¤ã¢ã¦ã©ã¼ã«</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">3.1.7. ã»ãã¥ãªãã£å¼·åããã³ãã¥ãã±ã¼ã·ã§ã³ã»ãã¼ã«</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html">3.2. ãµã¼ãã®ã»ãã¥ãªãã£</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. TCP Wrappers 㨠xinetd ãç¨ãããµã¼ãã¹ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">3.2.2. Portmap ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">3.2.3. NIS ã®ã»ãã¥ã¢å</a></span></dt><dt><span class="section"><
a href="sect-Security_Guide-Server_Security-Securing_NFS.html">3.2.4. NFS のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">3.2.5. Apache HTTP Server のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">3.2.6. FTP のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">3.2.7. Sendmail のセキュア化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">3.2.8. リッスンしているポートの確認</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">3.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_S
SO-Introduction">3.3.1. 概要</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">3.3.2. 新しいスマートカードの開始方法</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">3.3.3. スマートカードの登録はどのように動作しますか</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">3.3.4. スマートカードのログインはどのように動作しますか</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Yubikey.html">3.4. YubiKey</a></span></dt><dd><dl><dt><span class="sect
ion"><a href="sect-Security_Guide-Yubikey.html#sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. センター・サーバーを用いた YubiKey の使用</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Yubikey-Web_Sites.html">3.4.2. YubiKey を用いたウェブサイトの認証</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">3.5. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. PAM の利点</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">3.5.2. PAM 設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File
_Format.html">3.5.3. PAM 設定ファイルの形式</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">3.5.4. サンプル PAM 設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">3.5.5. PAM モジュールの作成</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">3.5.6. PAM と管理クレディンシャルのキャッシュ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">3.5.7. PAM とデバイスの所有</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">3.5.8. 追加のリソース</a></span></dt></dl></dd
><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">3.6. TCP Wrappers と xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">3.6.2. TCP Wrappers の設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">3.6.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">3.6.4. xinetd 設定ファイル</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">3.6.5. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Ker
beros.html">3.7. Kerberos</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Kerberos とは何でしょうか?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">3.7.2. Kerberos の用語</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">3.7.3. Kerberos はどのように動作しますか</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">3.7.4. Kerberos と PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">3.7.5. Kerberos 5 サーバーの設定</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">3.7.6. Kerberos 5 クライアントの設定</a></span></dt><dt><span class="section"><a hre
f="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">3.7.7. ドメイン-レルムのマッピング</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">3.7.8. セカンダリ KDC のセットアップ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">3.7.9. クロス・レルム認証のセットアップ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">3.7.10. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">3.8. ファイアウォール</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter と IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Conf
iguration.html">3.8.2. 基本的なファイアウォールの設定</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">3.8.3. IPTables の使用</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">3.8.4. 一般的な IPTables フィルタ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">3.8.5. <code class="computeroutput">FORWARD</code> および <acronym class="acronym">NAT</acronym> ルール</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">3.8.7. IPTables とコネクション追跡</a></span></dt><dt><span class="section"><a href="sec
t-Security_Guide-Firewalls-IPv6.html">3.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">3.8.9. 追加のリソース</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">3.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. パケット・フィルタリング</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html">3.9.2. IPTables のコマンド・オプション</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">3.9.3. IPTables ルールの保存</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">3.9.4. IPTables 制御スクリプト</a></span></dt><dt><span class="section"><a href="sect-Se
curity_Guide-IPTables-IPTables_and_IPv6.html">3.9.5. IPTables IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">3.9.6. 追加のリソース</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Encryption.html">4. 暗号化</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">4.1. 静止しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">4.1.1. 完全なディスク暗号化</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">4.1.2. ファイルベースの暗号化</a></span></dt></dl></dd><dt><span class="section"><a href="Security_Guide-Encryption-
Data_in_Motion.html">4.2. 動作しているデータ</a></span></dt><dd><dl><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion.html#sect-Security_Guide-Virtual_Private_Networks_VPNs">4.2.1. Virtual Private Networks (VPNs)</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">4.2.2. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">4.2.3. LUKS ディスク暗号化</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">4.2.4. 7-Zip 暗号化アーカイブ</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">4.2.5. GNU Privacy Guard (GnuPG) の使用</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html">5. 情報セキュリティの一般原則</a></spa
n></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">5.1. ヒント、ガイドおよびツール</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Secure_Installation.html">6. セキュアなインストール</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">6.1. ディスク・パーティション</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">6.2. LUKS パーティション暗号化の利用</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-Software_Maintenance.html">7. ソフトウェアのメンテナンス</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Se
curity_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">7.1. 最小限のソフトウェアのインストール</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">7.2. セキュリティ・アップデートの計画と設定</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">7.3. 自動更新の調整</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">7.4. よく知られたリポジトリからの署名されたパッケージのインストール</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-CVE.html">8. 共通脆弱性識別子 CVE</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security
_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">8.1. YUM ãã©ã°ã¤ã³</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html">8.2. yum-plugin-security ã®ä½¿ãæ¹</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security_Guide-References.html">9. åèè³æ</a></span></dt><dt><span class="appendix"><a href="chap-Security_Guide-Encryption_Standards.html">A. æå·ã®æ¨æº</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idp36480832">A.1. åæå¼ã®æå·</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idp23816704">A.1.1. Advanced Encryption Standard - AES</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Encryption_Standards.html#idp44515904">A.1.2. Data Encryption Standard - DES</a></span></dt></dl></dd><dt><span class="section"><a href="apas02.html">A.2. å
¬ééµæå·</a></span></dt><dd><dl><dt><span class="section"><a href="apas02.html#idp42516192">A.2.1. Diffie-Hellman</a></span></dt><dt><span class="section"><a href="apas02s02.html">A.2.2. RSA</a></span></dt><dt><span class="section"><a href="apas02s03.html">A.2.3. DSA</a></span></dt><dt><span class="section"><a href="apas02s04.html">A.2.4. SSL/TLS</a></span></dt><dt><span class="section"><a href="apas02s05.html">A.2.5. Cramer-Shoup æå·ã·ã¹ãã </a></span></dt><dt><span class="section"><a href="apas02s06.html">A.2.6. ElGamal æå·</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="appe-Publican-Revision_History.html">B. æ¹è¨å±¥æ´</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>次ã¸</strong>åºæ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/pr01s02.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/pr01s02.html
new file mode 100644
index 0000000..1b8b1e9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/pr01s02.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. フィードバック</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="pref-Security_Guide-Preface.html" title="序文" /><link rel="prev" href="pref-Security_Guide-Preface.html" title="序文" /><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="第1章 セキュリティの概要" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><strong>戻る</strong></a></li><li class="ne
xt"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idp42286464">2. フィードバック</h2></div></div></div><a id="idp42287616" class="indexterm"></a><div class="para">
+ 本ガイドに誤植を見つけられた場合や本ガイドの改善案をお持ちの場合はぜひお知らせください。 Bugzilla <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a> にて、 Product には <span class="application"><strong>Fedora.</strong></span> を選びレポートの提出をお願いいたします。
+ </div><div class="para">
+ バグレポートを提出される場合は、 そのガイドの識別子となる <em class="citetitle">security-guide</em> を必ず明記して頂くようお願いします。
+ </div><div class="para">
+ ドキュメントに関する改善のご意見についてはできるだけ具体的にお願いいたします。 エラーを発見された場合は、 セクション番号および該当部分の前後の文章も含めてご報告頂くと照合が容易になります。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><strong>戻る</strong>序文</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>次へ</strong>第1章 セキュリティの概要</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html
new file mode 100644
index 0000000..437d5e7
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/pref-Security_Guide-Preface.html
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>序文</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="index.html" title="セキュリティガイド" /><link rel="prev" href="index.html" title="セキュリティガイド" /><link rel="next" href="pr01s02.html" title="2. フィードバック" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>次へ</strong><
/a></li></ul><div xml:lang="ja-JP" class="preface" id="pref-Security_Guide-Preface" lang="ja-JP"><div class="titlepage"><div><div><h1 class="title">序文</h1></div></div></div><div xml:lang="ja-JP" class="section" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idp4168896">1. 表記方法</h2></div></div></div><div class="para">
+ 本ガイドは特定の単語や語句を強調したり、 記載内容の特定部分に注意を引かせる目的で次のような表記方法を使用しています。
+ </div><div class="para">
+ PDF版 および印刷版では、 <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> セットから採用した書体を使用しています。 ご使用のシステムに Liberation Fonts セットがインストールされている場合、 HTML 版でもこのセットが使用されます。 インストールされていない場合は代替として同等の書体が表示されます。 注記: Red Hat Enterprise Linux 5 およびそれ以降のバージョンにはデフォルトで Liberation Fonts セットが収納されます。
+ </div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp23936928">1.1. 印刷における表記方法</h3></div></div></div><div class="para">
+ 特定の単語や語句に注意を引く目的で 4 種類の表記方法を使用しています。 その表記方法および適用される状況は以下の通りです。
+ </div><div class="para">
+ <code class="literal">等幅の太字</code>
+ </div><div class="para">
+ シェルコマンド、ファイル名、パスなどシステムへの入力を強調するために使用しています。またキー配列やキーの組み合わせを強調するのにも使用しています。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ 現在作業中のディレクトリ内のファイル <code class="filename">my_next_bestselling_novel</code> の内容を表示させるには、 シェルプロンプトで <code class="command">cat my_next_bestselling_novel</code> コマンドを入力してから <span class="keycap"><strong>Enter</strong></span> を押してそのコマンドを実行します。
+ </div></blockquote></div><div class="para">
+ 上記にはファイル名、シェルコマンド、キーが含まれています。 すべて等幅の太字で表されているため文中内で見分けやすくなっています。
+ </div><div class="para">
+ キーが 1 つの場合と複数のキーの組み合わせになる場合を区別するため、 その組み合わせを構成するキー同士をハイフンでつないでいます。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ <span class="keycap"><strong>Enter</strong></span> を押してコマンドを実行します。
+ </div><div class="para">
+ 1 番目の仮想ターミナルに切り替えるは、 <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F2</strong></span> を押します。 X-Windows セッションに戻るには、 <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> を押します。
+ </div></blockquote></div><div class="para">
+ 最初の段落では押すべき 1 つのキーを特定して強調しています。 次の段落では同時に押すべき 3 つのキーの組み合わせが 2 種類ありそれぞれ強調されています。
+ </div><div class="para">
+ ソースコードの説明では 1 段落内で提示されるクラス名、 メソッド、 関数、 変数名、 戻り値を上記のように <code class="literal">等幅の太字</code> で表示します。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ ファイル関連のクラス群はファイルシステムに対しては <code class="classname">filesystem</code>、 ファイルには <code class="classname">file</code>、 ディレクトリには <code class="classname">dir</code> をそれぞれ含みます。 各クラスは個別に関連する権限セットを持っています。
+ </div></blockquote></div><div class="para">
+ <span class="application"><strong>プロポーショナルの太字</strong></span>
+ </div><div class="para">
+ アプリケーション名、 ダイアログボックスのテキスト、ラベル付きボタン、 チェックボックスとラジオボタンのラベル、 メニュータイトルとサブメニュータイトルなどシステム上で見られる単語や語句を表します。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ メインメニューバーから <span class="guimenu"><strong>システム > 個人設定 > マウス</strong></span> の順で選択し <span class="application"><strong>マウスの個人設定</strong></span> を起動します。 <span class="guilabel"><strong>ボタン</strong></span> タブ内で <span class="guilabel"><strong>左ききのマウス</strong></span> チェックボックスをクリックしてから <span class="guibutton"><strong>閉じる</strong></span> をクリックしマウスの主要ボタンを左から右に切り替えます (マウスを左ききの人が使用するのに適した設定にする)。
+ </div><div class="para">
+ <span class="application"><strong>gedit</strong></span> ファイルに特殊な文字を挿入する場合は、 メインメニューバーから <span class="guimenu"><strong>アプリケーション > アクセサリ > 文字マップ</strong></span> の順で選択します。 次に <span class="application"><strong>文字マップ</strong></span> メニューバーから <span class="guimenu"><strong>検索 > 検索…</strong></span> と選択して <span class="guilabel"><strong>検索</strong></span> フィールド内にその文字名を入力し <span class="guibutton"><strong>次</strong></span> をクリックします。 探している文字が <span class="guilabel"><strong>文字表</strong></span> 内で強調表示されます。 この強調表示された文字をダブルクリックすると <span class="guilabel"><strong>コピーするテキスト</strong></span> フィールド内に置かれるので次に <span class="guibutton"><st
rong>コピー</strong></span> ボタンをクリックします。 ここでドキュメントに戻り <span class="application"><strong>gedit</strong></span> メニューバーから <span class="guimenu"><strong>編集 > 貼り付け</strong></span> を選択します。
+ </div></blockquote></div><div class="para">
+ 上記には、 アプリケーション名、 システム全体のメニュー名と項目、 アプリケーション固有のメニュー名、 GUI インタフェースで見られるボタンやテキストがあります。 すべてプロポーショナルの太字で表示されているため文中内で見分けやすくなっています。
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>等幅の太字で且つ斜体</code></em></code> または <span class="application"><strong><em class="replaceable"><code>プロポーショナルの太字で且つ斜体</code></em></strong></span>
+ </div><div class="para">
+ 等幅の太字やプロポーショナルの太字はいずれであっても斜体の場合は置換可能なテキストか変化するテキストを示します。 斜体は記載されている通りには入力しないテキスト、あるいは状況に応じて変化する出力テキストを表します。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ ssh を使用してリモートマシンに接続するには、 シェルプロンプトで <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> と入力します。 リモートマシンが <code class="filename">example.com</code> であり、 そのマシンで使用しているユーザー名が john なら <code class="command">ssh john at example.com</code> と入力します。
+ </div><div class="para">
+ <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> コマンドは指定したファイルシステムを再マウントします。 例えば、 <code class="filename">/home</code> ファイルシステムを再マウントするコマンドは <code class="command">mount -o remount /home</code> になります。
+ </div><div class="para">
+ 現在インストールされているパッケージのバージョンを表示するには、 <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code> コマンドを使用します。 結果として次を返してきます、 <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>。
+ </div></blockquote></div><div class="para">
+ 上記の太字斜体の単語 — username、 domain.name、 file-system、 package、 version、 release に注目してください。 いずれもコマンドを発行するときに入力するテキスト用のプレースホルダーかシステムにより出力されるテキスト用のプレースホルダーになっています。
+ </div><div class="para">
+ タイトル表示のような標準的な使用の他、 斜体は新しい重要な用語が初めて出現する場合にも使用されます。 例えば、
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Publican は <em class="firstterm">DocBook</em> の発行システムです。
+ </div></blockquote></div></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp12402080">1.2. 引用における表記方法</h3></div></div></div><div class="para">
+ 端末の出力とソースコード一覧は、視覚的に周囲の文から区別されています。
+ </div><div class="para">
+ 端末に送信される出力は <code class="computeroutput">mono-spaced roman</code> (等幅の Roman) にセットされるので以下のように表示されます。
+ </div><pre class="screen">books Desktop documentation drafts mss photos stuff svn
+books_tests Desktop1 downloads images notes scripts svgs</pre><div class="para">
+ ソースコードの一覧も <code class="computeroutput">mono-spaced roman</code> (等幅の Roman) でセットされますが、以下のように強調表示されます。
+ </div><pre class="programlisting">package org.<span class="perl_Function">jboss</span>.<span class="perl_Function">book</span>.<span class="perl_Function">jca</span>.<span class="perl_Function">ex1</span>;
+
+<span class="perl_Keyword">import</span> javax.naming.InitialContext;
+
+<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> ExClient
+{
+ <span class="perl_Keyword">public</span> <span class="perl_DataType">static</span> <span class="perl_DataType">void</span> <span class="perl_Function">main</span>(String args[])
+ <span class="perl_Keyword">throws</span> Exception
+ {
+ InitialContext iniCtx = <span class="perl_Keyword">new</span> InitialContext();
+ Object ref = iniCtx.<span class="perl_Function">lookup</span>(<span class="perl_String">"EchoBean"</span>);
+ EchoHome home = (EchoHome) ref;
+ Echo echo = home.<span class="perl_Function">create</span>();
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Created Echo"</span>);
+
+ System.<span class="perl_Function">out</span>.<span class="perl_Function">println</span>(<span class="perl_String">"Echo.echo('Hello') = "</span> + echo.<span class="perl_Function">echo</span>(<span class="perl_String">"Hello"</span>));
+ }
+}</pre></div><div class="section"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idp22171968">1.3. 注記および警告</h3></div></div></div><div class="para">
+ 情報が見過ごされないよう 3 種類の視覚的なスタイルを使用して注意を引いています。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 注記は説明している部分に対するヒントや近道あるいは代替となる手段などになります。注記を無視しても悪影響はありませんが知っておくと便利なコツを見逃すことになるかもしれません。
+ </div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ 重要ボックスは見逃しやすい事項を詳細に説明しています。現在のセッションにのみ適用される設定上の変更点、 更新を適用する前に再起動が必要なサービスなどがあります。重要ボックスを無視してもデータを喪失するような結果にはなりませんがイライラ感やフラストレーションが生じる可能性があります。
+ </div></div></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 警告は無視しないでください。警告を無視するとデータを喪失する可能性が非常に高くなります。
+ </div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>戻る</strong>セキュリティガイド</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>次へ</strong>2. フィードバック</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html
new file mode 100644
index 0000000..e743953
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Books.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5.3. 関連書籍</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="3.6.5.2. 有用な TCP Wrappers ウェブサイト" /><link rel="next" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class
="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Books"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">3.6.5.3. 関連書籍</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Brian Hatch, James Lee, および George Kurtz による <em class="citetitle">Hacking Linux Exposed</em>; Osbourne/McGraw-Hill — TCP Wrappers および <code class="systemitem">xinetd</code> に関する情報を持つ優れたセキュリティ・リソース。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>戻る</strong>3.6.5.2. 有用な TCP Wrappers ウェブサイト</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>次へ</strong>3.7. Kerberos</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html
new file mode 100644
index 0000000..5245c70
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Related_Documentation.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9.3. 関連ドキュメント</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="3.8.9.2. 有用なファイアウォールのウェブサイト" /><link rel="next" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Related_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">3.8.9.3. 関連ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="citetitle">Red Hat Linux Firewalls</em>, by Bill McCarty; Red Hat Press — Netfilter や <code class="command">iptables</code> のようなオープンソースのパケット・フィルタリング技術を用いたネットワークおよびサーバ・ファイアウォールを構築するための完全なリファレンス。さまざまなグラフィカル・ツールを用いて、ファイアウォール・ログの解析、ファイアウォール・ルールの開発、ファイアウォールのカスタマイズに関するトピックを含みます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="citetitle">Linux Firewalls</em>, by Robert Ziegler; New Riders Press — 2.2 カーネルの <code class="command">ipchains</code> および Netfilter と <code class="command">iptables</code> の両方を用いたファイアウォールを構築することに関する豊富な情報を含みます。リモート・アクセスの問題や侵入検知システムのような追加のセキュリティのトピックも取り扱います。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>戻る</strong>3.8.9.2. 有用なファイアウォールのウェブサイト</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>次へ</strong>3.9. IPTables</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
new file mode 100644
index 0000000..b01fe83
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9.2. 有用なファイアウォールのウェブサイト</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. 追加のリソース" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="3.8.9.3. 関連ドキュメント" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">3.8.9.2. 有用なファイアウォールのウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — Netfilter と <code class="command">iptables</code> プロジェクトの公式ホームページ。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.tldp.org/">http://www.tldp.org/</a> — The Linux Documentation Project はファイアウォールの作成と管理に関するいくつかの有用なガイドを含みます。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.iana.org/assignments/port-numbers">http://www.iana.org/assignments/port-numbers</a> — Internet Assigned Numbers Authority により割り当てた、登録された一般的なサービス・ポートの公式な一覧。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>戻る</strong>3.8.9. 追加のリソース</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>次へ</strong>3.8.9.3. 関連ドキュメント</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
new file mode 100644
index 0000000..1fdb18a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.6.2. 有用な IPTables のウェブサイト</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. 追加のリソース" /><link rel="next" href="chap-Security_Guide-Encryption.html" title="第4章 暗号化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Gu
ide-IPTables-Additional_Resources.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">3.9.6.2. 有用な IPTables のウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — netfilter/iptables プロジェクトのホーム。<code class="command">iptables</code> に関する分類された情報を含みます。ここには、Linux IP ファイアウォールのメンテナーの Rusty Russell による、特定の問題に取り組む FAQ およびさまざまな有用なガイドを含みます。このサイトにある HOWTO ドキュメントは、基本的なネットワーク概念、カーネル・パケット・フィルタリング、および NAT 設定のような話題を取り扱います。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>戻る</strong>3.9.6. 追加のリソース</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>次へ</strong>第4章 暗号化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
new file mode 100644
index 0000000..76a51c8
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.10.2. 有用な Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. 追加のリソース" /><link rel="next" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sec
t-Security_Guide-Kerberos-Additional_Resources.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">3.7.10.2. 有用な Kerberos </h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a> — MIT の <em class="citetitle">Kerberos: The Network Authentication Protocol</em> ウェブページ。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a> — Kerberos の FAQ (Frequently Asked Questions)。
+ </div></li><li class="listitem"><div class="para">
+ <a href="ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS">ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS</a> — Jennifer G. Steiner, Clifford Neuman, および Jeffrey I. Schiller による <em class="citetitle">Kerberos: An Authentication Service for Open Network Systems</em> の PostScript バージョン。このドキュメントは Kerberos を説明している原論文です。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://web.mit.edu/kerberos/www/dialogue.html">http://web.mit.edu/kerberos/www/dialogue.html</a> — <em class="citetitle">Designing an Authentication System: a Dialogue in Four Scenes</em>、元々1988年 Bill Bryant により、1997年に Theodore Ts'o によります。このドキュメントは、Kerberos 形式の認証システムについて考え抜いている開発者2人の間の会話です。議論の会話形式は、Kerberos に完全になじみがない人々にとって素晴らしい開始地点になります。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.ornl.gov/~jar/HowToKerb.html">http://www.ornl.gov/~jar/HowToKerb.html</a> — <em class="citetitle">How to Kerberize your site</em> はネットワークを Kerberos 化するための素晴らしい参考資料です。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.networkcomputing.com/netdesign/kerb1.html">http://www.networkcomputing.com/netdesign/kerb1.html</a> — <em class="citetitle">Kerberos Network Design Manual</em> は Kerberos システムの完全な概要です。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>戻る</strong>3.7.10. 追加のリソース</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>次へ</strong>3.8. ファイアウォール</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
new file mode 100644
index 0000000..bdf5638
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.8.2. 有用な PAM ウェブサイト</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. 追加のリソース" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers と xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">3.5.8.2. 有用な PAM ウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — Linux-PAM プロジェクトの一次的なディストリビューションのウェブサイト、さまざまな PAM モジュール、FAQ、さらなる PAM ドキュメントに関する情報を含みます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 上のウェブサイトにあるドキュメントは、PAM の最新リリースの上流バージョンに対するもので、Fedora に含まれるバージョンの PAM に対して 100% 正確ではないかもしれません。
+ </div></div></div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>戻る</strong>3.5.8. 追加のリソース</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>次へ</strong>3.6. TCP Wrappers と xinetd</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
new file mode 100644
index 0000000..2c9bd27
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5.2. 有用な TCP Wrappers ウェブサイト</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. 追加のリソース" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. 追加のリソース" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="3.6.5.3. 関連書籍" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><l
i class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">3.6.5.2. 有用な TCP Wrappers ウェブサイト</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.xinetd.org">http://www.xinetd.org/</a> — <code class="systemitem">xinetd</code> のホーム、サンプル設定ファイル、機能の完全な一覧、および有益な FAQ。
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial">http://www.docstoc.com/docs/2133633/An-Unofficial-Xinetd-Tutorial</a> — 具体的なセキュリティ目標を達成するために、デフォルトの <code class="systemitem">xinetd</code> 設定ファイルを最適化する多くの異なる方法を議論する、完全なチュートリアル。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>戻る</strong>3.6.5. 追加のリソース</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>次へ</strong>3.6.5.3. 関連書籍</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
new file mode 100644
index 0000000..d553f56
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.2. アクセス制御オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. xinetd 設定ファイルの変更" /><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. xinetd 設定ファイルの変更" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="3.6.4.3.3. バインドとリダイレクトのオプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">3.6.4.3.2. アクセス制御オプション</h5></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> サービスのユーザーは、TCP Wrappers の hosts アクセスルールを使うことを選択する、<code class="systemitem">xinetd</code> 設定ファイル経由のアクセス制御を提供する、もしくは両方の混在をすることができます。TCP Wrappers hosts アクセス制御ファイルの詳細は <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">「TCP Wrappers の設定ファイル」</a> を参照してください。
+ </div><div class="para">
+ このセクションはサービスへのアクセスを制御するために <code class="systemitem">xinetd</code> を使用することについて議論します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ TCP Wrappers と違い、<code class="systemitem">xinetd</code> 管理者が <code class="systemitem">xinetd</code> サービスを再起動すると、アクセス制御の変更が効果を持ちます。
+ </div><div class="para">
+ また、TCP Wrappers と違い、<code class="systemitem">xinetd</code> を通したアクセス制御は <code class="systemitem">xinetd</code> により制御されるサービスのみが効果を持ちます。
+ </div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> ホスト・アクセス制御は、TCP Wrappers により使われる方式とは異なります。TCP Wrappers は2つの設定ファイル <code class="filename">/etc/hosts.allow</code> および <code class="filename">/etc/hosts.deny</code> の\n中ですべてのアクセス設定がされますが、<code class="systemitem">xinetd</code> のアクセス制御は <code class="filename">/etc/xinetd.d/</code> ディレクトリにある各サービスの設定ファイルに見られます。
+ </div><div class="para">
+ 以下のホスト・アクセス・オプションは <code class="systemitem">xinetd</code> によりサポートされます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">only_from</code> — 指定されたホストのみがサービスを使用することを許可されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">no_access</code> — リストされたホストがサービスを使用することをブロックされます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">access_times</code> — 特定のサービスが使用される可能性がある時間帯を指定します。時間帯は24時間表記 HH:MM-HH:MM で記載されなければいけません。
+ </div></li></ul></div><div class="para">
+ <code class="option">only_from</code> と <code class="option">no_access</code> オプションは、IP アドレスまたはホスト名のリストを使用できます。もしくは、ネットワーク全体を指定できます。TCP Wrappers のように、<code class="systemitem">xinetd</code> アクセス制御と高度なロギング設定を組み合わせることは、各コネクションの試行を冗長に記録しながら、禁止されたホストからのリクエストをブロックすることにより、セキュリティを向上させることができます。
+ </div><div class="para">
+ たとえば、以下の <code class="filename">/etc/xinetd.d/telnet</code> ファイルは特定のネットワークグループからの Telnet アクセスを拒否して、許可されたユーザーがログインできる時間帯を制限できます:
+ </div><pre class="screen">service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ no_access = 172.16.45.0/24
+ log_on_success += PID HOST EXIT
+ access_times = 09:45-16:15
+}</pre><div class="para">
+ この例では、<code class="systemitem">172.16.45.2</code> のような <code class="systemitem">172.16.45.0/24</code> ネットワークからのクライアント・システムが Telnet サービスにアクセスしようとするとき、以下のメッセージを受け取ります。
+ </div><pre class="screen">Connection closed by foreign host.</pre><div class="para">
+ さらに、ログイン試行が以下のように <code class="filename">/var/log/messages</code> に記録されます:
+ </div><pre class="screen">Sep 7 14:58:33 localhost xinetd[5285]: FAIL: telnet address from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: START: telnet pid=5285 from=172.16.45.107
+Sep 7 14:58:33 localhost xinetd[5283]: EXIT: telnet status=0 pid=5285 duration=0(sec)</pre><div class="para">
+ <code class="systemitem">xinetd</code> アクセス制御とともに TCP Wrappers を使用するとき、2つのアクセス制御メカニズムの関係を理解することは重要です。
+ </div><div class="para">
+ 以下は、クライアントが接続を要求するとき、<code class="systemitem">xinetd</code> により実行される一連のイベントです。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは <code class="filename">libwrap.a</code> ライブラリコールを用いて TCP Wrappers hosts アクセスルールにアクセスします。拒否ルールがクライアントにマッチすると、コネクションは廃棄されます。許可ルールがクライアントにマッチすると、コネクションが <code class="systemitem">xinetd</code> に渡されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは、<code class="systemitem">xinetd</code> サービスおよびリクエストされたサービスどちらに対しても自身のアクセス制御ルールをチェックします。拒否ルールがクライアントにマッチすると、コネクションは廃棄されます。そうでなければ、<code class="systemitem">xinetd</code> はリクエストされたサービスのインスタンスを起動し、サービスへのコネクションを認めます。
+ </div></li></ol></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="systemitem">xinetd</code> アクセス制御とともに TCP Wrappers を使用するときは注意する必要があります。設定誤りが意図しない効果を引き起こす可能性があります。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>戻る</strong>3.6.4.3. xinetd 設定ファイルの変更</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>次へ</strong>3.6.4.3.3. バインドとリダイレクトのオプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
new file mode 100644
index 0000000..3c72967
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.3. バインドとリダイレクトのオプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. xinetd 設定ファイルの変更" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="3.6.4.3.2. アクセス制御オプション" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="3.6.4.3.4. リソース管理オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedorapro
ject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">3.6.4.3.3. バインドとリダイレクトのオプション</h5></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> の設定ファイルは、サービスの IP アドレスへのバインド、およびサービスの入力リクエストを他の IP アドレス、ホスト名、またはポートへのリダイレクトをサポートします。
+ </div><div class="para">
+ バインドは、サービス固有の設定ファイルにおいて <code class="option">bind</code> オプションを用いて制御され、サービスをシステムにおける1つの IP アドレスにリンクします。これが設定されるとき、<code class="option">bind</code> オプションは正しい IP アドレスへのリクエストのみがサービスへのアクセスを許可されます。リクエストに基づいて、異なるネットワークインタフェースに異なるサービスをバインドするために、この方式を使用することができます。
+ </div><div class="para">
+ これは複数のネットワークアダプタまたは複数の IP アドレスを持つシステムにとってとくに有用です。そのようなシステムにおいて、セキュアではないサービス(たとえば、Telnet)は、プライベート・ネットワークに接続されたインタフェースにおいてのみリッスンして、インターネットに接続されたインタフェースではそうしないよう設定できます。
+ </div><div class="para">
+ <code class="option">redirect</code> オプションは、ポート番号を後ろにつけた IP アドレスまたはホスト名を受け付けます。このサービスに対するすべてのリクエストを、指定されたホストとポート番号へとリダイレクトするよう、サービスを設定します。同じシステムにある別のポート番号を指し示す、リクエストを同じマシンにある別の IP アドレスにリダイレクトする、リクエストを全体的に異なるシステムとポート番号に変換する、もしくはこれらのオプションすべての組み合わせをするためにこれらの機能を使用できます。それゆえ、システムにおける特定のサービスに接続しているユーザーは中断することなく他のシステムに再ルートされるかもしれません。
+ </div><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは、クライアントマシンと実際にサービスを提供するホストの間でコネクションの間中ずっと継続し続けるプロセスを生み出し、2つのシステム間でデータを転送することにより、このリダイレクトを達成できます。
+ </div><div class="para">
+ <code class="option">bind</code> および <code class="option">redirect</code> オプションの利点は、一緒に使われたときに、最も明確にわかりやすいです。あるシステムにおいて特定の IP アドレスへとサービスをバインドして、このサービスに対するリクエストを1番目のマシンが見える2番目のマシンへとリダイレクトすることにより、内部システムが全体的に異なるネットワークに対してサービスを提供するために使用できます。代わりに、これらのオプションは、既知の IP アドレスへと複数ホームのマシンにおける特定のサービスの露出を制限して、そのサービスに対するすべてのリクエストをその目的のために特別に設定された他のマシンへとリダイレクトするためにも使用できます。
+ </div><div class="para">
+ たとえば、システム Telnet サービスに対して、この設定を持つファイアウォールとして使用されることを考えます:
+ </div><pre class="screen">service telnet
+{
+ socket_type = stream
+ wait = no
+ server = /usr/kerberos/sbin/telnetd
+ log_on_success += DURATION USERID
+ log_on_failure += USERID
+ bind = 123.123.123.123
+ redirect = 10.0.1.13 23
+}</pre><div class="para">
+ このファイルにある <code class="option">bind</code> および <code class="option">redirect</code> オプションはマシンにある Telnet サービスは外部 IP アドレス(インターネットに接しているもの)に結び付けらることを確実にします。加えて、<code class="systemitem">123.123.123.123</code> に送られた Telnet サービスに対するすべてのリクエストは、2つ目のネットワーク・アダプターを経由して、ファイアウォールと内部システムだけがアクセスできる内部 IP アドレス (<code class="systemitem">10.0.1.13</code>) に送られます。そして、ファイアウォールを2つのシステム間で通信を送り、接続しているシステムは実際に別のマシンに接続しているとき、<code class="systemitem">123.123.123.123</code> へと接続していると考えます。
+ </div><div class="para">
+ ããã¼ããã³ãæ¥ç¶ã¨åºå® IP ã¢ãã¬ã¹ã1ã¤ã ãæã¤ã¦ã¼ã¶ã¼ã«ã¨ã£ã¦ããã®æ©è½ã¯ã¨ãã«æç¨ã§ããNetwork Address Translation (NAT) ã使ç¨ããã¨ããå
é¨å°ç¨ IP ã¢ãã¬ã¹ã使ç¨ããã²ã¼ãã¦ã§ã¤ãã·ã³ã®å¾ãã«ããã·ã¹ãã ã¯ã²ã¼ãã¦ã§ã¤ã·ã¹ãã ã®å¤å´ããå©ç¨å¯è½ã§ã¯ããã¾ãããããããªããã<code class="systemitem">xinetd</code> ã«ããå¶å¾¡ãããç¹å®ã®ãµã¼ãã¹ã <code class="option">bind</code> ããã³ <code class="option">redirect</code> ãªãã·ã§ã³ãç¨ãã¦è¨å®ããã¦ããã¨ããã²ã¼ãã¦ã§ã¤ãã·ã³ã¯ãå¤å´ã®ã·ã¹ãã ã¨ããµã¼ãã¹ãæä¾ããããè¨å®ãããç¹å®ã®å
é¨ãã·ã³ã®éã§ãããã·ã¨ãã¦åä½ã§ãã¾ããããã«ã<code class="systemitem">xinetd</code> ã®ã¢ã¯ã»ã¹å¶å¾¡ããã³ãã®ã³ã°ã®ãã¾ãã¾ãªãªãã·ã§ã³ããããªãä¿è·ã®ããã«å©ç¨å¯è½ã§ã
ã
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>戻る</strong>3.6.4.3.2. アクセス制御オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>次へ</strong>3.6.4.3.4. リソース管理オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
new file mode 100644
index 0000000..fdad646
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3.4. リソース管理オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. xinetd 設定ファイルの変更" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="3.6.4.3.3. バインドとリダイレクトのオプション" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="3.6.5. 追加のリソース" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org
"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">3.6.4.3.4. リソース管理オプション</h5></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは Denial of Service (DoS) 攻撃から基本的なレベルの保護を与えられます。以下はそのような攻撃の有効性を制限するのに役立つディレクティブのリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">per_source</code> — ソース IP アドレスあたりのサービスに対するインスタンスの最大数を定義します。引数として整数のみを受け付け、<code class="filename">xinetd.conf</code> および <code class="filename">xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルにおいて使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — 秒あたりの最大コネクション数を定義します。このディレクティブは空白で区切られた2つの整数を受け付けます。1番目の引数は秒あたりにサービスに許可されたコネクションの最大数です。2番目の引数は <code class="systemitem">xinetd</code> がサービスを再び有効化するまでに待たなければいけない秒数です。引数として整数のみを受け付け、<code class="filename">xinetd.conf</code> および <code class="filename">xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルにおいて使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">max_load</code> — サービスに対する CPU 利用率またはロード・アベレージの閾値を定義します。浮動小数点の引数を受け付けます。
+ </div><div class="para">
+ ロード・アベレージはある時点においてどのくらいのサービスがアクティブであるかを大まかに測定する方法です。ロード・アベレージの詳細は <code class="command">uptime</code>, <code class="command">who</code>, および <code class="command">procinfo</code> コマンドを参照してください。
+ </div></li></ul></div><div class="para">
+ <code class="systemitem">xinetd</code> に対して利用可能なより多くのリソース管理オプションがあります。詳細は <code class="filename">xinetd.conf</code> マニュアル・ページを参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>戻る</strong>3.6.4.3.3. バインドとリダイレクトのオプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>次へ</strong>3.6.5. 追加のリソース</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
new file mode 100644
index 0000000..a15b41f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.2. ネットワーク・セキュリティへの脅威</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. 攻撃者と脆弱性" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. 攻撃者と脆弱性" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. サーバー・セキュリティへの脅威" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><u
l class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.2.2. ネットワーク・セキュリティへの脅威</h3></div></div></div><div class="para">
+ ネットワークを以下の観点で設定するとき、バッド・プラクティスは攻撃のリスクを増やす可能性があります。
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.2.2.1. セキュアではないアーキテクチャー</h4></div></div></div><div class="para">
+ 設定を誤っているネットワークは、認可されないユーザーの最初の入り口になります。信頼に基づいた、オープンなローカルネットワークを、非常にセキュアではないインターネットに対して脆弱なままにしておくことは、犯罪が多発する地区で半ドアにしておくようなものです。 — ある期間は何も起きないかもしれませんが、<span class="emphasis"><em>結局</em></span>誰かが機会を活用するでしょう。
+ </div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Broadcast_Networks">1.2.2.1.1. ブロードキャスト・ネットワーク</h5></div></div></div><div class="para">
+ システム管理者はしばしば、セキュリティ・スキームにおけるネットワーク・ハードウェアの重要性に気がつきません。ハブやルーターのような単純なハードウェアは、ブロードキャストやスイッチではない原則に基づいています。すなわち、あるノードが受信ノードへネットワークを超えてデータを転送するときはいつでも、ハブやルーターは、受信ノードが受信してデータを処理するまで、データ・パケットのブロードキャストを送り続けます。この方式は、外部の侵入者やローカル・ホストの認可されないユーザーによる、address resolution protocol (<em class="firstterm">ARP</em>) や media access control (<em class="firstterm">MAC</em>) アドレスの偽装に対して最も脆弱です。
+ </div></div><div class="section" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Insecure_Architectures-Centralized_Servers">1.2.2.1.2. 集中化したサーバー</h5></div></div></div><div class="para">
+ 他の潜在的なネットワークの落とし穴は、集中化されたコンピューター環境の使用です。多くのビジネスに対する一般的なコスト削減の対策は、1台の強力なマシンにすべてのサービスを集約することです。管理がより簡単になり、複数サーバーの設定よりもコストを非常に安くできるので、これは便利でしょう。しかし、集中化したサーバーはネットワークにおける単一障害点となります。集中化したサーバーがセキュリティ侵害されると、データ操作や窃盗を引き起こしやすいよう、ネットワークを完全に使い物にならなくしたりより悪くしたりできます。これらの状況において、集中化したサーバーはネットワーク全体へアクセスできるオープン・ドアになります。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>戻る</strong>1.2. 攻撃者と脆弱性</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>次へ</strong>1.2.3. サーバー・セキュリティへの脅威</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
new file mode 100644
index 0000000..5ec7a65
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3. サーバー・セキュリティへの脅威</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. 攻撃者と脆弱性" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.2.2. ネットワーク・セキュリティへの脅威" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.2.3.2. パッチ未適用のサービス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.2.3. サーバー・セキュリティへの脅威</h3></div></div></div><div class="para">
+ サーバーはしばしば組織の重要な情報を非常に多く取り扱っているので、サーバー・セキュリティはネットワーク・セキュリティと同じように重要です。サーバーがセキュリティ侵害されると、すべてのコンテンツがクラッカーの思いのままに窃盗または操作できるようになるかもしれません。以下のセクションは、おもな問題のいくつかを詳細に説明します。
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.2.3.1. 未使用のサービスとオープン・ポート</h4></div></div></div><div class="para">
+ Fedora の完全インストールには、1000以上のアプリケーションとライブラリのパッケージが含まれます。しかしながら、多くのサーバ管理者は、ディストリビューションにおいてすべての単独のパッケージをインストールしたいとは思いません。代わりに、いくつかのサーバ・アプリケーションを含めて、パッケージの基本インストールをしたいと思います。
+ </div><div class="para">
+ システム管理者の間で共通の出来事は、実際にどのアプリケーションがインストールされるかに注意を払わずにオペレーティング・システムをインストールすることです。不必要なパッケージが、インストールされ、デフォルトの設定で設定され、おそらく有効にされている可能性があるので、これは問題があります。管理者が意識することなくサーバーまたはワークステーションで実行するために、Telnet、DHCP や DNS のような期待しないサービスの原因となる可能性があります。これらは、サーバーへと期待しないトラフィックを順番に引き起こす可能性があります。もしくは、クラッカーがシステムの中へ入る潜在的な道になる可能性があります。ポートを閉じて、未使用のサービスを無効にすることに関する詳細は <a class="xref
" href="sect-Security_Guide-Server_Security.html">「サーバのセキュリティ」</a> を参照してください。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>戻る</strong>1.2.2. ネットワーク・セキュリティへの脅威</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>次へ</strong>1.2.3.2. パッチ未適用のサービス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
new file mode 100644
index 0000000..3c193af
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.2. 攻撃者と脆弱性" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.2.3.4. 本質的にセキュアではないサービス" /><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.2.4.2. 脆弱なクライアント・アプリケーション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org">
<img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</h3></div></div></div><div class="para">
+ ワークステーションおよびホーム PC は、ネットワークやサーバーのように攻撃される傾向にないかもしれません。しかし、しばしばクレジットカード情報のような機密データを含むので、システム・クラッカーの標的にされます。ワークステーションは、ユーザーが知ることなく選出され、共同攻撃における "スレーブ" マシンとして攻撃者により使用される可能性もあります。これらの理由により、ワークステーションの脆弱性を理解することは、オペレーティング・システムの再インストール、もっと悪ければデータ窃盗からの回復の頭痛からユーザーを守ります。
+ </div><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.2.4.1. 悪いパスワード</h4></div></div></div><div class="para">
+ 悪いパスワードは攻撃者がシステムへのアクセス権を得るために最も簡単な方法の1つです。パスワードを作成するときに一般的な落とし穴を避ける方法の詳細は、<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">「パスワードのセキュリティ」</a> を参照してください。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>戻る</strong>1.2.3.4. 本質的にセキュアではないサービス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>次へ</strong>1.2.4.2. 脆弱なクライアント・アプリケーション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html
new file mode 100644
index 0000000..da67197
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Attackers_and_Vulnerabilities.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. 攻撃者と脆弱性</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="第1章 セキュリティの概要" /><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="第1章 セキュリティの概要" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.2.2. ネットワーク・セキュリティへの脅威" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.2. 攻撃者と脆弱性</h2></div></div></div><div class="para">
+ 素晴らしいセキュリティ戦略を計画・導入するために、決意して動機付けられた攻撃者がシステムを危険にさらすためにエクスプロイトするいくつかの問題をまず理解します。しかし、これらの問題を詳細化する前に、攻撃者を識別するときに使われる用語を定義しなければいけません。
+ </div><div class="section" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.2.1. ハッカーの簡単な歴史</h3></div></div></div><div class="para">
+ <em class="firstterm">ハッカー</em>という語の近代的な意味は、1960年代とマサチューセッツ工科大学 (MIT) の Tech Model Railroad Club (大規模で複雑な詳細の鉄道セットを設計しました) にさかのぼる起源を持ちます。ハッカーは、賢いトリックや問題の回避方法を発見したクラブのメンバーに対して使われた名前です。
+ </div><div class="para">
+ ハッカーという語は、コンピューター通から才能あるプログラマまですべてを説明するためにきました。多くのハッカーの間の共通の特徴は、ほとんど外部的な動機づけではなく、コンピューター・システムとネットワークがどのように機能するかを詳細に調査したいという意欲です。オープンソース・ソフトウェアの開発者はしばしば自分自身と同僚をハッカーであると考え、尊敬を表す語としてその語を使用します。
+ </div><div class="para">
+ ä¸è¬çã«ãããã«ã¼ã¯<em class="firstterm">ããã«ã¼å«ç</em>ã®å½¢å¼ã«å¾ãã¾ããããã¯ãæ
å ±ã®æ¢æ±ã¨ç¿çãä¸å¯æ¬ ã§ãããã¨ã表ãããã®ç¥èãå
±æãããã¨ã¯ã³ãã¥ããã£ã¸ã®ããã«ã¼ã®ç¾©åã§ãããã¨ã表ãã¾ãããã®ç¥èã®æ¢æ±ã®éãä½äººãã®ããã«ã¼ã¯ã³ã³ãã¥ã¼ã¿ã»ã·ã¹ãã ã«ãããã»ãã¥ãªãã£ã»ã³ã³ããã¼ã«ãåé¿ãããã¨ããã¢ã«ãããã¯ãªææ¦ã楽ãã¿ã¾ãããã®çç±ã«ããããã¬ã¹ã¯ãã°ãã°ããã«ã¼ã¨ããè¨èãæªè³ªãªãæªæã®ãããç¯ç½ªã®æå³ãæã£ã¦ã·ã¹ãã ã¨ãããã¯ã¼ã¯ã«ä¸æ³ã«ã¢ã¯ã»ã¹ãã人ã
ã説æããããã«ä½¿ç¨ãã¾ãããã®ç¨®é¡ã®ã³ã³ãã¥ã¼ã¿ã¼ã»ããã«ã¼ã«å¯¾ããããæ£ç¢ºãªè¨èã¯<em class="firstterm">ã¯ã©ãã«ã¼</em>ã§ã â 2ã¤ã®ã³ãã¥ããã£ãåºå¥ããããã«1980年代ä¸ããã«ããã«ã¼ã«ããä
½æãããè¨èã
+ </div><div class="section" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-A_Quick_History_of_Hackers-Shades_of_Gray">1.2.1.1. Shades of Gray</h4></div></div></div><div class="para">
+ システムとネットワークにある脆弱性を見つけてエクスプロイトする人々のコミュニティの中には、いくつかの別々のグループがあります。これらのグループはしばしば、セキュリティ調査を実行するときにその人たちが「身につけている」帽子の色相により説明され、これらの色相はその人たちの意図を示します。
+ </div><div class="para">
+ <em class="firstterm">ホワイト・ハット・ハッカー</em>は、ネットワークとシステムのパフォーマンスを検査するため、およびそれらが侵入のためにどのように脆弱であるかを決めるため、それらをテストする人々です。通常、ホワイト・ハット・ハッカーは、自身のシステム、およびシステム監査の目的のために特別に雇われたクライアントのシステム、をクラックします。アカデミックな研究者とプロフェッショナルのセキュリティ・コンサルタントはホワイト・ハット・ハッカーの2つの例です。
+ </div><div class="para">
+ <em class="firstterm">ブラック・ハット・ハッカー</em>はクラッカーの同義語です。一般に、クラッカーはプログラミングとシステムの侵入へのアカデミックな側面にあまりフォーカスしません。利用可能なクラック・プログラムに依存します。また、個人的利益のために機密情報を暴露するため、またはターゲット・システムやネットワークにダメージを与えるために、システムにあるよく知られた脆弱性をエクスプロイトします。
+ </div><div class="para">
+ 他方、<em class="firstterm">グレイ・ハット・ハッカー</em>は、多くの状況においてホワイト・ハット・ハッカーのスキルと意図を持ちますが、場合によっては崇高な目的以外にも知識を使用します。グレイ・ハット・ハッカーは自身の予定を達成するために時々ブラック・ハットをかぶるホワイト・ハット・ハッカーのように考えられます。
+ </div><div class="para">
+ グレイ・ハット・ハッカーは一般的にハッカー倫理の他の形式に同意します。それは、システムに侵入可能であると同時に、ハッカーが盗難を行わない、または機密性を破らないことを言います。しかし、ある人はシステムに侵入する行為自体が非倫理的あると主張します。
+ </div><div class="para">
+ 侵入者の意図に関わらず、クラッカーがエクスプロイトを試みたいかもしれないという弱さを知ることは重要です。本章の残りはこれらの問題に焦点をあてます。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>戻る</strong>第1章 セキュリティの概要</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>次へ</strong>1.2.2. ネットワーク・セキュリティへの脅威</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
new file mode 100644
index 0000000..825a608
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.6. IPTables サービスの有効化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="3.8.2.5. 設定の保存" /><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. IPTables の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">3.8.2.6. IPTables サービスの有効化</h4></div></div></div><div class="para">
+ <code class="command">iptables</code> サービスが実行されているならファイアウォール・ルールは有効化されています。手動でサービスを開始するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # service iptables restart</pre><div class="para">
+ <code class="command">iptables</code> がシステムのブート時に確実に開始するよう、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>戻る</strong>3.8.2.5. 設定の保存</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>次へ</strong>3.8.3. IPTables の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
new file mode 100644
index 0000000..71842b3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.2. ファイアウォールの有効化および無効化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="3.8.2.3. 信頼されたサービス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">3.8.2.2. ファイアウォールの有効化および無効化</h4></div></div></div><div class="para">
+ ファイアウォールに対する以下のオプションの1つを選択します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>無効 (Disabled)</strong></span> — ファイアウォールを無効化することにより、システムへの完全なアクセス権を提供し、セキュリティ・チェックを無くします。信頼されたネットワーク(インターネットではありません)において実行している、または iptables コマンドライン・ツールを用いて個別のファイアウォールを設定する必要があるときのみ、これを選択してください。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ ファイアウォール設定とあらゆる個別のファイアウォール・ルールは <code class="filename">/etc/sysconfig/iptables</code> ファイルに保存されます。<span class="guilabel"><strong>無効 (Disabled)</strong></span> を選択して、<span class="guibutton"><strong>OK</strong></span> をクリックすると、これらの設定とファイアウォール・ルールは失われます。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>Enabled</strong></span> — このオプションは、DNS 応答や DHCP リクエストのような外部へのリクエストへの応答ではない、入ってくる接続を拒否するようシステムを設定します。このマシンにおいて実行しているサービスへアクセスが必要ならば、ファイアウォールを通して特定のサービスを許可するよう選択する必要があります。
+ </div><div class="para">
+ もしシステムをインターネットに接続しているならば、サーバを実行しようと考えないでください。これが最も安全な選択です。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>戻る</strong>3.8.2. 基本的なファイアウォールの設定</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>次へ</strong>3.8.2.3. 信頼されたサービス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
new file mode 100644
index 0000000..156878a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.4. 他のポート</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="3.8.2.3. 信頼されたサービス" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="3.8.2.5. 設定の保存" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">3.8.2.4. 他のポート</h4></div></div></div><div class="para">
+ <span class="application"><strong>ファイアウォール管理ツール</strong></span>は、<code class="command">iptables</code> により信頼されるために、個別の IP ポートを指定するための<span class="guilabel"><strong>他のポート</strong></span>セクションを含みます。たとえば、IRC と Internet printing protocol (IPP) がファイアウォールを通過することを許可するために、<span class="guilabel"><strong>他のポート</strong></span>セクションに以下を追加します:
+ </div><div class="para">
+ <code class="computeroutput">194:tcp,631:tcp</code>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>戻る</strong>3.8.2.3. 信頼されたサービス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>次へ</strong>3.8.2.5. 設定の保存</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
new file mode 100644
index 0000000..03fb6cc
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.5. 設定の保存</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="3.8.2.4. 他のポート" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="3.8.2.6. IPTables サービスの有効化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">3.8.2.5. 設定の保存</h4></div></div></div><div class="para">
+ 変更を保存するために <span class="guibutton"><strong>OK</strong></span> をクリックして、ファイアウォールを有効または無効にします。<span class="guilabel"><strong>ファイアウォールを有効にする</strong></span>が選択されていると、選択されたオプションが <code class="command">iptables</code> コマンドに翻訳され、<code class="filename">/etc/sysconfig/iptables</code> ファイルに書き込まれます。選択されたオプションを保存した後、ファイアウォールを直ちに有効化するために、<code class="command">iptables</code> サービスも開始されます。<span class="guilabel"><strong>ファイアウォールを無効化する</strong></span>が選択されると、<code class="filename">/etc/sysconfig/iptables</code> ファイルが削除され、<code class="command">iptables</code> サービスは直ちに停止されます。
+ </div><div class="para">
+ 選択されたオプションは、設定を復元でき、次回アプリケーションを開始できるよう、<code class="filename">/etc/sysconfig/system-config-securitylevel</code> ファイルにも書き込まれます。
+ </div><div class="para">
+ ファイアウォールが直ちに有効化されるにも関わらず、<code class="command">iptables</code> サービスはブート時に自動的に開始するよう設定されません。詳細は <a class="xref" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html">「IPTables サービスの有効化」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>戻る</strong>3.8.2.4. 他のポート</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>次へ</strong>3.8.2.6. IPTables サービスの有効化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
new file mode 100644
index 0000000..8636c52
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2.3. 信頼されたサービス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="3.8.2.2. ファイアウォールの有効化および無効化" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="3.8.2.4. 他のポート" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">3.8.2.3. 信頼されたサービス</h4></div></div></div><div class="para">
+ <span class="guilabel"><strong>信頼されたサービス</strong></span>一覧にあるオプションを有効にすることで、指定されたサービスがファイアウォールを通過することを許可します。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
+ HTTP プロトコルはウェブページを取り扱うために Apache(または他のウェブサーバ)により使用されます。ウェブサーバは公に利用可能にしようと計画しているならば、このチェックボックスを選択します。このオプションは、ページをローカルに表示するため、またはウェブページを開発するためには必要とされません。このサービスは <code class="filename">httpd</code> パッケージがインストールされている必要があります。
+ </div><div class="para">
+ <span class="guilabel"><strong>WWW (HTTP)</strong></span> を有効にしても、SSL バージョンの HTTP である HTTPS 用のポートは開きません。このサービスが必要ならば、<span class="guilabel"><strong>Secure WWW (HTTPS)</strong></span> チェックボックスを選択します。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>FTP</strong></span></span></dt><dd><div class="para">
+ FTP プロトコルはネットワークにおいてマシン間でファイルを転送するために使用されます。FTP サーバを公に利用可能にしようと計画しているなら、このチェックボックスを選択します。このサービスは <code class="filename">vsftpd</code> パッケージがインストールされている必要があります。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>SSH</strong></span></span></dt><dd><div class="para">
+ Secure Shell (SSH) はリモート・マシンにログインして、コマンドを実行するためのツール群です。ssh 経由でマシンへのアクセスを許可するために、このチェックボックスを選択します。このサービスは <code class="filename">openssh-server</code> パッケージがインストールされている必要があります。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Telnet</strong></span></span></dt><dd><div class="para">
+ Telnet はリモート・マシンにログインするためのプロトコルです。Telnet コミュニケーションは、暗号化されず、ネットワーク盗聴からのセキュリティを提供しません。入ってくる Telnet を許可することは推奨されません。telnet 経由でマシンへのリモート・アクセスを許可するために、このチェックボックスを選択します。このサービスは <code class="filename">telnet-server</code> パッケージがインストールされている必要があります。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Mail (SMTP)</strong></span></span></dt><dd><div class="para">
+ SMTP はリモートホストがメールを配送するためにマシンへ直接接続するのを許可するプロトコルです。POP3 や IMAP を用いて ISP のサーバからメールを収集している、もしくは <code class="command">fetchmail</code> のようなツールを使用しているならば、このサービスを有効にする必要はありません。マシンへのメールの配送を許可するために、このチェックボックスを選択します。不適切に設定された SMTP サーバはリモートマシンがスパムを送るためにサーバを使用できるようになることに注意してください。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>NFS4</strong></span></span></dt><dd><div class="para">
+ Network File System (NFS) は *NIX システムにおいて一般的に使われているファイル共有のプロトコルです。このプロトコルのバージョン4はその前身よりセキュアです。システムにあるファイルやディレクトリを他のネットワーク・ユーザーを共有したいならば、このチェックボックスを選択します。
+ </div></dd><dt class="varlistentry"><span class="term"><span class="guilabel"><strong>Samba</strong></span></span></dt><dd><div class="para">
+ Samba は Microsoft の独自の SMB ネットワーク・プロトコルの実装です。ファイル、ディレクトリまたはローカル接続プリンタを Microsoft Windows マシンと共有する必要があるならば、このチェックボックスを選択します。
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>戻る</strong>3.8.2.2. ファイアウォールの有効化および無効化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>次へ</strong>3.8.2.4. 他のポート</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html
new file mode 100644
index 0000000..88915e5
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. これはなぜ重要なのでしょうか?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html" title="2.3. 物理セキュリティ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Se
curity_Guide-Basic_Hardening.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important">2.2. これはなぜ重要なのでしょうか?</h2></div></div></div><div class="para">
+ NSA の基本原則はセキュリティのベストプラクティスの概要を表現します。上の一覧には、おそらくすべての人により使われることがない項目があります、また、ベストプラクティスとして強調されるべき失われた項目があるでしょう。これらのアイディアに関するさらなる情報と他の事項が以下で説明されます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Basic_Hardening.html"><strong>戻る</strong>第2章 基本強化ガイド</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>次へ</strong>2.3. 物理セキュリティ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html
new file mode 100644
index 0000000..fe6c7334
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-NTP.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.9. NTP</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Services.html" title="2.8. サービス" /><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Se
curity_Guide-Basic_Hardening-Services.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-NTP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-NTP">2.9. NTP</h2></div></div></div><div class="para">
+ Network Time Protocol (<em class="firstterm">NTP</em>) はシステムの時刻を正確に保ちます。時間はセキュリティのパズルの非常に重要なピースであり、できる限り正確に維持するべきです。時間は、ログファイル、タイムスタンプおよび暗号において使用されます。誰かがシステムにおいて時刻設定を制御できるならば、侵入の再現をより難しくすることができます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>戻る</strong>2.8. サービス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>次へ</strong>第3章 ネットワークのセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html
new file mode 100644
index 0000000..814d9bd
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking-IPv6.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6.2. IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. ネットワーク" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. ネットワーク" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html" title="2.7. ソフトウェアの最新化維持" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p
" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-IPv6">2.6.2. IPv6</h3></div></div></div><div class="para">
+ IPv6 は最新のインターネットプロトコルです。アドレス不足を解決することを目指した IPv4 の後継です。また、新しいプロトコルに関連した直接的なセキュリティリスクはありません。この新しい技術を利用する前に理解することがいくつかあります。
+ </div><div class="para">
+ å¤ãã®ã·ã¹ãã 管çè
㯠IPv4 ã«æ
£ãã¦ãã¾ããããã¦ãæ£ãã IPv4 ãåä½ãããããã«å ããããæ«å®å¯¾å¦ã«ã¤ãã¦æ
£ãã¦ãã¾ãããããã®æ«å®å¯¾å¦ã®ä¸ã¤ã¯ãããã¯ã¼ã¯ã¢ãã¬ã¹å¤æ <em class="firstterm">NAT</em> ã§ããNAT ã¯æ
£ç¿çã«ããã¼ã«ã«ã¨ãªã¢ãããã¯ã¼ã¯ãæ§ç¯ããã¨ãã«ãå¿
è¦ã¨ãªããããªã㯠IP ã¢ãã¬ã¹ã®æ°ãæå°éã«ããããã«ä½¿ç¨ããã¦ãã¾ãããããã®ãããã¯ã¼ã¯ã«ããã·ã¹ãã ã¯ãããªã㯠IP ã¢ãã¬ã¹ãå¿
è¦ã¨ãã¾ãããã¾ããéè¦ãªã¢ãã¬ã¹ç©ºéããããã®æè¡ãå®è£
ãããã¨ã«ããç¯ç´ã§ãã¾ããNAT ã«ããå¯ä½ç¨ã¨ãã¦ããã¤ãã®ã»ãã¥ãªãã£æ©è½ãããã¾ãããã£ã¨ã大ããªãã®ã¯ããã¼ããã«ã¼ã¿ã¼ãè¶ãã¦è»¢éãããªãéããå¤é¨ã®éä¿¡ããããã¯ã¼ã¯ã®å
é¨ã«å
¥ããªããã¨ã§ããIPv6 ã¯ã¢ãã¬ã
¹åé¡ã解決ããã®ã§ããã¯ã NAT ã使ç¨ããå¿
è¦\nã¯ããã¾ããããã¹ã¦ã®ãã®ããããªã㯠IP ã¢ãã¬ã¹ãæã¦ã¾ããããã«ãæ¡å¼µãããã¨ã«ããããã¹ã¦ã®ãã®ãç©ççããã³è«ççã«æ¥ç¶ããã¦ããã¨ããã¤ã³ã¿ã¼ããããã¾ããããããªãã¯ã«ã«ã¼ãå¯è½ã§ã¯ããã¾ããã
+ </div><div class="para">
+ 心配するべきもう一つのことは、セキュリティソフトウェアがこの新しいプロトコルをどのように処理するかです。<span class="application"><strong>iptables</strong></span> は IPv6 を認識もしくは理解しません。そのため、これらのパケットを無視します。つまり、ネットワークが IPv6 を利用し、<span class="application"><strong>ip6tables</strong></span> を有効化していなければ、システムを世界中に向けて開け放っていることになります。
+ </div><div class="para">
+ システムのソフトウェアがこの新しいネットワークプロトコルを使用できるという、変更点を把握して理解している限り、IPv6 を使用することは危険ではありません。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>戻る</strong>2.6. ネットワーク</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>次へ</strong>2.7. ソフトウェアの最新化維持</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html
new file mode 100644
index 0000000..80d1ace
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Networking.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. ネットワーク</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html" title="2.5. 他に何ができるでしょうか?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html" title="2.6.2. IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Networking">2.6. ネットワーク</h2></div></div></div><div class="para">
+ コンピューターのネットワーク接続はシステムへの入り口です。ファイルおよびプロセッサー時間は、他の保護機能が実装されていなければ、ネットワーク接続経由でシステムに正常に接続した、すべての人に利用可能です。システムをコントロールした状態にしておく主要な方法の一つは、攻撃者が最初の場所でシステムにアクセスできないようにしておくことです。
+ </div><div class="section" id="sect-Security_Guide-Basic_Hardening-Networking-iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Basic_Hardening-Networking-iptables">2.6.1. iptables</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> は今日 Linux システムにおいてもっとも広く使用されているファイアウォールソフトウェアです。このプログラムは、ネットワーク接続経由でコンピューターに受信したパケットを横取りします。そして、指定されたルールに基づいてそれらをフィルターします。さらなる情報は<a class="xref" href="sect-Security_Guide-IPTables.html">「IPTables」</a>にあります。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>戻る</strong>2.5. 他に何ができるでしょうか?</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>次へ</strong>2.6.2. IPv6</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html
new file mode 100644
index 0000000..4e34bd1
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. 他に何ができるでしょうか?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html" title="2.4. これはなぜ重要なのでしょうか?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Networking.html" title="2.6. ネットワーク" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do">2.5. 他に何ができるでしょうか?</h2></div></div></div><div class="para">
+ Fedora 9 以降、LUKS 暗号化パーティションに保存されたデータを保護するために LUKS 暗号化がネイティブにサポートされています。Fedora 9 をインストールするときに、ファイルシステムをセットアップするとき、ファイルシステムを暗号化するためにボックスをチェックします。ルートパーティションおよび <code class="filename">/home</code> パーティション(または、デフォルトのファイルシステムならば、1つの / パーティション)を暗号化することにより、攻撃者が外部ソースを用いたりシングルユーザーモードでブートしたりするのを防ぎます。もちろん、あなたはデータを保護するために強力なパスフレーズを使用します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>戻る</strong>2.4. これはなぜ重要なのでしょうか?</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Networking.html"><strong>次へ</strong>2.6. ネットワーク</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html
new file mode 100644
index 0000000..7ac088a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. これはなぜ重要なのでしょうか?</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html" title="2.3. 物理セキュリティ" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html" title="2.5. 他に何ができるでしょうか?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important">2.4. これはなぜ重要なのでしょうか?</h2></div></div></div><div class="para">
+ 攻撃者が外部ソースからブートすることによりシステムの完全な制御をとることができます。外部ソース(たとえば live Linux CD)からブートすることにより、多くのセキュリティ設定が回避されます。攻撃者は GRUB の設定を変更することができるならば、システムへの管理者アクセスが可能になるシングルユーザーモードでブートすることができます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Physical_Security.html"><strong>戻る</strong>2.3. 物理セキュリティ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-What_else_can_I_do.html"><strong>次へ</strong>2.5. 他に何ができるでしょうか?</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html
new file mode 100644
index 0000000..223db37
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Physical_Security.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. 物理セキュリティ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html" title="2.2. これはなぜ重要なのでしょうか?" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html" title="2.4. これはなぜ重要なのでしょうか?" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Physical_Security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Physical_Security">2.3. 物理セキュリティ</h2></div></div></div><div class="para">
+ システムの物理セキュリティは最大の重要事項です。ここで与えられる多くの提案は、攻撃者がシステムに物理的にアクセスできるならば、システムを保護できないでしょう。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ このセクションは GRUB Legacy に関する情報を含みます。現在のリリースの GRUB (GRUB2 として知られています) ではありません。Fedora 16 は GRUB Legacy を使用していないので、以下のコマンドの多くは Fedora 16 やそれ以降のバージョンにおいて機能しません。
+ </div></div></div><div class="para">
+ CD/DVD、フロッピーおよび外部デバイスからのブートを無効にBIOSを設定して、これらの設定を保護するためにパスワードを設定します。次に、GRUBブートローダーにパスワードを設定します。コマンド ''/sbin/grub-md5-crypt'' を用いてパスワードハッシュを生成します。'' password --md5'' '''passwordhash''' を用いてハッシュを ''/etc/grub.conf'' の最初の行に追加します。これにより、ユーザーがシングルユーザーモードに入ったり、ブート時に設定を変えたりすることを防ぎます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-General_Principles-Why_is_this_important.html"><strong>戻る</strong>2.2. これはなぜ重要なのでしょうか?</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Physical_Security-Why_is_this_important.html"><strong>次へ</strong>2.4. これはなぜ重要なのでしょうか?</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html
new file mode 100644
index 0000000..ddd320b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Services.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.8. サービス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html" title="2.7. ソフトウェアの最新化維持" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-NTP.html" title="2.9. NTP" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide
-Basic_Hardening-Up_to_date.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Services"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Services">2.8. サービス</h2></div></div></div><div class="para">
+ Linux におけるサービスは、バックグラウンドにおいてデーモンとして実行されるプログラムです。実行する必要があるかどうかを決めるために、これらのプログラムを定期的に監査することが重要です。多くのデーモンは呼び出しをリッスンするためにネットワークのポートを開きます。不必要なポートを開いておくことにより、システム全体のセキュリティを危険にさらす可能性があります。あるソフトウェアの未知のセキュリティ侵害により、攻撃者がシステムの中に不正な理由で侵入できるようになる可能性があります。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Up_to_date.html"><strong>戻る</strong>2.7. ソフトウェアの最新化維持</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-NTP.html"><strong>次へ</strong>2.9. NTP</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html
new file mode 100644
index 0000000..30695e0
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Basic_Hardening-Up_to_date.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.7. ソフトウェアの最新化維持</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /><link rel="prev" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html" title="2.6.2. IPv6" /><link rel="next" href="sect-Security_Guide-Basic_Hardening-Services.html" title="2.8. サービス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hard
ening-Networking-IPv6.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Basic_Hardening-Up_to_date"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Basic_Hardening-Up_to_date">2.7. ソフトウェアの最新化維持</h2></div></div></div><div class="para">
+ ソフトウェアは毎日パッチをあてられます。これらの更新のいくつかは、開発者により識別されたセキュリティ問題を修正します。これらのパッチが利用可能になったとき、できる限り早くシステムに適用することが重要です。システムの更新を管理するもっとも簡単な方法の一つは <span class="application"><strong>yum</strong></span> を使用することです。バグ修正と機能拡張を無視して、セキュリティ更新のみをインストールできるようにする、特別なプラグインが利用可能です。このプラグインは<a class="xref" href="chap-Security_Guide-CVE.html#sect-Security_Guide-CVE-yum_plugin">「YUM プラグイン」</a>においてより詳しく説明しています。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Hardening-Networking-IPv6.html"><strong>戻る</strong>2.6.2. IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Hardening-Services.html"><strong>次へ</strong>2.8. サービス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html
new file mode 100644
index 0000000..4199476
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. yum-plugin-security の使い方</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-CVE.html" title="第8章 共通脆弱性識別子 CVE" /><link rel="prev" href="chap-Security_Guide-CVE.html" title="第8章 共通脆弱性識別子 CVE" /><link rel="next" href="chap-Security_Guide-References.html" title="第9章 参考資料" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-CVE.html"><strong>戻る</str
ong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">8.2. yum-plugin-security の使い方</h2></div></div></div><div class="para">
+ これが追加した1つ目のサブコマンドは <code class="command">yum list-sec</code> です。これは <code class="command">yum check-update</code> と似ていますが、各アップデートの Red Hat アドバイザリー ID 番号と分類も“enhancement”, “bugfix” または “security” として表示します。:
+ </div><div class="para">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ <code class="command">yum list-sec cves</code> を使うと、Red Hat アドバイザリ ID はアップデートにより示された CVE ID で置き換えられます; <code class="command">yum list-sec bzs</code> を使うと、アドバイザリ ID はアップデートにより示された Red Hat Bugzilla ID で置き換えられます。パッケージが Bugzilla や CVE ID において複数のバグを指していると、パッケージは複数回表示されるかもしれません:
+ </div><div class="para">
+ <code class="command">yum list-sec bzs</code> の出力例:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>387431 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>345101 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ Example output of <code class="command">yum list-sec cves</code>:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386</td></tr><tr><td>CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386</td></tr><tr><td>CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr><tr><td>CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386</td></tr></table>
+
+ </div><div class="para">
+ <span class="package">yum-plugin-security</span> パッケージにより追加された2つ目の新しいサブコマンドは <code class="command">info-sec</code> です。このサブコマンドは、アドバイザリ番号、CVE または Bugzilla ID を引数としてとり、問題の性質に関する短いテキストの議論またはアドバイザリにより示されている問題を含む、アドバイザリにおける詳細な情報を返します。
+ </div><div class="para">
+ これらの2つの新しい yum サブコマンドに加えて、セキュリティ関連のアップデートのみ、もしくは、特定のアドバイザリやバグに関連したアップデートのみを適用するのを助けるために、新しいオプションが <code class="command">yum update</code> に提供されます。
+ </div><div class="para">
+ すべてのセキュリティ関連のアップデートのみを適用するために:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --security</code></td></tr></table>
+
+ </div><div class="para">
+ Bugzilla バグ 410101 に関連したすべてのアップデートを適用するために:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --bz 410101</code></td></tr></table>
+
+ </div><div class="para">
+ CVE ID CVE-2007-5707 に関連したすべてのアップデートと Red Hat アドバイザリ ID RHSA-2007:1082-5 に関連したすべてのアップデートを適用するために:
+ <table border="0" summary="Simple list" class="simplelist"><tr><td><code class="command">yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5</code></td></tr></table>
+
+ </div><div class="para">
+ これらの新しい機能に関する詳細は <span class="package">yum-plugin-security</span>(8) マニュアルページにドキュメント化されています。
+ </div><div class="para">
+ Fedora セキュリティ・アップデートに関する詳細は、<a href="https://fedoraproject.org/wiki/Security">https://fedoraproject.org/wiki/Security</a> にある Fedora セキュリティページを訪問してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-CVE.html"><strong>戻る</strong>第8章 共通脆弱性識別子 CVE</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>次へ</strong>第9章 参考資料</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
new file mode 100644
index 0000000..4678eff
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.2. コマンド・オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="3.9.2.3. IPTables パラメーターのオプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">3.9.2.2. コマンド・オプション</h4></div></div></div><div class="para">
+ コマンド・オプションは特定のアクションを実行するよう <code class="command">iptables</code> に指示します。<code class="command">iptables</code> コマンドあたり、1つのコマンド・オプションのみが許可されます。ヘルプ・コマンドに注意書きされているように、すべてのコマンドは大文字で書かれます。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンドは以下のようです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-A</code> — ルールを指定されたチェインの最後に追加します。以下で説明される <code class="option">-I</code> オプションとは違い、整数の引数を取りません。常にルールを指定されたチェインの最後に追加します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-C</code> — ユーザー指定のチェインに追加する前に特定のルールをチェックします。このコマンドは、追加のパラメーターとオプションを促すことにより複雑な <code class="command">iptables</code> を構築する助けにできます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-D <integer> | <rule></code> — 数値(チェインにある5番目のルールに対しては<code class="option">5</code>、のように)またはルールの指定により特定のチェインにあるルールを削除します。ルールの指定は既存のルールに正確に一致しなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-E</code> — ユーザー指定のチェインの名前を変えます。ユーザー指定のチェインはデフォルト、既存のチェイン以外のチェインすべてです。 (ユーザー指定のチェインを作成することの詳細は、いかにある <code class="option">-N</code> オプションを参照してください。) これは表面的な変更であり、テーブルの構造に影響を与えません。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ デフォルトのチェインの1つの名前を変えようとしているならば、システムは <code class="computeroutput">Match not found</code> エラーを報告します。デフォルトのチェインの名前を変えることはできません。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-F</code> — 選択されたチェインをフラッシュします、効率的にチェインにあるルールをすべて削除します。チェインが指定されていないと、このコマンドはすべてのチェインからすべてのルールをフラッシュします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-h</code> — コマンド構造の一覧、およびコマンド・パラメーターとオプションの簡単な概要を提供します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-I [<integer>]</code> — ユーザー定義の整数の引数により指定されたところにある指定されたチェインにおけるルールを挿入します。引数が何も指定されていなければ、ルールはチェインの一番上に挿入されます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ 上で説明されたように、チェインにおけるルールの順番は、どのルールがどのパケットに適用されるかを決めます。ルールを追加するときに <code class="option">-A</code> または <code class="option">-I</code> オプションのどちらを使用するかを覚えておくかは重要なことです。
+ </div><div class="para">
+ ルールを追加するときに整数の引数とともに <code class="option">-I</code> を使用することはとくに重要です。ルールをチェインに追加するときに既存の数値を指定するならば、<code class="command">iptables</code> は既存のルールの<span class="emphasis"><em>前</em></span>(または上)に新しいルールを追加します。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-L</code> — コマンドの後ろに指定したチェインにあるルールをすべて表示します。デフォルト <code class="option">filter</code> テーブルにあるすべてのチェインのルールをすべて表示するためには、チェインまたはテーブルを指定しません。そうでなければ、特定のテーブルで指定したチェインにあるルールを表示するために、以下の構文が使用されます:
+ </div><pre class="screen"><code class="computeroutput"> iptables -L <em class="replaceable"><code><chain-name></code></em> -t <em class="replaceable"><code><table-name></code></em></code></pre><div class="para">
+ ルール番号を提供したり、より詳細なルールの説明を許可したりする、<code class="option">-L</code> コマンド・オプションに対する追加のオプションは、<a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html">「リスト・オプション」</a> に記載されています。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-N</code> — ユーザー指定の名前を用いて新しいチェインを作成します。チェイン名は一意でなければならず、そうでなければエラー・メッセージが表示されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-P</code> — 指定したチェインに対するデフォルトのポリシーをセットします。これは、パケットがルールにマッチせずにチェイン全体を通り抜けるときに、ACCEPT または DROP のような、指定されたターゲットに送られるようにするためです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-R</code> — 指定されたチェインにおけるルールを置き換えます。ルールの番号は必ずチェイン名の後ろに指定されなければいけません。チェインにある最初のルールはルール番号1に対応します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-X</code> — ユーザーが指定したチェインを削除します。組み込みチェインは削除できません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-Z</code> — テーブルに対するすべてのチェインにあるバイトとパケットのカウンタを0にセットします。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>戻る</strong>3.9.2. IPTables のコマンド・オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>次へ</strong>3.9.2.3. IPTables パラメーターのオプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
new file mode 100644
index 0000000..ad2d382
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4. IPTables マッチ・オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="3.9.2.3. IPTables パラメーターのオプション" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="3.9.2.4.2. UDP プロトコル" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">3.9.2.4. IPTables マッチ・オプション</h4></div></div></div><div class="para">
+ 異なるネットワーク・プロトコルが、そのプロトコルを使用する特定のパケットにマッチさせるために、設定される特別なマッチ・オプションを提供します。しかしながら、プロトコルはまず <code class="command">iptables</code> コマンドにおいて指定されなければいけません。たとえば、<code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> は、特別なプロトコルに対するオプションを有効にします。プロトコル名の代わりにプロトコル ID も使用できることに注意してください。それぞれ同じ効果を持つ、以下の例を参照してください。
+ </div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code></pre><pre class="screen"><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code></pre><div class="para">
+ サービス定義が <code class="filename">/etc/services</code> ファイルにおいて提供されます。読みやすさのために、ポート番号よりもサービス名を使用することが推奨されます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 認可されない編集を防ぐために <code class="filename">/etc/services</code> ファイルをセキュアにします。このファイルが編集可能であると、クラッカーはあなたが別に閉じているマシンのポートを有効にするためにそれを使うことができます。このファイルをセキュアにするために、root として以下のコマンドを入力します:
+ </div><pre class="screen">
+[root at myServer ~]# chown root.root /etc/services
+[root at myServer ~]# chmod 0644 /etc/services
+[root at myServer ~]# chattr +i /etc/services</pre><div class="para">
+ これにより、ファイルが名前変更、削除、またはリンクされるのを防ぎます。
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-TCP_Protocol">3.9.2.4.1. TCP プロトコル</h5></div></div></div><div class="para">
+ これらのマッチ・オプションは TCP プロトコル (<code class="option">-p tcp</code>) に対して利用可能です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — パケットの宛て先ポートをセットします。
+ </div><div class="para">
+ このオプションを設定するために、(www や smtp のような)ネットワーク・サービス名、ポート番号またはポート番号の範囲を使用します。
+ </div><div class="para">
+ ポート番号の範囲を指定するために、2つの数をコロン (<code class="option">:</code>) で分けます。たとえば: <code class="option">-p tcp --dport 3000:3200</code>。利用可能で有効な最大の数は <code class="option">0:65535</code> です。
+ </div><div class="para">
+ そのネットワーク・サービスやポートを使用<span class="emphasis"><em>しない</em></span>すべてのパケットにマッチさせるために、<code class="option">--dport</code> オプションの後ろに感嘆符記号 (<code class="option">!</code>) を使用します。
+ </div><div class="para">
+ 使用しているネットワーク・サービスとポート番号の名前およびエイリアスを閲覧するために、<code class="filename">/etc/services</code> ファイルを表示します。
+ </div><div class="para">
+ <code class="option">--destination-port</code> マッチ・オプションは <code class="option">--dport</code> のことです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — <code class="option">--dport</code> と同じオプションを用いてパケットのソース・ポートをセットします。<code class="option">--source-port</code> マッチ・オプションは <code class="option">--sport</code> のことです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--syn</code> — 一般的に <em class="firstterm">SYN パケット</em>を呼ばれる、通信を初期化するために設計されたすべての TCP パケットに適用されます。データ・ペイロードを運ぶすべてのパケットは影響しません。
+ </div><div class="para">
+ SYN パケット以外すべてとマッチさせるために、<code class="option">--syn</code> オプションの後に感嘆符記号 (<code class="option">!</code>) を使用します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-flags <tested flag list> <set flag list></code> — ルールにマッチされるために、特別なビット(フラグ)がセットされた TCP パケットすべて。
+ </div><div class="para">
+ <code class="option">--tcp-flags</code> マッチ・オプションは2つのパラメーターを受け取ります。1つ目のパラメーターはマスクで、パケットにおいて検査されるためのフラグのカンマ区切りの一覧です。2つ目のパラメーターは、ルールがマッチするためにセットされなければいけないフラグのカンマ区切りの一覧です。
+ </div><div class="para">
+ 利用可能なフラグは以下です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ACK</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">FIN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PSH</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RST</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SYN</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">URG</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ALL</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NONE</code>
+ </div></li></ul></div><div class="para">
+ たとえば、以下の指定を含む <code class="command">iptables</code> ルールは、SYN フラグがセットされていて、ACK と FIN フラグがセットされていない TCP パケットのみにマッチします:
+ </div><div class="para">
+ <code class="command">--tcp-flags ACK,FIN,SYN SYN</code>
+ </div><div class="para">
+ マッチ・オプションの効果を反転させるために、<code class="option">--tcp-flags</code> の後ろに感嘆符記号 (<code class="option">!</code>) を使用します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--tcp-option</code> — 特定のパケットの中にセットされる TCP 固有のオプションにマッチさせるよう試行します。このマッチ・オプションは感嘆符記号 (<code class="option">!</code>) を用いて反転されることもできます。
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>戻る</strong>3.9.2.3. IPTables パラメーターのオプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>次へ</strong>3.9.2.4.2. UDP プロトコル</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
new file mode 100644
index 0000000..d33149d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.3. IPTables パラメーターのオプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="3.9.2.2. コマンド・オプション" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables マッチ・オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">3.9.2.3. IPTables パラメーターのオプション</h4></div></div></div><div class="para">
+ 特定のチェインの中にルールを追加、削除、挿入、および置換するために使われるものを含む、特定の <code class="command">iptables</code> コマンドは、パケット・フィルタリング・ルールを構築するためにさまざまなパラメーターを必要とします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-c</code> — 特定のルールに対するカウンターをリセットします。このパラメーターはどのカウンターをリセットするかを指定するために <code class="option">PKTS</code> および <code class="option">BYTES</code> オプションを受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-d</code> — ルールにマッチするパケットの宛て先ホスト名、IP アドレス、またはネットワークをセットします。ネットワークにマッチさせるとき、以下の IP アドレス/ネットマスクの形式がサポートされます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M.M.M.M</code></em></code> — ここで <em class="replaceable"><code>N.N.N.N</code></em> は IP アドレスの範囲で、<em class="replaceable"><code>M.M.M.M</code></em> はネットマスクです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code>N.N.N.N</code></em>/<em class="replaceable"><code>M</code></em></code> — ここで<em class="replaceable"><code>N.N.N.N</code></em> は IP アドレスの範囲で、<em class="replaceable"><code>M</code></em> はビットマスクです。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">-f</code> — このルールはフラグメントされたパケットにのみ適用されます。
+ </div><div class="para">
+ フラグメントされていないパケットのみにマッチするよう指定するために、このパラメーターの後ろに感嘆符記号 (<code class="option">!</code>) オプションを使用できます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ フラグメントされたパケットが IPプロトコルの標準的な部分であるにもかかわらず、フラグメントされたパケットとフラグメントされていないパケットを区別することが望ましいです。
+ </div><div class="para">
+ 元々は、IP パケットは異なるフレーム・サイズを持つネットワークを経由して伝搬できるように設計された、フラグメントは悪意のある形式のパケットを使用した DoS 攻撃を生成するために、最近はより一般的に使われます。IPv6 がフラグメントを完全に拒否することは何も価値がありません。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">-i</code> — <code class="option">eth0</code> や <code class="option">ppp0</code> のような、入力ネットワーク・インターフェースをセットします。<code class="command">iptables</code> を用いて、このオプション・パラメータは <code class="option">filter</code> テーブルとともに使用されるとき INPUT および FORWARD チェインのみとともに使用されます。また、<code class="option">nat</code> および <code class="option">mangle</code> テーブルとともに使用されるときは PREROUTING チェインのみです。
+ </div><div class="para">
+ このパラメーターは以下の特別なオプションもサポートします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 感嘆符記号 (<code class="option">!</code>) — 指定されたインターフェースすべてがこのルールから除外されることを意味する、ディレクティブを反転します。
+ </div></li><li class="listitem"><div class="para">
+ プラス記号 (<code class="option">+</code>) — ワイルドカード文字は指定した文字列にマッチするすべてのインターフェースにマッチさせるために使用されます。たとえば、パラメータ <code class="option">-i eth+</code> は、このルールをすべてのイーサネット・インターフェースに適用しますが、<code class="option">ppp0</code> のような他のインターフェースすべては除きます。
+ </div></li></ul></div><div class="para">
+ <code class="option">-i</code> パラメータが使われていても、インターフェースが指定されていなければ、すべてのインターフェースがルールにより影響を受けます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-j</code> — パケットが特定のルールにマッチしたとき指定されたターゲットにジャンプします。
+ </div><div class="para">
+ 標準的なターゲットは <code class="option">ACCEPT</code>, <code class="option">DROP</code>, <code class="option">QUEUE</code>, および <code class="option">RETURN</code> です。
+ </div><div class="para">
+ 拡張されたオプションも Fedora <code class="command">iptables</code> RPM パッケージでデフォルトでロードされるモジュールを通して利用可能です。これらのモジュールにおいて有効なターゲットは、とりわけ <code class="option">LOG</code>, <code class="option">MARK</code>, および <code class="option">REJECT</code> を含みます。これらと他のターゲットの詳細は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div><div class="para">
+ このオプションは、他のルールがパケットへ適用されるよう現在のチェインの外側に、特定のルールがユーザー定義チェインにマッチする、パケットを指定するためにも使用できます。
+ </div><div class="para">
+ ターゲットが指定されていなければ、パケットは何もアクションがとられないルールを通過していきます。しかしながら、このルールに対するカウンターは1つ増えます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-o</code> — ルールに対する出力ネットワーク・インターフェースをセットします。このオプションは、<code class="option">filter</code> テーブルにおける OUTPUT および FORWARD チェイン、および <code class="option">nat</code> と <code class="option">mangle</code> テーブルにおける \nPOSTROUTING チェインに対してのみ有効です。このパラメーターは、入力インターフェース・パラメーター (<code class="option">-i</code>) と同じようなオプションを受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-p <protocol></code> — ルールにより影響を受けるプロトコルをセットします。これは <code class="option">icmp</code>, <code class="option">tcp</code>, <code class="option">udp</code>, または <code class="option">all</code> も、これらの1つまたは他のプロトコルを表現する数値もありえます。<code class="filename">/etc/protocols</code> ファイルにリストされているプロトコルも使用できます。
+ </div><div class="para">
+ "<code class="option">all</code>" プロトコルは、ルールがすべてのサポートされたプロトコルに適用されることを意味します。プロトコルがこのルールにリストされていなければ、デフォルトが "<code class="option">all</code>" になります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-s</code> — 宛て先 (<code class="option">-d</code>) パラメータと同じ構文を使用する、特定のパケットのために送信元をセットします。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>戻る</strong>3.9.2.2. コマンド・オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>次へ</strong>3.9.2.4. IPTables マッチ・オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
new file mode 100644
index 0000000..72bc731
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.6. リスト・オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="3.9.2.5. ターゲット・オプション" /><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="3.9.3. IPTables ルールの保存" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation S
ite" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">3.9.2.6. リスト・オプション</h4></div></div></div><div class="para">
+ デフォルトのリストコマンド <code class="command">iptables -L [<chain-name>]</code> は、デフォルト・フィルター・テーブルの現在のチェインに関する非常に基本的な概要を提供します。追加のオプションは以下の詳細を提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">-v</code> — 各チェインが処理したパケット数やバイト数、各ルールがマッチしたパケット数やバイト数、どのインターフェースが特定のルールに適用されたかのような、冗長な出力を表示します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-x</code> — 数値をその正確な値に展開します。負荷のかかったシステムにおいては、特定のチェインやルールにより処理されたパケット数およびバイト数が、<code class="computeroutput">キロバイト</code>、<code class="computeroutput">メガバイト</code>(メガバイト)または<code class="computeroutput">ギガバイト</code>に短縮されているかもしれません。このオプションは、表示するために完全な数字を強制します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-n</code> — IP アドレスとポート番号を、デフォルトのホスト名およびネットワーク・サービス形式ではなく、数値形式で表示します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--line-numbers</code> — チェインにおける数値順番に続けて各チェインのルールを表示します。チェインにある特定のルールを削除したり、チェインの中にルールを挿入する位置を決めたりしようとするときに、このオプションは有用です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">-t <table-name></code> — テーブル名を指定します。省略すると、フィルター・テーブルのデフォルトです。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>戻る</strong>3.9.2.5. ターゲット・オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>次へ</strong>3.9.3. IPTables ルールの保存</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
new file mode 100644
index 0000000..2186e77
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.5. ターゲット・オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="3.9.2.4.4. 追加のマッチ・オプションのモジュール" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="3.9.2.6. リスト・オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">3.9.2.5. ターゲット・オプション</h4></div></div></div><div class="para">
+ パケットが特定のルールにマッチしたとき、ルールは適切なアクションを決める多くの異なるターゲットにパケットを転送できます。各チェインは異なるターゲットを持ちます。それは、チェインにおけるルールがパケットにマッチしなければ、もしくは、パケットにマッチするルールがターゲットを指定しなければ使用される、デフォルトのターゲットを各チェインは持ちます。
+ </div><div class="para">
+ 以下は一般的なターゲットです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><em class="replaceable"><code><user-defined-chain></code></em></code> — テーブルの中にあるユーザー定義のチェイン。ユーザー定義のチェイン名は一意でなければいけません。このターゲットは指定されたチェインをパケットが通過します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ACCEPT</code> — 宛て先または他のチェインへのパケットを許可します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DROP</code> — 応答を返すことなくパケットを破棄します。パケットを送ったシステムは失敗を通知されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">QUEUE</code> — パケットはユーザー空間アプリケーションにより処理するためにキューに入れられます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RETURN</code> — 現在のチェインにあるルールに対してパケットのチェックを止めます。<code class="option">RETURN</code> ターゲットを持つパケットが他のチェインから呼び出されたチェインにあるルールにマッチすると、パケットはそれを離れてルールのチェックを止めるために最初のチェインに戻されます。<code class="option">RETURN</code> ルールが組み込みチェインにおいて使用されていて、かつパケットが前のチェインに戻れなければ、現在のチェインに対するデフォルト・ターゲットが使用されます。
+ </div></li></ul></div><div class="para">
+ さらに、他のターゲットが指定されるようにする拡張が利用可能です。これらの拡張はターゲット・モジュールまたはマッチ・オプション・モジュールと呼ばれ、多くは特定のテーブルおよび状況にのみ適用されます。マッチ・オプション・モジュールの詳細は <a class="xref" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html">「追加のマッチ・オプションのモジュール」</a> を参照してください。
+ </div><div class="para">
+ 拡張されたターゲット・モジュールが数多く存在します。それらの多くは特定のテーブルや状況にのみ適用します。Fedora にデフォルトで含まれる最も一般的なターゲット・モジュールのいくつかは以下のとおりです。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">LOG</code> — このルールにマッチするすべてのパケットを記録します。パケットがカーネルにより記録されるので、<code class="filename">/etc/syslog.conf</code> ファイルがこれらのログ・エントリーが書き込まれる位置を決めます。デフォルトで <code class="filename">/var/log/messages</code> ファイルに置かれます。
+ </div><div class="para">
+ 追加のオプションは、ロギングが発生する方法を指定するために <code class="option">LOG</code> ターゲットの後ろで使用されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--log-level</code> — ログ・イベントの優先度をセットします。優先度の一覧は <code class="filename">syslog.conf</code> マニュアル・ページを参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-ip-options</code> — IP パケットのヘッダにセットされているすべてのオプションを記録します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-prefix</code> — ログ行が書き込まれるとき、その前に29文字までの文字列を置きます。これはパケット・ロギングとともに使用される syslog フィルターを書き込むために有用です。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ このオプションの問題のため、<em class="replaceable"><code>log-prefix</code></em> 値に末尾のスペースを追加する必要があります。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-options</code> — TCP パケットのヘッダーにセットされたオプションをすべて記録します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--log-tcp-sequence</code> — ログにパケットの TCP シーケンス番号を書き込みます。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">REJECT</code> — リモート・システムにエラー・パケットを送り返して、パケットを破棄します。
+ </div><div class="para">
+ <code class="option">REJECT</code> ターゲットは、より詳細な情報がエラー・パケットとともに返せるよう、<code class="option">--reject-with <em class="replaceable"><code><type></code></em></code> (<em class="replaceable"><code><type></code></em> は拒否の種類) を受け付けます。メッセージ <code class="computeroutput">port-unreachable</code> は、他のオプションが使用されなければ、与えられるデフォルトのエラー種別です。<code class="option"><em class="replaceable"><code><type></code></em></code> オプションの完全な一覧は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div></li></ul></div><div class="para">
+ 他のターゲット拡張が <code class="command">iptables</code> マニュアル・ページで見つけられます。これには、<code class="option">nat</code> テーブルを使用する IP マスカレードにとって有用なもの、および <code class="option">mangle</code> テーブルを使用するパケット変更とともに有用なものをいくつか含みます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>戻る</strong>3.9.2.4.4. 追加のマッチ・オプションのモジュール</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>次へ</strong>3.9.2.6. リスト・オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html
new file mode 100644
index 0000000..2cd137a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Common_Exploits_and_Attacks.html
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. 一般的なエクスプロイトと攻撃</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="第1章 セキュリティの概要" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.3.3.5. 将来ニーズの予測" /><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. セキュリティ・アップデート" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Common_Exploits_and_Attacks" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. 一般的なエクスプロイトと攻撃</h2></div></div></div><div class="para">
+ <a class="xref" href="sect-Security_Guide-Common_Exploits_and_Attacks.html#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits">表1.1「一般的なエクスプロイト」</a> は、組織のネットワーク資源にアクセスするために侵入者により使用される、いくつかの最も一般的なエクスプロイトとエントリー・ポイントを詳しく説明します。これらの一般的なエクスプロイトの要点は、それらがどのように実行されるか、および、管理者がそのような攻撃に対してどのようにネットワークを適切に保護できるかの説明にあります。
+ </div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><h6>表1.1 一般的なエクスプロイト</h6><div class="table-contents"><table summary="一般的なエクスプロイト" border="1"><colgroup><col width="20%" class="Exploit" /><col width="40%" class="Description" /><col width="40%" class="Notes" /></colgroup><thead><tr><th>
+ エクスプロイト
+ </th><th>
+ 説明
+ </th><th>
+ 注意事項
+ </th></tr></thead><tbody><tr><td>
+ 空もしくはデフォルトのパスワード
+ </td><td>
+ 管理パスワードが空白のままになっているか、または製品ベンダーにより設定されたデフォルトのパスワードを使用していることです。ルーターやファイアウォールのようなハードウェアにおいて最も一般的です。一方、Linux で実行しているいくつかのサービスはデフォルトの管理者パスワードを含みます(しかし Fedora 12 はそれらを同梱しません)。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>routers, firewalls, VPN および network attached storage (NAS) アプライアンスのようなネットワーク・ハードウェアと一般的に関連づけられます。</td></tr><tr><td>(UNIX や Windows のような)多くの古いオペレーティングシステム、とくにバンドルされたサービス、において一般的です。</td></tr><tr><td>管理者はときどき急いで特権ユーザーアカウントを作成して、パスワードを空白にしたままにします。それは、アカウントを探索している悪意のあるユーザーにとって完璧なエントリ・ポイントを作ります。</td></tr></table>
+
+ </td></tr><tr><td>
+ デフォルトの共有鍵
+ </td><td>
+ セキュアなサービスはときどき、開発者や評価テスト目的のためにデフォルトのセキュリティ鍵をパッケージしています。これらの鍵が変更されずに残っていて、インターネットの本番環境に置かれていると、同じデフォルトの鍵を持つ<span class="emphasis"><em>すべての</em></span>ユーザーが、共有鍵の資源およびそれに含まれる機密情報すべてにアクセスできます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>無線アクセスポイントや事前設定されたセキュアなサーバー・アプリケーションにおいて最も一般的です。</td></tr></table>
+
+ </td></tr><tr><td>
+ IP スプーフィング
+ </td><td>
+ リモート・マシンは、ネットワーク資源上の制御を得るために、ローカル・ネットワークにおけるノードとして動作し、サーバにある脆弱性を見つけ、バックドア・プログラムまたはトロイの木馬をインストールします。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>対象システムへの接続を順序立てて並べるために、攻撃者が TCP/IP シーケンス番号を予測することを含むので、スプーフィングはかなり難しいです。しかし、いくつかのツールは攻撃者がそのような脆弱性を実行することを支援することが可能です。</td></tr><tr><td><em class="firstterm">ソース・ベース</em>の認証テクニックを使用することは、ターゲットシステムが実行しているサービス (<code class="command">rsh</code>, <code class="command">telnet</code>, FTP および他のもののような) に依存します。それは、PKI、および<code class="command">ssh</code> や SSL/TLS において使われる暗号化された認証の他の形式と比較するとき、推奨されません。</td></tr></table>
+
+ </td></tr><tr><td>
+ 盗聴
+ </td><td>
+ 2つのノードの間のコネクションにおいて盗聴することにより、ネットワークにおける2つのアクティブなノードを通過するデータを収集します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>この種類の攻撃は大抵、Telnet, FTP, および HTTP 転送のようなプレーン・テキストの送信プロトコルとともに機能します。</td></tr><tr><td>リモートの攻撃者は、そのような攻撃を実行するために、LAN において危険にさらされたシステムへとアクセスできなければいけません。クラッカーは通常、LAN においてシステムを危険にさらすために能動的な攻撃(IP スプーフィングや中間者攻撃のような)を使用します。</td></tr><tr><td>防御的対策は、パスワード盗聴を防ぐために、暗号的な鍵交換、ワンタイムパスワード、または暗号化された認証を用いたサービスを含みます。転送中、強い暗号が通知されます。</td></tr></table>
+
+ </td></tr><tr><td>
+ サービスの脆弱性
+ </td><td>
+ 攻撃者はインターネット上で実行されるサービスにおいて欠陥や抜け穴を見つけます。この脆弱性を通して、攻撃者はシステム全体と保持されるデータを危険にさらし、おそらくネットワークにある他のシステムも危険にさらすでしょう。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>CGI のような HTTP ベースのサービスは、リモート・コマンド実行およびインタラクティブなシェル・アクセスにも脆弱です。HTTP サービスが "nobody" のような非特権ユーザーとして実行されているときでさえ、設定ファイルやネットワーク構成のような情報が読みとらる可能性があります。または、攻撃者はシステム資源を流出させたり、他のユーザーが利用不可能にしたりするサービス妨害攻撃を開始します。</td></tr><tr><td>サービスはときどき開発とテストの期間中に気がつかない脆弱性を持つ可能性があります。(攻撃者が、アプリケーションのメモリー・バッファを埋める任意の値を使用してサービスをクラッシュさせ、攻撃者に任意のコマンドを実行するインタラクティブな
コマンド・プロンプトを与える、<em class="firstterm">バッファ・オーバーフロー</em>のような)これらの脆弱性により攻撃者は完全な管理コントロールを持ちます。</td></tr><tr><td>管理者はサービスが root ユーザーとして実行されていないことを確実にします。また、ベンダや CERT や CVE のようなセキュリティ組織から、アプリケーションに対するパッチやエラッタ・アップデートを用心深いままでいます。</td></tr></table>
+
+ </td></tr><tr><td>
+ アプリケーションの脆弱性
+ </td><td>
+ 攻撃者はデスクトップやワークステーションのアプリケーション(電子メールクライアントのような)に欠陥を見つけて、任意のコードを実行します、将来の侵入のためにトロイの木馬を注入します、もしくはシステムをクラッシュさせます。侵入されたワークステーションがネットワークの残りにおいて管理特権を持つならば、さらなるエクスプロイトが起こる可能性があります。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ワークステーションとデスクトップは、作業者が侵入を防いだり検知したりする習熟や経験を持たないため、エクスプロイトをより受ける傾向にあります。認可されないソフトウェアをインストールする、または頼んでいない電子メールの添付ファイルを開くときに、とられるリスクの個々について説明することは不可欠です。</td></tr><tr><td>セーフガードは、電子メールソフトウェアが添付を自動的に開いたり実行したりしない、というように導入されます。加えて、Red Hat Network や他のシステム管理サービスを通してワークステーションのソフトウェアを自動更新することにより、マルチシートのセキュリティ・デプロイの負担を軽減できます。</td></tr></table>
+
+ </td></tr><tr><td>
+ サービス妨害 (DoS: Denial of Service) 攻撃
+ </td><td>
+ 攻撃者や攻撃者のグループは、ターゲット・ホスト(もしくは、サーバー、ルーター、ワークステーション)へ認可されないパケットを送ることにより組織のネットワークやサーバーのリソースに対して調整されます。これはリソースを正当なユーザーに利用不可能になるよう強制します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>ã¢ã¡ãªã«ã§æãå ±åããã DoS æ»æã¯2000å¹´ã«èµ·ããã¾ãããããã¤ãã®é«ãã©ãã£ãã¯ã®åç¨ããã³æ¿åºã®ãµã¤ãã<em class="firstterm">zombies</em> ã¾ãã¯ãªãã¤ã¬ã¯ããããããã¼ããã£ã¹ãã»ãã¼ãã¨ãã¦åä½ããé«å¸¯åæ¥ç¶ãæã¤ããã¤ãã®å±éºã«ãããããã·ã¹ãã ãç¨ãã¦ã調æ´ããã ping ãã©ããæ»æã«ããå©ç¨ä¸å¯è½ã«ãªãã¾ããã</td></tr><tr><td>ã½ã¼ã¹ã»ãã±ããã¯é常ãæ»æã®æ¬å½ã®ã½ã¼ã¹ã調æ»ããã®ãé£ãããªããããå½è£
ï¼ã¾ãã¯åããã¼ããã£ã¹ãï¼ããã¦ãã¾ãã</td></tr><tr><td><code class="command">iptables</code> ãç¨ããã¤ã³ã°ã¬ã¹ã»ãã£ã«ã¿ (IETF rfc2267) ã«ãããé²æ©ããã³ <code class="command">snort</code> ã®ãã㪠Network Intrusion Detection Systems ã¯ç®¡çè
ãåæ£ããã DoS æ
»æã追ãããã¦é²ãã®ãæ¯æ´ãã¾ãã</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>戻る</strong>1.3.3.5. 将来ニーズの予測</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>次へ</strong>1.5. セキュリティ・アップデート</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html
new file mode 100644
index 0000000..0f50e66
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip 暗号化アーカイブ" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="4.2.4.3. ステップ・バイ・ステップの使い方の説明" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="4.2.4.5. 重要なこと" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI">4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法</h4></div></div></div><div class="para">
+ 7-Zip アーカイブは他のいろいろなアーカイブと同じように GUI から展開できます。しかし、セキュアな 7-Zip アーカイブを作成するには、いくつかの手順が必要です。
+ </div><div class="para">
+ 以下のこれらの説明により、"ドキュメント" ディレクトリを圧縮したり暗号化したりすることができるでしょう。元の "ディレクトリ" はそのまま残ります。この技術はファイルシステムにおいてアクセスすることができるすべてのディレクトリとファイルに適用できます。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ファイルブラウザーを開きます: アクティビティ -> ファイル をクリックします
+ </div></li><li class="listitem"><div class="para">
+ "ドキュメント" フォルダーを右クリックします
+ </div></li><li class="listitem"><div class="para">
+ "圧縮" オプションを選択します
+ </div></li><li class="listitem"><div class="para">
+ ファイル拡張子として ".7z" を選択します
+ </div></li><li class="listitem"><div class="para">
+ "他のオプション" を展開します
+ </div></li><li class="listitem"><div class="para">
+ "ファイル一覧も暗号化する" をクリックします
+ </div></li><li class="listitem"><div class="para">
+ パスワードの項目にパスワードを入力します
+ </div></li><li class="listitem"><div class="para">
+ "作成" ボタンをクリックします
+ </div></li></ul></div><div class="para">
+ これでホームディレクトリーに "Documents.7z" ファイルができたことを確認できます。ファイルを開きたいならば、アーカイブの内容が表示される前にアーカイブのパスワードを尋ねられます。一度正しいパスワードが提供されると、ファイルが開きます。そうすると、アーカイブは通常通り操作できます。"Documents.7z" ファイルを削除することにより、この練習を終えて、コンピューターを元の状態に戻します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>戻る</strong>4.2.4.3. ステップ・バイ・ステップの使い方の説明</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>次へ</strong>4.2.4.5. 重要なこと</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
new file mode 100644
index 0000000..d20b7ca
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.2. ステップ・バイ・ステップのインストールの説明</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip 暗号化アーカイブ" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip 暗号化アーカイブ" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="4.2.4.3. ステップ・バイ・ステップの使い方の説明" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_ri
ght.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">4.2.4.2. ステップ・バイ・ステップのインストールの説明</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 端末を開きます: <code class="code">アプリケーション -> システムツール -> 端末</code>をクリックします。または、GNOME 3 において<code class="code">アクティビティ -> アプリケーション -> 端末</code>をクリックします。
+ </div></li><li class="listitem"><div class="para">
+ sudo アクセスで 7-Zip をインストールします: <code class="code">sudo yum install p7zip</code>
+ </div></li><li class="listitem"><div class="para">
+ 端末を閉じます: <code class="code">exit</code>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>戻る</strong>4.2.4. 7-Zip 暗号化アーカイブ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>次へ</strong>4.2.4.3. ステップ・バイ・ステップの使い方の説明</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
new file mode 100644
index 0000000..4a46334
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.5. 重要なこと</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip 暗号化アーカイブ" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html" title="4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">4.2.4.5. 重要なこと</h4></div></div></div><div class="para">
+ 7-Zip は Microsoft Windows や Mac OS X にデフォルトで同梱されていません。それらのプラットフォームにおいて 7-Zip ファイルを使用したいならば、それらのコンピュータに適切なバージョンの 7-Zip をインストールする必要があります。7-Zip <a href="http://www.7-zip.org/download.html">download page</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>戻る</strong>4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>次へ</strong>4.2.5. GNU Privacy Guard (GnuPG) の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
new file mode 100644
index 0000000..bc5fcab
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4.3. ステップ・バイ・ステップの使い方の説明</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip 暗号化アーカイブ" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="4.2.4.2. ステップ・バイ・ステップのインストールの説明" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html" title="4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">4.2.4.3. ステップ・バイ・ステップの使い方の説明</h4></div></div></div><div class="para">
+ 以下のこれらの説明により、"ドキュメント" ディレクトリを圧縮したり暗号化したりすることができるでしょう。元の "ディレクトリ" はそのまま残ります。この技術はファイルシステムにおいてアクセスすることができるすべてのディレクトリとファイルに適用できます。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 端末を開きます:<code class="code">アプリケーション -> システムツール -> 端末</code> をクリックします
+ </div></li><li class="listitem"><div class="para">
+ 圧縮または暗号化します: (プロンプトが出たときにパスワードを入力します) <code class="code">7za a -mhe=on -ms=on -p Documents.7z Documents/</code>
+ </div></li></ul></div><div class="para">
+ これで "ドキュメント" ディレクトリが圧縮され暗号化されます。以下の説明はアーカイブをどこか新しい場所に移動して、それを解凍します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 新しいディレクトリを作成します: <code class="code">mkdir newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ 暗号化ファイルを移動します: <code class="code">mv Documents.7z newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ 新しいディレクトリへ移動します: <code class="code">cd newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ ファイルを解凍します: (プロンプトが出たときにパスワードを入力します) <code class="code">7za x Documents.7z</code>
+ </div></li></ul></div><div class="para">
+ これでアーカイブは新しい場所に解凍されます。以下の説明はこれまでのステップをすべてクリーンアップして、その前の状態にコンピュータを復元します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ディレクトリを上がります: <code class="code">cd ..</code>
+ </div></li><li class="listitem"><div class="para">
+ テストのアーカイブとテストの解凍したものを削除します: <code class="code">rm -r newplace</code>
+ </div></li><li class="listitem"><div class="para">
+ 端末を閉じます: <code class="code">exit</code>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>戻る</strong>4.2.4.2. ステップ・バイ・ステップのインストールの説明</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-GUI.html"><strong>次へ</strong>4.2.4.4. GUI からセキュアな 7-Zip アーカイブを作成する方法</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
new file mode 100644
index 0000000..136f5da
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.4. 7-Zip 暗号化アーカイブ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. 動作しているデータ" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="4.2.3.5. 興味のリンク" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="4.2.4.2. ステップ・バイ・ステップのインストールの説明" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">4.2.4. 7-Zip 暗号化アーカイブ</h3></div></div></div><div class="para">
+ <a href="http://www.7-zip.org/">7-Zip</a> は、アーカイブのコンテンツを保護するために強力な暗号(AES-256)も使用できる、クロスプラットフォームで次世代のファイル圧縮ツールです。異なるオペレーティングシステム(たとえば、自宅の Linux と会社の Windows)を使用する複数のコンピュータ間でデータを移送する必要があり、持ち運び可能な暗号化ソリューションが欲しいとき、これは非常に有用です。
+ </div><div class="section" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">4.2.4.1. Fedora における 7-Zip のインストール</h4></div></div></div><div class="para">
+ 7-Zip は Fedora の base パッケージではありませんが、ソフトウェアリポジトリで入手可能です。一度インストールすると、特別な注意を必要とせず、お使いのコンピュータにおいて更新パッケージを入手できるでしょう。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>戻る</strong>4.2.3.5. 興味のリンク</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>次へ</strong>4.2.4.2. ステップ・バイ・ステップのインストールの説明</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
new file mode 100644
index 0000000..0e33294
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.7. 公開鍵暗号化について</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html" title="4.2.5.6. Thunderbird を用いた GPG の使用" /><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="第5章 情報セキュリティの一般原則" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">4.2.5.7. 公開鍵暗号化について</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>戻る</strong>4.2.5.6. Thunderbird を用いた GPG の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>次へ</strong>第5章 情報セキュリティの一般原則</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
new file mode 100644
index 0000000..d39b160
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.3. コマンドラインを用いた GPG 鍵の生成</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="4.2.5.2. KDE における GPG キーの生成" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html" title="4.2.5.4. Alpine での GPG の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">4.2.5.3. コマンドラインを用いた GPG 鍵の生成</h4></div></div></div><div class="para">
+ 次のシェルコマンドを使用します: <code class="code">gpg --gen-key</code>
+ </div><div class="para">
+ このコマンドは、公開鍵と秘密鍵で構成される鍵ペアを生成します。他の人々は、あなたのコミュニケーションを認証かつ/または復号するためにあなたの公開鍵を使用します。できる限り、あなたの公開鍵を配布します(メーリングリストのように、あなたから認証されたコミュニケーションを受け取りたいと考える、あなたが知っている人に対してとくに)。たとえば、Fedora Documentation Project は自己紹介において GPG 公開鍵を含めるよう参加者に対してお願いしています。
+ </div><div class="para">
+ 一連のプロンプトがプロセスを通してあなたに指示をします。必要に応じて初期値を割り当てるために <code class="code">Enter</code> キーを押します。1番目のプロンプトは、あなたが必要とする鍵の種類を選択するよう尋ねます。
+ </div><div class="para">
+
+<pre class="screen">作成したい鍵の種類を選択してください:
+ (1) RSA および RSA (初期値)
+ (2) DSA および Elgamal
+ (3) DSA (署名のみ)
+ (4) RSA (署名のみ)
+ どれにしますか?</pre>
+ ほとんどすべての場合において、初期値が正しい選択です。RSA 鍵は通信を署名するだけではなく、ファイルを暗号化できます。
+ </div><div class="para">
+ 次に、鍵の大きさを選択します:
+<pre class="screen">RSA 鍵は 1024 ~ 4096 ビットの長さにできます。
+鍵の大きさをどうしますか? (2048)</pre>
+ 再び、初期値はほとんどすべてのユーザーにとって十分です。強いレベルのセキュリティを意味します。
+ </div><div class="para">
+ 次に、鍵がいつ失効するのかを選択します。標準の "none" を使用する代わりに、失効日を選択することは素晴らしい考えです。たとえば、鍵にある電子メールアドレスが無効になると、失効日により他者が公開鍵の使用を止めることに気がつきます。
+ </div><div class="para">
+
+<pre class="screen">鍵の有効期間を指定してください。
+ 0 = 失効しません
+ d = n 日後に失効します
+ w = n 週間後に失効します
+ m = n か月後に失効します
+ y = n 年後に失効します
+ 鍵をどの期間だけ有効にしますか? (0)</pre>
+
+ </div><div class="para">
+ たとえば、<code class="code">1y</code> の値を入力すると、鍵が1年間有効になります。(もし気が変わると、鍵を生成した後でこの失効日を変更できます。)
+ </div><div class="para">
+ <code class="code">gpg</code> プログラムは署名情報を尋ねる前に、以下のプロンプトが表れます: <code class="code">Is this correct (y/n)?</code> プロセスを終わらせるために、 <code class="code">y</code> を入力します。
+ </div><div class="para">
+ 次に、名前と電子メールアドレスを入力します。このプロセスは実在の個人として認証することに関するものであると覚えてください。このため、実際の名前を含めます。アイデンティティを偽装するかわかりにくくするので、エイリアスやハンドルを使いません。
+ </div><div class="para">
+ GPG キーの電子メール実アドレスを入力します。偽の電子メールアドレスを選択すると、他者があなたの公開鍵を見つけることがより難しくなります。これはコミュニケーションを認証することを難しくします。たとえば、メーリングリストにおいて [[DocsProject/SelfIntroduction| self-introduction]] に対してこの GPG キーを使用していると、そのリストにおいて使用する電子メールアドレスを入力します。
+ </div><div class="para">
+ コメント・フィールドをエイリアスや他の情報を含めるために使用します。(ある人々は異なる目的に対して異なる鍵を使用します。そして、"オフィス" や "オープンソース・プロジェクト" のようなコメントを用いてそれぞれの鍵を識別します。)
+ </div><div class="para">
+ すべてのエントリが正しければ、確認プロンプトにおいて、続けるために文字 O を入力します。もしくは、ある問題を修正するために他のオプションを使用します。最後に、秘密鍵に対するパスフレーズを入力します。<code class="code">gpg</code> プログラムはパスフレーズを2回入力するよう尋ね、入力エラーがないことを確実にします。
+ </div><div class="para">
+ 最終的に、<code class="code">gpg</code> はできる限り一意な鍵を作るためにランダムなデータを生成します。プロセスをスピードアップするためにこの手順の間、マウスを動かします、ランダムなキーを打ちます、もしくはシステムにおいて他のタスクを実行します。この手順が完了すると、鍵が完成し、使用する準備ができます:
+ </div><pre class="screen">
+pub 1024D/1B2AFA1C 2005-03-31 John Q. Doe (Fedora Docs Project) <jqdoe at example.com>
+Key fingerprint = 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C
+sub 1024g/CEA4B22E 2005-03-31 [expires: 2006-03-31]
+</pre><div class="para">
+ 鍵のフィンガープリントは、あなたの鍵のための短縮形の "署名" です。あなたの実際の公開鍵が改ざんされることなく受け取ったことを、他者へ確認できるようにします。このフィンガープリントを書き留めておく必要はありません。いつでもフィンガープリントを表示するために、このコマンドをあなたの電子メールアドレスに置き換えて使用します: <code class="code"> gpg --fingerprint jqdoe at example.com </code>
+ </div><div class="para">
+ "GPG キー ID" は、公開鍵を識別する16進8文字からなります。上の例において、GPG キー ID は 1B2AFA1C です。多くの場合、キー ID を問い合わせると、"0x1B2AFA1C" にあるように、キー ID の前に "0x" がつきます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ パスフレーズを忘れると、鍵を使うことができなくなり、その鍵を用いて暗号化されたデータが失われます。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>戻る</strong>4.2.5.2. KDE における GPG キーの生成</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>次へ</strong>4.2.5.4. Alpine での GPG の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
new file mode 100644
index 0000000..63d7193
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.2. KDE における GPG キーの生成</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="4.2.5.3. コマンドラインを用いた GPG 鍵の生成" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" />
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">4.2.5.2. KDE における GPG キーの生成</h4></div></div></div><div class="para">
+ メインメニューから アプリケーション > ユーティリティ > 暗号ツールを選択して KGpg プログラムを起動します。これまで KGpg を使用したことがなければ、プログラムがあなた自身の GPG 鍵ペアを生成するプロセスを詳しく説明します。ダイアログボックスは、新しい鍵ペアを生成するためのプロンプトを表示します。名前、電子メールアドレス、およびオプションのコメントを入力します。鍵の長さ(ビット数)とアルゴリズム同様、鍵が失効するまでの時間も選択できます。次のダイアログはパスフレーズに対するプロンプトが表示されます。このとき、あなたの鍵がメインの <code class="code">KGpg</code> ウィンドウに表示されます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ パスフレーズを忘れると、鍵を使うことができなくなり、その鍵を用いて暗号化されたデータが失われます。
+ </div></div></div><div class="para">
+ GPG キー ID を見つけるために、新しく生成された鍵の次に ''キー ID'' 列を見ます。多くの場合、キー ID を要求すると、"0x6789ABCD" のように鍵 ID の前に "0x" がつきます。秘密鍵のバックアップをとり、どこか安全な場所に保管するべきです。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>戻る</strong>4.2.5. GNU Privacy Guard (GnuPG) の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>次へ</strong>4.2.5.3. コマンドラインを用いた GPG 鍵の生成</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html
new file mode 100644
index 0000000..680dc93
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.4. Alpine での GPG の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="4.2.5.3. コマンドラインを用いた GPG 鍵の生成" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Evolution での GPG の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine">4.2.5.4. Alpine での GPG の使用</h4></div></div></div><div class="para">
+ 電子メールクライアント <span class="package">Alpine</span> または <span class="package">Pine</span> を使用していると、<span class="package">ez-pine-gpg</span> もダウンロードしてインストールする必要があります。このソフトウェアは現在 <a href="http://business-php.com/opensource/ez-pine-gpg/">http://business-php.com/opensource/ez-pine-gpg/</a> から入手可能です。一度 ez-pine-gpg をインストールすると、<code class="code">~/.pinerc</code> ファイルを修正する必要があります。以下が必要となります:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ /home/username/bin は、指定したインストール・パスで置き換えられるべきです。
+ </div></li><li class="listitem"><div class="para">
+ 2箇所において、_RECIPIENTS_ の後にある gpg-identifier はあなたの GPG 公開鍵の識別子で置き換えられるべきです。ここであなた自身の GPG 識別子を含める理由は、”Alice" へと暗号化されたメッセージを送るならば、メッセージはあなたの公開鍵も用いて暗号化されるからです。もしこれをしなければ、送信済みフォルダにあるメッセージを開けなくなり、あなた自身が書いたことを思い出せなくなります。
+ </div></li></ol></div><div class="para">
+ このように見えるでしょう:
+ </div><pre class="screen">
+# This variable takes a list of programs that message text is piped into
+# after MIME decoding, prior to display.
+display-filters=_LEADING("-----BEGIN PGP")_ /home/max/bin/ez-pine-gpg-incoming
+
+# This defines a program that message text is piped into before MIME
+# encoding, prior to sending
+sending-filters=/home/max/bin/ez-pine-gpg-sign _INCLUDEALLHDRS_,
+ /home/username/bin/ez-pine-gpg-encrypt _RECIPIENTS_ gpg-identifier,
+ /home/username/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_ gpg-identifier
+</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>戻る</strong>4.2.5.3. コマンドラインを用いた GPG 鍵の生成</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>次へ</strong>4.2.5.5. Evolution での GPG の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html
new file mode 100644
index 0000000..36b66a4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Evolution での GPG の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html" title="4.2.5.5.2. Evolution を用いた電子メールの検証" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html" title="4.2.5.6. Thunderbird を用いた GPG の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting">4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化</h5></div></div></div><div class="para">
+ 電子メールを署名すると、電子メールが本当にあなたからきたのかを受信者が確認できるようになります。FDP(および Fedora Project 全体)は、Fedora メーリングリストを含め、あなたが他の参加者への電子メールを署名できるようにします。電子メールを暗号化すると、あなたの受信者だけが電子メールを読めるようにします。ほとんどすべての人が読むことができないので、Fedora メーリングリストに暗号化された電子メールを送らないでください。
+ </div><div class="para">
+ 電子メールを編集しているとき、セキュリティを選択し、メッセージを署名するために PGP 署名を選択します。メッセージを暗号化するために、PGP 暗号を選択します。同じように暗号化されたメッセージを署名するかもしれません。それはグッドプラクティスです。Evolution はあなたの GPG キーのパスフレーズを入力するよう促します。(3回失敗すると Evolution はエラーを発生させます。)このセッションのリマインダのためにこのパスワードを記録するオプションを選択すると、Evolution を終了するか再起動するまで、署名や復号するために再びパスワードを使う必要はありません。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>戻る</strong>4.2.5.5.2. Evolution を用いた電子メールの検証</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html"><strong>次へ</strong>4.2.5.6. Thunderbird を用いた GPG の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html
new file mode 100644
index 0000000..a23addf
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5.2. Evolution を用いた電子メールの検証</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Evolution での GPG の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html" title="4.2.5.5. Evolution での GPG の使用" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html" title="4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"
><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying">4.2.5.5.2. Evolution を用いた電子メールの検証</h5></div></div></div><div class="para">
+ Evolution ã¯å
¥ã£ã¦ãã GPG ç½²åãããã¡ãã»ã¼ã¸ã®æå¹æ§ãèªåçã«ãã§ãã¯ãã¾ããEvolution ãå
¬ééµã失ãããï¼ã¾ãã¯ãæ¹ãããããï¼ããã«ã¡ãã»ã¼ã¸ã GPG æ¤è¨¼ã§ããªããã°ã赤ãããã¼ã§çµããã¾ããã¡ãã»ã¼ã¸ãæ¤è¨¼ããããããã¼ã«ã«ã«ãã°ãã¼ãã«ã«ããã¼ãç½²åãã¦ããªããã°ãããã¼ã¯é»è²ã§ããããã¡ãã»ã¼ã¸ãæ¤è¨¼ããã¦ããã¼ãç½²åããã¦ãããªãã°ãããã¼ã¯ç·è²ã§ããããã·ã¼ã«ã»ã¢ã¤ã³ã³ãã¯ãªãã¯ããã¨ããEvolution ã¯ç½²åã«é¢ããã»ãã¥ãªãã£æ
å ±ãããæã¤ãã¤ã¢ãã°ã表示ãã¾ããå
¬ééµããã¼ãªã³ã°ã«è¿½å ããããã«ããã¼ã®ææè
ã®é»åã¡ã¼ã«ã¢ãã¬ã¹ã§æ¤ç´¢æ©è½ã使ç¨ãã¾ã: <code class="code">gpg --keyserver pgp.mit.edu --search email address</code>ãæ£ãããã¼ãã¤ã³ãã¼ãããããã«ãEvolution ã«ã
ãæä¾ãããæ
å ±ãæã¤ãã¼ ID ã¨ä¸è´ãããå¿
è¦ãããããããã¾ããã
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html"><strong>戻る</strong>4.2.5.5. Evolution での GPG の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>次へ</strong>4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html
new file mode 100644
index 0000000..9165b15
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.5. Evolution での GPG の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html" title="4.2.5.4. Alpine での GPG の使用" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html" title="4.2.5.5.2. Evolution を用いた電子メールの検証" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>æ»ã</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>次ã¸</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution">4.2.5.5. Evolution ã§ã® GPG ã®ä½¿ç¨</h4></div></div></div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Configuring">4.2.5.5.1. Evolution ã¨ã¨ã«ä½¿ç¨ãããã
ã® GPG ã®è¨å®</h5></div></div></div><div class="para">
+ <span class="application"><strong>Evolution</strong></span> において使用するための GPG を設定するために、<span class="application"><strong>Evolution</strong></span> メインメニューから選択し、左パネルにある ツール、設定... を選択し、メール・アカウントを選択します。右パネルにおいて、Fedora Project のやり取りのために使う電子メールアカウントを選択します。そして、編集ボタンを選択します。<span class="application"><strong>Evolution</strong></span> アカウント・エディタのダイアログが表示されます。セキュリティ・タブを選択します。
+ </div><div class="para">
+ PGP/GPG キー ID フィールドにおいて、このアカウントの電子メールアドレスに対応する GPG キー ID を入力します。キー ID が何かはっきりしなければ、このコマンドを使用します: <code class="code">gpg --fingerprint EMAIL_ADDRESS</code>。キー ID はキーのフィンガープリントの後ろ8文字 (4 バイト) と同じです。暗号メールを送信するときは必ず自分自身へと暗号化するオプションをクリックすることは良いアイディアです。このアカウントを使用するとき、出ていくメッセージを常に署名するを選択したいかもしれません。
+ </div><div class="note"><div class="admonition_header"><h2>注意</h2></div><div class="admonition"><div class="para">
+ キーリングにおいて公開鍵を信頼されていると印をつけていないと、暗号化するときにキーリングにある鍵を常に信頼するオプションを選択するまで、それらの所有者への電子メールを暗号化することはできません。代わりに信頼性のチェックは失敗したことを意味するダイアログが表示されます。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Alpine.html"><strong>戻る</strong>4.2.5.4. Alpine での GPG の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Verifying.html"><strong>次へ</strong>4.2.5.5.2. Evolution を用いた電子メールの検証</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html
new file mode 100644
index 0000000..d957f53
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5.6. Thunderbird を用いた GPG の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="4.2.5. GNU Privacy Guard (GnuPG) の使用" /><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html" title="4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="4.2.5.7. 公開鍵暗号化について" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird">4.2.5.6. Thunderbird を用いた GPG の使用</h4></div></div></div><div class="para">
+ Fedora は thunderbird パッケージにおいて Mozilla Thunderbird を、また、mozilla-mail パッケージが Mozilla Suite 電子メールアプリケーションを含みます。Thunderbird は推奨された Mozilla 電子メールアプリケーションです。これは、デスクトップに アプリケーション > インターネット > Thunderbird Email として表れます。
+ </div><div class="para">
+ Mozilla 製品は、メインのアプリケーションに新しい機能を追加するプラグインである拡張機能をサポートします。Enigmail 拡張は Mozilla の email 製品に GPG サポートを提供します。Enigmail のバージョンは、Mozilla Thunderbird と Mozilla Suite (Seamonkey) 両方に対して存在します。AOL の Netscape ソフトウェアは Mozilla 製品に基づき、この拡張も使用します。
+ </div><div class="para">
+ Fedora システムに Enigmail をインストールするために、以下で与えられる説明に従います。
+ </div><div class="para">
+ Enigmail は、メニュー項目とオプションにおいて OpenPGP という語を使用します。GPG は OpenPGP の実装であり、同じ意味として語を扱えます。
+ </div><div class="para">
+ Enigmail のホームページは <a href="http://enigmail.mozdev.org/download.html">http://enigmail.mozdev.org/download.html</a> です。
+ </div><div class="para">
+ このページは Enigmail と GPG のアクションのスクリーンショットを提供します: <a href="http://enigmail.mozdev.org/screenshots.html">http://enigmail.mozdev.org/screenshots.html</a>.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Thunderbird-Installing_Enigmail">4.2.5.6.1. Enigmail のインストール</h5></div></div></div><div class="para">
+ Enigmail は Fedora リポジトリにおいて利用可能です。コマンドラインで <code class="code">yum install thunderbird-enigmail</code> と入力することで、インストールできます。<code class="code">システム -> 管理 -> ソフトウェアの追加/削除</code>により、<span class="package">thunderbird-enigmail</span> をインストールできます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Using_GPG_with_Evolution-Signing_and_Encrypting.html"><strong>戻る</strong>4.2.5.5.3. Evolution を用いた電子メールの署名と暗号化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>次へ</strong>4.2.5.7. 公開鍵暗号化について</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html
new file mode 100644
index 0000000..0fcd3dd
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Encryption-Using_GPG.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.5. GNU Privacy Guard (GnuPG) の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. 動作しているデータ" /><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="4.2.4.5. 重要なこと" /><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="4.2.5.2. KDE における GPG キーの生成" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Encryption-Using_GPG" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG">4.2.5. GNU Privacy Guard (GnuPG) の使用</h3></div></div></div><div class="para">
+ <span class="application"><strong>GnuPG</strong></span> (GPG) は、あなた自身を識別したり、あなたのコミュニケーション(あなたが知らない人とのものを含みます)を認証したり、するために使われます。GPG は GPG 署名された email を読んだ人がその真正性を検証できるようにします。言い換えると、GPG は、あなたにより署名されたコミュニケーションが実際にあなたからであることを、かなり確かであることを可能にします。第三者がコードを変更したり、会話を横取りしたり、メッセージを変更したりするのを防ぐ助けになるので、GPG は有用です。
+ </div><div class="para">
+ GPG は、コンピューターやネットワーク・ドライブに保存されているファイルを署名かつ/または暗号化するために使うこともできます。これにより、ファイルが認可されていない人により改ざんまたは読み込まれるのを防ぐという、さらなる保護を追加できます。
+ </div><div class="para">
+ To utilize GPG for authentication or encryption of email you must first generate your public and private keys. After generating the keys you will have to setup your email client to utilize them.
+ </div><div class="section" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">4.2.5.1. GNOME における GPG キーの生成</h4></div></div></div><div class="para">
+ Seahorse ユーティリティにより GPG 鍵管理が容易になります。コマンド <code class="code">su -c "yum install seahorse"</code> または<span class="application"><strong>ソフトウェアの追加/削除</strong></span>を使用した GUI において、<span class="package">Seahorse</span> をインストールできます。
+ </div><div class="para">
+ 鍵を作成するには <span class="application"><strong>パスワードと暗号鍵</strong></span> を選択します。これによりアプリケーション <span class="application"><strong>Seahorse</strong></span> が起動します。<code class="code">ファイル</code>メニューから<code class="code">新規</code>を選択します。そして、<code class="code">PGP キー</code>を選択し、<code class="code">続ける</code>を選択します。あなたが誰であるかを表す、フルネーム、電子メールアドレス、およびオプションのコメント (例: John C. Smith, jsmith at example.com, 男性) を入力します。<code class="code">作成</code>を選択します。鍵のパスフレーズを問い合わせるダイアログが表示されます。強力なパスフレーズですが、覚えやすいものを選択します。<code class="code">OK</code> をクリックすると、鍵が作成されます。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ パスフレーズを忘れると、鍵を使うことができなくなり、その鍵を用いて暗号化されたデータが失われます。
+ </div></div></div><div class="para">
+ GPG キー ID を見つけるために、新しく生成された鍵の次に ''キー ID'' 列を見ます。多くの場合、キー ID を要求すると、"0x6789ABCD" のように鍵 ID の前に "0x" がつきます。秘密鍵のバックアップをとり、どこか安全な場所に保管するべきです。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>戻る</strong>4.2.4.5. 重要なこと</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>次へ</strong>4.2.5.2. KDE における GPG キーの生成</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
new file mode 100644
index 0000000..b5eba82
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.5. 将来ニーズの予測</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. ツールの評価" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.3.3.4. VLAD the Scanner" /><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. 一般的なエクスプロイトと攻撃" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.3.3.5. 将来ニーズの予測</h4></div></div></div><div class="para">
+ ターゲットよリソースに依存して、利用可能な多くのツールがあります。無線ネットワーク、Novell ネットワーク、Windows システム、Linux システムなどに対するツールがあります。アセスメントを実行することの他の重要な部分は、物理セキュリティ、人事選考、または音声/PBX ネットワークのアセスメントをレビューすることを含めるかもしれません。無線ネットワークの脆弱性のために企業の物理構造の境界線をスキャンするこを含む、<em class="firstterm">war walking</em> のような新しい概念は、必要に応じてアセスメントに組み込み調査をできるいくつかの持ち上がってきている概念です。想像と露出は脆弱性のアセスメントを計画および実施のみに制限されます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>戻る</strong>1.3.3.4. VLAD the Scanner</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>次へ</strong>1.4. 一般的なエクスプロイトと攻撃</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html
new file mode 100644
index 0000000..cf16e56
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nessus.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.2. Nessus</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. ツールの評価" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. ツールの評価" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.3.3.3. Nikto" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nessus"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.3.3.2. Nessus</h4></div></div></div><div class="para">
+ Nessus は完全なサービス・セキュリティ・スキャナーです。Nessus のプラグイン・アーキテクチャーはユーザーがシステムやネットワークのためにカスタマイズできるようにします。あらゆるスキャナーと同じように、Nessus は依存するシグネチャー・データベースのみと同じくらいだけ素晴らしいです。幸運にも、Nessus は頻繁にアップデートされ、完全なレポート、ホスト・スキャン、およびリアルタイムの脆弱性検索の機能を持ちます。Nessus のようにパワフルで頻繁に更新されるツールでさえ、フォールス・ポジティブやフォールス・ネガティブがある可能性があることを覚えておいてください。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Nessus ソフトウェアのクライアントとサーバーは Fedora リポジトリに含まれますが、使用するためのサブスクリプションが必要になります。この人気のあるアプリケーションを使用することに興味があるユーザーのための参考情報として、このドキュメントに含まれます。
+ </div></div></div><div class="para">
+ Nessus に関する詳細は、以下の URL にある公式ウェブサイトを参照してください。
+ </div><div class="para">
+ <a href="http://www.nessus.org/">http://www.nessus.org/</a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>戻る</strong>1.3.3. ツールの評価</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>次へ</strong>1.3.3.3. Nikto</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html
new file mode 100644
index 0000000..5639f3d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-Nikto.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.3. Nikto</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. ツールの評価" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.3.3.2. Nessus" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.3.3.4. VLAD the Scanner" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Nikto"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.3.3.3. Nikto</h4></div></div></div><div class="para">
+ Nikto は優れた CGI (common gateway interface) スクリプト・スキャナーです。Nikto は CGI の脆弱性に対するチェックだけではなく、侵入検知システムを回避するために曖昧な方法で実行します。プログラムを実行するに先立って注意深くレビューされるべき完全なドキュメントがついています。ウェブサーバーが CGI スクリプトを取り扱っているならば、Nikto はこれらのサーバーのセキュリティをチェックするための優れたリソースになるでしょう。
+ </div><div class="para">
+ Nikto の詳細については、以下の URL を参照してください:
+ </div><div class="para">
+ <a href="http://www.cirt.net/code/nikto.shtml">http://www.cirt.net/code/nikto.shtml</a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>戻る</strong>1.3.3.2. Nessus</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>次へ</strong>1.3.3.4. VLAD the Scanner</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
new file mode 100644
index 0000000..475603e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3.4. VLAD the Scanner</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. ツールの評価" /><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.3.3.3. Nikto" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.3.3.5. 将来ニーズの予測" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.3.3.4. VLAD the Scanner</h4></div></div></div><div class="para">
+ VLAD は Bindview 社の <acronym class="acronym">RAZOR</acronym> チームにより開発された脆弱性スキャナーです。それは、一般的なセキュリティ問題(SNMP の問題、ファイル共有の問題など)の SANS Top Ten リストに対するチェックをします。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ VLAD は Fedora に含まれず、サポートされません。この一般的なアプリケーションを使用することに興味があるユーザーのために参考としてこのドキュメントに含めています。
+ </div></div></div><div class="para">
+ VLAD の詳細は、以下の URL にある RAZOR チームのウェブサイトで見つけられます:
+ </div><div class="para">
+ <a href="http://www.bindview.com/Support/Razor/Utilities/">http://www.bindview.com/Support/Razor/Utilities/</a>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>戻る</strong>1.3.3.3. Nikto</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>次へ</strong>1.3.3.5. 将来ニーズの予測</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
new file mode 100644
index 0000000..e7310c6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5.3. DMZ と IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD および NAT ルール" /><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="3.8.5.2. プレルーティング" /><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">3.8.5.3. DMZ と IPTables</h4></div></div></div><div class="para">
+ 特定のマシン(<em class="firstterm">demilitarized zone</em> (<acronym class="acronym">DMZ</acronym>) にある専用の HTTP や FTP のサーバのような)へのトラフィックをルートするために <code class="command">iptables</code> ルールを作成することもできます。<acronym class="acronym">DMZ</acronym> は、インターネットのような公のキャリアにおいてサービスを提供することを専用とする、特別なローカル・サブネットワークです。
+ </div><div class="para">
+ たとえば、10.0.4.2にある(LANの192.168.1.0/24範囲の外にある)専用の HTTP サーバへ入力 HTTP リクエストをルーティングするためのルールをセットするために、NAT は適切な宛て先へパケットを転送するために <code class="computeroutput">PREROUTING</code> テーブルを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.4.2:80</pre><div class="para">
+ このコマンドを用いると、LAN の外からポート80へのすべての HTTP コネクションは内部ネットワークの他の部分から分離されたネットワークにある HTTP サーバへとルートされます。ネットワーク・セグメントのこの形態は、ネットワークにあるマシンへ HTTP コネクションを許可するよりは安全であることがわかります。
+ </div><div class="para">
+ HTTP サーバがセキュアな接続を受け付けるよう設定されていると、ポート443も同じように転送されなければいけません。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>戻る</strong>3.8.5.2. プレルーティング</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>次へ</strong>3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
new file mode 100644
index 0000000..ac6ce44
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5.2. プレルーティング</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD および NAT ルール" /><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD および NAT ルール" /><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="3.8.5.3. DMZ と IPTables" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">3.8.5.2. プレルーティング</h4></div></div></div><div class="para">
+ 外部から利用可能にしたいと思っている、内部ネットワークにあるサーバを持っているならば、内部サービスへの接続を要求している入力パケットが転送される宛て先 IP アドレスとポートを指定するために、NAT において PREROUTING チェインの <code class="option">-j DNAT</code> ターゲットを使用できます。
+ </div><div class="para">
+ たとえば、入力 HTTP リクエストを 172.31.0.23 にある専用の Apache HTTP Server に転送したいならば、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80</pre><div class="para">
+ このルールは <acronym class="acronym">nat</acronym> テーブルがリストされた宛て先 IP アドレス 172.31.0.23 への入力 HTTP リクエストだけを転送するために組み込み PREROUTING を使用するよう指定しています。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ FORWARD チェインにおいて DROP のデフォルト・ポリシーを持っていると、宛て先 NAT ルーティングができるよう、すべての入力 HTTP リクエストを転送するルールを追加しなければなりません。
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT</pre><div class="para">
+ このルールは、すべての入力 HTTP リクエストがファイアウォールから意図した宛て先(ファイアウォールの後ろにある Apache HTTP Server)へと転送します。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>戻る</strong>3.8.5. FORWARD および NAT ルール</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>次へ</strong>3.8.5.3. DMZ と IPTables</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html
new file mode 100644
index 0000000..000dfa4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Additional_Resources.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.9. 追加のリソース</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="3.8.8. IPv6" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="3.8.9.2. 有用なファイアウォールのウェブサイト" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a access
key="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">3.8.9. 追加のリソース</h3></div></div></div><div class="para">
+ 本章では取り扱うことができない、ファイアウォールと Linux Netfilter サブシステムのいくつかの観点があります。詳細は以下のリソースを参照してください。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">3.8.9.1. インストールされているファイアウォールのドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 多くのコマンド・オプションの定義を含め、<code class="command">iptables</code> コマンドに関する詳細は、<a class="xref" href="sect-Security_Guide-IPTables.html">「IPTables」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">iptables</code> マニュアル・ページはさまざまなオプションの概要を含みます。
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>戻る</strong>3.8.8. IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>次へ</strong>3.8.9.2. 有用なファイアウォールのウェブサイト</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
new file mode 100644
index 0000000..e891355
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.2. 基本的なファイアウォールの設定</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="3.8.2.2. ファイアウォールの有効化および無効化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">3.8.2. 基本的なファイアウォールの設定</h3></div></div></div><div class="para">
+ ただ、ビルにおける防火壁(ファイアウォール)は火が拡散するのを防ごうとするように、コンピュータのファイアウォールは悪意のあるソフトウェアがあなたのコンピュータへと拡散するのを防ごうとします。認可されないユーザーがコンピュータへアクセスするのを防ぐ助けにもなります。
+ </div><div class="para">
+ デフォルトの Fedora インストールでは、ファイアウォールは、あなたのコンピュータまたはネットワークとあらゆる信頼されないネットワーク(たとえば、インターネット)の間に存在します。コンピュータのどのサービスがリモート・ユーザーからアクセス可能であるかを決めます。適切に設定されたファイアウォールはシステムのセキュリティを非常に向上させます。インターネット接続をするすべての Fedora システムに対してファイアウォールを設定することが推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">3.8.2.1. <span class="application"><strong>ファイアウォール管理ツール</strong></span></h4></div></div></div><div class="para">
+ Fedora インストールの<span class="guilabel"><strong>ファイアウォールの設定</strong></span>画面の間、基本的なファイアウォールを有効にするためだけでなく、特定のデバイス、サービス、およびポートを許可するには、オプションが与えられます。
+ </div><div class="para">
+ インストール後、<span class="application"><strong>ファイアウォール管理ツール</strong></span>を使用することでこの設定を変更できます。
+ </div><div class="para">
+ このアプリケーションを起動するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # system-config-firewall</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewall_config.png" width="444" alt="ファイアウォール管理ツール" /><div class="longdesc"><div class="para">
+ セキュリティ・レベルの設定
+ </div></div></div></div><h6>図3.10 <span class="application">ファイアウォール管理ツール</span></h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <span class="application"><strong>ファイアウォール管理ツール</strong></span>は基本的なファイアウォールのみを設定します。システムがより複雑なルールを必要とするならば、具体的な <code class="command">iptables</code> ルールを設定するために、<a class="xref" href="sect-Security_Guide-IPTables.html">「IPTables」</a> を参照してください。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>戻る</strong>3.8. ファイアウォール</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>次へ</strong>3.8.2.2. ファイアウォールの有効化および無効化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
new file mode 100644
index 0000000..98fc810
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.4. 一般的な IPTables フィルタ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="3.8.3.3. IPTables ルールの保存と復元" /><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="3.8.5. FORWARD および NAT ルール" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"
><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">3.8.4. 一般的な IPTables フィルタ</h3></div></div></div><div class="para">
+ リモート攻撃者が LAN にアクセスするのを防ぐことは、ネットワーク・セキュリティの最も重要な観点の1つです。LAN の完全性は、厳しいファイアウォール・ルールの使用を通して、悪意のあるリモート・ユーザーから保護されるべきです。
+ </div><div class="para">
+ しかしながら、すべての入力、出力、転送パケットをブロックするためにセットされるデフォルトのポリシーを用いて、ファイアウォール/ゲートウェイと内部 LAN ユーザーがお互いにまたは外部のリソースとコミュニケーションをすることは不可能です。
+ </div><div class="para">
+ ユーザーがネットワーク関連の機能を実行すること、およびネットワーク・アプリケーションを使用することを許可するために、管理者はコミュニケーション用の特定のポートを開かなければいけません。
+ </div><div class="para">
+ たとえば、<span class="emphasis"><em>ファイアウォールにおける</em></span>ポート80へのアクセスを許可するために、以下のルールを追加します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</pre><div class="para">
+ これはユーザーが標準的なポート80を使用して通信するウェブサイトをブラウズできるようにします。セキュアなウェブサイト(たとえば、https://www.example.com/)へのアクセスを許可するために、以下のようにポート443へのアクセスを提供する必要もあります:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">iptables</code> ルールセットを作成しているとき、順番は重要です。
+ </div><div class="para">
+ ルールが192.168.100.0/24 サブネットからのパケットをすべて廃棄することを指定するならば、これは192.168.100.13(廃棄されるサブネットに含まれます)からのパケットを許可するルールにより続けられます、そして2番目のルールは無視されます。
+ </div><div class="para">
+ 192.168.100.13 からのパケットを許可するルールは、サブネットの残りを廃棄するルールより先になければいけません。
+ </div><div class="para">
+ 既存のチェインにおいて特定の位置にルールを追加するために、<code class="option">-I</code> オプションを使用します。たとえば:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT</pre><div class="para">
+ このルールは、ローカルの loopback デバイスのトラフィックを許可するために、INPUT チェインの最初のルールとして挿入されます。
+ </div></div></div><div class="para">
+ LAN へとリモートアクセスする必要があるときがあるかもしれません。セキュアなサービス、たとえば SSH は LAN サービスへのリモート接続を暗号化するために使われます。
+ </div><div class="para">
+ PPP ベースのリソース(集合モデムや ISP アカウントのような)を持つ管理者は、ダイヤルアップ・アクセスがファイアウォールのバリアを安全に回避するために使われる可能性があります。それらは直接接続されるので、モデム接続は一般的にファイアウォール/ゲートウェイの後ろ側になります。
+ </div><div class="para">
+ しかしながら、ブロードバンド接続を持つリモート・ユーザーのために、特別な場合が作られる可能性があります。リモート・クライアントからの接続を受け付けるために <code class="command">iptables</code> を設定できます。たとえば、以下のルールはリモート SSH アクセスを許可します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+[root at myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT</pre><div class="para">
+ これらのルールは、インターネットまたはファイアウォール/ゲートウェイに直接接続された単独の PC のような、個々のシステムに対して入力および出力を許可します。しかし、ファイアウォール/ゲートウェイの後ろにあるノードがこれらのサービスにアクセスすることは許可しません。LAN アクセスがこれらのサービスにアクセスできるようにするために、<code class="command">iptables</code> フィルタ・ルールを用いて <em class="firstterm">Network Address Translation</em> (<acronym class="acronym">NAT</acronym>) を使うことができます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>戻る</strong>3.8.3.3. IPTables ルールの保存と復元</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>次へ</strong>3.8.5. FORWARD および NAT ルール</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
new file mode 100644
index 0000000..65e2cc8
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.5. FORWARD および NAT ルール</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="3.8.4. 一般的な IPTables フィルタ" /><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="3.8.5.2. プレルーティング" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">3.8.5. <code class="computeroutput">FORWARD</code> および <acronym class="acronym">NAT</acronym> ルール</h3></div></div></div><div class="para">
+ 多くの ISP は、取り扱う組織に対して制限された数の公にルーティング可能な IP アドレスのみを提供します。
+ </div><div class="para">
+ そのため、管理者は LAN にあるすべてのノードへパブリック IP アドレスを与えることなく、インターネット・サービスへのアクセスを共有するために代わりの方法を見つけなければいけません。
+ </div><div class="para">
+ エッジ・ルータ(ファイアウォールのような)はインターネットからの入力される通信を受け取り、パケットを意図した LAN ノードにルートできます。同時に、ファイアウォール/ゲートウェイは LAN ノードからリモート・インターネット・サービスへの出力リクエストもルートできます。
+ </div><div class="para">
+ ネットワーク・トラフィックのこのフォワーディングは、ときどき危険になる可能性があります。とくに、<span class="emphasis"><em>内部</em></span> IP アドレスを偽装し、リモート攻撃者のマシンが LAN にあるノードのように振舞う、最近のクラック・ツールが利用可能なときです。
+ </div><div class="para">
+ これを防ぐために、<code class="command">iptables</code> は、ネットワーク・リソースの異常な使用方法を防ぐために実装される、ルーティングおよびフォワーディングのポリシーを提供します。
+ </div><div class="para">
+ <code class="computeroutput">FORWARD</code> チェインは管理者がどのパケットを LAN の中でルーティングするかを制御できるようにします。たとえば、LAN 全体に対してフォワーディングできるようにするために(ファイアウォール/ゲートウェイが eth1 において内部 IP アドレスを割り当てられていると仮定します)、以下のルールを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT
+[root at myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT</pre><div class="para">
+ このルールにより、ファイアウォール/ゲートウェイの後ろにあるシステムが内部ネットワークへアクセスできるようになります。ゲートウェイは、<code class="filename">eth1</code> デバイスを経由するすべてのパケットを通過させ、LAN ノードからのパケットを意図した宛て先ノードへとルートします。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Fedora カーネルにおける IPv4 ポリシーは、デフォルトで IP フォワーディングのサポートを無効にしています。これにより、Fedora を実行しているマシンが専用のエッジ・ルータとして機能することを防ぎます。
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</pre><div class="para">
+ この設定変更は現在のセッションに対してのみ有効です。リブートや network サービスの再起動を超えて永続化されません。永続的に IP フォワーディングをセットするために、以下のように <code class="filename">/etc/sysctl.conf</code> を編集します:
+ </div><div class="para">
+ 以下の行を置きます:
+ </div><pre class="screen">net.ipv4.ip_forward = 0</pre><div class="para">
+ 読み込むために以下のように編集します:
+ </div><pre class="screen">net.ipv4.ip_forward = 1</pre><div class="para">
+ <code class="filename">sysctl.conf</code> ファイルへの変更を有効にするために以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # sysctl -p /etc/sysctl.conf</pre></div></div><div class="section" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Postrouting_and_IP_Masquerading">3.8.5.1. ポストルーティングと IP マスカレード</h4></div></div></div><div class="para">
+ ファイアウォールの内部 IP デバイスを経由して転送されたパケットを受け付けることにより、LAN ノードがお互いにコミュニケーションできるようになります。しかしながら、まだインターネットへの外部のコミュニケーションはできません。
+ </div><div class="para">
+ プライベート IP アドレスを持つ LAN ノードが外部のパブリック・ネットワークと通信できるようにするために、<em class="firstterm">IP マスカレード</em>用にファイアウォールを設定します。これは、LAN ノードからのリクエストをファイアウォールの外部デバイス(この場合、eth0)の IP アドレスで隠します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre><div class="para">
+ このルールは、NAT パケットのマッチング・テーブル (<code class="option">-t nat</code>) を使用し、ファイアウォールの外部ネットワーク・デバイス (<code class="option">-o eth0</code>) において、NAT に対して組み込み POSTROUTING チェイン (<code class="option">-A POSTROUTING</code>) を指定します。
+ </div><div class="para">
+ POSTROUTING は、すべてのパケットがファイアウォールの外部デバイスを出ていくときに変更できるようにします。
+ </div><div class="para">
+ <code class="option">-j MASQUERADE</code> ターゲットは、ノードのプライベート IP アドレスをファイアウォール/ゲートウェイの外部 IP アドレスで隠すよう指定します。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>戻る</strong>3.8.4. 一般的な IPTables フィルタ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>次へ</strong>3.8.5.2. プレルーティング</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
new file mode 100644
index 0000000..7caddcf
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.7. IPTables とコネクション追跡</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス" /><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="3.8.8. IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="
previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">3.8.7. IPTables とコネクション追跡</h3></div></div></div><div class="para">
+ <em class="firstterm">コネクション状態</em>に基づいたサービスへの接続を検査して制限することができます。<code class="command">iptables</code> の中にあるモジュールは、入力コネクションに関する情報を保存するために、<em class="firstterm">コネクション追跡</em>と呼ばれる方法を使用します。以下のコネクション状態に基づいてアクセスを許可または拒否することができます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — HTTP リクエストのような新しい接続をリクエストするパケット。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — 既存の接続の一部であるパケット。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — 新規コネクションをリクエストしているが、既存のコネクションの一部であるパケット。たとえば、FTP はコネクションを確立するためにポート 21 を使用しますが、データは異なるポート(一般的にポート20)において転送されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — コネクション追跡テーブルにおいてコネクションが存在しないパケット。
+ </div></li></ul></div><div class="para">
+ <code class="command">iptables</code> コネクション追跡のステートフルな機能を、プロトコル自身が(UDP のように)ステートレスであったとしても、あらゆるネットワーク・プロトコルとともに使用できます。以下の例は、確立されたコネクションと関連付けられたパケットのみを転送するために、コネクション追跡を使用するルールを示します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>戻る</strong>3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>次へ</strong>3.8.8. IPv6</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html
new file mode 100644
index 0000000..43b3467
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-IPv6.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.8. IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="3.8.7. IPTables とコネクション追跡" /><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="3.8.9. 追加のリソース" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">3.8.8. IPv6</h3></div></div></div><div class="para">
+ IPv6 と呼ばれる次世代 Internet Protocol を採用することにより、IPv4 (または IP) の32ビット・アドレス制限を越えて拡張します。IPv6 は128ビット・アドレスをサポートします。またそのため、IPv6 対応のキャリアのネットワークは IPv4 よりも多くのルート可能なアドレスを割り当てられます。
+ </div><div class="para">
+ Fedora は Netfilter 6 サブシステムと <code class="command">ip6tables</code> コマンドを用いて IPv6 ファイアウォール・ルールをサポートします。Fedora 12 では、IPv4 と IPv6 サービスがどちらもデフォルトで有効にされています。
+ </div><div class="para">
+ <code class="command">ip6tables</code> コマンドの構文は、128ビットアドレスをサポートすることを除き、すべての観点において <code class="command">iptables</code> と同じです。たとえば、IPv6 対応のネットワーク・サーバにおいて SSH 接続を有効にするために以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT</pre><div class="para">
+ IPv6 ネットワークの詳細については、<a href="http://www.ipv6.org/">http://www.ipv6.org/</a> にある IPv6 情報ページを参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>戻る</strong>3.8.7. IPTables とコネクション追跡</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>次へ</strong>3.8.9. 追加のリソース</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
new file mode 100644
index 0000000..4473b35
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="3.8.5.3. DMZ と IPTables" /><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="3.8.7. IPTables とコネクション追跡" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">3.8.6. 悪意のあるソフトウェアと偽装された IP アドレス</h3></div></div></div><div class="para">
+ LAN の中にある特定のサブネットまたは特定のノードへのアクセスを制御する、より精細なルールが作成できます。トロイの木馬、ワーム、およびクライアント/サーバのウイルスのような、特定の疑わしいアプリケーションやプログラムが、サーバに接触することから制限することもできます。
+ </div><div class="para">
+ たとえば、いくつかのトロイの木馬は、31337から31340までのポート(クラック用語で <span class="emphasis"><em>elite</em></span> ポートと呼ばれます)にあるサービスに対してネットワークをスキャンします。
+ </div><div class="para">
+ これらの非標準的なポートを経由してコミュニケーションする正当なサービスはないので、それらをブロックすることは、リモートのマスター・サーバと独立的にコミュニケーションするネットワークにおけるノードに潜在的に影響を与えるチャンスを効率的に減らせます。
+ </div><div class="para">
+ 以下のルールはポート31337を使用するすべての TCP パケットを廃棄します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
+[root at myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP</pre><div class="para">
+ LAN に侵入するためにプライベート IP アドレス範囲を偽ろうとする外部のコネクションをブロックすることもできます。
+ </div><div class="para">
+ たとえば、LAN が 192.168.1.0/24 範囲を使用しているならば、インターネットにつながっているネットワーク・デバイス(たとえば、eth0)に、LAN の IP 範囲にあるアドレスを持つデバイスへのすべてのパケットを廃棄するよう指示するルールを設計できます。
+ </div><div class="para">
+ デフォルト・ポリシーとして転送されたパケットを拒否することが推奨されるので、外部につながっているデバイス(eth0)への他の偽造された IP アドレスすべては自動的に拒否されます。
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <span class="emphasis"><em>appended</em></span> ルールを取り扱うとき、<code class="computeroutput">DROP</code> と <code class="computeroutput">REJECT</code> ターゲットの間に区別があります。
+ </div><div class="para">
+ <code class="computeroutput">REJECT</code> ターゲットは、アクセスを拒否して、サービスに接続しようとしたユーザーへ<code class="computeroutput">connection refused</code> \nエラーを返します。<code class="computeroutput">DROP</code> ターゲットは、名前が意味するように、警告なしでパケットを破棄します。
+ </div><div class="para">
+ 管理者は、これらのターゲットを使用するとき、自身の判断を使用することができます。しかしながら、ユーザーの混乱を避け、コネクションを続けるよう試行するために、<code class="computeroutput">REJECT</code> ターゲットが推奨されます。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>戻る</strong>3.8.5.3. DMZ と IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>次へ</strong>3.8.7. IPTables とコネクション追跡</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html
new file mode 100644
index 0000000..54a4f0e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-Using_IPTables.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3. IPTables の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls.html" title="3.8. ファイアウォール" /><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="3.8.2.6. IPTables サービスの有効化" /><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="3.8.3.2. 基本的なファイアウォール・ポリシー" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentatio
n Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Firewalls-Using_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">3.8.3. IPTables の使用</h3></div></div></div><div class="para">
+ <code class="command">iptables</code> を使用する第一歩は、<code class="command">iptables</code> サービスを開始することです。<code class="command">iptables</code> サービスを開始するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # service iptables start</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">iptables</code> サービスのみを使用したい場合、<code class="command">ip6tables</code> サービスはオフにされています。<code class="command">ip6tables</code> サービスを再び有効化したいなら、IPv6 ネットワークも忘れずに再び有効化します。ネットワーク・デバイスを対応するファイアウォールなしで有効化しないでください。
+ </div></div></div><div class="para">
+ システムがブートするときにデフォルトで <code class="command">iptables</code> が開始することを強制するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~] # chkconfig --level 345 iptables on</pre><div class="para">
+ これは、システムがランレベル3, 4, または5でブートするときは必ず <code class="command">iptables</code> が開始するよう強制します。
+ </div><div class="section" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-IPTables_Command_Syntax">3.8.3.1. IPTables コマンドの構文</h4></div></div></div><div class="para">
+ 以下のサンプル <code class="command">iptables</code> コマンドは、基本的なコマンド構文を説明します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -A <em class="replaceable"><code><chain></code></em> -j <em class="replaceable"><code><target></code></em></pre><div class="para">
+ <code class="option">-A</code> オプションは <em class="firstterm"><chain></em> に追加されるルールを指定します。各チェインは1つ以上の<em class="firstterm">ルール</em>から構成されます。そのため、<em class="firstterm">ルール・セット</em>としても知られています。
+ </div><div class="para">
+ 3つの組み込みチェインは INPUT、OUTPUT および FORWARD です。これらのチェインは、永続し、削除できません。チェインはパケットを処理する場所を指定します。
+ </div><div class="para">
+ <code class="option">-j <em class="replaceable"><code><target></code></em></code> オプションは、ルールのターゲット、つまり、パケットがルールにマッチしたら何をするのか、を指定します。組み込みターゲットの例は ACCEPT, DROP, および REJECT です。
+ </div><div class="para">
+ 利用可能なチェイン、オプションおよびターゲットに関する詳細は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>戻る</strong>3.8.2.6. IPTables サービスの有効化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>次へ</strong>3.8.3.2. 基本的なファイアウォール・ポリシー</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html
new file mode 100644
index 0000000..28f3762
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8. ファイアウォール</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="3.7.10.2. 有用な Kerberos" /><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="3.8.2. 基本的なファイアウォールの設定" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" />
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Firewalls" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Firewalls">3.8. ファイアウォール</h2></div></div></div><div class="para">
+ 情報セキュリティは一般的にプロセスでありプロダクトではないと考えられています。しかしながら、標準的なセキュリティ実装は通常、認可され、識別可能であり、追跡可能であるユーザーへと、特権へのアクセスを制御し、ネットワーク・リソースを制限するために、いくつかの形式の専用のメカニズムを使用します。Fedora は、ネットワーク・レベルのアクセス制御メカニズムを用いて、管理者とセキュリティ・エンジニアを支援するためにいくつかのツールを含みます。
+ </div><div class="para">
+ ファイアウォールはネットワーク・セキュリティ実装の中心的なコンポーネントです。いくつかのベンダーは市場のすべてのレベルにサービス供給するファイアウォール・ソリューションを販売しています: 1台の PC を保護するホーム・ユーザーから、極めて重要な企業の情報を保護するデータセンター・ソリューションまで。ファイアウォールは、Cisco, Nokia, および Sonicwall によるファイアウォール・アプライアンスのような、スタンドアロンのハードウェアである可能性があります。Checkpoint, McAfee, および Symantec のようなベンダーも、家庭およびビジネスの市場に対して専用のソフトウェアのファイアウォール・ソリューションを開発してきました。
+ </div><div class="para">
+ ハードウェアとソフトウェアのファイアウォールの違いは別として、あるソリューションと他のものを分けるファイアウォール機能の方法で違いもあります。<a class="xref" href="sect-Security_Guide-Firewalls.html#tabl-Security_Guide-Firewalls-Firewall_Types">表3.2「ファイアウォールの種類」</a>は、3つの一般的なファイアウォールのタイプとそれらがどのように機能するかを詳細に説明しています:
+ </div><div class="table" id="tabl-Security_Guide-Firewalls-Firewall_Types"><h6>表3.2 ファイアウォールの種類</h6><div class="table-contents"><table summary="ファイアウォールの種類" border="1"><colgroup><col width="10%" class="method" /><col width="30%" class="description" /><col width="30%" class="advantages" /><col width="30%" class="disadvantages" /></colgroup><thead><tr><th>
+ 方式
+ </th><th>
+ 説明
+ </th><th>
+ 利点
+ </th><th>
+ 欠点
+ </th></tr></thead><tbody><tr><td>
+ NAT
+ </td><td>
+ <em class="firstterm">Network Address Translation</em> (NAT) は、1つまたは少しのパブリック IP アドレスの後ろにプライベート IP サブネットワークを置き、すべてのリクエストをいくつかではなく1つのソースへと変換します。Linux カーネルは Netfilter カーネル・サブシステムを通して組み込みの NAT 機能を持ちます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· LANにおいてマシンに透過的に設定できますか</td></tr><tr><td>· 1つまたは複数の外部 IP アドレスの後ろにある多くのマシンやサービスの保護は管理者の義務を減らします</td></tr><tr><td>· LAN への、または LAN からのユーザー・アクセスの制限は、NAT ファイアウォール/ゲートウェイにおいてポートの開閉により設定されます</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· ユーザーがファイアウォールの外部からサービスに接続すると、悪意のある行動を妨げることができません</td></tr></table>
+
+ </td></tr><tr><td>
+ パケット・フィルター
+ </td><td>
+ パケット・フィルター・ファイアウォールは、LAN を通過する各データ・パケットを読み込みます。ヘッダ情報によりパケットを読み込み、処理できます。そして、ファイアウォール管理者により実装されたプログラム可能なルールの組に基づいてパケットをフィルタします。Linux カーネルは Netfilter カーネル・サブシステムを通して組み込みのパケット・フィルタ機能を持ちます。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· <code class="command">iptables</code> フロントエンド・ユーティリティを介してカスタマイズできます</td></tr><tr><td>· すべてのネットワーク活動はアプリケーション・レベルではなくルータ・レベルにおいてフィルタされるため、クライアント側においてカスタマイズする必要はまったくありません</td></tr><tr><td>· パケットはプロキシを経由して転送されないので、クライアントからリモート・ホストへと直に接続するため、ネットワーク性能は比較的です</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· プロキシ・ファイアウォールのようにコンテンツに対してパケットをフィルタすることはできません</td></tr><tr><td>· プロトコル層においてパケットを処理しますが、アプリケーション層においてパケットをフィルタできません</td></tr><tr><td>· とくに <em class="firstterm">IP マスカレード</em>またはローカル・サブネットを DMZ ネットワークと結び付けていると、複雑なネットワーク・アーキテクチャーはパケット・フィルタ・ルールを作ることを難しくする可能性があります</td></tr></table>
+
+ </td></tr><tr><td>
+ プロキシ
+ </td><td>
+ プロキシ・ファイアウォールは、特定のプロトコルまたは LAN クライアントからプロキシ・マシンへの種類について、すべてのリクエストをフィルタします。そしてそれは、これらのリクエストをローカル・クライアントの役割でインターネットへと送ります。プロキシ・マシンは、悪意のあるリモート・ユーザーと内部ネットワークのクライアント・マシンの間でバッファとして動作します。
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· どのアプリケーションやプロトコルが LAN の外側に機能するかを管理者が制御できるようにします</td></tr><tr><td>· いくつかのプロキシ・サーバは、頻繁にアクセスされるデータをリクエストするためにインターネット接続を使用するのではなく、ローカルにキャッシュすることができます。これにより帯域の消費を減らすことができます</td></tr><tr><td>· プロキシ・サービスは、ネットワークにおけるリソース利用をより制限できるよう、詳しくログ取得して監視することができます</td></tr></table>
+
+ </td><td>
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>· プロキシはしばしばアプリケーション固有 (HTTP, Telnet など) です、またはプロトコル制限 (多くのプロキシは TCP 接続のサービスとともに機能します) があります。</td></tr><tr><td>· アプリケーション・サービスはプロキシの後ろ側で実行できないので、アプリケーション・サーバはネットワーク・セキュリティの分離した形式を使用しなければいけません</td></tr><tr><td>· プロキシは、すべてのリクエストと転送がクライアントからリモート・サービスへと直接ではなく1つのソースを通過するので、ネットワークのボトルネックになる可能性があります</td></tr></table>
+
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="section" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Firewalls-Netfilter_and_IPTables">3.8.1. Netfilter と IPTables</h3></div></div></div><div class="para">
+ Linux カーネルは <em class="firstterm">Netfilter</em> という力強いネットワーク・サブシステムの機能を持ちます。Netfilter サブシステムは、NAT と IP マスカレードのサービスだけでなく、ステートフルおよびステートレスのパケット・フィルタリングを提供します。Netfilter は高度なルーティングやコネクション状態管理のために IP ヘッダ情報を <em class="firstterm">mangle</em> する機能も持ちます。
+ </div><div class="section" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Netfilter_and_IPTables-IPTables_Overview">3.8.1.1. IPTables の概要</h4></div></div></div><div class="para">
+ Netfilter のパワーと柔軟性は <code class="command">iptables</code> 管理ツールを用いて実装されます。これは、その前身である <code class="command">ipchains</code> (Linux カーネル2.4およびそれ以上において Netfilter/iptables に置き換えられた )と構文が似ているコマンドライン・ツールです。
+ </div><div class="para">
+ <code class="command">iptables</code> は、ネットワーク接続、検査、処理を強化させるために Netfilter サブシステムを使用します。<code class="command">iptables</code> は、高度なログ取得、プレ・ルーティング動作、ポスト・ルーティング動作、ネットワーク・アドレス変換、およびポート転送の機能を、オールインワンのコマンドライン・インタフェースにて持ちます。
+ </div><div class="para">
+ このセクションは <code class="command">iptables</code> の概要を提供します。詳細は <a class="xref" href="sect-Security_Guide-IPTables.html">「IPTables」</a> を参照してください。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>戻る</strong>3.7.10.2. 有用な Kerberos </a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>次へ</strong>3.8.2. 基本的なファイアウォールの設定</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html
new file mode 100644
index 0000000..fe600bd
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Additional_Resources.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.6. 追加のリソース</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="3.9.5. IPTables IPv6" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="3.9.6.2. 有用な IPTables のウェブサイト" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">3.9.6. 追加のリソース</h3></div></div></div><div class="para">
+ <code class="command">iptables</code> を用いたパケット・フィルタリングの詳細は以下の情報源を参照してください。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Firewalls.html">「ファイアウォール」</a> — セキュリティ戦略全体におけるファイアウォールの役割だけでなくファイアウォール・ルールの構築のための戦略に関する章を含みます。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_IP_Tables_Documentation">3.9.6.1. インストールされている IPTables ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man iptables</code> — <code class="command">iptables</code> の説明だけでなく、ターゲット、オプションおよびマッチ・オプションの完全な一覧を含みます。
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>戻る</strong>3.9.5. IPTables IPv6</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>次へ</strong>3.9.6.2. 有用な IPTables のウェブサイト</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
new file mode 100644
index 0000000..eeea37e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2. IPTables のコマンド・オプション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="3.9.2.2. コマンド・オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.htm
l"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">3.9.2. IPTables のコマンド・オプション</h3></div></div></div><div class="para">
+ パケットをフィルタするルールは <code class="command">iptables</code> コマンドを使用して生成されます。多くの場合パケットの以下の観点が基準として使用されます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Type</em></span> — パケットの種類を指定するコマンド・フィルター。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Packet Source/Destination</em></span> — パケットの送信元または宛て先に基づいてパケットを指定するコマンド・フィルター
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Target</em></span> — 上の基準にマッチしてとられるアクションを指定するパケット
+ </div></li></ul></div><div class="para">
+ パケットのこれらの観点を指定する特定のオプションに関する詳細は <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html">「IPTables マッチ・オプション」</a> および <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html">「ターゲット・オプション」</a> を参照してください。
+ </div><div class="para">
+ 特定の <code class="command">iptables</code> ルールとともに使用されるオプションは、有効であるルールに対して、全体のルールの目的と条件に基づいて、論理的にグループ化されなければいけません。このセクションの残りで、<code class="command">iptables</code> コマンドに対して一般的に使われるオプションを説明します。
+ </div><div class="section" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Structure_of_IPTables_Command_Options">3.9.2.1. IPTables コマンド・オプションの構造</h4></div></div></div><div class="para">
+ 多くの <code class="command">iptables</code> コマンドは以下の構造を持ちます:
+ </div><pre class="screen"><code class="computeroutput"> iptables [-t <em class="replaceable"><code><table-name></code></em>] <em class="replaceable"><code><command></code></em> <em class="replaceable"><code><chain-name></code></em> \ <em class="replaceable"><code><parameter-1></code></em> <em class="replaceable"><code><option-1></code></em> \ <em class="replaceable"><code><parameter-n></code></em> <em class="replaceable"><code><option-n></code></em></code></pre><div class="para">
+ <em class="replaceable"><code><table-name></code></em> — どのテーブルにルールが適用されるかを指定します。省略されると、<code class="option">filter</code> テーブルが使用されます。
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — ルールの追加や削除のような、実行されるアクションを指定します。
+ </div><div class="para">
+ <em class="replaceable"><code><command></code></em> — 編集、作成または削除されるチェインを指定します。
+ </div><div class="para">
+ <em class="replaceable"><code><command>-<option></code></em> pairs — ルールにマッチするパケットをどのように処理するかを指定するパラメーターと関連するオプション。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンドの長さを複雑さは、その目的に応じて、非常に変わります。
+ </div><div class="para">
+ たとえば、チェインからルールを削除するコマンドは非常に短くできます:
+ </div><div class="para">
+ <code class="command">iptables -D <em class="replaceable"><code><chain-name> <line-number></code></em></code>
+ </div><div class="para">
+ 対照的に、さまざまな特定のパラメーターとオプションを用いて特定のサブネットからのパケットをフィルターするルールを追加するコマンドはかなり長い可能性があります。<code class="command">iptables</code> コマンドを構築するとき、有効なルールを作るために、いくつかのパラメーターとオプションはさらなるパラメーターとオプションを必要とすることを覚えておいてください。これにより、より多くのパラメーターを必要とするさらなるパラメーターを用いて、カスケード効果を作成できます。他のオプションの組を必要とするすべてのパラメーターとオプションが満たされるまで、ルールは有効ではありません。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンド構造の完全なリストを表示するために <code class="command">iptables -h</code> を入力します。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>戻る</strong>3.9. IPTables</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>次へ</strong>3.9.2.2. コマンド・オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
new file mode 100644
index 0000000..d32ebc2
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.4. IPTables 制御スクリプト</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="3.9.3. IPTables ルールの保存" /><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="3.9.5. IPTables IPv6" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTabl
es-Saving_IPTables_Rules.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">3.9.4. IPTables 制御スクリプト</h3></div></div></div><div class="para">
+ Fedora の <code class="command">iptables</code> を制御するために2つの基本的な方法があります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="application"><strong>ファイアウォール管理ツール</strong></span> (<code class="command">system-config-firewall</code>) — ファイアウォール管理ツール。詳細は<a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">「基本的なファイアウォールの設定」</a>を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/service iptables <em class="replaceable"><code><option></code></em></code> — その initscript を使用する <code class="command">iptables</code> のさまざまな機能を操作するために使われます。以下のオプションが利用可能です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">start</code> — ファイアウォールが設定されていると(つまり、<code class="filename">/etc/sysconfig/iptables</code> が存在すると)、すべての実行されている <code class="command">iptables</code> が完全に停止され、<code class="command">/sbin/iptables-restore</code> コマンドを用いて起動されます。このオプションは、<code class="command">ipchains</code> カーネル・モジュールがロードされていなければ、正しく動作します。このモジュールがロードされているかを調べるために、root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command"> [root at MyServer ~]# lsmod | grep ipchains </code></pre><div class="para">
+ このコマンドが何も返さないと、モジュールがロードされなかったことを意味します。必要に応じて、モジュールを削除するために <code class="command">/sbin/rmmod</code> コマンドを使用します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">stop</code> — ファイアウォールが実行されていると、メモリーにあるファイアウォール・ルールがフラッシュされ、すべての iptables モジュールとヘルパーがアンロードされます。
+ </div><div class="para">
+ <code class="filename">/etc/sysconfig/iptables-config</code> 設定ファイルにある <code class="command">IPTABLES_SAVE_ON_STOP</code> ディレクティブがそのデフォルト値から <code class="command">yes</code> へ変更されると、現在のルールが <code class="filename">/etc/sysconfig/iptables</code> へと保存され、既存のルールすべては <code class="filename">/etc/sysconfig/iptables.save</code> ファイルへと移動されます。
+ </div><div class="para">
+ <code class="filename">iptables-config</code> ファイルに関する詳細は <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">「IPTables 制御スクリプト設定ファイル」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">restart</code> — ファイアウォールが実行されていると、メモリーにあるファイアウォール・ルールが削除されます。そして、<code class="filename">/etc/sysconfig/iptables</code> に設定されているならばファイアウォールが再び起動されます。このオプションは、<code class="command">ipchains</code> カーネルがロードされていないと、正しく動作します。
+ </div><div class="para">
+ <code class="filename">/etc/sysconfig/iptables-config</code> 設定ファイルにある <code class="command">IPTABLES_SAVE_ON_RESTART</code> ディレクティブがデフォルト値から <code class="command">yes</code> に変更されていると、現在のルールが <code class="filename">/etc/sysconfig/iptables</code> へ保存され、既存のルールはすべて <code class="filename">/etc/sysconfig/iptables.save</code> へと移動されます。
+ </div><div class="para">
+ <code class="filename">iptables-config</code> ファイルに関する詳細は <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">「IPTables 制御スクリプト設定ファイル」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">status</code> — ファイアウォールの状態とすべてのアクティブなルールを表示します。
+ </div><div class="para">
+ このオプションのデフォルト設定は各ルールにおいて IP アドレスを表示します。ドメインおよびホスト名の情報を表示するために、<code class="filename">/etc/sysconfig/iptables-config</code> ファイルを編集して、<code class="command">IPTABLES_STATUS_NUMERIC</code> の値を <code class="command">no</code> に変更します。<code class="filename">iptables-config</code> ファイルの詳細は <a class="xref" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html#sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">「IPTables 制御スクリプト設定ファイル」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">panic</code> — すべてのファイアウォール・ルールをフラッシュします。すべての設定されたテーブルのポリシーは <code class="command">DROP</code> にセットされます。
+ </div><div class="para">
+ サーバが危険にされられていることがわかっているならば、このオプションは有用です。ネットワークから物理的に切断したり、システムをシャットダウンしたりするよりは、さらなるネットワーク・トラフィックをすべて止め、マシンを分析や他のフォレンジクスのために稼動状態にしておくために、このオプションを使用できます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">save</code> — <code class="command">iptables-save</code> を使用して、ファイアウォール・ルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。詳細は <a class="xref" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">「IPTables ルールの保存」</a> を参照してください。
+ </div></li></ul></div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ IPv6 用 netfilter を制御するために同じ初期化コマンドを使用ために、このセクションで一覧される <code class="command">/sbin/service</code> において、<code class="command">iptables</code> を <code class="command">ip6tables</code> で置き換えます。IPv6 と netfilter の詳細は <a class="xref" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">「IPTables IPv6」</a> を参照してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-IPTables_Control_Scripts-IPTables_Control_Scripts_Configuration_File">3.9.4.1. IPTables 制御スクリプト設定ファイル</h4></div></div></div><div class="para">
+ <code class="command">iptables</code> 初期化スクリプトの挙動は <code class="filename">/etc/sysconfig/iptables-config</code> 設定ファイルにより制御されます。以下はこのファイルに含まれるディレクティブの一覧です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES</code> — ファイアウォールが有効化されたときにロードする追加の <code class="command">iptables</code> モジュールの空白区切りリストを指定します。これらはコネクション追跡や NAT ヘルパーを含められます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_MODULES_UNLOAD</code> — 再起動および停止するときにモジュールをアンロードします。このディレクティブは
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — デフォルト値。このオプションはファイアウォールを再起動または停止するために正しい状態を得るためにセットされなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — このオプションは、netfilter モジュールをアンロードすることに問題がある場合のみセットされるべきです。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_STOP</code> — ファイアウォールが停止するときに、現在のファイアウォール・ルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。このディレクティブは以下の値を受け付けます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — ファイアウォールを停止するときに、既存のルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。以前のバージョンは <code class="filename">/etc/sysconfig/iptables.save</code> ファイルに移動されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — デフォルト値。ファイアウォールが停止するときに既存のルールを保存しません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_ON_RESTART</code> — ファイアウォールが再起動するときに、現在のファイアウォール・ルールを保存します。このディレクティブは以下の値を受け付けます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — ファイアウォールを再起動するときに、既存のルールを <code class="filename">/etc/sysconfig/iptables</code> に保存します。以前のバージョンは <code class="filename">/etc/sysconfig/iptables.save</code> ファイルに移動されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — デフォルト値。ファイアウォールを再起動するときに既存のルールを保存しません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_SAVE_COUNTER</code> — すべてのチェインとルールにあるすべてのパケットとバイト・カウンターを保存および復元します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — カウンター値を保存します
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — デフォルト値。カウンター値を保存しません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">IPTABLES_STATUS_NUMERIC</code> — ドメインまたはホスト名の代わりに数値形式で IP アドレスを出力します。このディレクティブは以下の値を受け付けます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">yes</code> — デフォルト値。status 出力にある IP アドレスのみを返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">no</code> — status 出力にあるドメインまたはホスト名を返します。
+ </div></li></ul></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>戻る</strong>3.9.3. IPTables ルールの保存</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>次へ</strong>3.9.5. IPTables IPv6</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html
new file mode 100644
index 0000000..3714751
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-IPTables_and_IPv6.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.5. IPTables IPv6</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="3.9.4. IPTables 制御スクリプト" /><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="3.9.6. 追加のリソース" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Secu
rity_Guide-IPTables-IPTables_Control_Scripts.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-IPTables_and_IPv6"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">3.9.5. IPTables IPv6</h3></div></div></div><div class="para">
+ <span class="application"><strong>iptables</strong></span> パッケージは次世代の IPv6 インターネット・プロトコルをサポートします。IPv6 ネットフィルターを操作するために使用するコマンドは <code class="command">ip6tables</code> です。
+ </div><div class="para">
+ このコマンドに対する多くのディレクティブは、<code class="command">iptables</code> のために使用されるものと同じです。ただし、<code class="command">nat</code> テーブルはまだサポートされていません。マスカレードやポート転送のような IPv6 ネットワーク・アドレス変換のタスクを実行することはできないことをこのことは意味します。
+ </div><div class="para">
+ <code class="command">ip6tables</code> に対するルールは <code class="filename">/etc/sysconfig/ip6tables</code> ファイルに保存されます。<code class="command">ip6tables</code> 初期化スクリプトにより保存された以前のルールは <code class="filename">/etc/sysconfig/ip6tables.save</code> ファイルに保存されます。
+ </div><div class="para">
+ <code class="command">ip6tables</code> 初期化スクリプトに対する設定オプションは <code class="filename">/etc/sysconfig/ip6tables-config</code> に保存されます。また、各ディレクティブの名前は <code class="command">iptables</code> からわずかに変化します。
+ </div><div class="para">
+ たとえば、<code class="filename">iptables-config</code> ディレクティブ <code class="command">IPTABLES_MODULES</code>: <code class="filename">ip6tables-config</code> ファイルにおける同等物は <code class="command">IP6TABLES_MODULES</code> です。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>戻る</strong>3.9.4. IPTables 制御スクリプト</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>次へ</strong>3.9.6. 追加のリソース</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
new file mode 100644
index 0000000..68030ad
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.3. IPTables ルールの保存</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-IPTables.html" title="3.9. IPTables" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="3.9.2.6. リスト・オプション" /><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="3.9.4. IPTables 制御スクリプト" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a access
key="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">3.9.3. IPTables ルールの保存</h3></div></div></div><div class="para">
+ <code class="command">iptables</code> コマンドを用いて作成したルールは、メモリーに保存されます。<code class="command">iptables</code> ルールセットを保存する前にシステムが再起動されると、すべてのルールが失われます。netfilter ルールがシステム再起動しても永続させるために、それらが保存される必要があります。netfilter ルールを保存するために、root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">/usr/libexec/iptables.init save </code></pre><div class="para">
+ これは、<code class="command">/sbin/iptables-save</code> プログラムを実行し、現在の <code class="command">iptables</code> 設定を <code class="filename">/etc/sysconfig/iptables</code> に書き込む、<code class="command">iptables</code> 初期化スクリプトを実行します。既存の <code class="filename">/etc/sysconfig/iptables</code> ファイルは <code class="filename">/etc/sysconfig/iptables.save</code> として保存されます。
+ </div><div class="para">
+ 次回システムがブートしたとき、<code class="command">iptables</code> 初期化スクリプトが、<code class="command">/sbin/iptables-restore</code> を使用することにより、<code class="filename">/etc/sysconfig/iptables</code> に保存されたルールを再適用します。
+ </div><div class="para">
+ 新しい <code class="command">iptables</code> ルールを <code class="filename">/etc/sysconfig/iptables</code> ファイルにコミットする前にテストすることは常に素晴らしいアイディアですので、<code class="command">iptables</code> ルールをこのファイルの中から他のシステムのバージョンのこのファイルにコピーすることは可能です。これにより、<code class="command">iptables</code> ルールのセットを複数のマシンに配布する素早い方法が提供されます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="filename">/etc/sysconfig/iptables</code> ファイルを他のマシンへと配賦するならば、新しいルールを有効にするために <code class="command">/sbin/service iptables restart</code> を入力してください。
+ </div></div></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">iptables</code> 機能を構成するテーブルおよびチェインを操作するために使用される、<code class="command">iptables</code> <span class="emphasis"><em>コマンド</em></span> (<code class="command">/sbin/iptables</code>) の違いに注意してください。<code class="command">iptables</code> サービス自体を有効および無効にするために使われる、<code class="command">iptables</code> <span class="emphasis"><em>サービス</em></span> (<code class="command">/sbin/iptables service</code>) の違いにも注意してください。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>戻る</strong>3.9.2.6. リスト・オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>次へ</strong>3.9.4. IPTables 制御スクリプト</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html
new file mode 100644
index 0000000..1b75995
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9. IPTables</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="3.8.9.3. 関連ドキュメント" /><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="3.9.2. IPTables のコマンド・オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-IPTables" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-IPTables">3.9. IPTables</h2></div></div></div><div class="para">
+ Fedora に含まれるネットワーク・<em class="firstterm">パケット・フィルタリング</em>の高度なツールです — カーネルの中にあるネットワーク・スタックに入る、移動する、および出るときに、ネットワーク・パケットを制御するプロセス。カーネル・バージョン 2.4 より前はパケット・フィルタリングに対して <code class="command">ipchains</code> に依存しています。また、フィルタリング・プロセスの各ステップにおいてパケットに適用されるルールのリストが使われました。2.4 カーネルは <code class="command">iptables</code> (<em class="firstterm">netfilter</em> とも呼ばれます) を導入しました。それは、<code class="command">ipchains</code> と似ていますが、ネットワーク・パケットのフィルタリングのために利用可能な範囲と制御を大幅に拡張します。
+ </div><div class="para">
+ 本章は、パケット・フィルタリングの基礎に焦点をあて、<code class="command">iptables</code> コマンドで利用可能なさまざまなオプションを説明し、フィルタリング・ルールがシステム再起動時にどのように保存されるかを説明します。
+ </div><div class="para">
+ これらのルールに基づいた <code class="command">iptables</code> ルールを構築して、ファイアウォールをセットアップする方法の説明は、<a class="xref" href="sect-Security_Guide-IPTables-Additional_Resources.html">「追加のリソース」</a> を参照してください。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ カーネル 2.4 およびそれ以降におけるデフォルトのファイアウォール・メカニズムは <code class="command">iptables</code> です。しかし、<code class="command">ipchains</code> がすでに実行されていると、<code class="command">iptables</code> は使用できません。<code class="command">ipchains</code> が起動時に存在すると、カーネルはエラーを起こし、<code class="command">iptables</code> を開始できません。
+ </div><div class="para">
+ <code class="command">ipchains</code> の機能はこれらのエラーにより影響されません。
+ </div></div></div><div class="section" id="sect-Security_Guide-IPTables-Packet_Filtering"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-IPTables-Packet_Filtering">3.9.1. パケット・フィルタリング</h3></div></div></div><div class="para">
+ Linux カーネルは、パケットをフィルタするための <span class="application"><strong>Netfilter</strong></span> 機能を使用します。システムにより受け取られた、または通過されたパケットのいくつかを許可しますが、他のものは止めます。この機能は Linux カーネルに組み込まれ、以下のような3つの組み込み <em class="firstterm">テーブル</em> または <em class="firstterm">ルール・リスト</em>を持ちます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">filter</code> — ネットワーク・パケットを取り扱うためのデフォルト・テーブルです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">nat</code> — 新しい接続を作成するパケットを変更するために使用され、<em class="firstterm">ネットワークアドレス変換</em> (<em class="firstterm">NAT: Network Address Translation</em>) のために使用されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">mangle</code> — パケット変換の具体的な種類のために使用されます。
+ </div></li></ul></div><div class="para">
+ 各テーブルは、パケットにおいて <code class="command">netfilter</code> により実行されるアクションと対応する、組み込み<em class="firstterm">チェイン</em>のグループを持ちます。
+ </div><div class="para">
+ <code class="option">filter</code> テーブルに対する組み込みチェインは以下のようなものです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — そのホスト宛てのネットワーク・パケットに適用されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — ローカルに生成されたネットワーク・パケットに適用されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — ホストを経由してルートされるネットワーク・パケットに適用されます。
+ </div></li></ul></div><div class="para">
+ <code class="option">nat</code> テーブルに対する組み込みチェインは以下のようなものです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — ネットワーク・パケットが入ってくるときに変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — ローカルに生成されたネットワーク・パケットが出ていくときに変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — ネットワーク・パケットが出ていくときに変更されます。
+ </div></li></ul></div><div class="para">
+ <code class="option">mangle</code> テーブルに対する組み込みチェインは以下のようなものです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="firstterm">INPUT</em> — ホスト宛てのネットワーク・パケットを変更します。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">OUTPUT</em> — ローカルに生成されたネットワーク・パケットが出ていくときに変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">FORWARD</em> — ホストを経由してルートされるネットワーク・パケットを変更します。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">PREROUTING</em> — 入ってくるネットワーク・パケットがルートされる前に変更されます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="firstterm">POSTROUTING</em> — ネットワーク・パケットが出ていくときに変更されます。
+ </div></li></ul></div><div class="para">
+ Linux システムにより受け取られた、またはそれから送られたすべてのネットワーク・パケットは、少なくとも1つのテーブルに従います。しかしながら、パケットはチェインの最後に出てくる前に各テーブルの中にある複数のルールに従うかもしれません。これらのルールの構造と目的は非常に変化します。しかし、それらは一般に特定のプロトコルおよびネットワーク・サービスを使用するとき、特定の IP アドレスまたはアドレスの組から入力された、または出力されたパケットを識別するために探索されます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ファイアウォール・ルールはデフォルトで <code class="filename">/etc/sysconfig/iptables</code> または <code class="filename">/etc/sysconfig/ip6tables</code> ファイルに保存されます。
+ </div><div class="para">
+ <code class="command">iptables</code> サービスは、Linux システムがブートするときにすべての DNS 関連サービスの前に開始します。ファイアウォール・ルールは数値 IP アドレス(たとえば、192.168.0.1)のみが参照できる、ということを意味します。そのようなルールにあるドメイン名(たとえば、host.example.com)はエラーを発生させます。
+ </div></div></div><div class="para">
+ ãã±ããããã¼ãã«ã®1ã¤ã«ããç¹å®ã®ã«ã¼ã«ã«ãããããã¨ããå®ã¦å
ã«é¢ãããã<em class="firstterm">target</em> ã¾ãã¯ã¢ã¯ã·ã§ã³ããããã«é©ç¨ããã¾ããã«ã¼ã«ãããããããã±ããã«å¯¾ã㦠<code class="command">ACCEPT</code> ãæå®ãã¦ããã¨ããã±ããã¯æ®ãã®ã«ã¼ã«ã®ãã§ãã¯ãé£ã°ãã¦ãå®ã¦å
ã¸ç¶ãããã¨ã許ãã¾ããã«ã¼ã«ã <code class="command">DROP</code> ã¿ã¼ã²ãããæå®ãã¦ããã¨ããã±ããã¯ã·ã¹ãã ã¸ã®ã¢ã¯ã»ã¹ãæå¦ããããã±ãããéã£ã¦ãããã¹ãã¸ã¨ä½ãéç¥ããã¾ãããã«ã¼ã«ã <code class="command">QUEUE</code> ã¿ã¼ã²ãããæå®ãã¦ããã¨ããã±ããã¯ã¦ã¼ã¶ã¼ç©ºéã¸ã¨æ¸¡ããã¾ããã«ã¼ã«ããªãã·ã§ã³ã® <code class="command">REJECT</code> ã¿ã¼ã²ãããæå®ãã¦ããã¨ããã±ããã¯ç ´æ£ããã¾ãããã¨ã©ã¼ã»ãã±ãããã
ã±ããã®éä¿¡è
ã¸éããã¾ãã
+ </div><div class="para">
+ すべてのチェインは、<code class="command">ACCEPT</code>, <code class="command">DROP</code>, <code class="command">REJECT</code>, または <code class="command">QUEUE</code> へのデフォルト・ポリシーを持ちます。チェインにあるルールが何もパケットに適用されないならば、パケットはデフォルト・ポリシーに従って処理されます。
+ </div><div class="para">
+ <code class="command">iptables</code> コマンドはこれらのテーブルを設定します。また、必要に応じて新しいテーブルをセットアップします。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>戻る</strong>3.8.9.3. 関連ドキュメント</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>次へ</strong>3.9.2. IPTables のコマンド・オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
new file mode 100644
index 0000000..02ab21e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.4. 追加のマッチ・オプションのモジュール</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables マッチ・オプション" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="3.9.2.4.3. ICMP プロトコル" /><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="3.9.2.5. ターゲット・オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">3.9.2.4.4. 追加のマッチ・オプションのモジュール</h5></div></div></div><div class="para">
+ 追加のマッチ・オプションが <code class="command">iptables</code> コマンドによりロードされたモジュールを通して利用できます。
+ </div><div class="para">
+ マッチ・オプション・モジュールを使用するため、<code class="option">-m <em class="replaceable"><code><module-name>></code></em></code>を用いて名前によりモジュールをロードします、ここで、<em class="replaceable"><code><module-name></code></em> はモジュールの名前です。
+ </div><div class="para">
+ 多くのモジュールはデフォルトで利用可能です。追加の機能を提供するためにモジュールを作成することもできます。
+ </div><div class="para">
+ 以下は、最も一般的に使われるモジュールの部分的なリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">limit</code> module — どのくらいのパケットが特定のルールへマッチされるかの制限を置きます。
+ </div><div class="para">
+ <code class="command">LOG</code> ターゲットとともに使用されるとき、<code class="option">limit</code> モジュールは、大量のマッチするパケットが繰り返しのログでシステムのログをあふれさせる、またはシステム・リソースを使い切るのを防ぎます。
+ </div><div class="para">
+ <code class="command">LOG</code> ターゲットの詳細は <a class="xref" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html">「ターゲット・オプション」</a> を参照してください。
+ </div><div class="para">
+ <code class="option">limit</code> モジュールは以下のオプションを有効にします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--limit</code> — <code class="option"><em class="replaceable"><code><value>/<period></code></em></code> ペアとして指定された、特定の期間にマッチする最大数をセットします。たとえば、<code class="option">--limit 5/hour</code> を使用すると、1時間あたり5回のルールへのマッチが許可されます。
+ </div><div class="para">
+ 期間は、秒、分、時間または日で指定できます。
+ </div><div class="para">
+ 回数および時間の修飾子が使用されていないと、デフォルト値の <code class="option">3/hour</code> が仮定されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--limit-burst</code> — 一度にルールにマッチできるパケットの数に制限をセットします。
+ </div><div class="para">
+ このオプションは、整数として指定され、<code class="option">--limit</code> オプションとともに使用されます。
+ </div><div class="para">
+ 値が指定されていないと、デフォルト値の 5 が仮定されます。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">state</code> module — state マッチングを有効にします。
+ </div><div class="para">
+ <code class="option">state</code> モジュールは以下のオプションを有効にします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--state</code> — 以下のコネクション状態を持つパケットにマッチします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ESTABLISHED</code> — マッチするパケットが、確立されたコネクションにおいて他のパケットを関連づけられます。クライアントとサーバの間でコネクションを維持したいならば、この状態を受け付ける必要があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">INVALID</code> — マッチしているパケットが既知のコネクションと結びつけられません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">NEW</code> — マッチするパケットが、新しいコネクションを作成している、もしくは双方向コネクションの一部で前に見られなかったものです。サービスへの新しいコネクションを許可するならば、この状態を受け付ける必要があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">RELATED</code> — マッチするパケットが、既存のコネクションに何らかの方法で関連した、新しいコネクションを開始します。この例はFTPです。これは、制御トラフィック (ポート20) のために1つのコネクションを、データ転送 (ポート21) のために分離したコネクションを使用します。
+ </div></li></ul></div><div class="para">
+ これらのコネクション状態は、<code class="option">-m state --state INVALID,NEW</code> のように、それぞれをコンマで分離することで組み合わせて使用できます。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">mac</code> モジュール — ハードウェア MAC アドレスのマッチングを有効にします。
+ </div><div class="para">
+ <code class="option">mac</code> モジュールは以下のオプションを有効にします:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--mac-source</code> — パケットを送るネットワーク・インターフェース・カードの MAC アドレスをマッチします。ルールから MAC アドレスを除くために、<code class="option">--mac-source</code> の後ろに感嘆符記号 (<code class="option">!</code>) を置きます。
+ </div></li></ul></div></li></ul></div><div class="para">
+ モジュールにより利用可能なマッチ・オプションの詳細は <code class="command">iptables</code> マニュアル・ページを参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>戻る</strong>3.9.2.4.3. ICMP プロトコル</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>次へ</strong>3.9.2.5. ターゲット・オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
new file mode 100644
index 0000000..b411317
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.3. ICMP プロトコル</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables マッチ・オプション" /><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="3.9.2.4.2. UDP プロトコル" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="3.9.2.4.4. 追加のマッチ・オプションのモジュール" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content
/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">3.9.2.4.3. ICMP プロトコル</h5></div></div></div><div class="para">
+ 以下のマッチ・オプションは Internet Control Message Protocol (ICMP) (<code class="option">-p icmp</code>) に:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--icmp-type</code> — ルールにマッチさせるための ICMP タイプの名前または番号をセットします。有効な ICMP 名のリストは <code class="command">iptables -p icmp -h</code> コマンドを入力することにより得られます。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>戻る</strong>3.9.2.4.2. UDP プロトコル</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>次へ</strong>3.9.2.4.4. 追加のマッチ・オプションのモジュール</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
new file mode 100644
index 0000000..3ec5b5c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.9.2.4.2. UDP プロトコル</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables マッチ・オプション" /><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="3.9.2.4. IPTables マッチ・オプション" /><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="3.9.2.4.3. ICMP プロトコル" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.p
ng" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">3.9.2.4.2. UDP プロトコル</h5></div></div></div><div class="para">
+ これらのマッチ・オプションは UDP プロトコルに対して利用可能です (<code class="option">-p udp</code>):
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">--dport</code> — サービス名、ポート番号およびポート番号の範囲を使用して、UDP パケットの宛て先ポートを指定します。<code class="option">--destination-port</code> マッチ・オプションは <code class="option">--dport</code> と同義です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">--sport</code> — サービス名、ポート番号およびポート番号の範囲を使用して、UDP パケットの送信元ポートを指定します。<code class="option">--source-port</code> マッチ・オプションは <code class="option">--sport</code> と同義です。
+ </div></li></ul></div><div class="para">
+ <code class="option">--dport</code> および <code class="option">--sport</code> オプションに対して、ポート番号の範囲を指定するために、2つの数をコロン (:) で分けます。たとえば: <code class="option">-p tcp --dport 3000:3200</code>。利用可能な最大有効範囲は 0:65535 です。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>戻る</strong>3.9.2.4. IPTables マッチ・オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>次へ</strong>3.9.2.4.3. ICMP プロトコル</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html
new file mode 100644
index 0000000..7de84a3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Additional_Resources.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.10. 追加のリソース</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="3.7.9. クロス・レルム認証のセットアップ" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="3.7.10.2. 有用な Kerberos" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">3.7.10. 追加のリソース</h3></div></div></div><div class="para">
+ Kerberos に関する詳細は、以下のリソースを参照してください。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">3.7.10.1. インストールされた Kerberos ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ PostScript 形式および HTML 形式の <em class="citetitle">Kerberos V5 Installation Guide</em> および <em class="citetitle">Kerberos V5 System Administrator's Guide</em>。これらのドキュメントは <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリで見つけられます (ここで <em class="replaceable"><code><version-number></code></em> はシステムにインストールされた <code class="command">krb5-server</code> パッケージのバージョン番号です) 。
+ </div></li><li class="listitem"><div class="para">
+ PostScript および HTML 形式の <em class="citetitle">Kerberos V5 UNIX User's Guide</em>。これらは <code class="filename">/usr/share/doc/krb5-workstation-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリ (ここで <em class="replaceable"><code><version-number></code></em> はシステムにインストールされた <code class="command">krb5-workstation</code> パッケージのバージョン番号です) で見つけられます。
+ </div></li><li class="listitem"><div class="para">
+ Kerberos マニュアル・ページ — Kerberos 実装と関連したさまざまなアプリケーションと設定ファイルに対する数多くのマニュアル・ページがあります。以下はより重要なマニュアル・ページのいくつかのリストです。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">クライアント・アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kerberos</code> — どのようにクレデンシャルが機能して、Kerberos チケットを取得および廃棄するための推奨値を提供するかについて説明する、Kerberos システムへの導入。マニュアル・ページの最後に関連するマニュアル・ページの番号を参照します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kinit</code> — ticket-granting ticket を取得およびキャッシュするためにこのコマンドを使用する方法について説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdestroy</code> — Kerberos クレデンシャルを廃棄するためにこのコマンドを使用する方法について説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man klist</code> — Kerberos キャッシュsれたクレデンシャルを表示するためにこのコマンドを使用する方法について説明します。
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">管理アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man kadmin</code> — Kerberos V5 データベースを管理するためにこのコマンドを使用する方法について説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdb5_util</code> — Kerberos V5 データベースにおける低レベルの管理機能を作成および実行するためにこのコマンドを使用する方法について説明します。
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">サーバー・アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5kdc</code> — Kerberos V5 KDC に対して利用可能なコマンドライン・オプションを説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kadmind</code> — V5 管理サーバーに対して利用可能なコマンドライン・オプションを説明します。
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">設定ファイル</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man krb5.conf</code> — Kerberos V5 ライブラリの設定ファイルにおける形式および利用可能なオプションを説明します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man kdc.conf</code> — Kerberos V5 AS および KDC の設定ファイルにおける形式および利用可能なオプションを説明します。
+ </div></li></ul></div></dd></dl></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>戻る</strong>3.7.9. クロス・レルム認証のセットアップ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>次へ</strong>3.7.10.2. 有用な Kerberos </a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
new file mode 100644
index 0000000..95e1880
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.6. Kerberos 5 クライアントの設定</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="3.7.5. Kerberos 5 サーバーの設定" /><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="3.7.7. ドメイン-レルムのマッピング" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">3.7.6. Kerberos 5 クライアントの設定</h3></div></div></div><div class="para">
+ Kerberos 5 クライアントをセットアップすることは、サーバーをセットアップするほどではありません。最低限、クライアント・パッケージをインストールして、各クライアントに適切な <code class="filename">krb5.conf</code> 設定ファイルを提供します。<code class="command">ssh</code> と <code class="command">slogin</code> はクライアントシステムにリモートでログインする方式を好む一方、デプロイするのにもう少し多くの設定変更を必要とするにも関わらず、Kerberos 化されたバージョンの <code class="command">rsh</code> と <code class="command">rlogin</code> はまだ利用可能です。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ 時刻同期は Kerberos クライアントと KDC の間で適切であることを確実にします。詳細は <a class="xref" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">「Kerberos 5 サーバーの設定」</a> を参照してください。さらに、Kerberos クライアント・プログラムを設定する前に Kerberos クライアントにおいて DNS が適切に動作することを確認します。
+ </div></li><li class="step"><div class="para">
+ すべてのクライアント・マシンにおいて <code class="filename">krb5-libs</code> および <code class="filename">krb5-workstation</code> パッケージをインストールします。各クライアントに対して 適切な <code class="filename">/etc/krb5.conf</code> ファイルを供給します(通常は KDC により使用される <code class="filename">krb5.conf</code> ファイルと同じです)。
+ </div></li><li class="step"><div class="para">
+ ã¬ã«ã ã«ããã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã <code class="command">ssh</code> ã¾ã㯠Kerberos åããã <code class="command">rsh</code> ã <code class="command">rlogin</code> ã使ç¨ãã¦æ¥ç¶ããã¦ã¼ã¶ã¼ãèªè¨¼ããããã« Kerberos ã使ç¨ã§ããåã«ãããèªèº«ã®ãã¹ãããªã³ã·ãã«ã Kerberos ãã¼ã¿ãã¼ã¹ã«æããªããã°ããã¾ããã<code class="command">sshd</code>, <code class="command">kshd</code>, ããã³ <code class="command">klogind</code> ãµã¼ãã¼ã»ããã°ã©ã ã¯ãã¹ã¦ã<span class="emphasis"><em>ãã¹ã</em></span>ã®ãµã¼ãã¹ã®ããªã³ã·ãã«ã«å¯¾ãããã¼ã«ã¢ã¯ã»ã¹ããå¿
è¦ãããã¾ããå ãã¦ãKerberos åããã <code class="command">rsh</code> 㨠<code class="command">rlogin</code> ã使ç¨ããããã«ããã®ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã¯ <code class="filename">xinetd</code> ããã±ã¼ã¸ãã¤ã³ã¹ãã¼ã«ããã¦ããªããã°ããã
¾ããã
+ </div><div class="para">
+ <code class="command">kadmin</code> を使用すると、KDC におけるワークステーションに対するホストプリンシパルが追加されます。このケースにおけるインスタンスはワークステーションのホスト名です。プリンシパルを作成して、それにランダムなキーを割り当てるために、<code class="command">kadmin</code> の <code class="command">addprinc</code> コマンドに対して <code class="command">-randkey</code> オプションを使用します:
+ </div><pre class="screen">addprinc -randkey host/<em class="replaceable"><code>blah.example.com</code></em></pre><div class="para">
+ これでプリンシパルが作成されたので、キーは <span class="emphasis"><em>ワークステーション自身において</em></span> <code class="command">kadmin</code> を実行して、<code class="command">kadmin</code> を用いて <code class="command">ktadd</code> コマンドを使用することによりワークステーションのために抽出されます:
+ </div><pre class="screen">ktadd -k /etc/krb5.keytab host/<em class="replaceable"><code>blah.example.com</code></em></pre></li><li class="step"><div class="para">
+ 他の Kerberos 化されたネットワーク・サービスを使用するためには、まずそれらが起動されていなければいけません。以下は、一般的な Kerberos 化されたサービスとそれらを有効にすることに関する説明の一覧です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> — クライアントとサーバーの設定がどちらも <code class="option">GSSAPIAuthentication</code> を有効にしているならば、OpenSSH はユーザーをサーバーへ認証するために GSS-API を使用します。クライアントが <code class="option">GSSAPIDelegateCredentials</code> も有効にしていると、ユーザの証明書がリモート・システムにおいて利用可能になります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">rsh</code> および <code class="command">rlogin</code> — Kerberos 化されたバージョンの <code class="command">rsh</code> および <code class="command">rlogin</code> を使用するために、<code class="command">klogin</code>, <code class="command">eklogin</code>, および <code class="command">kshell</code> を有効にします。
+ </div></li><li class="listitem"><div class="para">
+ Telnet — Kerberos 化された Telnet を使用するために、<code class="command">krb5-telnet</code> が有効にされなければいけません。
+ </div></li><li class="listitem"><div class="para">
+ FTP — FTP アクセスを提供するために、<code class="computeroutput">ftp</code> の root とともにプリンシパルに対するキーを作成および解凍する必要があります。インスタンスに FTP サーバーの完全修飾ホスト名を確実にセットしてください、そして <code class="command">gssftp</code> を有効にします。
+ </div></li><li class="listitem"><div class="para">
+ IMAP — Kerberos 化された IMAP サーバーを使用するために、<code class="filename">cyrus-sasl-gssapi</code> パッケージもインストールされているならば、<code class="filename">cyrus-imap</code> パッケージは Kerberos 5 を使用します。<code class="filename">cyrus-sasl-gssapi</code> パッケージは GSS-API 認証をサポートする Cyrus SASL プラグインを含みます。Cyrus IMAP は <code class="command">cyrus</code> ユーザーが <code class="filename">/etc/krb5.keytab</code> に適切なキーを見つけられ、プリンシパルに対する root が <code class="command">imap</code> (<code class="command">kadmin</code> を用いて作成されます) にセットされる限り、Kerberos を用いて適切に機能すべきです。
+ </div><div class="para">
+ <code class="filename">cyrus-imap</code> の代替は、Fedora にも含まれる <code class="command">dovecot</code> パッケージで見つけられます。このパッケージは IMAP サーバーを含みますが、現在まで GSS-API と Kerberos をサポートしていません。
+ </div></li><li class="listitem"><div class="para">
+ CVS — Kerberos 化された CVS サーバーを使用するために、<code class="command">gserver</code> は <code class="computeroutput">cvs</code> の root とともにプリンシパルを使用します。そうでなければ、CVS <code class="command">pserver</code> を同一です。
+ </div></li></ul></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>戻る</strong>3.7.5. Kerberos 5 サーバーの設定</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>次へ</strong>3.7.7. ドメイン-レルムのマッピング</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
new file mode 100644
index 0000000..de880b8
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.5. Kerberos 5 サーバーの設定</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="3.7.4. Kerberos と PAM" /><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="3.7.6. Kerberos 5 クライアントの設定" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sec
t-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">3.7.5. Kerberos 5 サーバーの設定</h3></div></div></div><div class="para">
+ Kerberos をセットアップするとき、まず KDC をインストールします。スレーブサーバーをセットアップする必要があれば、まずマスターをインストールします。
+ </div><div class="para">
+ 最初の Kerberos KDC を設定するために、これらの手順に従います:
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Kerberos を設定する前に時刻同期と DNS がすべてのクライアントとサーバーマシンにおいて正しく機能していることを確実にします。Kerberos サーバーとそのクライアントの間の時刻同期については特に注意をします。サーバーとクライアントの間で時刻が5分よりもずれていると(これは Kerberos 5 で設定可能です)、Kerberos クライアントはサーバーに認証することができません。この時刻同期は攻撃者が正当なユーザーになりすますために古い Kerberos チケットを使用するのを防ぐために不可欠です。
+ </div><div class="para">
+ Kerberos が使用されていないときでも、Network Time Protocol (NTP) 互換のクライアント/サーバー・ネットワークをセットアップすることが望ましいです。Fedora はこの目的のために <code class="filename">ntp</code> パッケージを含みます。Network Time Protocol サーバーをセットアップする方法に関する詳細は <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> を (<em class="replaceable"><code><version-number></code></em> はシステムにインストールされた <code class="filename">ntp</code> パッケージのバージョン番号です)、NTP に関する詳細は <a href="http://www.ntp.org">http://www.ntp.org</a> を参照してください。
+ </div></li><li class="step"><div class="para">
+ KDC を実行する専用のマシンにおいて <code class="filename">krb5-libs</code>, <code class="filename">krb5-server</code>, および <code class="filename">krb5-workstation</code> パッケージをインストールします。このマシンは非常にセキュアである必要があります — 可能ならば、KDC 以外のあらゆるサービスを実行すべきではありません。
+ </div></li><li class="step"><div class="para">
+ レルム名とドメイン-レルム・マッピングを反映するために、<code class="filename">/etc/krb5.conf</code> および <code class="filename">/var/kerberos/krb5kdc/kdc.conf</code> 設定ファイルを編集します。シンプルなレルムは、<em class="replaceable"><code>EXAMPLE.COM</code></em> と <em class="replaceable"><code>example.com</code></em> を正しいドメイン名に置き換え、 — 正しい形式において大文字と小文字を確実に保ってください — また、KDC を <em class="replaceable"><code>kerberos.example.com</code></em> から Kerberos サーバーの名前に変えることにより構築できます。便宜上、すべてのレルム名は大文字で、すべての DNS ホスト名とドメイン名は小文字にします。これらの設定ファイルの形式に関する詳細はそれぞれのマニュアル・ページを参照してください。
+ </div></li><li class="step"><div class="para">
+ シェル・プロンプトから <code class="command">kdb5_util</code> ユーティリティを用いてデータベースを作成します:
+ </div><pre class="screen">/usr/kerberos/sbin/kdb5_util create -s</pre><div class="para">
+ <code class="command">create</code> コマンドは Kerberos レルムのためのキーを保存するデータベースを作成します。<code class="command">-s</code> スイッチはマスター・サーバー・キーが保存される <em class="firstterm">stash</em> ファイルの作成を強制します。キーを読み込むために存在する隠しファイルが存在しなければ、Kerberos サーバー (<code class="command">krb5kdc</code>) は、起動するときに毎回ユーザーにマスター・サーバー・キー(キーを再生成するために使用されます)を要求します。
+ </div></li><li class="step"><div class="para">
+ <code class="filename">/var/kerberos/krb5kdc/kadm5.acl</code> ファイルを編集します。このファイルは、どのプリンシパルが Kerberos データベースとそのアクセスレベルを持つかを決めるために <code class="command">kadmind</code> により使用されます。多くの組織は1行でうまくやっていけます:
+ </div><pre class="screen">*/admin at EXAMPLE.COM *</pre><div class="para">
+ 大抵のユーザーは、データベースにおいて単一プリンシパル(<span class="emphasis"><em>NULL</em></span>、空、または <span class="emphasis"><em>joe at EXAMPLE.COM</em></span> のようなインスタンス)により表現されます。この設定において、<span class="emphasis"><em>admin</em></span> のインスタンスという2つ目のプリンシパルを持つユーザー(たとえば、<span class="emphasis"><em>joe/admin at EXAMPLE.COM</em></span>)は、レルムの Kerberos データベース上でフルパワーを行使できます。
+ </div><div class="para">
+ <code class="command">kadmind</code> がサーバーにおいて起動された後、すべてのユーザーは、レルムにあるすべてのクライアントとサーバーにおいて <code class="command">kadmin</code> を実行することによりそのサービスにアクセスできます。しかしながら、<code class="filename">kadm5.acl</code> ファイルにリストされたユーザーのみが、自身のパスワードを変更することを除いて、なんらかの方法でデータベースを変更できます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">kadmin</code> ユーティリティはネットワーク上で <code class="command">kadmind</code> サーバーをコミュニケーションして、認証を処理するために Kerberos を使用します。その結果として、最初のプリンシパルは、それを管理するためにネットワーク上でサーバーに接続する前に、すでに存在しなければいけません。<code class="command">kadmin.local</code> コマンドを用いて最初のプリンシパルを作成します。これは、KDC として同じホストにおいて使用されるための具体的に設定されたもので、認証のために Kerberos を使用しません。
+ </div></div></div><div class="para">
+ 最初のプリンシパルを作成するために、KDC ターミナルにおいて以下の <code class="command">kadmin.local</code> コマンドを入力します:
+ </div><pre class="screen">/usr/kerberos/sbin/kadmin.local -q "addprinc <em class="replaceable"><code>username</code></em>/admin"</pre></li><li class="step"><div class="para">
+ 以下のコマンドを使用して Kerberos を起動します:
+ </div><pre class="screen">/sbin/service krb5kdc start
+/sbin/service kadmin start
+/sbin/service krb524 start</pre></li><li class="step"><div class="para">
+ <code class="command">kadmin</code> の中にある <code class="command">addprinc</code> コマンドを使用してユーザーに対するプリンシパルを追加します。<code class="command">kadmin</code> と <code class="command">kadmin.local</code> は KDC に対するコマンドライン・インターフェースです。それ自体は、多くのコマンド — <code class="command">addprinc</code> のような — が <code class="command">kadmin</code> プログラムを起動した後で利用可能です。詳細は <code class="command">kadmin</code> マニュアル・ページを参照してください。
+ </div></li><li class="step"><div class="para">
+ KDC がチケットを発行していることを確認します。まず、チケットを取得して、それをクレデンシャル・キャッシュファイルに保存するために、<code class="command">kinit</code> を実行します。次に、キャッシュにあるクレデンシャルのリストを表示するために <code class="command">klist</code> を使用して、キャッシュおよびそれを含むクレデンシャルを廃棄するために <code class="command">kdestroy</code> を使用します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ デフォルトで、<code class="command">kinit</code> は、同じシステムログインユーザー名(Kerberos サーバーではありません)を使用して認証をしようとします。そのユーザー名が Kerberos データベースにあるプリンシパルと一致しなければ、<code class="command">kinit</code> はエラーメッセージを発行します。それが起きると、コマンドラインにおける引数として正しいプリンシパル名をとともに <code class="command">kinit</code> を供給します(<code class="command">kinit <em class="replaceable"><code><principal></code></em></code>)。
+ </div></div></div></li></ol></div><div class="para">
+ これらの手順が完了すると、Kerberos サーバーは稼働可能になります。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>戻る</strong>3.7.4. Kerberos と PAM</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>次へ</strong>3.7.6. Kerberos 5 クライアントの設定</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
new file mode 100644
index 0000000..cfded36
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.7. ドメイン-レルムのマッピング</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="3.7.6. Kerberos 5 クライアントの設定" /><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="3.7.8. セカンダリ KDC のセットアップ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">3.7.7. ドメイン-レルムのマッピング</h3></div></div></div><div class="para">
+ クライアントが特定のサーバーで実行しているサービスにアクセスしようとするとき、サービスの名前(<span class="emphasis"><em>host</em></span>) とサーバーの名前 (<span class="emphasis"><em>foo.example.com</em></span>) を知ります。しかし、1つより多いレルムがネットワークにデプロイされているかもしれないので、サービスが存在するレルムの名前で推測しなければいけません。
+ </div><div class="para">
+ レルムの名前はデフォルトで、サーバーの DNS ドメイン名が大文字で使用されます。
+ </div><div class="literallayout"><p>foo.example.org → EXAMPLE.ORG<br />
+ foo.example.com → EXAMPLE.COM<br />
+ foo.hq.example.com → HQ.EXAMPLE.COM<br />
+</p></div><div class="para">
+ いくつかの設定において、これは十分ですが、他では導かれたレルム名は存在しないレルムの名前でしょう。これらの場合、サーバーの DNS ドメイン名からそのレルム名へのマッピングが、クライアントシステムの <code class="filename">krb5.conf</code> の <span class="emphasis"><em>domain_realm</em></span> セクションにおいて指定されなければいけません。たとえば:
+ </div><pre class="screen">[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ 上の設定は2つのマッピングを指定します。最初のマッピングは "example.com" DNS ドメインにあるすべてのシステムが <span class="emphasis"><em>EXAMPLE.COM</em></span> レルムに所属するということを指定します。2つ目は正確に "example.com" という名前を持つシステムもレルムにあることを指定します。(ドメインと具体的なホストの区別は最初の "." の有無により区別されます。)マッピングは DNS にも直接保存されます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>戻る</strong>3.7.6. Kerberos 5 クライアントの設定</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>次へ</strong>3.7.8. セカンダリ KDC のセットアップ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html
new file mode 100644
index 0000000..91f6a29
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-How_Kerberos_Works.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.3. Kerberos はどのように動作しますか</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="3.7.2. Kerberos の用語" /><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="3.7.4. Kerberos と PAM" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerbe
ros_Terminology.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-How_Kerberos_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">3.7.3. Kerberos はどのように動作しますか</h3></div></div></div><div class="para">
+ Kerberos はユーザー/パスワードの認証方式とは異なります。各ユーザーが各ネットワーク・サービスに認証する代わりに、ユーザーを一連のネットワーク・サービスに認証するために、Kerberos は対象鍵暗号と信頼された第三者 (KDC) を使用します。ユーザーが KDC に認証するとき、KDC はそのセッションに特有のチケットをユーザーのマシンに送り戻します。そして、すべての Kerberos 対応サービスは、ユーザーにパスワードを使用した認証よりも、ユーザーのマシンにおけるチケットを期待します。
+ </div><div class="para">
+ Kerberos 対応のネットワークにいるユーザーが自身のワークステーションにログインするとき、プリンシパルがアプリケーション・サーバーからの TGT をリクエストの一部として KDC に送られます。このリクエストは、ユーザーへと透過的になるようにログイン・プログラムにより送られます。もしくは、ユーザーがログインした後に <code class="command">kinit</code> により送られます。
+ </div><div class="para">
+ その後、KDC はそのデータベースにあるプリンシパルに対してチェックします。プリンシパルが見つかると、KDC は TGT を作成します。それは、ユーザーのキーを使用して暗号化され、ユーザーへと返されます。
+ </div><div class="para">
+ クライアントにあるログインまたは <code class="command">kinit</code> プログラムはユーザーのキーを使用して TGT を復号します。そして、それはユーザーのパスワードから計算します。ユーザーのキーはクライアントマシンにおいてのみ使用され、ネットワーク上で転送され<span class="emphasis"><em>ません</em></span>
+ </div><div class="para">
+ TGT は一定時間後(通常は10から24時間)に期限切れするようセットされ、クライアント・マシンのクレデンシャルに保存されます。漏えいした TGT が攻撃者に短い時間のみ使用されるよう、期限切れ時間がセットされます。TGT が発行された後、ユーザーは TGT が期限切れするまで、またはログアウトして再びログインするまでパスワードを再入力する必要はありません。
+ </div><div class="para">
+ ユーザーがネットワーク・サービスにアクセスする必要があるときはいつでも、クライアント・ソフトウェアが TGS からその特定のサービスに対する新しいチケットを要求するために TGT を使用します。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ ネットワークにいるユーザーが平文でパスワードを転送することにより Kerberos に対応していないサービスに認証するならば、Kerberos システムは危険にさらされる可能性があります。Kerberos に対応していないサービスを使用することは高く思いとどまらせます。そのようなサービスは Telnet や FTP を含みます。しかしながら、SSH や SSL 化されたサービスのような他の暗号化プロトコルの使用は好まれますが、理想的ではありません。
+ </div></div></div><div class="para">
+ これは Kerberos 認証がどのように機能するかの幅広い概要です。詳細については <a class="xref" href="sect-Security_Guide-Kerberos-Additional_Resources.html">「追加のリソース」</a> を参照してください。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Kerberos は正しく機能するために以下のネットワーク・サービスに依存します。
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ネットワークにあるマシン間でクロック同期を近づけます。
+ </div><div class="para">
+ クロック同期プログラムは <code class="command">ntpd</code> のようにネットワークに対してセットアップされるべきです。Network Time Protocol サーバーのセットアップに関する詳細は <code class="filename">/usr/share/doc/ntp-<em class="replaceable"><code><version-number></code></em>/index.html</code> を参照してください(ここで <em class="replaceable"><code><version-number></code></em> は、システムにインストールされた <code class="filename">ntp</code> パッケージのバージョン番号です)。
+ </div></li><li class="listitem"><div class="para">
+ Domain Name Service (DNS)
+ </div><div class="para">
+ ネットワークにおける DNS エントリーと hosts がすべて正しく設定されていることを確実にすべきです。詳細は <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em></code> にある <em class="citetitle">Kerberos V5 System Administrator's Guide</em> を参照してください(ここで <em class="replaceable"><code><version-number></code></em> は、システムにインストールされた <code class="filename">krb5-server</code> パッケージのバージョン番号です)。
+ </div></li></ul></div>
+
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>戻る</strong>3.7.2. Kerberos の用語</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>次へ</strong>3.7.4. Kerberos と PAM</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html
new file mode 100644
index 0000000..acf1160
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_Terminology.html
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.2. Kerberos の用語</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="3.7.3. Kerberos はどのように動作しますか" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos.html"><
strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_Terminology"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">3.7.2. Kerberos の用語</h3></div></div></div><div class="para">
+ Kerberos はサービスのさまざまな特徴を定義するためにそれ自身の用語を持ちます。Kerberos がどのように機能するかを学ぶ前に、以下の用語を学ぶことは重要です。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">認証サーバ (AS: authentication server)</span></dt><dd><div class="para">
+ 次々にユーザーにサービスへのアクセス権を与える専用のサービスに対するチケットを発行するサーバー。AS は、リクエストとともにクレデンシャルを持っていない、または送っていないクライアントからのリクエストに応答します。ticket-granting ticket (TGT) を発行することにより、ticket-granting server (TGS) サービスへのアクセス権を得るために一般的に使用されます。AS は一般的にキー配布センター (KDC) を同じホストにおいて実行します。
+ </div></dd><dt class="varlistentry"><span class="term">暗号文</span></dt><dd><div class="para">
+ 暗号化されたデータ。
+ </div></dd><dt class="varlistentry"><span class="term">クライアント</span></dt><dd><div class="para">
+ ネットワークにおいて Kerberos からチケットを受け取るエンティティ(ユーザー、ホストまたはアプリケーション)。
+ </div></dd><dt class="varlistentry"><span class="term">クレデンシャル</span></dt><dd><div class="para">
+ 特定のサービスに対するクライアントのアイデンティティを確認する電子的なクレデンシャルの一時的なセット。チケットとも呼ばれます。
+ </div></dd><dt class="varlistentry"><span class="term">クレデンシャル・キャッシュまたはチケット・ファイル</span></dt><dd><div class="para">
+ ユーザーとさまざまなネットワーク・サービスの間の暗号化されたコミュニケーションに対するキーを含むファイル。Kerberos 5 は共有メモリーのような他のキャッシュ形式を使用するためのフレームワークをサポートしますが、ファイルはより全体的にサポートされます。
+ </div></dd><dt class="varlistentry"><span class="term">暗号ハッシュ</span></dt><dd><div class="para">
+ ユーザーを認証するために使われる一方向ハッシュ。暗号化されていないデータを使うよりはセキュアですが、経験のあるユーザーが復号することはまだ比較的易しいです。
+ </div></dd><dt class="varlistentry"><span class="term">GSS-API</span></dt><dd><div class="para">
+ Generic Security Service Application Program Interface (Internet Engineering Task Force により発行された RFC-2743 で定義されます) は、セキュリティ・サービスを提供する一連の関数です。この API は、それぞれのプログラムが基礎となるメカニズムの具体的な知識なしでお互いを認証するために、クライアントとサービスにより使用されます。ネットワーク・サービス(cyrus-IMAPのような)が GSS-API を使用するならば、Kerberos を用いて認証できます。
+ </div></dd><dt class="varlistentry"><span class="term">ハッシュ</span></dt><dd><div class="para">
+ <em class="firstterm">ハッシュ値</em>としても知られます。<em class="firstterm">ハッシュ関数</em>に文字列を渡すことにより生成された値。これらの値は一般的に、転送されたデータが改ざんされていないことを保証にするために使われます。
+ </div></dd><dt class="varlistentry"><span class="term">ハッシュ関数</span></dt><dd><div class="para">
+ 入力データからデジタルな "フィンガープリント" を生成する方法。これらの関数は、<em class="firstterm">ハッシュ値</em>を作成するために、データを再配置、転置、または他に変更します。
+ </div></dd><dt class="varlistentry"><span class="term">キー</span></dt><dd><div class="para">
+ 他のデータを暗号化または複合するときに使われるデータ。暗号化されたデータは、正しいデータもしくはクラッカー側で極めて幸運がなければ複合できません。
+ </div></dd><dt class="varlistentry"><span class="term">キー配布センター (KDC: key distribution center)</span></dt><dd><div class="para">
+ kerberos チケットを発行するサービス、また一般的に ticket-granting server (TGS) として同じホストにおいて実行されます。
+ </div></dd><dt class="varlistentry"><span class="term">keytab(またはキー・テーブル)</span></dt><dd><div class="para">
+ プリンシパルとそのキーの暗号化されていないリストを含むファイル。サーバーは <code class="command">kinit</code> を使用する代わりに keytab ファイルから必要とするキーを取得します。デフォルトの keytab ファイルは <code class="filename">/etc/krb5.keytab</code> です。KDC 管理サーバー <code class="command">/usr/kerberos/sbin/kadmind</code> は、(<code class="filename">/var/kerberos/krb5kdc/kadm5.keytab</code> を使用する)他のすべてのファイルを使用する唯一のサービスです。
+ </div></dd><dt class="varlistentry"><span class="term">kinit</span></dt><dd><div class="para">
+ <code class="command">kinit</code> コマンドは、すでにログインしたプリンシパルが、初期 TGT (ticket-granting ticket) を手に入れてキャッシュできるようにします。詳細は <code class="command">kinit</code> マニュアル・ページを参照してください。
+ </div></dd><dt class="varlistentry"><span class="term">プリンシパル(またはプリンシパル名)</span></dt><dd><div class="para">
+ プリンシパルは、Kerberos を使用する認証を許可されたユーザーまたはサービスの一意な名前です。プリンシパルは <code class="computeroutput">root[/instance]@REALM</code> の形式に従います。一般的なユーザーに対して、root はログイン ID を同じです。<code class="computeroutput">instance</code> はオプションです。プリンシパルがインスタンスを持つならば、スラッシュ ("/") を用いて root から分離されます。空の文字 ("") は(デフォルトの <code class="computeroutput">NULL</code> インスタンスを異なる)有効なインスタンスを見なされますが、それを使用することは混乱を招きます。レルムにあるすべてのプリンシパルは自分自身のキーを持ち、ユーザーに対してパスワードから導き出されるか、サービスに対してランダムにセットされます。
+ </div></dd><dt class="varlistentry"><span class="term">レルム</span></dt><dd><div class="para">
+ Kerberos を使用するネットワーク。1つかそれより多い KDC と呼ばれるサーバー、および潜在的に多くのクライアントから構成されます。
+ </div></dd><dt class="varlistentry"><span class="term">サービス</span></dt><dd><div class="para">
+ ネットワーク上でアクセスされるプログラム。
+ </div></dd><dt class="varlistentry"><span class="term">チケット</span></dt><dd><div class="para">
+ 特定のサービスに対するクライアントのアイデンティティを確認する電子的なクレデンシャルの一時的なセット。クレディンシャルとも呼ばれます。
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting server (TGS)</span></dt><dd><div class="para">
+ サービスにアクセスするためにユーザーへ交互に与えられる、希望するサービスに対してチケットを発行するサーバー。TGS は一般的に KDC と同じホストにおいて実行されます。
+ </div></dd><dt class="varlistentry"><span class="term">ticket-granting ticket (TGT)</span></dt><dd><div class="para">
+ クライアントが KDC から適用されることなく追加のチケットを得られるようにする特別なチケット。
+ </div></dd><dt class="varlistentry"><span class="term">暗号化されていないパスワード</span></dt><dd><div class="para">
+ プレイン・テキスト、人間が読めるパスワード。
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos.html"><strong>戻る</strong>3.7. Kerberos</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>次へ</strong>3.7.3. Kerberos はどのように動作しますか</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
new file mode 100644
index 0000000..80b5151
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.4. Kerberos と PAM</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="3.7.3. Kerberos はどのように動作しますか" /><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="3.7.5. Kerberos 5 サーバーの設定" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">3.7.4. Kerberos と PAM</h3></div></div></div><div class="para">
+ Kerberos 対応サービスは現在 Pluggable Authentication Modules (PAM) を使用しません — これらのサービスは完全に PAM を回避します。しかしながら、PAM を使用するアプリケーションは、<code class="filename">pam_krb5</code> モジュール(<code class="filename">pam_krb5</code> で提供されます)がインストールされていると、認証のために Kerberos を使用できます。<code class="filename">pam_krb5</code> パッケージは、<code class="command">login</code> や <code class="command">gdm</code> のようなサービスがユーザーを認証するとともにそれらのパスワードを用いて初期クレデンシャルを得られるようにする、サンプル設定ファイルを含みます。ネットワーク・サービスへのアクセスが常に Kerberos 対応サービスまたは IMAP のような GSS-API を使用するサービスを用いて実行されるならば、ネ
ットワークは相当に安全であると考えられます。
+ </div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ 管理者はユーザーが Kerberos パスワードを用いて多くのネットワーク・サービスに認証できないことに注意すべきです。これらのサービスにより使用される多くのプロトコルは、ネットワーク上でそれを送信して、Kerberos システムの利益を破壊する前にパスワードを暗号化しません。たとえば、ユーザーは Kerberos 認証のために使用するものと同じパスワードを用いて、Telnet サービスへと認証することが許可されるべきではありません。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>戻る</strong>3.7.3. Kerberos はどのように動作しますか</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>次へ</strong>3.7.5. Kerberos 5 サーバーの設定</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
new file mode 100644
index 0000000..caa56a5
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.9. クロス・レルム認証のセットアップ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="3.7.8. セカンダリ KDC のセットアップ" /><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="3.7.10. 追加のリソース" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
ef="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">3.7.9. クロス・レルム認証のセットアップ</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>クロス・レルム認証</em></span>は、それらの自身以外のレルムが属するサービス(一般的に特定のサーバーシステムにおいて実行しているサーバープロセス)を認証するために、あるレルムのクライアント(一般的にユーザー)が Kerberos を使用する状況を記述するために使用される言葉です。
+ </div><div class="para">
+ 最も簡単な場合に対して、<code class="literal">A.EXAMPLE.COM</code> という名前のレルムのクライアントが <code class="literal">B.EXAMPLE.COM</code> レルムにあるサービスにアクセスするために、両方のレルムが <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code> という名前のプリンシパルに対するキーを共有しなければならず、両方のキーがそれらに関連づけられた同じキーバージョン番号を持たなければいけません。
+ </div><div class="para">
+ これを達成するために、非常に強いパスワードまたはパスフレーズを選択して、kadmin により使用される両方のレルムにおけるプリンシパルに対するエントリーを作成します。
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r A.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -r B.EXAMPLE.COM</code></strong></code> <code class="computeroutput"><code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal krbtgt/B.EXA
MPLE.COM at A.EXAMPLE.COM</code></strong></code> <code class="computeroutput">Enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Re-enter password for principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM":</code> <code class="computeroutput">Principal "krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM" created.</code> <strong class="userinput"><code>quit</code></strong></p></div><div class="para">
+ 両方のエントリーが対応するキー・バージョン番号 (<code class="literal">kvno</code> 値) と暗号化の種類を持つことを検証するために、<code class="command">get_principal</code> コマンドを使用します。
+ </div><div class="important"><div class="admonition_header"><h2>データベースをダンプすることを実行しないでください。</h2></div><div class="admonition"><div class="para">
+ セキュリティに注意深い管理者は、パスワードの代わりにランダムなキーを割り当てるために <code class="command">add_principal</code> コマンドの <code class="literal">-randkey</code> オプションを使用して、最初のレルムのデータベースから新しいエントリーをダンプして、そしてそれを2番目にインポートしようとするかもしれません。データベースに含まれるキーがマスターキーを用いて暗号化されたそれ自身なので、これはレルム・データベースに対するマスターキーが同一でなければうまく動きません。
+ </div></div></div><div class="para">
+ これで <code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントは <code class="literal">B.EXAMPLE.COM</code> レルムにあるサービスに認証できます。言い換えると、これで <code class="literal">B.EXAMPLE.COM</code> レルムは <code class="literal">A.EXAMPLE.COM</code> レルムを<span class="emphasis"><em>信頼</em></span>します、もしくは、よりシンプルに言うと、<code class="literal">B.EXAMPLE.COM</code> は <code class="literal">A.EXAMPLE.COM</code> を<span class="emphasis"><em>信頼</em></span>します。
+ </div><div class="para">
+ これは重要な点をもたらします: クロス・レルム認証はデフォルトで一方向性です。<code class="literal">B.EXAMPLE.COM</code> レルムに対する KDC は、<code class="literal">B.EXAMPLE.COM</code> レルムにあるサービスに認証するために <code class="literal">A.EXAMPLE.COM</code> からのクライアントを信頼するかもしれません。しかし、<code class="literal">B.EXAMPLE.COM</code> レルムにクライアントがあってもなくても効果を持たないという事実は <code class="literal">A.EXAMPLE.COM</code> レルムにあるサービスに認証するために信頼されます。他の方向に信頼を確立するために、両方のレルムが <code class="literal">krbtgt/A.EXAMPLE.COM at B.EXAMPLE.COM</code> サービスに対するキーを共有する必要があります(上の例と比較して、2つのレルムの順番を反対にすることに注意してください)。
+ </div><div class="para">
+ ç´æ¥ã®ä¿¡é ¼é¢ä¿ãã¬ã«ã éã®ä¿¡é ¼ãæä¾ããå¯ä¸ã®æ¹æ³ã§ãããªãã°ãè¤æ°ã®ã¬ã«ã ãå«ããããã¯ã¼ã¯ã¯ã»ããã¢ãããããã¨ãé常ã«é£ããã§ãã幸éãªãã¨ã«ãã¯ãã¹ã»ã¬ã«ã èªè¨¼ã¯æ¨ç§»çã§ãã<code class="literal">A.EXAMPLE.COM</code> ããã®ã¯ã©ã¤ã¢ã³ãã <code class="literal">B.EXAMPLE.COM</code> ã«ãããµã¼ãã¹ã«èªè¨¼ã§ãã<code class="literal">B.EXAMPLE.COM</code> ããã®ã¯ã©ã¤ã¢ã³ãã <code class="literal">C.EXAMPLE.COM</code> ã«ãããµã¼ãã¹ã«èªè¨¼ã§ãããªãã°ã<span class="emphasis"><em><code class="literal">C.EXAMPLE.COM</code> ãç´æ¥ <code class="literal">A.EXAMPLE.COM</code></em></span> ãä¿¡é ¼ãã¦ããªãã¦ãã<code class="literal">A.EXAMPLE.COM</code> ã«ããã¯ã©ã¤ã¢ã³ã㯠<code class="literal">C.EXAMPLE.COM</code> ã«ãããµã¼ãã¹ã«ãèªè¨¼ã§ãã¾ããããã¯æ¬¡ã®ãã¨ãæå³ãã¾ãããäºãã«ã
ã¹ã¦ãèªè¨¼ããå¿
è¦ããããè¤æ°ã®ã¬ã«ã ãæã¤ãããã¯ã¼ã¯ã«ããã¦ãã©ã®ä¿¡é ¼é¢ä¿ãã»ããã¢ãããããã«ã¤ãã¦è¯ãé¸æããããã¨ã¯ãå¿
è¦ã¨ãããåªåã®éãé常ã«æ¸ãããã¨ãã§ãã¾ãã
+ </div><div class="para">
+ ここでより伝統的な問題に直面します: クライアントのシステムは、特定のサービスが属するレルムを適切に導き出されるように設定されなければいけません。また、そのレルムにあるサービスに対するクレデンシャルを取得する方法を決められなければいけません。
+ </div><div class="para">
+ まず第一に: 与えられたレルムにおいて特定のサーバーシステムから提供されるサービスに対するプリンシパル名は、一般的にこのように見えます:
+ </div><div class="literallayout"><p>service/server.example.com at EXAMPLE.COM</p></div><div class="para">
+ この例において、<span class="emphasis"><em>service</em></span> は一般的に、使用するプロトコルの名前(他の一般的な値は <span class="emphasis"><em>ldap</em></span>, <span class="emphasis"><em>imap</em></span>, <span class="emphasis"><em>cvs</em></span>, および <span class="emphasis"><em>HTTP</em></span> を含みます)もしくは <span class="emphasis"><em>host</em></span> を使用します。<span class="emphasis"><em>server.example.com</em></span> はサービスを実行しているシステムの完全修飾ドメイン名(FQDN)です。また、<code class="literal">EXAMPLE.COM</code> はレルムの名前です。
+ </div><div class="para">
+ サービスが属するレルムを導き出すために、クライアントはしばしば、ホスト名 (<span class="emphasis"><em>server.example.com</em></span>) または DNS ドメイン名 (<span class="emphasis"><em>.example.com</em></span>) をレルム名 (<span class="emphasis"><em>EXAMPLE.COM</em></span>) に対応付けるために、DNS または <code class="filename">/etc/krb5.conf</code> の<code class="literal">domain_realm</code> セクションを参照します。
+ </div><div class="para">
+ サービスがどのレルムに属するかを決めると、サービスに認証することに使用するためのクレデンシャルを得るために、クライアントはコンタクトする必要があるレルムの組を、またどの順番でコンタクトしなければいけないかを決めなければいけません。
+ </div><div class="para">
+ これは2つの方法の内1つで実行されます。
+ </div><div class="para">
+ 明示的な設定を必要としないデフォルトの方式は、共有された階層の中でレルム名を与えることです。例として、<code class="literal">A.EXAMPLE.COM</code>, <code class="literal">B.EXAMPLE.COM</code>, および <code class="literal">EXAMPLE.COM</code> という名前のレルムを考えます。<code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントが <code class="literal">B.EXAMPLE.COM</code> にあるサービスに認証しようとするとき、デフォルトでまず <code class="literal">EXAMPLE.COM</code> レルムに対するクレデンシャルを取得しようとします。そして、<code class="literal">B.EXAMPLE.COM</code> レルムにおいて使用するためのクレデンシャルを取得するためにそれらのクレデンシャルを使用しようとします。
+ </div><div class="para">
+ このシナリオにおけるクライアントは、あるものが DNS 名を取り扱っているかのようにレルム名を取り扱います。サービスのレルムの "上" でもあるポイントにたどり着くまで、階層においてそれの "上" であるレルムの名前を生成するために、それ自身のレルムの名前のコンポーネントを繰り返し取り除きます。その時点で、サービスのレルムにたどり着くまでサービスのレルム名のコンポーネントを先頭につけるもので始めます。プロセスに関連する各レルムは他の "ホップ" です。
+ </div><div class="para">
+ たとえば、<code class="literal">A.EXAMPLE.COM</code> にあるクレデンシャルを使用して、<code class="literal">B.EXAMPLE.COM</code> にあるサービスを認証する方法\n<code class="literal">A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> と <code class="literal">EXAMPLE.COM</code> は <code class="literal">krbtgt/EXAMPLE.COM at A.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> と <code class="literal">B.EXAMPLE.COM</code> は <code class="literal">krbtgt/B.EXAMPLE.COM at EXAMPLE.COM</code> に対するキーを共有します
+ </div></li></ul></div>
+
+ </div><div class="para">
+ もう1つの例は、<code class="literal">SITE1.SALES.EXAMPLE.COM</code> にあるクレデンシャルを使用して、<code class="literal">EVERYWHERE.EXAMPLE.COM</code> にあるサービスを認証する方法\n<code class="literal">SITE1.SALES.EXAMPLE.COM → SALES.EXAMPLE.COM → EXAMPLE.COM → EVERYWHERE.EXAMPLE.COM </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">SITE1.SALES.EXAMPLE.COM</code> と <code class="literal">SALES.EXAMPLE.COM</code> は <code class="literal">krbtgt/SALES.EXAMPLE.COM at SITE1.SALES.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">SALES.EXAMPLE.COM</code> と <code class="literal">EXAMPLE.COM</code> は <code class="literal">krbtgt/EXAMPLE.COM at SALES.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> と <code class="literal">EVERYWHERE.EXAMPLE.COM</code> は <code class="literal">krbtgt/EVERYWHERE.EXAMPLE.COM at EXAMPLE.COM</code> に対するキーを共有します
+ </div></li></ul></div>
+
+ </div><div class="para">
+ もう一つの例は、その名前が共通のサフィックスを共有しないレルム名を使用するよう、これが調整します (<code class="literal">DEVEL.EXAMPLE.COM</code> および <code class="literal">PROD.EXAMPLE.ORG</code><code class="literal"> DEVEL.EXAMPLE.COM → EXAMPLE.COM → COM → ORG → EXAMPLE.ORG → PROD.EXAMPLE.ORG </code>
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="literal">DEVEL.EXAMPLE.COM</code> と <code class="literal">EXAMPLE.COM</code> は <code class="literal">krbtgt/EXAMPLE.COM at DEVEL.EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.COM</code> および <code class="literal">COM</code> は <code class="literal">krbtgt/COM at EXAMPLE.COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">COM</code> および <code class="literal">ORG</code> は <code class="literal">krbtgt/ORG at COM</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">ORG</code> および <code class="literal">EXAMPLE.ORG</code> は <code class="literal">krbtgt/EXAMPLE.ORG at ORG</code> に対するキーを共有します
+ </div></li><li class="listitem"><div class="para">
+ <code class="literal">EXAMPLE.ORG</code> および <code class="literal">PROD.EXAMPLE.ORG</code> は <code class="literal">krbtgt/PROD.EXAMPLE.ORG at EXAMPLE.ORG</code> に対するキーを共有します
+ </div></li></ul></div>
+
+ </div><div class="para">
+ より複雑でより柔軟な方法は、あるレルムに対するクレデンシャルを持つクライアントがどのレルムがサーバーに認証できることに導くチェインの次にあるかを探すことができるように、<code class="filename">/etc/krb5.conf</code> の <code class="literal">capaths</code> セクションを設定することに関連します。
+ </div><div class="para">
+ <code class="literal">capaths</code> セクションの形式は比較的素直です: セクションの各エントリーはクライアントが存在するかもしれないレルムの後ろに名前がつけられます。このサブセクションの中で、クライアントがクレデンシャルを得なければいけない中間レルムのセットは、サービスが存在するかもしれないレルムと対応するキーの値としてリストされます。もし中間レルムがなければ、値 "." が使用されます。
+ </div><div class="para">
+ これは例です:
+ </div><div class="literallayout"><p> [capaths]<br />
+ A.EXAMPLE.COM = {<br />
+ B.EXAMPLE.COM = .<br />
+ C.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = B.EXAMPLE.COM<br />
+ D.EXAMPLE.COM = C.EXAMPLE.COM<br />
+ }<br />
+<br />
+</p></div><div class="para">
+ この例において、<code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントは、<code class="literal">B.EXAMPLE.COM</code> に対するクレデンシャルを直接 <code class="literal">A.EXAMPLE.COM</code> KDC からクロス・レルム・クレデンシャルを得ることができます。
+ </div><div class="para">
+ それらのクライアントが <code class="literal">C.EXAMPLE.COM</code> レルムにあるサービスに問い合わせしたければ、まず <code class="literal">B.EXAMPLE.COM</code> レルムから必要なクレデンシャルを取得する必要があります(これは <code class="literal">krbtgt/B.EXAMPLE.COM at A.EXAMPLE.COM</code> が存在する必要があります)。そして、(<code class="literal">krbtgt/C.EXAMPLE.COM at B.EXAMPLE.COM</code> を使用して)<code class="literal">C.EXAMPLE.COM</code> レルムにおいて使用するためのクレデンシャルを取得するために、<code class="literal">それらの</code>クレデンシャルを使用します。
+ </div><div class="para">
+ それらのクライアントが <code class="literal">D.EXAMPLE.COM</code> レルムにあるサービスに問い合わせたいならば、最終的に <code class="literal">D.EXAMPLE.COM</code> レルムを使用するためにクレデンシャルを得る前に、まず <code class="literal">B.EXAMPLE.COM</code> レルムから必要なクレデンシャルを、次に <code class="literal">C.EXAMPLE.COM</code> レルムからクレデンシャルを手に入れる必要があります。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 他の方法で capth エントリーを表示していなければ、Kerberos はクロス・レルム信頼関係が階層をなすと仮定します。
+ </div><div class="para">
+ <code class="literal">A.EXAMPLE.COM</code> レルムにあるクライアントは <code class="literal">B.EXAMPLE.COM</code> レルムから直接クロスドメイン・クレデンシャルを得ることができます。これを意味する "." がなければ、クライアントは階層的なパスを使用するために代わりの試みをします。今回の場合:
+ </div><div class="literallayout"><p> A.EXAMPLE.COM → EXAMPLE.COM → B.EXAMPLE.COM<br />
+<br />
+</p></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>戻る</strong>3.7.8. セカンダリ KDC のセットアップ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>次へ</strong>3.7.10. 追加のリソース</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
new file mode 100644
index 0000000..7950cee
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7.8. セカンダリ KDC のセットアップ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Kerberos.html" title="3.7. Kerberos" /><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="3.7.7. ドメイン-レルムのマッピング" /><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="3.7.9. クロス・レルム認証のセットアップ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">3.7.8. セカンダリ KDC のセットアップ</h3></div></div></div><div class="para">
+ 多くの理由のため、与えられたレルムに対して複数の KDC を実行することを選択するかもしれません。このシナリオでは、1つの KDC (<span class="emphasis"><em>マスター KDC</em></span>) がレルム・データベースの書き込み可能なコピーを維持して、<code class="command">kadmind</code> を実行します (それはレルムの <span class="emphasis"><em>管理サーバー</em></span>でもあります)。また、1つかそれより多い KDC (<span class="emphasis"><em>スレーブ KDC</em></span>) はデータベースの読み込み専用のコピーを維持して、<code class="command">kpropd</code> を実行します。
+ </div><div class="para">
+ マスター-スレーブの伝搬手順は、マスター KDC がそのデータベースを一時的なダンプファイルにダンプして、そのファイルを各スレーブに転送するようにします。これは、それらの以前に受け取ったデータベース読み込み専用コピーをダンプファイルの内容で上書きします。
+ </div><div class="para">
+ スレーブ KDC をセットアップするために、マスター KDC の <code class="filename">krb5.conf</code> および <code class="filename">kdc.conf</code> ファイルがスレーブ KDC に確実にコピーします。
+ </div><div class="para">
+ マスター KDC において root シェルで <code class="command">kadmin.local</code> を起動して、マスター KDC の <span class="emphasis"><em>host</em></span> サービスに対する新しいエントリーを作成するために、その <code class="command">add_principal</code> コマンドを使用します。そして、同時にサービスに対するランダムなキーをセットして、ランダムキーをマスターのデフォルト keytab ファイルに保存するために、その <code class="command">ktadd</code> を使用します。このキーはスレーブサーバーを認証するために <code class="command">kprop</code> コマンドにより使用されます。どのくらいのスレーブサーバーをインストールするかに関わらず、これを一度だけ実行する必要があります。
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin.local -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal root/admin at EXAMPLE.COM with password.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/masterkdc.example.com</code></strong>
+
+Principal "host/host/masterkdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/masterkdc.example.com</code></strong>
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/masterkdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ スレーブ KDC において root シェルから <code class="command">kadmin</code> を起動して、スレーブ KDC の <span class="emphasis"><em>host</em></span> サービスに対する新しいエントリーを作成するために、その <code class="command">add_principal</code> コマンドを使用します。そして、同時にサービスに対するランダムなキーをセットして、ランダムキーをスレーブのデフォルト keytab ファイルに保存するために、<code class="command">kadmin</code> の <code class="command">ktadd</code> を使用します。このキーはクライアントを認証するときに <code class="command">kpropd</code> サービスにより使用されます。
+ </div><pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>kadmin -p jimbo/admin at EXAMPLE.COM -r EXAMPLE.COM</code></strong>
+
+Authenticating as principal jimbo/admin at EXAMPLE.COM with password.
+
+<code class="prompt">Password for jimbo/admin at EXAMPLE.COM: </code>
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>add_principal -randkey host/slavekdc.example.com</code></strong>
+
+Principal "host/slavekdc.example.com at EXAMPLE.COM" created.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>ktadd host/slavekdc.example.com at EXAMPLE.COM</code></strong>
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
+
+Entry for principal host/slavekdc.example.com with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.
+
+<code class="prompt">kadmin:</code> <strong class="userinput"><code>quit</code></strong></pre><div class="para">
+ そのサービスキーを用いると、スレーブ KDC はそれに接続するすべてのクライアントを認証できます。明らかに、それらのすべてが新しいレルム・データベースを持つスレーブの <code class="command">kprop</code> サービスを提供することが許可されるわけではありません。アクセスを制限するために、スレーブ KDC における <code class="command">kprop</code> サービスは、<code class="filename">/var/kerberos/krb5kdc/kpropd.acl</code> にリストされたプリンシパル名であるクライアントからの更新のみを受け付けます。マスター KDC の host サービスの名前をそのファイルに追加します。
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>echo host/masterkdc.example.com at EXAMPLE.COM > /var/kerberos/krb5kdc/kpropd.acl</code></strong></code></p></div><div class="para">
+ 一度スレーブ KDC がデータベースのコピーを取得すると、それを暗号化するために使用されるマスターキーが必要になります。KDC データベースのマスターキーが、マスター KDC (一般的に <code class="filename">/var/kerberos/krb5kdc/.k5.REALM</code> という名前) における <span class="emphasis"><em>stash</em></span> ファイルに保存されると、利用可能なセキュアなあらゆる方法を用いてスレーブ KDC にコピーするか、ダミーのデータベースを作成して、<code class="command">kdb5_util create -s</code> を実行して、同じパスワードを供給することによりスレーブ KDC に同一の stash ファイルを作成するかします。
+ </div><div class="para">
+ スレーブ KDC のファイアウォールはマスター KDC がポート 754 の TCP を使用して接続できるようにしていることを確実にして、<code class="command">kprop</code> サービスを起動します。そして、<code class="command">kadmin</code> サービスが<span class="emphasis"><em>無効</em></span>にされていることを二重チェックします。
+ </div><div class="para">
+ 今、マスター KDC においてレルム・データベースを、<code class="command">kprop</code> コマンドが読み込むデフォルトのデータファイル (<code class="filename">/var/kerberos/krb5kdc/slave_datatrans</code>) に、ダンプすることにより、手動のデータベース伝搬テストを実行します。そして、その内容をスレーブ KDC に転送するために <code class="command">kprop</code> コマンドを使用します。
+ </div><div class="literallayout"><p> <code class="computeroutput"><code class="prompt">#</code> <strong class="userinput"><code>/usr/kerberos/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans</code></strong><code class="prompt">#</code> <strong class="userinput"><code>kprop slavekdc.example.com</code></strong></code></p></div><div class="para">
+ <code class="command">kinit</code> を使用すると、クライアントシステムの <code class="filename">krb5.conf</code> があなたのレルムに対して KDC のリストにあるスレーブ KDC のみリストしているものは、スレーブ KDC から初期クレデンシャルを正しく得られることを確認します。
+ </div><div class="para">
+ 単にレルム・データベースをダンプするスクリプトを作成して、データベースを各スレーブ KDC に順番に転送するために <code class="command">kprop</code> コマンドを実行します。そして、定期的にスクリプトを実行するために <code class="command">cron</code> サービスを設定します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>戻る</strong>3.7.7. ドメイン-レルムのマッピング</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>次へ</strong>3.7.9. クロス・レルム認証のセットアップ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html
new file mode 100644
index 0000000..b4c53d6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Kerberos.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7. Kerberos</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="3.6.5.3. 関連書籍" /><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="3.7.2. Kerberos の用語" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Kerberos" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Kerberos">3.7. Kerberos</h2></div></div></div><div class="para">
+ ネットワークの中におけるシステムのセキュリティと完全性は扱いにくいです。どのサービスがネットワークにおいて実行されているか、これらのサービスがどのような方法で使用されているか、を追いかけ続けるために何人かの管理者の時間を消費します。
+ </div><div class="para">
+ さらに、ネットワーク・サービスに認証しているユーザーは、従来の FTP や Telnet プロトコルを用いてネットワーク上に暗号化されないパスワードの転送により証明されるように、プロトコルにより使用されている方式が本質的にセキュアではないとき、危険であることを証明できます。
+ </div><div class="para">
+ Kerberos は、危険な認証の方式を許可するプロトコルに対する必要性を取り除き、それによりネットワーク・セキュリティ全体を強化する方法です。
+ </div><div class="section" id="sect-Security_Guide-Kerberos-What_is_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Kerberos-What_is_Kerberos">3.7.1. Kerberos とは何でしょうか?</h3></div></div></div><div class="para">
+ Kerberos は MIT により作成されたネットワーク認証プロトコルです。そして、ネットワーク・サービスにユーザーを認証するために対象暗号鍵 <sup>[<a id="idp35554224" href="#ftn.idp35554224" class="footnote">14</a>]</sup> を使用します。これは、パスワードがネットワーク上で実際には決して送られないことを意味します。
+ </div><div class="para">
+ したがって、ユーザーが Kerberos を使用してネットワーク・サービスに認証するとき、ネットワーク・トラフィックを監視することによりパスワードを集めようとしている認可されないユーザーは効果的に挫折させられます。
+ </div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Advantages_of_Kerberos">3.7.1.1. Kerberos の利点</h4></div></div></div><div class="para">
+ 多くの慣習的なネットワーク・サービスは、パスワード・ベースの認証スキームを使用します。そのようなスキームは、ユーザー名とパスワードを供給することにより、与えられたネットワーク・サーバーへと認証するためにユーザーに要求します。不幸にも、多くのサービスに対する認証情報の転送は暗号化されません。そのようなスキームをセキュアにするために、ネットワークは外部者からアクセス不能にしなければいけません。そして、ネットワークにあるすべてのコンピュータとユーザーが信頼され、信頼できなければいけません。
+ </div><div class="para">
+ たとえこれが問題であるとしても、インターネットに接続されたネットワークはもはやセキュアであるとは見なされません。ネットワークへのアクセス権を得た攻撃者は、ユーザー・アカウントとセキュリティ基盤全体を危険にさらす、ユーザー名とパスワードを横取りするために、パケット・スニファーとしても知られるシンプルなパケット・アナライザーを使用できます。
+ </div><div class="para">
+ Kerberos の一番の設計目標は、ネットワークを通した暗号化されないパスワードの転送を減らすことです。適切に使用されれば、Kerberos はパケット・スニファーがそうしないとネットワークに配置される脅威を効果的に減らします。
+ </div></div><div class="section" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-What_is_Kerberos-Disadvantages_of_Kerberos">3.7.1.2. Kerberos の欠点</h4></div></div></div><div class="para">
+ Kerberos は一般的かつ深刻なセキュリティ脅威を取り除きますが、さまざまな理由により導入することが難しいかもしれません:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/passwd</code> や <code class="filename">/etc/shadow</code> のような標準的な UNIX パスワード・データベースから、Kerberos パスワード・データベースにユーザーのパスワードを移行することは、このタスクを実行する自動化されたメカニズムがないため、時間がかかる可能性があります。オンライン Kerberos FAQ の Question 2.23 を参照してください:
+ </div><div class="para">
+ <a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#pwconvert"> http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a>
+ </div></li><li class="listitem"><div class="para">
+ Kerberos は多くの Fedora サーバーにより使用される Pluggable Authentication Modules (PAM) システム\nと部分的な互換性のみがあります。この問題の詳細は <a class="xref" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">「Kerberos と PAM」</a> を参照してください。
+ </div></li><li class="listitem"><div class="para">
+ Kerberos は、それぞれのユーザーが信頼されますが、信頼されないネットワークにある信頼されないホストを使用します。その主要な目標は、暗号化されないパスワードがネットワークを越えて転送されるのを防ぐことです。しかしながら、適切なユーザー以外の誰かが認証のために使用されるチケットを発行する1つのホスト、キー配布センター (<em class="firstterm">KDC</em>: <em class="firstterm">key distribution center</em>) 、にアクセスするならば、Kerberos 認証システム全体がリスクにさらされます。
+ </div></li><li class="listitem"><div class="para">
+ Kerberosを利用するアプリケーションにとって、そのソースは Kerberos ライブラリの中にある適切なコールをするために、修正されなければいけません。この方法で修正されたアプリケーションは <em class="firstterm">Kerberos 対応</em>, あるいは <em class="firstterm">kerberos 化された</em>と考えられます。いくつかのアプリケーションに対して、これはアプリケーションの大きさやその設計のために極めて問題である可能性があります。他の互換性のないアプリケーションに対しては、変更はサーバーとクライアントがコミュニケートする方法にならなければいけません。さらにまた、これは広範囲なプログラミングを必要とします。デフォルトで Kereros に対応していないクローズ・ソースのアプリケーションはしばしば最も問題があります。
+ </div></li><li class="listitem"><div class="para">
+ Kerberos は全か無かのソリューションです。Kerberos がネットワークにおいて使用されるならば、Kerberos に対応していないサービスに転送される暗号化されないパスワードはすべてリスクになります。このように、ネットワークは Kerberos の使用から何も利益を得ません。Kerberos を用いてネットワークをセキュアにするために、暗号化されないパスワードを転送する<span class="emphasis"><em>すべて</em></span>のクライアント/サーバー・アプリケーションの Kerberos 対応バージョンを使用する、もしくは、そのようなクライアント/サーバー・アプリケーションを<span class="emphasis"><em>まったく</em></span>使用しないようにしなければいけません。
+ </div></li></ul></div></div></div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp35554224" href="#idp35554224" class="para">14</a>] </sup>
+ ネットワーク通信を暗号化および復号するために使用される共通のキーをクライアントとサーバーが共有するシステム。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>戻る</strong>3.6.5.3. 関連書籍</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>次へ</strong>3.7.2. Kerberos の用語</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
new file mode 100644
index 0000000..43a7ab6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.5. 興味のリンク</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS ディスク暗号化" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="4.2.3.4. ただ何を達成したでしょうか。" /><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="4.2.4. 7-Zip 暗号化アーカイブ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">4.2.3.5. 興味のリンク</h4></div></div></div><div class="para">
+ Fedora における LUKS や暗号化ハードディスクに関する詳細は、以下のリンクを訪問してください:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="https://code.google.com/p/cryptsetup/">LUKS - Linux Unified Key Setup</a>
+ </div></li><li class="listitem"><div class="para">
+ <a href="https://bugzilla.redhat.com/attachment.cgi?id=161912">HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive, pvmove, and a Fedora LiveCD</a>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>戻る</strong>4.2.3.4. ただ何を達成したでしょうか。</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>次へ</strong>4.2.4. 7-Zip 暗号化アーカイブ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
new file mode 100644
index 0000000..7ae6e2e
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.3. ステップ・バイ・ステップの説明</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS ディスク暗号化" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="4.2.3.2. ディレクトリの手動暗号化" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="4.2.3.4. ただ何を達成したでしょうか。" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">4.2.3.3. ステップ・バイ・ステップの説明</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ ランレベル 1 に入ります: <code class="code">telinit 1</code>
+ </div></li><li class="listitem"><div class="para">
+ パーティションをランダムデータで埋めます: <code class="code">scrub -p random /home</code>
+ </div></li><li class="listitem"><div class="para">
+ 既存の /home をアンマウントします: <code class="code"> umount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ もし失敗したなら、/home を独占しているプロセスを見つけて止めるために <code class="code">fuser</code> を使用します: <code class="code">fuser -mvk /home</code>
+ </div></li><li class="listitem"><div class="para">
+ /home がもうマウントされていないことを確認します: <code class="code">cat /proc/mounts | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ パーティションを初期化します: <code class="code">cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home</code>
+ </div></li><li class="listitem"><div class="para">
+ 新しく暗号化されたデバイスを開きます: <code class="code">cryptsetup luksOpen /dev/VG00/LV_home home</code>
+ </div></li><li class="listitem"><div class="para">
+ そこにあることを確認します: <code class="code">ls -l /dev/mapper | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ ファイルシステムを作成します: <code class="code">mkfs.ext3 /dev/mapper/home</code>
+ </div></li><li class="listitem"><div class="para">
+ マウントします: <code class="code">mount /dev/mapper/home /home</code>
+ </div></li><li class="listitem"><div class="para">
+ 見えることを確認します: <code class="code">df -h | grep home</code>
+ </div></li><li class="listitem"><div class="para">
+ 以下を /etc/crypttab に追加します: <code class="code">home /dev/VG00/LV_home none</code>
+ </div></li><li class="listitem"><div class="para">
+ /etc/fstab を編集して、/home の古いエントリを削除して、<code class="code">/dev/mapper/home /home ext3 defaults 1 2</code> を追加します。
+ </div></li><li class="listitem"><div class="para">
+ fstab エントリを確認します: <code class="code">mount /home</code>
+ </div></li><li class="listitem"><div class="para">
+ デフォルトの SELinux セキュリティ・コンテキストを復元します: <code class="code">/sbin/restorecon -v -R /home</code>
+ </div></li><li class="listitem"><div class="para">
+ 再起動します: <code class="code">shutdown -r now</code>
+ </div></li><li class="listitem"><div class="para">
+ /etc/crypttab にあるエントリは、コンピューターがブート時に <code class="code">luks</code> パスフレーズを問い合わせるようにします。
+ </div></li><li class="listitem"><div class="para">
+ root としてログインして、バックアップを復元します。
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>戻る</strong>4.2.3.2. ディレクトリの手動暗号化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>次へ</strong>4.2.3.4. ただ何を達成したでしょうか。</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
new file mode 100644
index 0000000..82f6f80
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.4. ただ何を達成したでしょうか。</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS ディスク暗号化" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="4.2.3.3. ステップ・バイ・ステップの説明" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="4.2.3.5. 興味のリンク" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">4.2.3.4. ただ何を達成したでしょうか。</h4></div></div></div><div class="para">
+ おめでとうございます、これでコンピューターをオフにしている間も安全に保管できるよう、すべてのデータに対する暗号化されたパーティションを持ちました。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>戻る</strong>4.2.3.3. ステップ・バイ・ステップの説明</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>次へ</strong>4.2.3.5. 興味のリンク</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
new file mode 100644
index 0000000..21fcf40
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3.2. ディレクトリの手動暗号化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS ディスク暗号化" /><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="4.2.3. LUKS ディスク暗号化" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="4.2.3.3. ステップ・バイ・ステップの説明" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentatio
n Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">4.2.3.2. ディレクトリの手動暗号化</h4></div></div></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ この手順に従うと、暗号化するパーティションにあるすべてのデータが削除されます。すべての情報を失うでしょう!この手順を始める前にデータを外部ソースへ確実にバックアップしてください!
+ </div></div></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ この手順は、パーティションにある既存のデータを削除して、使用する LUKS 向けの乱数ベースを提供するために、<span class="package">scrub</span> を使用します。この乱数ベースは暗号化に対する特定の攻撃を防ぐために重要です。<span class="package">scrub</span> は標準ではインストールされていません。使用する前にインストールする必要があります。代わりに、同じことを達成するために、他の乱数生成器を使用することもできます。
+ </div></div></div><div class="para">
+ Fedora 9 よりも前のバージョンを実行していて、パーティションを暗号化したい、もしくは、最新版の Fedora をインストールした後でパーティションを暗号化したいならば、以下の指示はあなたのためになります。以下のサンプル・デモは /home パーティションを暗号化しますが、すべてのパーティションが使用できます。
+ </div><div class="para">
+ 以下の手順は既存のデータをすべて取り去るでしょう。そのため、始める前にテストされたバックアップを確実にします。/home が独立したパーティションである必要があります(ここでは /dev/VG00/LV_home です)。以下はすべて root として実行されなければいけません。これら手順の失敗はすべて、手順が成功するまで進んではいけません。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>戻る</strong>4.2.3. LUKS ディスク暗号化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>次へ</strong>4.2.3.3. ステップ・バイ・ステップの説明</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
new file mode 100644
index 0000000..9a6b462
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2.3. LUKS ディスク暗号化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="Security_Guide-Encryption-Data_in_Motion.html" title="4.2. 動作しているデータ" /><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="4.2.2. Secure Shell" /><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="4.2.3.2. ディレクトリの手動暗号化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav">
<li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-LUKS_Disk_Encryption" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">4.2.3. LUKS ディスク暗号化</h3></div></div></div><div class="para">
+ Linux Unified Key Setup-on-disk-format (or LUKS) は、Linux コンピューターのパーティションを暗号化できるようにします。これはとくに、モバイル・コンピューターやリムーバブル・メディアを使うときに重要です。LUKS は複数のユーザー・キーがパーティションの全体暗号化に対して使用されるマスター・キーを復号できるようにします。
+ </div><div class="section" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">4.2.3.1. Fedora における LUKS の導入</h4></div></div></div><div class="para">
+ Fedora 9 およびそれ以降は、システムシステムの暗号化を実行するために LUKS を利用します。デフォルトで、ファイルシステムを暗号化するオプションはインストール中にチェックされていません。ハードディスクを暗号化するオプションを選択すると、コンピューターを起動するたびにパスフレーズが尋ねられます。このパスフレーズは、パーティションを復号するために用いられる全体暗号鍵を "ロック解除" します。デフォルトのパーティション・テーブルを変更するために選択すると、暗号化したいパーティションを選択できます。これは、パーティション・テーブルの設定にセットされます。
+ </div><div class="para">
+ Fedora のデフォルト LUKS 実装は SHA256 ハッシュを持つ AES 128 です。利用可能な暗号は次のとおりです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ AES - Advanced Encryption Standard - <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">FIPS PUB 197</a>
+ </div></li><li class="listitem"><div class="para">
+ Twofish (A 128-bit Block Cipher)
+ </div></li><li class="listitem"><div class="para">
+ Serpent
+ </div></li><li class="listitem"><div class="para">
+ cast5 - <a href="http://www.ietf.org/rfc/rfc2144.txt">RFC 2144</a>
+ </div></li><li class="listitem"><div class="para">
+ cast6 - <a href="http://www.ietf.org/rfc/rfc2612.txt">RFC 2612</a>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>戻る</strong>4.2.2. Secure Shell</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>次へ</strong>4.2.3.2. ディレクトリの手動暗号化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html
new file mode 100644
index 0000000..418cc0b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Access_Control.html
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.2. アクセス制御</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. オプション・フィールド" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. オプション・フィールド" /><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="3.6.2.2.3. シェル・コマンド" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentati
on Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Access_Control"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">3.6.2.2.2. アクセス制御</h5></div></div></div><div class="para">
+ オプション・フィールドは管理者が、最後のオプションとして <code class="option">allow</code> または <code class="option">deny</code> ディレクティブを追加することにより、1つのルールにおいてホストの許可または拒否を明示的にできるようにすることができます。
+ </div><div class="para">
+ たとえば、以下の2つのルールは、<code class="systemitem">client-1.example.com</code> からの SSH 接続を許可しますが、<code class="systemitem">client-2.example.com</code> からの接続は拒否します:
+ </div><pre class="screen">sshd : client-1.example.com : allow
+sshd : client-2.example.com : deny</pre><div class="para">
+ ルールごとを基本としたアクセス制御を許可することにより、オプション・フィールドは、管理者が1つのファイルの中ですべてのアクセス・ルールを統合できるようにします: <code class="filename">hosts.allow</code> または <code class="filename">hosts.deny</code>。何人かの管理者はこれがアクセス・ルールを編成する最も簡単な方法と考えます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>戻る</strong>3.6.2.2. オプション・フィールド</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>次へ</strong>3.6.2.2.3. シェル・コマンド</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html
new file mode 100644
index 0000000..f4597b4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Expansions.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.4. 拡張</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. オプション・フィールド" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="3.6.2.2.3. シェル・コマンド" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="3.6.3. xinetd" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Expansions"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">3.6.2.2.4. 拡張</h5></div></div></div><div class="para">
+ 拡張は、<code class="command">spawn</code> および <code class="command">twist</code> ディレクティブとともに使用されるとき、クライアント、サーバ、および関連するプロセスに関する情報を提供します。
+ </div><div class="para">
+ 以下はサポートされる拡張のリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">%a</code> — クライアントの IP アドレスを返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%A</code> — サーバの IP アドレスを返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%c</code> — ユーザ名ーとホスト名、またはユーザー名と IP アドレスのようなクライアントのさまざまな情報を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%d</code> — デーモン・プロセス名を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%h</code> — クライアントのホスト名 (または、ホスト名が利用できなければ IP アドレス) を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%H</code> — サーバーのホスト名 (または、ホスト名が利用できなければ IP アドレス) を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%n</code> — クライアントのホスト名を返します。もし利用できなければ、<code class="computeroutput">unknown</code> が表示されます。クライアントのホスト名とホストのアドレスが一致しなければ、<code class="computeroutput">paranoid</code> が表示されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%N</code> — サーバーのホスト名を返します。もし利用できなければ、<code class="computeroutput">unknown</code> が表示されます。サーバーのホスト名とホストのアドレスが一致しなければ、<code class="computeroutput">paranoid</code> が表示されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%p</code> — デーモンのプロセス ID を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%s</code> — デーモン・プロセスおよびサーバーのホストまたは IP アドレスのような、さまざまな種類のサーバーの情報を返します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">%u</code> — クライアントのユーザー名を返します。もし利用できなければ、<code class="computeroutput">unknown</code> が表示されます。
+ </div></li></ul></div><div class="para">
+ 以下のサンプル・ルールはカスタマイズされたログファイルにおいてクライアント・ホストを識別するために <code class="command">spawn</code> コマンドとともに拡張を使用します。
+ </div><div class="para">
+ SSH デーモン (<code class="systemitem">sshd</code>) へのコネクションが <code class="systemitem">example.com</code> ドメインにあるホストから試行されるとき、特別なファイルに(<code class="option">%h</code> 表現を使用することにより)クライアントのホスト名を含めて、試行を記録するために <code class="command">echo</code> コマンドを実行します。
+ </div><pre class="screen">sshd : .example.com \
+ : spawn /bin/echo `/bin/date` access denied to %h>>/var/log/sshd.log \
+ : deny</pre><div class="para">
+ 同様に、拡張はクライアントに返すメッセージをカスタマイズするために使用できます。以下の例では、<code class="systemitem">example.com</code> ドメインから FTP サービスにアクセスを試行しているクライアントは、サーバから禁止されていることを通知されます。
+ </div><pre class="screen">vsftpd : .example.com \
+: twist /bin/echo "421 %h has been banned from this server!"</pre><div class="para">
+ 利用可能な拡張の完全な説明、および追加のアクセス制御オプションは、<code class="filename">hosts_access</code> のマニュアル・ページのセクション5 (<code class="command">man 5 hosts_access</code>) および <code class="filename">hosts_options</code> のマニュアル・ページを参照してください。
+ </div><div class="para">
+ TCP Wrappers に関する詳細は <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">「追加のリソース」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>戻る</strong>3.6.2.2.3. シェル・コマンド</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>次へ</strong>3.6.3. xinetd</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html
new file mode 100644
index 0000000..a3b6e3a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Option_Fields-Shell_Commands.html
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2.3. シェル・コマンド</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. オプション・フィールド" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="3.6.2.2.2. アクセス制御" /><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="3.6.2.2.4. 拡張" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="prev
ious"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Option_Fields-Shell_Commands"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">3.6.2.2.3. シェル・コマンド</h5></div></div></div><div class="para">
+ オプション・フィールドはアクセス・ルールが以下の2つのディレクティブによりシェル・コマンドを起動できるようにします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">spawn</code> — 子プロセスとしてシェルコマンドを起動します。リクエストしているクライアントのより詳しい情報を得るために <code class="command">/usr/sbin/safe_finger</code> を使用するようなタスクを実行できます、もしくは<code class="command">echo</code> コマンドを用いて特別なログファイルを作成できます。
+ </div><div class="para">
+ 以下の例では、<code class="systemitem">example.com</code> ドメインからの Telnet サービスにアクセスしようとしているクライアントは特別なファイルにひそかに記録されます:
+ </div><pre class="screen">in.telnetd : .example.com \
+ : spawn /bin/echo `/bin/date` from %h>>/var/log/telnet.log \
+ : allow</pre></li><li class="listitem"><div class="para">
+ <code class="command">twist</code> — 要求されたサービスを特別なコマンドで置き換えます。このディレクティブはしばしば、侵入者に対するトラップ(「ハニーポット」とも呼ばれます)をセットアップするために使用されます。接続しているクライアントにメッセージを送るためにも使えます。<code class="command">twist</code>ディレクティブはルール行の最後に表れなければいけません。
+ </div><div class="para">
+ 以下の例では、<code class="systemitem">example.com</code> ドメインからの FTP サービスへのアクセスを試みているクライアントは、<code class="command">echo</code> コマンドを用いてメッセージを送られます:
+ </div><pre class="screen">vsftpd : .example.com \
+ : twist /bin/echo "421 This domain has been black-listed. Access denied!"</pre></li></ul></div><div class="para">
+ シェル・コマンド・オプションの詳細は <code class="filename">hosts_options</code> マニュアル・ページを参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>戻る</strong>3.6.2.2.2. アクセス制御</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>次へ</strong>3.6.2.2.4. 拡張</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
new file mode 100644
index 0000000..a9a5deb
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.2. 制御フラグ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM 設定ファイルの形式" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM 設定ファイルの形式" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="3.5.3.3. モジュール名" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">3.5.3.2. 制御フラグ</h4></div></div></div><div class="para">
+ すべての PAM モジュールは、呼び出されたときに成功または失敗の結果を生成します。制御フラグは結果とともに何を実行するかを PAM に教えます。モジュールは特定の順番でスタックされ、制御フラグは特定のモジュールの成功または失敗が、サービスへとユーザーを認証する目標全体にとって、どのくらい重要であるかを決めます。
+ </div><div class="para">
+ 事前定義済みの制御フラグが4つあります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">required</code> — モジュールは、認証を続けるために必ず成功しなければいけません。テストがここで失敗すると、すべてのモジュールの結果がインタフェースが完了するその参照をテストするまで、ユーザーに通知されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">requisite</code> — モジュールは、認証を続けるために成功しなければいけません。しかし、テストがここで失敗すると、最初に失敗した <code class="command">required</code> <span class="emphasis"><em>または</em></span> <code class="command">requisite</code> モジュールのテストを反映したメッセージとともにユーザーへ直ちに通知されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">sufficient</code> — モジュールの結果は失敗しても無視されます。しかし、<code class="command">sufficient</code> フラグのついたモジュールの結果が成功であり、<span class="emphasis"><em>かつ</em></span>、<code class="command">required</code> フラグのついたモジュールがこの前で失敗していなければ、他の結果は何も必要とされず、ユーザーはサービスへ認証されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">optional</code> — モジュールの結果は無視されます。<code class="command">optional</code> としてフラグのついたモジュールは、他のモジュールがインタフェースを参照されないときのみ、認証成功のために必要とされます。
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="command">required</code> モジュールが呼び出される順番は重要ではありません。<code class="command">sufficient</code> および <code class="command">requisite</code> 制御フラグのみが重要になる順番を与えます。
+ </div></div></div><div class="para">
+ 今、PAM のより精細な制御を可能にする新しい制御フラグの構文が利用可能です。
+ </div><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリ(<em class="replaceable"><code><version-number></code></em> はシステムの PAM バージョン番号)にある <code class="command">pam.d</code> マニュアル・ページおよび PAM ドキュメントは、この新しい構文を詳細に説明しています。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>戻る</strong>3.5.3. PAM 設定ファイルの形式</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>次へ</strong>3.5.3.3. モジュール名</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
new file mode 100644
index 0000000..f7d99a7
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.4. モジュール引数</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM 設定ファイルの形式" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="3.5.3.3. モジュール名" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="3.5.4. サンプル PAM 設定ファイル" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">3.5.3.4. モジュール引数</h4></div></div></div><div class="para">
+ PAM はいくつかのモジュールに対して認証中に抜き差し可能なモジュールに情報を受け渡すため <em class="firstterm">arguments</em> を使用します。
+ </div><div class="para">
+ たとえば、<code class="filename">pam_userdb.so</code> モジュールはユーザーを認証するために Berkeley DB ファイルに保存された情報を使用します。Berkeley DB は多くのアプリケーションに組み込まれているオープンソースのデータベースシステムです。モジュールは、Berkeley DB が要求されたサービスに対して使用するためにデータベースを知ることができるよう、<code class="filename">db</code> 引数を取ります。
+ </div><div class="para">
+ 以下は、PAM 設定における典型的な <code class="filename">pam_userdb.so</code> 行です。<em class="replaceable"><code><path-to-file></code></em> は Berkeley DB データベースファイルへのフルパスです:
+ </div><pre class="screen">auth required pam_userdb.so db=<em class="replaceable"><code><path-to-file></code></em></pre><div class="para">
+ 無効な引数は<span class="emphasis"><em>一般的に</em></span>無視されます。そうでなければ、PAM モジュールの成功または失敗に影響を与えます。しかし、いくつかのモジュールは、無効な引数において落ちるかもしれません。多くのモジュールは <code class="filename">/var/log/secure</code> ファイルにエラーを報告します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>戻る</strong>3.5.3.3. モジュール名</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>次へ</strong>3.5.4. サンプル PAM 設定ファイル</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
new file mode 100644
index 0000000..0870ed9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3.3. モジュール名</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM 設定ファイルの形式" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="3.5.3.2. 制御フラグ" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="3.5.3.4. モジュール引数" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">3.5.3.3. モジュール名</h4></div></div></div><div class="para">
+ モジュール名は、指定されたモジュール・インタフェースを含む、挿抜可能なモジュールの名前を持つ PAM を提供します。Fedora の以前のバージョンでは、モジュールへのフルパスが PAM 設定ファイルにおいて与えられていました。しかしながら、<code class="filename">/lib64/security/</code> ディレクトリに64ビット PAM モジュールを保存する、<em class="firstterm">multilib</em> システムの出現により、モジュールの正しいバージョンを指定する、<code class="filename">libpam</code> の適切なバージョンにアプリケーションがリンクされるので、ディレクトリ名は廃止されました。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>戻る</strong>3.5.3.2. 制御フラグ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>次へ</strong>3.5.3.4. モジュール引数</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
new file mode 100644
index 0000000..6073dff
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.6.2. 一般的な pam_timestamp ディレクティブ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. PAM と管理クレディンシャルのキャッシュ" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. PAM と管理クレディンシャルのキャッシュ" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. PAM とデバイスの所有" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Pr
oduct Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">3.5.6.2. 一般的な pam_timestamp ディレクティブ</h4></div></div></div><div class="para">
+ <code class="filename">pam_timestamp.so</code> モジュールはいくつかのディレクティブを受け付けます。以下は最も一般的に使われるオプションです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">timestamp_timeout</code> — タイムスタンプ・ファイルが有効である期間を(秒単位で)指定します。デフォルト値は300(5分)です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">timestampdir</code> — タイムスタンプ・ファイルが保存されるディレクトリを指定します。デフォルト値は <code class="command">/var/run/sudo/</code> です。
+ </div></li></ul></div><div class="para">
+ <code class="filename">pam_timestamp.so</code> モジュールの制御に関する詳細は <a class="xref" href="sect-Security_Guide-Firewalls-Additional_Resources.html#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">「インストールされているファイアウォールのドキュメント」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>戻る</strong>3.5.6. PAM と管理クレディンシャルのキャッシュ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>次へ</strong>3.5.7. PAM とデバイスの所有</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
new file mode 100644
index 0000000..4a4f9d9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.7.2. アプリケーションのアクセス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. PAM とデバイスの所有" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="3.5.7. PAM とデバイスの所有" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="3.5.8. 追加のリソース" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">3.5.7.2. アプリケーションのアクセス</h4></div></div></div><div class="para">
+ コンソール・ユーザーは <code class="filename">/etc/security/console.apps/</code> ディレクトリにおいて使用するために設定された特定のプログラムへのアクセス権も持ちます。
+ </div><div class="para">
+ このディレクトリは、コンソール・ユーザーが<code class="filename">/sbin</code> および <code class="filename">/usr/sbin</code> にある特定のアプリケーションを実行できるようにする設定ファイルを含みます。
+ </div><div class="para">
+ これらの設定ファイルはセットアップするアプリケーションと同じ名前を持ちます。
+ </div><div class="para">
+ コンソール・ユーザーがアクセス権を持つアプリケーションの注目すべきグループの1つは、システムをシャットダウンまたは再起動する3つのプログラムです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/sbin/halt</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/reboot</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/poweroff</code>
+ </div></li></ul></div><div class="para">
+ これらは PAM 対応のアプリケーションのため、使用するために必要に応じて <code class="filename">pam_console.so</code> モジュールを呼び出します。
+ </div><div class="para">
+ 詳細は <a class="xref" href="sect-Security_Guide-Firewalls-Additional_Resources.html#sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">「インストールされているファイアウォールのドキュメント」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>戻る</strong>3.5.7. PAM とデバイスの所有</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>次へ</strong>3.5.8. 追加のリソース</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
new file mode 100644
index 0000000..e1aaf09
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.8. 追加のリソース</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="3.5.7.2. アプリケーションのアクセス" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="3.5.8.2. 有用な PAM ウェブサイト" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">3.5.8. 追加のリソース</h3></div></div></div><div class="para">
+ 以下のリソースは PAM を使用したり設定したりする方法を詳細に説明しています。これらのリソースに加えて、PAM 設定ファイルがどのような構造をしているかをより理解するためにシステムにあるそれらを読んでください。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">3.5.8.1. インストールされている PAM ドキュメント</h4></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ PAM 関連のマニュアル・ページ — いくつかのマニュアル・ページが PAM に関連するさまざまなアプリケーションと設定ファイルに対して存在します。以下はいくつかのより重要なマニュアル・ページの一覧です。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">設定ファイル</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">pam</code> — PAM に関する素晴らしい入門情報です、PAM 設定ファイルの構造と目的を含みます。
+ </div><div class="para">
+ このマニュアル・ページは <code class="filename">/etc/pam.conf</code> および <code class="filename">/etc/pam.d/</code> ディレクトリにある個々の設定ファイルについて説明します。デフォルトで、Fedora は <code class="filename">/etc/pam.d/</code> ディレクトリにある個々の設定ファイルを使用して、<code class="filename">/etc/pam.conf</code> が存在しても無視します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_console</code> — <code class="filename">pam_console.so</code> モジュールの目的を記述します。PAM 設定ファイルの中にあるエントリーに対する適切な構文も記述します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.apps</code> — <code class="filename">/etc/security/console.apps</code> 設定ファイルで利用可能なフォーマットとオプションを記述します。これは、どのアプリケーションが PAM により割り当てられたコンソール・ユーザーによりアクセス可能です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">console.perms</code> — <code class="filename">/etc/security/console.perms</code> 設定ファイルで利用可能なフォーマットとオプションを記述します。これは、PAM により割り当てられるコンソール・ユーザーのパーミッションを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">pam_timestamp</code> — <code class="filename">pam_timestamp.so</code> モジュールを表します。
+ </div></li></ul></div></dd></dl></div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em></code> — <em class="citetitle">System Administrators' Guide</em>、<em class="citetitle">Module Writers' Manual</em> および <em class="citetitle">Application Developers' Manual</em> だけでなく、PAM 標準 DCE-RFC 86.0 のコピーを含みます。ここで <em class="replaceable"><code><version-number></code></em> は PAM のバージョンです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/txts/README.pam_timestamp</code> — <code class="filename">pam_timestamp.so</code> PAM モジュールに関する情報を含みます。ここで <em class="replaceable"><code><version-number></code></em> は PAM のバージョン番号です。
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>戻る</strong>3.5.7.2. アプリケーションのアクセス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>次へ</strong>3.5.8.2. 有用な PAM ウェブサイト</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
new file mode 100644
index 0000000..28db536
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.5. PAM モジュールの作成</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="3.5.4. サンプル PAM 設定ファイル" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="3.5.6. PAM と管理クレディンシャルのキャッシュ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://
docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">3.5.5. PAM モジュールの作成</h3></div></div></div><div class="para">
+ PAM 対応のアプリケーションにより使用するために、いつでも新しい PAM モジュールを作成または追加できます。
+ </div><div class="para">
+ たとえば、開発者がワンタイムパスワードの生成方式を作成し、それをサポートするために PAM モジュールを書きます。PAM 対応プログラムは直ちに新しいモジュール、および再コンパイルされる、さもなければ修正されることなく、パスワード方式を使用できます。
+ </div><div class="para">
+ これにより、開発者とシステム管理者が、認証方法を再コンパイルすることなく異なるプログラムに対してそれらを、混ぜて組み合わせるだけでなく、テストできるようにします。
+ </div><div class="para">
+ 書き込みモジュールのドキュメントは <code class="filename">/usr/share/doc/pam-<em class="replaceable"><code><version-number></code></em>/</code> ディレクトリに含まれます。ここで <em class="replaceable"><code><version-number></code></em> はシステムにおける PAM のバージョン番号です。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>戻る</strong>3.5.4. サンプル PAM 設定ファイル</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>次へ</strong>3.5.6. PAM と管理クレディンシャルのキャッシュ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
new file mode 100644
index 0000000..e30bdac
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.3. PAM 設定ファイルの形式</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="3.5.2. PAM 設定ファイル" /><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="3.5.3.2. 制御フラグ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">3.5.3. PAM 設定ファイルの形式</h3></div></div></div><div class="para">
+ 各 PAM 設定ファイルは以下のようにフォーマットされたディレクティブのグループを含みます:
+ </div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em></pre><div class="para">
+ これらの要素はそれぞれ以下のセクションにおいて説明されます。
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Interface">3.5.3.1. モジュール・インタフェース</h4></div></div></div><div class="para">
+ PAM モジュール・インタフェースは現在4種類が利用可能です。これらはそれぞれ認可プロセスの異なる観点に対応します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">auth</code> — このモジュール・インタフェースはユーザーを認証します。たとえば、パスワードの正当性を要求して検証します。このインタフェースを持つモジュールは、グループのメンバーシップや Kerberos チケットのような、クレディンシャルもセットします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account</code> — このモジュール・インタフェースはアクセスが許可されていることを検証します。たとえば、ユーザー・アカウントが期限切れかどうか、またはユーザーが特定の期間にログインを許可されているかどうかをチェックします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password</code> — このモジュール・インタフェースはユーザーのパスワードを変更するために使われます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">session</code> — このモジュール・インタフェースは、ユーザーのセッションを設定して管理します。このインタフェースを持つモジュールは、ユーザーのホームディレクトリをマウントしたり、ユーザーのメールボックスを作成したりするような、アクセスを許可するために必要とされる追加のタスクも実行できます。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ それぞれのモジュールは、何らかのもしくはすべてのモジュール・インタフェースを提供できます。たとえば、<code class="filename">pam_unix.so</code> は全4つのモジュール・インタフェースを提供します。
+ </div></div></div><div class="para">
+ PAM 設定ファイルにおいて、モジュール・インタフェースは第1フィールドに定義されます。たとえば、設定における典型的な行はこのように見えます:
+ </div><pre class="screen">auth required pam_unix.so</pre><div class="para">
+ これは PAM が <code class="filename">pam_unix.so</code> モジュールの <code class="command">auth</code> インタフェースを使用するよう指示します。
+ </div><div class="section" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Module_Interface-Stacking_Module_Interfaces">3.5.3.1.1. モジュール・インタフェースのスタック</h5></div></div></div><div class="para">
+ モジュール・インタフェースのディレクティブは、複数のモジュールが1つの目的のために一緒に使えるよう、<span class="emphasis"><em>スタック</em></span> できます、もしくはお互いに重ねておくことができます。モジュールの制御フラグが "sufficient" または "requisite" 値(これらのフラグの詳細については <a class="xref" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html">「制御フラグ」</a> を参照してください。)を使うならば、どのモジュールがリストされるかの順番は認証プロセスにとって重要です。
+ </div><div class="para">
+ スタックすることは、ユーザーが認証を許可される前に存在するために、管理者が特定の条件を要求することを簡単にします。たとえば、<code class="command">reboot</code> コマンドは普通、PAM 設定ファイルに見られるように、いくつかのスタックされたモジュールを使用します。
+ </div><pre class="screen">[root at MyServer ~]# cat /etc/pam.d/reboot
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_console.so
+#auth include system-auth
+account required pam_permit.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 1行目はコメントであり、処理されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth sufficient pam_rootok.so</code> — この行は、UID を確認することにより、現在のユーザーが root であるかどうかをチェックするために <code class="filename">pam_rootok.so</code> モジュールを使用します。このテストが成功すると、他のモジュールは参照されず、コマンドが実行されます。このテストが失敗すると、次のモジュールが参照されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_console.so</code> — この行は、ユーザーを認証する試行のために <code class="filename">pam_console.so</code> モジュールを使用します。ユーザーがすでにコンソールにログインしていると、<code class="filename">pam_console.so</code> は <code class="filename">/etc/security/console.apps/</code> ディレクトリにサービス名 (reboot) と同じ名前を持つファイルがあるかどうかをチェックします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">#auth include system-auth</code> — この行はコメントされ、処理されません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_permit.so</code> — この行は、コンソールにログインしている root ユーザーまたは誰かがシステムを再起動できるようにするために <code class="filename">pam_permit.so</code> モジュールを使用します。
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>戻る</strong>3.5.2. PAM 設定ファイル</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>次へ</strong>3.5.3.2. 制御フラグ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
new file mode 100644
index 0000000..9e27d4f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.2. PAM 設定ファイル</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="3.5.3. PAM 設定ファイルの形式" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_righ
t.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">3.5.2. PAM 設定ファイル</h3></div></div></div><div class="para">
+ <code class="filename">/etc/pam.d/</code> ディレクトリは、PAM 対応の各アプリケーションに対する PAM 設定ファイルを含みます。PAM の以前のバージョンでは、<code class="filename">/etc/pam.conf</code> ファイルが使われましたが、いまや不当とされ、 <code class="filename">/etc/pam.d/</code> ディレクトリが存在しない場合のみ使用されます。
+ </div><div class="section" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">3.5.2.1. PAM サービス・ファイル</h4></div></div></div><div class="para">
+ 各 PAM 対応アプリケーションまたは<em class="firstterm">サービス</em> は <code class="filename">/etc/pam.d/</code> ディレクトリにファイルを持ちます。このディレクトリにある各ファイルは、それがアクセスを制御するサービスと同じ名前を持ちます。
+ </div><div class="para">
+ PAM 対応プログラムは、そのサービスを定義して、<code class="filename">/etc/pam.d/</code> ディレクトリにそれ自身の PAM 設定ファイルをインストールする責任があります。たとえば、<code class="command">login</code> プログラムはそのサービス名を <code class="command">login</code> として定義し、<code class="filename">/etc/pam.d/login</code> PAM 設定ファイルをインストールします。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>戻る</strong>3.5. Pluggable Authentication Modules (PAM)</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>次へ</strong>3.5.3. PAM 設定ファイルの形式</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
new file mode 100644
index 0000000..89b2572
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.6. PAM と管理クレディンシャルのキャッシュ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="3.5.5. PAM モジュールの作成" /><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="3.5.6.2. 一般的な pam_timestamp ディレクティブ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><im
g src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">3.5.6. PAM と管理クレディンシャルのキャッシュ</h3></div></div></div><div class="para">
+ Fedora にある多くのグラフィカル管理ツールは、<code class="filename">pam_timestamp.so</code> モジュールを使用してユーザーに5分間まで権限を上昇させます。このメカニズムがどのように機能するかを理解することは重要です。なぜなら、<code class="filename">pam_timestamp.so</code> が効果を持っている間にユーザーがターミナルから離れることにより、コンソールに物理的にアクセスできる誰かによりマシンが操作されるようになるからです。
+ </div><div class="para">
+ PAM timestamp スキーマにおいて、グラフィカル管理アプリケーションが起動されたときに、ユーザに対して root パスワードのためにプロンプトを出します。ユーザーが認証されたとき、<code class="filename">pam_timestamp.so</code> モジュールがタイムスタンプ・ファイルを作成します。デフォルトで、これは <code class="filename">/var/run/sudo/</code> ディレクトリに作成されます。もし、タイムスタンプ・ファイルがすでに存在すると、グラフィカル管理プログラムはパスワードを促しません。代わりに、<code class="filename">pam_timestamp.so</code> モジュールが、ユーザーに対して変更されない管理アクセスを追加の5分を割り当てる、タイムスタンプ・ファイルを新たにします。
+ </div><div class="para">
+ <code class="filename">/var/run/sudo/<user></code> ファイルを調査することにより、タイムスタンプ・ファイルの実際の状態を検証できます。デスクトップに対して、関連するファイルは <code class="filename">unknown:root</code> です。それが存在して、タイムスタンプが5分以内であれば、クレディンシャルは有効です。
+ </div><div class="para">
+ タイムスタンプ・ファイルの存在は、パネルの通知エリアに表れる、認証アイコンにより示されます。
+ </div><div class="figure" id="figu-Security_Guide-PAM_and_Administrative_Credential_Caching-The_Authentication_Icon"><div class="figure-contents"><div class="mediaobject"><img src="images/authicon.png" alt="認証アイコン" /><div class="longdesc"><div class="para">
+ 認証アイコンのイラスト
+ </div></div></div></div><h6>図3.7 認証アイコン</h6></div><br class="figure-break" /><div class="section" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Removing_the_Timestamp_File">3.5.6.1. タイムスタンプ・ファイルの削除</h4></div></div></div><div class="para">
+ PAM タイムスタンプが有効であるとき、コンソールを去る前に、タイムスタンプ・ファイルが廃棄されることが推奨されます。グラフィカル環境からこれを実行するために、パネルにある認証アイコンをクリックします。これにより、ダイアログボックスが表示されます。有効なタイムスタンプ・ファイルを廃棄するために <span class="guibutton"><strong>Forget Authorization</strong></span> ボタンをクリックします。
+ </div><div class="figure" id="figu-Security_Guide-Removing_the_Timestamp_File-Dismiss_Authentication_Dialog"><div class="figure-contents"><div class="mediaobject"><img src="images/auth-panel.png" width="444" alt="認証ダイアログの却下" /><div class="longdesc"><div class="para">
+ 認証却下ダイアログボックスのイラスト
+ </div></div></div></div><h6>図3.8 認証ダイアログの却下</h6></div><br class="figure-break" /><div class="para">
+ PAM タイムスタンプ・ファイルに関連して以下の事項に気をつけるべきです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">ssh</code> を用いてリモートでシステムにログインしているならば、タイムスタンプ・ファイルを廃棄するために <code class="command">/sbin/pam_timestamp_check -k root</code> コマンドを使用します。
+ </div></li><li class="listitem"><div class="para">
+ あなたが特権アプリケーションを起動した同じターミナル・ウィンドウから、<code class="command">/sbin/pam_timestamp_check -k root</code> コマンドを実行する必要があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/sbin/pam_timestamp_check -k</code> コマンドを使用するために、元々 <code class="filename">pam_timestamp.so</code> モジュールに関連したユーザーとしてログインしなければいけません。このコマンドを使用するために root としてログインしないでください。
+ </div></li><li class="listitem"><div class="para">
+ デスクトップにおいて(アイコンにある <span class="guibutton"><strong>Forget Authorization</strong></span> アクションを使用せずに)クレディンシャルを削除したければ、以下のコマンドを使用します:
+ </div><pre class="screen">/sbin/pam_timestamp_check -k root </dev/null >/dev/null 2>/dev/null</pre><div class="para">
+ このコマンドを使用するのに失敗すると、コマンドを実行した pty からクレディンシャル(あれば)のみを削除します。
+ </div></li></ul></div><div class="para">
+ <code class="command">pam_timestamp_check</code> を使用してタイムスタンプ・ファイルを廃棄する方法に関する詳細は <code class="filename">pam_timestamp_check</code> マニュアル・ページを参照してください。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>戻る</strong>3.5.5. PAM モジュールの作成</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>次へ</strong>3.5.6.2. 一般的な pam_timestamp ディレクティブ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
new file mode 100644
index 0000000..f2722d9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.7. PAM とデバイスの所有</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="3.5.6.2. 一般的な pam_timestamp ディレクティブ" /><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="3.5.7.2. アプリケーションのアクセス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">3.5.7. PAM とデバイスの所有</h3></div></div></div><div class="para">
+ Fedora では、マシンの物理コンソールに最初にログインしたユーザーが特定のデバイスを操作でき、通常 root ユーザーのために予約されている特定のタスクを実行できます。これは、<code class="filename">pam_console.so</code> と呼ばれる PAM モジュールにより制御されます。
+ </div><div class="section" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">3.5.7.1. デバイスの所有</h4></div></div></div><div class="para">
+ ã¦ã¼ã¶ã¼ã Fedora ã·ã¹ãã ã«ãã°ã¤ã³ããã¨ãã<code class="filename">pam_console.so</code> ã¢ã¸ã¥ã¼ã«ã <code class="command">login</code> ã¾ãã¯ã°ã©ãã£ã«ã«ã»ãã°ã¤ã³ã»ããã°ã©ã ï¼<span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, ããã³ <span class="application"><strong>xdm</strong></span>ï¼ã«ããå¼ã³åºããã¾ãããã®ã¦ã¼ã¶ã¼ãç©çã³ã³ã½ã¼ã«ã«ãã°ã¤ã³ããæåã®ã¦ã¼ã¶ã¼ â <em class="firstterm">console user</em> ã¨ãã¦åç
§ããã¾ã â ãªãã°ãã¢ã¸ã¥ã¼ã«ã¯é常㯠root ã«ããææããããã¾ãã¾ãªããã¤ã¹ã®ææ権ãã¦ã¼ã¶ã¼ã«ä¸ãã¾ããã³ã³ã½ã¼ã«ã»ã¦ã¼ã¶ã¼ã¯ããã®ã¦ã¼ã¶ã¼ã«å¯¾ããæå¾ã®ãã¼ã«ã«ã»ã»ãã·ã§ã³ãçµäºããã¾ã§ããããã®ããã¤ã¹ãææãã¾ãããã®ã¦ã¼ã¶ã¼ããã°ã¢ã¦ãããå¾ãããã¤ã¹ã®ææ権ã
¯ root ã¦ã¼ã¶ã¼ã«æ»ããã¾ãã
+ </div><div class="para">
+ 影響を受けるデバイスは、サウンドカード、ディスクドライブ、および CD-ROM ドライブを含みますが、限定されるわけではありません。
+ </div><div class="para">
+ この機能により、ユーザーが root アクセスを得ることなくこれらのデバイスを操作できるようになります。このようにコンソール・ユーザーの一般的なタスクを単純化します。
+ </div><div class="para">
+ 以下のファイルを編集することで、<code class="filename">pam_console.so</code> により制御されるデバイスのリストを編集できます:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/security/console.perms.d/50-default.perms</code>
+ </div></li></ul></div>
+
+ </div><div class="para">
+ 上のファイルにあるこれらのリストから他のデバイスのパーミッションを変更できます、もしくは指定されたデフォルトを上書きできます。<code class="filename">50-default.perms</code> ファイルを変更するよりはむしろ、新しいファイル(たとえば、<code class="filename"><em class="replaceable"><code>xx</code></em>-name.perms</code>)を作成して、必要な修正を入力します。新しいデフォルト・ファイルの名前は、50より大きな数字(たとえば、<code class="filename">51-default.perms</code>)で始まらなければいけません。これにより、<code class="filename">50-default.perms</code> ファイルにあるデフォルトを上書きします。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, または <span class="application"><strong>xdm</strong></span> ディスプレイ・マネージャー設定ファイルは、リモート・ユーザーがログインできるよう変更されます。<span class="emphasis"><em>また</em></span>、ホストがランレベル5で実行するよう設定され、<code class="filename">/etc/security/console.perms</code> にある <code class="command"><console></code> および <code class="command"><xconsole></code> ディレクティブを以下の値に変更することが望ましいです。
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0 ⏎ <xconsole>=:0\.[0-9] :0</pre><div class="para">
+ これにより、リモートユーザーがマシンにおけるデバイスおよび制限されたアプリケーションへのアクセス権を得ることを防ぎます。
+ </div><div class="para">
+ <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, または <span class="application"><strong>xdm</strong></span> ディスプレイ・マネージャの設定ファイルが、リモートユーザーがログインできるよう変更されていて、<span class="emphasis"><em>かつ</em></span>、ホストが5以外のあらゆるマルチユーザー・ランレベルで実行するよう設定されているならば、<code class="command"><xconsole></code> ディレクティブを完全に削除して、<code class="command"><console></code> ディレクティブを以下の値に変更するようアドバイスします:
+ </div><pre class="screen"><console>=tty[0-9][0-9]* vc/[0-9][0-9]*</pre></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>戻る</strong>3.5.6.2. 一般的な pam_timestamp ディレクティブ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>次へ</strong>3.5.7.2. アプリケーションのアクセス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
new file mode 100644
index 0000000..7babf21
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5.4. サンプル PAM 設定ファイル</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="3.5.3.4. モジュール引数" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="3.5.5. PAM モジュールの作成" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Doc
umentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">3.5.4. サンプル PAM 設定ファイル</h3></div></div></div><div class="para">
+ 以下はサンプル PAM アプリケーション設定ファイルです:
+ </div><pre class="screen">#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_unix.so nullok
+auth required pam_nologin.so
+account required pam_unix.so
+password required pam_cracklib.so retry=3
+password required pam_unix.so shadow nullok use_authtok
+session required pam_unix.so</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 行の最初にハッシュ記号 (<code class="command">#</code>) により示された、最初の行はコメントです。
+ </div></li><li class="listitem"><div class="para">
+ 2~4行目はログイン認証用の3つのモジュールを積み重ねています。
+ </div><div class="para">
+ <code class="command">auth required pam_securetty.so</code> — このモジュールは、ユーザーが root としてログインしようとしている<span class="emphasis"><em>ならば</em></span>、ユーザーがログインしている tty が <code class="filename">/etc/securetty</code> ファイル(存在<span class="emphasis"><em>すれば</em></span>)にリストされていることを確実にします。
+ </div><div class="para">
+ tty がファイルにリストされていなければ、root としてログインするすべての試行は <code class="computeroutput">Login incorrect</code> メッセージとともに失敗します。
+ </div><div class="para">
+ <code class="command">auth required pam_unix.so nullok</code> — このモジュールは、ユーザーに対してパスワードを促し、<code class="filename">/etc/passwd</code> および、存在すれば <code class="filename">/etc/shadow</code> に保存されている情報を用いてパスワードをチェックします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 引数 <code class="command">nullok</code> は <code class="filename">pam_unix.so</code> モジュールに空のパスワードを許可するよう指示します。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">auth required pam_nologin.so</code> — これは最後の認証手順です。<code class="filename">/etc/nologin</code> ファイルが存在するかどうかをチェックします。もし存在して、ユーザーが root でなければ、認証は失敗します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ この例において、<code class="command">auth</code> モジュールが失敗したときでも、3つの <code class="command">auth</code> モジュールはすべてチェックされます。これにより、ユーザーが認証のどの段階において失敗したかを知ることを防ぎます。そのような知識が攻撃者の手にわたると、攻撃者がシステムをクラックする方法をより簡単に推定することができるようになります。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="command">account required pam_unix.so</code> — このモジュールはすべての必要なアカウント検証を実行します。たとえば、shadow パスワードが有効にされていれば、<code class="filename">pam_unix.so</code> モジュールのアカウント・インタフェースは、アカウントが期限切れであるかどうか、または認められた猶予期間内にパスワードを変更していなかったかどうかを確認するためにチェックします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_cracklib.so retry=3</code> — パスワードが期限切れになっていれば、<code class="filename">pam_cracklib.so</code> モジュールのパスワード・コンポーネントは新しいパスワードのためにプロンプトを出します。パスワードが辞書ベースのパスワード・クラック・ツールにより簡単に決められるかどうかを確認するために、新しく作成されたプログラムをテストします。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 引数 <code class="command">retry=3</code> は、テストが初めて失敗すると、ユーザーは強いパスワードを作成するためにあと2回チャンスを持つことを指定します。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">password required pam_unix.so shadow nullok use_authtok</code> — この行は、プログラムがユーザーのパスワードを変更するならば、<code class="filename">pam_unix.so</code> モジュールの <code class="command">password</code> インタフェースを使用するよう指定します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 引数 <code class="command">shadow</code> は、ユーザーのパスワードを更新するときに shadow パスワードを作成するようモジュールに指示します。
+ </div></li><li class="listitem"><div class="para">
+ 引数 <code class="command">nullok</code> は、ユーザーが空のパスワード<span class="emphasis"><em>から</em></span>パスワードを変更できるようモジュールに指示します、さもなければ空のパスワードはアカウント・ロックとして取り扱われます。
+ </div></li><li class="listitem"><div class="para">
+ この行の最後の引数 <code class="command">use_authtok</code> は、PAM モジュールをスタックするときに、順番の重要性の良い例を提供します。この引数は、ユーザーに新しいパスワードのためのプロンプトを表示しないよう、モジュールに指示します。代わりに、以前 password モジュールにより記録されたすべてのパスワードが受け付けられます。このように、すべての新しいパスワードは受け付けられる前にセキュアなパスワードのために <code class="filename">pam_cracklib.so</code> テストを通過しなければいけません。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="command">session required pam_unix.so</code> — 最後の行は、<code class="filename">pam_unix.so</code> モジュールのセッション・インタフェースがセッションを管理するよう指示します。このモジュールは、せそれぞれのセッションの最初と最後に、ユーザー名とサービスタイプを <code class="filename">/var/log/secure</code> に記録します。このモジュールは追加の機能のために他の session モジュールを用いてそれをスタックすることにより補完されます。
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>戻る</strong>3.5.3.4. モジュール引数</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>次へ</strong>3.5.5. PAM モジュールの作成</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
new file mode 100644
index 0000000..b61dabc
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Yubikey-Web_Sites.html" title="3.4.2. YubiKey を用いたウェブサイトの認証" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="3.5.2. PAM 設定ファイル" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a
></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">3.5. Pluggable Authentication Modules (PAM)</h2></div></div></div><div class="para">
+ ユーザーがシステムにアクセスするのを認可するプログラムは、お互いのアイデンティティを確認するために(つまり、ユーザーがユーザーであるとわかることを証明するために)、<em class="firstterm">認証</em>を使用します。
+ </div><div class="para">
+ 歴史的に、各プログラムはユーザーを認証する自身の方法を持ちます。Fedora において、多くのプログラムは <em class="firstterm">Pluggable Authentication Modules</em> (<acronym class="acronym">PAM</acronym>) と呼ばれる集中化した認証メカニズムを使用するよう設定されています。
+ </div><div class="para">
+ PAM は抜き差し可能な、モジュール型のアーキテクチャを使用します。それは、システム管理者がシステムに対して認証ポリシーを設定することにおいて非常に大きな柔軟性を与えます。
+ </div><div class="para">
+ 多くの状況において、PAM 対応のアプリケーションに対してデフォルトの PAM 設定は十分です。しかしながら、ときどき、PAM 設定ファイルを編集する必要があります。PAM の設定誤りはシステムのセキュリティを危険にさらす可能性があるので、変更を始める前にこれらのファイルの構造を理解することは重要です。詳細は <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html">「PAM 設定ファイルの形式」</a> を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">3.5.1. PAM の利点</h3></div></div></div><div class="para">
+ PAM は以下の利点を提供します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 幅広い種類のアプリケーションで使うことができる一般的な認証スキーマ。
+ </div></li><li class="listitem"><div class="para">
+ システム管理者とアプリケーション開発者の双方に対して認証についての重要な柔軟性と制御。
+ </div></li><li class="listitem"><div class="para">
+ プログラマがプログラムを書くためにそれ自身の認証スキーマを作成しなくて済むようにする1つの完全にドキュメント化されたライブラリ。
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>戻る</strong>3.4.2. YubiKey を用いたウェブサイトの認証</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>次へ</strong>3.5.2. PAM 設定ファイル</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
new file mode 100644
index 0000000..04480be
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. LUKS パーティション暗号化の利用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="第6章 セキュアなインストール" /><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="第6章 セキュアなインストール" /><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="第7章 ソフトウェアのメンテナンス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">6.2. LUKS パーティション暗号化の利用</h2></div></div></div><div class="para">
+ Fedora 9 以降、<a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">Linux Unified Key Setup-on-disk-format</a>(LUKS) 暗号化の実装はより簡単になってきています。インストール・プロセス中に、パーティションを暗号化するオプションがユーザーへ表示されるでしょう。ユーザーは、パーティションのデータをセキュアにするために使われる、大量の暗号鍵を解除するための鍵となるパスフレーズを供給しなければいけません。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>戻る</strong>第6章 セキュアなインストール</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>次へ</strong>第7章 ソフトウェアのメンテナンス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html
new file mode 100644
index 0000000..d4be078
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Anonymous_Access.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.2. 匿名アクセス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. FTP のセキュア化" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. FTP のセキュア化" /><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="3.2.6.3. ユーザー・アカウント" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-Anonymous_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">3.2.6.2. 匿名アクセス</h4></div></div></div><div class="para">
+ <code class="filename">/var/ftp/</code> ディレクトリの存在により匿名アカウントが有効化されます。
+ </div><div class="para">
+ このディレクトリを作成するもっとも簡単な方法は <code class="filename">vsftpd</code> パッケージをインストールすることです。このパッケージは、匿名ユーザーに対するディレクトリツリーを確立し、匿名ユーザーに対して読み込み専用のパーミッションをそのディレクトリに設定します。
+ </div><div class="para">
+ デフォルトで匿名ユーザーはあらゆるディレクトリに書き込みできません。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ FTP サーバへの匿名アクセスを有効にすると、機密データが保存されている場所に注意してください。
+ </div></div></div><div class="section" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Anonymous_Access-Anonymous_Upload">3.2.6.2.1. 匿名アップロード</h5></div></div></div><div class="para">
+ 匿名ユーザーがファイルをアップロードできるようにするため、書き込み専用ディレクトリを <code class="filename">/var/ftp/pub/</code> の中に作成することを推奨します。
+ </div><div class="para">
+ これをするために、以下のコマンドを入力します:
+ </div><pre class="screen">mkdir /var/ftp/pub/upload</pre><div class="para">
+ 次に、匿名ユーザーがディレクトリのコンテンツを表示できないよう、パーミッションを変更します。
+ </div><pre class="screen">chmod 730 /var/ftp/pub/upload</pre><div class="para">
+ ディレクトリの long フォーマットの一覧はこのように見えるでしょう:
+ </div><pre class="screen">drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload</pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 匿名ユーザーがディレクトリにおいて読み書きすることを許可する管理者は、しばしばそれらのサーバーが盗難されたソフトウェアの保管庫になっていることを見つけます。
+ </div></div></div><div class="para">
+ 加えて、<code class="command">vsftpd</code> の下で、以下の行を <code class="filename">/etc/vsftpd/vsftpd.conf</code> ファイルに追加します:
+ </div><pre class="screen">anon_upload_enable=YES</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>戻る</strong>3.2.6. FTP のセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>次へ</strong>3.2.6.3. ユーザー・アカウント</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
new file mode 100644
index 0000000..06cb41a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.4. アクセス制御のための TCP Wrappers の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. FTP のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="3.2.6.3. ユーザー・アカウント" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Sendmail のセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="p
revious"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">3.2.6.4. アクセス制御のための TCP Wrappers の使用</h4></div></div></div><div class="para">
+ <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">「TCP Wrappres を用いたセキュリティの強化」</a> に概要が示されているように、FTP デーモンへのアクセスを制御するために TCP Wrappers を使用します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>戻る</strong>3.2.6.3. ユーザー・アカウント</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>次へ</strong>3.2.7. Sendmail のセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html
new file mode 100644
index 0000000..f1475ea
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_FTP-User_Accounts.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6.3. ユーザー・アカウント</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. FTP のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="3.2.6.2. 匿名アクセス" /><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="3.2.6.4. アクセス制御のための TCP Wrappers の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_FTP-User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">3.2.6.3. ユーザー・アカウント</h4></div></div></div><div class="para">
+ FTP は認証のためにセキュアではないネットワーク上に暗号化されていないユーザー名とパスワードを送信するので、それらのユーザー・アカウントからサーバーへのアクセスを拒否することは素晴らしいアイディアです。
+ </div><div class="para">
+ <code class="command">vsftpd</code> においてすべてのユーザー・アカウントを無効にするため、以下のディレクティブを <code class="filename">/etc/vsftpd/vsftpd.conf</code> に追加します:
+ </div><pre class="screen">local_enable=NO</pre><div class="section" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-User_Accounts-Restricting_User_Accounts">3.2.6.3.1. ユーザー・アカウントの制限</h5></div></div></div><div class="para">
+ root ユーザーや <code class="command">sudo</code> 特権を持つユーザーのような、特定のアカウントもしくはアカウントの特定のグループを無効にするために、最も簡単な方法は<a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Disallowing_Root_Access-Disabling_Root_Using_PAM">「PAM を用いた root の無効化」</a>に記載されている PAM リスト・ファイルを使用することです。<code class="command">vsftpd</code> 用の PAM 設定ファイルは <code class="filename">/etc/pam.d/vsftpd</code> です。
+ </div><div class="para">
+ 各サービスにおいてユーザーアカウントを直接無効化することもできます。
+ </div><div class="para">
+ <code class="command">vsftpd</code> において特定のアカウントを無効にするには、ユーザー名を <code class="filename">/etc/vsftpd.ftpusers</code> に追加します
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>戻る</strong>3.2.6.2. 匿名アクセス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>次へ</strong>3.2.6.4. アクセス制御のための TCP Wrappers の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
new file mode 100644
index 0000000..ed1b8b1
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.2. 構文エラーへの注意</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. NFS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. NFS のセキュア化" /><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="3.2.4.3. no_root_squash オプションの未使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">3.2.4.2. 構文エラーへの注意</h4></div></div></div><div class="para">
+ NFS サーバは、<code class="filename">/etc/exports</code> ファイルを参照することにより、どのファイルシステムをエクスポートするか、どのホストへとこれらのディレクトリをエクスポートするかを決めます。このファイルを編集するときに、無関係な空白を追加しないよう注意してください。
+ </div><div class="para">
+ たとえば、<code class="filename">/etc/exports</code> ファイルにある以下の行は、ディレクトリ <code class="command">/tmp/nfs/</code> を <code class="command">bob.example.com</code> へと読み書き権付きで共有します。
+ </div><pre class="screen">/tmp/nfs/ bob.example.com(rw)</pre><div class="para">
+ 一方で <code class="filename">/etc/exports</code> ファイルにある以下の行は、同じディレクトリを <code class="computeroutput">bob.example.com</code> へと読み込み権のみ付きで共有します。また、ホスト名の後ろにある1つの空白により、それを読み書き権付きで<span class="emphasis"><em>全体</em></span>に共有します。
+ </div><pre class="screen">/tmp/nfs/ bob.example.com (rw)</pre><div class="para">
+ 何が共有されているかを確認するために、<code class="command">showmount</code> コマンドを用いることにより、設定された NFS 共有すべてを確認することはグッド・プラクティスです。
+ </div><pre class="screen">showmount -e <em class="replaceable"><code><hostname></code></em></pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>戻る</strong>3.2.4. NFS のセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>次へ</strong>3.2.4.3. no_root_squash オプションの未使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
new file mode 100644
index 0000000..8227ee7
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.3. no_root_squash オプションの未使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. NFS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="3.2.4.2. 構文エラーへの注意" /><link rel="next" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html" title="3.2.4.4. NFS ファイアウォールの設定" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">3.2.4.3. <code class="command">no_root_squash</code> オプションの未使用</h4></div></div></div><div class="para">
+ デフォルトで NFS 共有は root ユーザーを <code class="command">nfsnobody</code> ユーザー(非特権ユーザーアカウント)に変更します。これにより root が作成したファイルの所有者はすべて <code class="command">nfsnobody</code> に変更されます。ここで、setuid ビットが設定されたプログラムのアップロードは防がれます。
+ </div><div class="para">
+ <code class="command">no_root_squash</code> が使われていると、リモートの root ユーザーが、共有ファイルシステムにあるすべてのファイルを変更でき、他のユーザが不注意で実行するようトロイの木馬により感染されたアプリケーションを置いていけます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>戻る</strong>3.2.4.2. 構文エラーへの注意</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>次へ</strong>3.2.4.4. NFS ファイアウォールの設定</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html
new file mode 100644
index 0000000..64b288c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4.4. NFS ファイアウォールの設定</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. NFS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="3.2.4.3. no_root_squash オプションの未使用" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="3.2.5. Apache HTTP Server のセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">3.2.4.4. NFS ファイアウォールの設定</h4></div></div></div><div class="para">
+ NFS のために使用されるポートは rpcbind により動的に割り当てられます。それは、ファイアウォール・ルールを作成するときに問題を引き起こす可能性があります。このプロセスを単純化するため、どのポートが使われるかを指定するために <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> ファイルを使用します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">MOUNTD_PORT</code> — mountd (rpc.mountd) 用の TCP および UDP ポート
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">STATD_PORT</code> — status (rpc.statd) 用の TCP および UDP ポート
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_TCPPORT</code> — nlockmgr (rpc.lockd) 用の TCP ポート
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">LOCKD_UDPPORT</code> — nlockmgr (rpc.lockd) 用の UDP ポート
+ </div></li></ul></div><div class="para">
+ 指定されたポート番号はすべての他のサービスにより使用されてはいけません。TCP および UDP ポート 2049 (NFS) と同様、指定されたポート番号を許可するようファイアウォールを設定します。
+ </div><div class="para">
+ どのポートと RPC プログラムが使われているかを確認するために、NFS サーバにおいて <code class="command">rpcinfo -p</code> コマンドを実行します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>戻る</strong>3.2.4.3. no_root_squash オプションの未使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>次へ</strong>3.2.5. Apache HTTP Server のセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
new file mode 100644
index 0000000..e4a3812
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.4. 静的ポートの割り当てと iptables ルールの使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. NIS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="3.2.3.3. /var/yp/securenets ファイルの編集" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="3.2.3.5. Kerberos 認証の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">3.2.3.4. 静的ポートの割り当てと iptables ルールの使用</h4></div></div></div><div class="para">
+ NIS に関連するすべてのサーバは、<code class="command">rpc.yppasswdd</code> — ユーザーがログインパスワードを変更できるようにするデーモン、を除いて特定のポートを割り当てることができます。他の2つの NIS サーバデーモン<code class="command">rpc.ypxfrd</code> と <code class="command">ypserv</code> にポートを割り当てることにより、侵入者から NIS サーバデーモンをさらに保護するためにファイアウォール・ルールを作成できます。
+ </div><div class="para">
+ これをするために、<code class="filename">/etc/sysconfig/network</code> に以下の行を追加します:
+ </div><pre class="screen">YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"</pre><div class="para">
+ そして、以下の iptables ルールは、これらのポートに対してサーバがどのネットワークを待ち受けているかを強制するために使われます。
+ </div><pre class="screen">iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROP
+iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP</pre><div class="para">
+ このことは、リクエストが 192.168.0.0/24 のネットワークからならば、プロトコルに関係なく、ポート834と835への接続だけが許可されることを意味します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ファイアウォールと iptables コマンドの導入に関する詳細は <a class="xref" href="sect-Security_Guide-Firewalls.html">「ファイアウォール」</a> を参照してください。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>戻る</strong>3.2.3.3. /var/yp/securenets ファイルの編集</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>次へ</strong>3.2.3.5. Kerberos 認証の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
new file mode 100644
index 0000000..ac5cd73
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.3. /var/yp/securenets ファイルの編集</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. NIS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="3.2.3.4. 静的ポートの割り当てと iptables ルールの使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.
fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">3.2.3.3. <code class="filename">/var/yp/securenets</code> ファイルの編集</h4></div></div></div><div class="para">
+ <code class="filename">/var/yp/securenets</code> ファイルが空白または存在しなければ(デフォルト・インストール直後の場合)、NIS はすべてのネットワークを受け付けます。最初にすることは、<code class="command">ypserv</code> が適切なネットワークからのリクエストのみに応答するよう、ネットマスク/ネットワーク ペアを置くことです。
+ </div><div class="para">
+ 以下は <code class="filename">/var/yp/securenets</code> ファイルからのサンプル・エントリです:
+ </div><pre class="screen">255.255.255.0 192.168.0.0</pre><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 初めてのとき <code class="filename">/var/yp/securenets</code> ファイルを作成せずに NIS サーバを決して起動しないでください。
+ </div></div></div><div class="para">
+ このテクニックは IP 詐称攻撃からの保護を提供しませんが、少なくとも NIS サーバのサービスがどのネットワークにあるかを制限します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>戻る</strong>3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>次へ</strong>3.2.3.4. 静的ポートの割り当てと iptables ルールの使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
new file mode 100644
index 0000000..bb7f249
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.5. Kerberos 認証の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. NIS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="3.2.3.4. 静的ポートの割り当てと iptables ルールの使用" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="3.2.4. NFS のセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentati
on Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">3.2.3.5. Kerberos 認証の使用</h4></div></div></div><div class="para">
+ NIS を認証用に使用するときに検討する問題の1つは、ユーザーがマシンにログインするときは必ず、<code class="filename">/etc/shadow</code> マップからのパスワード・ハッシュがネットワーク上で送られることです。侵入者が NIS ドメインへのアクセスを獲得して、ネットワークのトラフィックを盗聴すると、ユーザー名とパスワード・ハッシュを収集することができます。十分な時間があれば、パスワード解析プログラムは弱いパスワードを推測でき、攻撃者はネットワークにおいて有効なアカウントへのアクセス権を得ることができます。
+ </div><div class="para">
+ Kerberos は秘密鍵暗号を使用するので、パスワード・ハッシュがネットワーク上に送られず、システムをよりもっとセキュアにします。Kerberos の詳細は <a class="xref" href="sect-Security_Guide-Kerberos.html">「Kerberos」</a> を参照ください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>戻る</strong>3.2.3.4. 静的ポートの割り当てと iptables ルールの使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>次へ</strong>3.2.4. NFS のセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
new file mode 100644
index 0000000..697e4f2
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. NIS のセキュア化" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. NIS のセキュア化" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="3.2.3.3. /var/yp/securenets ファイルの編集" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用</h4></div></div></div><div class="para">
+ NIS ドメインの中にあるすべてのマシンは、ユーザーが NIS サーバの DNS ホスト名を NIS ドメイン名を知っている限り、認証なしでサーバーから情報を抽出するためのコマンドを使用できます。
+ </div><div class="para">
+ たとえば、誰かがネットワークの中にあるノートPCに接続する、もしくは、外部からネットワーク内に侵入する(かつ内部 IP アドレスを詐称するよう管理する)と、以下のコマンドで <code class="command">/etc/passwd</code> マップを暴露します:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> passwd</pre><div class="para">
+ 攻撃者が root ユーザーならば、以下のコマンドを入力することにより <code class="command">/etc/shadow</code> ファイルを手に入れることができます:
+ </div><pre class="screen">ypcat -d <em class="replaceable"><code><NIS_domain></code></em> -h <em class="replaceable"><code><DNS_hostname></code></em> shadow</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Kerberos を使用していると、<code class="command">/etc/shadow</code> ファイルは NIS マップの中には保存されません。
+ </div></div></div><div class="para">
+ 攻撃者に対して NIS マップへのアクセスを堅牢化するために、<code class="filename">o7hfawtgmhwg.domain.com</code> のようなランダムな文字列を DNS ホスト名のために作成します。同様に、<span class="emphasis"><em>異なる</em></span>ランダムな NIS ドメイン名を作成します。これにより、攻撃者が NIS サーバへアクセスすることがより困難になります。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>戻る</strong>3.2.3. NIS のセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>次へ</strong>3.2.3.3. /var/yp/securenets ファイルの編集</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
new file mode 100644
index 0000000..c07c2c4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2.2. iptables を用いた portmap の保護</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Portmap のセキュア化" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Portmap のセキュア化" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="3.2.3. NIS のセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">3.2.2.2. iptables を用いた portmap の保護</h4></div></div></div><div class="para">
+ <code class="command">portmap</code> サービスへのアクセスをさらに制限するために、サーバに iptables ルールを追加して、特定のネットワークへのアクセスを制限することは、素晴らしいアイディアです。
+ </div><div class="para">
+ 以下は iptables コマンドの2つの例です。1つ目は、192.168.0.0/24 のネットワークから、ポート111(<code class="command">portmap</code> サービスにより使用されます)への TCP 接続を許可します。2つ目は、ローカルホストから同じポートへのアクセスを許可します。これは、<span class="application"><strong>Nautilus</strong></span> により使用される <code class="command">sgi_fam</code> サービスのために必要となります。他のパケットはすべて破棄されます。
+ </div><pre class="screen">iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
+iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT</pre><div class="para">
+ UDP トラフィックを同じように制限するために、以下のコマンドを使用します。
+ </div><pre class="screen">iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ファイアウォールと iptables コマンドの導入に関する詳細は <a class="xref" href="sect-Security_Guide-Firewalls.html">「ファイアウォール」</a> を参照してください。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>戻る</strong>3.2.2. Portmap のセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>次へ</strong>3.2.3. NIS のセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
new file mode 100644
index 0000000..8b88b7a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7.3. メール専用ユーザー</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Sendmail のセキュア化" /><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="3.2.7.2. NFS と Sendmail" /><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="3.2.8. リッスンしているポートの確認" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">3.2.7.3. メール専用ユーザー</h4></div></div></div><div class="para">
+ Sendmail サーバにおいてローカルユーザーがエクスプロイットするのを防ぐ助けにするため、メールのユーザーは email プログラムを用いて Sendmail サーバのみにアクセスすることが最善です。メールサーバにおけるシェル・アカウントは許可されるべきではなく、<code class="filename">/etc/passwd</code> におけるユーザー・シェルはすべて <code class="command">/sbin/nologin</code> に設定されるべきです(root ユーザーを除いて)。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>戻る</strong>3.2.7.2. NFS と Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>次へ</strong>3.2.8. リッスンしているポートの確認</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
new file mode 100644
index 0000000..0998578
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7.2. NFS と Sendmail</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Sendmail のセキュア化" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="3.2.7. Sendmail のセキュア化" /><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="3.2.7.3. メール専用ユーザー" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">3.2.7.2. NFS と Sendmail</h4></div></div></div><div class="para">
+ メールスプールのディレクトリ <code class="filename">/var/spool/mail/</code> を NFS 共有ボリュームに置いてはいけません。
+ </div><div class="para">
+ NFSv2 と NFSv3 はユーザーとグループの ID で制御されないので、2人以上のユーザーが同じ UID を持ち、それぞれ他のメールを受け取り、読む可能性があります。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Kerberos を用いる NFSv4 を使用していると、<code class="filename">SECRPC_GSS</code> カーネル・モジュールは UID ベースの認証を利用しないので、これは該当しません。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>戻る</strong>3.2.7. Sendmail のセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>次へ</strong>3.2.7.3. メール専用ユーザー</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html
new file mode 100644
index 0000000..d604afd
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Security_Updates.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5. セキュリティ・アップデート</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="第1章 セキュリティの概要" /><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. 一般的なエクスプロイトと攻撃" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html" title="1.5.2. 署名されたパッケージの検証" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul c
lass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Security_Updates" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. セキュリティ・アップデート</h2></div></div></div><div class="para">
+ ã»ãã¥ãªãã£èå¼±æ§ãçºè¦ãããã¨ããå½±é¿ãåããã½ããã¦ã§ã¢ã¯ããããæ½å¨çãªãªã¹ã¯ãå¶éããããã«æ´æ°ãããªããã°ããã¾ãããã½ããã¦ã§ã¢ãç¾å¨ãµãã¼ãããã¦ãã Fedora ãã£ã¹ããªãã¥ã¼ã·ã§ã³ã®ä¸ã«ããããã±ã¼ã¸ã®ä¸é¨ãªãã°ãã§ããéãæ©ãèå¼±æ§ãä¿®æ£ããããã±ã¼ã¸ããªãªã¼ã¹ãããã¨ãã³ããããã¾ãããã°ãã°ãæä¾ãããã»ãã¥ãªãã£ã»ã¨ã¯ã¹ããã¤ãã«é¢ããã¢ãã¦ã³ã¹ã¯ãããï¼ã¾ãã¯åé¡ãä¿®æ£ããã½ã¼ã¹ã³ã¼ãï¼ãä¼´ã£ã¦ãã¾ããããã¦ããã®ããã㯠Fedora ããã±ã¼ã¸ã«é©ç¨ããããã¹ããããã¢ãããã¼ãã¨ãã¦ãªãªã¼ã¹ããã¾ããããããªãããã¢ãã¦ã³ã¹ã¯ããããå«ã¿ã¾ããã®ã§ãéçºè
ã¯ã¾ãåé¡ãä¿®æ£ããã½ããã¦ã§ã¢ã®ã¡ã³ããã¼ã¨ä½æ¥ãã¾ããåé¡ãä¿®æ£ãããã¨ãã
ãã±ã¼ã¸ã¯ãã¹ããããã¨ã©ãã¿ã»ã¢ãããã¼ãã¨ãã¦ãªãªã¼ã¹ããã¾ãã
+ </div><div class="para">
+ システムにおいて使用されているソフトウェアに対するエラッタ・アップデートがリリースされたならば、システムが潜在的に脆弱である時間を最小限にするため、できる限り早く影響を受けるパッケージを更新することが強く推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Security_Updates-Updating_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. パッケージの更新</h3></div></div></div><div class="para">
+ システムにおけるソフトウェアを更新するとき、信頼されたソースからアップデートをダウンロードすることが重要です。攻撃者は、問題を修正すると思われるもののように同じバージョン番号を持ちますが、異なるセキュリティ・エクスプロイトを持つパッケージを簡単に再構築でき、インターネットにリリースできます。これが起こると、オリジナルの RPM に対するファイルの検証のようなセキュリティ対策を用いても、エクスプロイットを検知できません。このように、信頼されたソース(Fedora のような)からのみ RPM をダウンロードし、その完全性を検証するためにパッケージの署名を確認することは非常に重要です。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ Fedora システムに対するアップデートがあるとき、わかりやすいアラートが表示される便利なパネル・アイコンが Fedora に含まれます。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>戻る</strong>1.4. 一般的なエクスプロイトと攻撃</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>次へ</strong>1.5.2. 署名されたパッケージの検証</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html
new file mode 100644
index 0000000..ecb34a2
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_FTP.html
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.6. FTP のセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="3.2.5. Apache HTTP Server のセキュア化" /><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="3.2.6.2. 匿名アクセス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_FTP"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">3.2.6. FTP のセキュア化</h3></div></div></div><div class="para">
+ <em class="firstterm">File Transfer Protocol</em> (<abbr class="abbrev">FTP</abbr>) はネットワーク上でファイルを転送するために設計された古い TCP プロトコルです。サーバとのすべてのトランザクション(ユーザー認証を含みます)が暗号化されないので、セキュアではないプロトコルと考えられていて、慎重に設定されるべきです。
+ </div><div class="para">
+ Fedora は3つの FTP サーバを提供します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">gssftpd</code> — ネットワーク上で認証情報を転送しない、Kerberos 対応の <code class="command">xinetd</code> ベースの FTP デーモン
+ </div></li><li class="listitem"><div class="para">
+ <span class="application"><strong>Red Hat Content Accelerator</strong></span> (<code class="command">tux</code>) — FTP 機能を持つカーネル空間のウェブサーバ
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">vsftpd</code> — スタンドアロンの、セキュリティ志向で実装された FTP サービス
+ </div></li></ul></div><div class="para">
+ 以下のセキュリティ・ガイドラインは <code class="command">vsftpd</code> FTP サービスをセットアップするためのものです。
+ </div><div class="section" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_FTP-FTP_Greeting_Banner">3.2.6.1. FTP グリーティング・バナー</h4></div></div></div><div class="para">
+ ユーザー名とパスワードを送信する前に、すべてのユーザーはグリーティング・バナーが表示されます。デフォルトで、このバナーはクラッカーがシステムにある弱点を識別するために有効なバージョン情報を含みます。
+ </div><div class="para">
+ <code class="command">vsftpd</code> に対するグリーティング・バナーを変更するには、以下のディレクティブを <code class="filename">/etc/vsftpd/vsftpd.conf</code> ファイルに追加します:
+ </div><pre class="screen">ftpd_banner=<em class="replaceable"><code><insert_greeting_here></code></em></pre><div class="para">
+ 上のディレクティブにある <em class="replaceable"><code><insert_greeting_here></code></em> をグリーティング・メッセージのテキストで置き換えます。
+ </div><div class="para">
+ 複数行のバナーには、バナー・ファイルを使用することが最も良いです。複数のバナーの管理を簡単にするために、<code class="filename">/etc/banners/</code> という新しいディレクトリにすべてのバナーを置きます。この例における FTP 接続に対するバナー・ファイルは <code class="filename">/etc/banners/ftp.msg</code> です。以下はファイルがどのように見えるかの例です:
+ </div><pre class="screen">######### # Hello, all activity on ftp.example.com is logged. #########</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">「TCP Wrappers と接続バナー」</a>で具体化されているように、ファイルの各行を <code class="command">220</code> で始めることは必要ありません。
+ </div></div></div><div class="para">
+ <code class="command">vsftpd</code> に対するこのグリーティング・バナーを参照するには、以下のディレクティブを <code class="filename">/etc/vsftpd/vsftpd.conf</code> ファイルに追加します:
+ </div><pre class="screen">banner_file=/etc/banners/ftp.msg</pre><div class="para">
+ <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">「TCP Wrappers と接続バナー」</a>に記載されているように、TCP Wrappers を使用して入ってくる接続へと追加のメッセージを送ることが可能です。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>戻る</strong>3.2.5. Apache HTTP Server のセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>次へ</strong>3.2.6.2. 匿名アクセス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html
new file mode 100644
index 0000000..14904e9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.4. NFS のセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="3.2.3.5. Kerberos 認証の使用" /><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="3.2.4.2. 構文エラーへの注意" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_NFS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">3.2.4. NFS のセキュア化</h3></div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ Fedora に含まれるバージョンのNFS (NFSv4) は、<a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html">「Portmap のセキュア化」</a>に概要が示されているように <code class="command">portmap</code> サービスをもはや必要としません。NFS トラフィックはすべてのバージョンにおいて UDP より TCP を使用します。NFSv4 を使用するときそれを必要とします。NFSv4 は、<code class="filename">RPCSEC_GSS</code> カーネルモジュールの一部として、Kerberos ユーザーとグループの認証を含みます。Fedora が NFSv2 と NFSv3 をサポートするので(どちらも <code class="command">portmap</code> を利用します)、<code class="command">portmap</code> の情報はまだ含まれています。
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">3.2.4.1. ネットワークの注意深い計画</h4></div></div></div><div class="para">
+ いまや NFSv4 はネットワーク上で Kerberos を用いて暗号化されたすべての情報を受け渡す機能があるので、ファイアウォールの後ろ側もしくはセグメント化されたネットワーク上にあるならば、サービスが正しく設定されることが重要です。NFSv2 と NFSv3 はまだ安全ではなくデータを受け渡します。このことは考慮に入れられるべきです。これらの観点すべてにおいてネットワークを慎重に設計することは、セキュリティ侵害を防ぐ助けにできます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>戻る</strong>3.2.3.5. Kerberos 認証の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>次へ</strong>3.2.4.2. 構文エラーへの注意</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html
new file mode 100644
index 0000000..b6a35ca
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NIS.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.3. NIS のセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="3.2.2.2. iptables を用いた portmap の保護" /><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Co
ntent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_NIS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">3.2.3. NIS のセキュア化</h3></div></div></div><div class="para">
+ <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) は <code class="command">ypserv</code> と呼ばれる RPC サービスです。これは、ドメイン内にあることを主張しているすべてのコンピュータへと、ユーザ名、パスワードおよび他の機密情報の対応付けを配布するために、<code class="command">portmap</code> や他の関連するサービスとともに使用されます。
+ </div><div class="para">
+ NIS サーバはいくつかのアプリケーションを包含しています。それらは以下を含みます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.yppasswdd</code> — <code class="command">yppasswdd</code> サービスとも呼ばれ、このデーモンはユーザーが NIS パスワードを変更できるようにします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/rpc.ypxfrd</code> — <code class="command">ypxfrd</code> サービスとも呼ばれ、このデーモンはネットワークにおいて NIS マップを送信する責任があります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/yppush</code> — このアプリケーションは変更された NIS データベースを複数の NIS サーバへ伝搬します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">/usr/sbin/ypserv</code> — これは NIS サーバのデーモンです。
+ </div></li></ul></div><div class="para">
+ NIS は今日の標準によるといくらかセキュアではありません。ホスト認証メカニズムを持たず、暗号化されていないネットワーク上ですべての情報を転送します。結果として、NIS を使用するネットワークをセットアップするとき、極めて注意しなければいけません。NIS のデフォルト設定は本質的にセキュアではないという事実により、さらに複雑になります。
+ </div><div class="para">
+ NIS サーバを導入しようとしている人は、まず <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html">「Portmap のセキュア化」</a> に示されているように <code class="command">portmap</code> サービスをセキュアにして、その後ネットワーク計画のような以下の問題に取り組むことが推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_NIS-Carefully_Plan_the_Network">3.2.3.1. ネットワークの注意深い計画</h4></div></div></div><div class="para">
+ NIS はネットワーク上で暗号化せずに秘密情報を転送するので、ファイアウォールの内側で、セグメント化されたセキュアなネットワークにおいてサービスを実行することが重要です。NIS 情報はセキュアではないネットワーク上で転送されるときは必ず、傍受されるリスクがあります。慎重なネットワーク設計が深刻なセキュリティ侵害を防ぐ助けにできます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>戻る</strong>3.2.2.2. iptables を用いた portmap の保護</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>次へ</strong>3.2.3.2. パスワードのような NIS ドメイン名とホスト名の使用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html
new file mode 100644
index 0000000..92a7fda
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Portmap.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.2. Portmap のセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="3.2.2.2. iptables を用いた portmap の保護" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_Portmap"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">3.2.2. Portmap のセキュア化</h3></div></div></div><div class="para">
+ <code class="command">portmap</code> サービスは、NIS や NFS のような RPC サービスに対して、動的にポートを割り当てるデーモンです。認証メカニズムは弱いです。また、制御しているサービスに対して広い範囲のポートを割り当てる機能があります。これらの理由により、セキュアにすることが難しいです。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ NFSv4 はもはやそれを必要としないので、<code class="command">portmap</code> をセキュアにすることは NFSv2 と NFSv3 の導入に対してのみ効果があります。もし NFSv2 または NFSv3 サーバを導入しようとしているならば、<code class="command">portmap</code> が必要となり、以下のセクションが適用されます。
+ </div></div></div><div class="para">
+ もし RPC サービスを実行しているならば、以下の基本的なルールに従います。
+ </div><div class="section" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_TCP_Wrappers">3.2.2.1. TCP Wrappers を用いた portmap の保護</h4></div></div></div><div class="para">
+ 組み込み形式の認証を持たないので、<code class="command">portmap</code> サービスへアクセスするネットワークまたはホストを制限するために、TCP Wrappers を使用することは重要です。
+ </div><div class="para">
+ さらに、サービスへのアクセスを制限するとき、ホスト名を使うのを避け、IP アドレス<span class="emphasis"><em>のみ</em></span>を使います。その理由は、ホスト名は DNS ポイズニングや他の方法により偽造される可能性があるからです。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>戻る</strong>3.2. サーバのセキュリティ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>次へ</strong>3.2.2.2. iptables を用いた portmap の保護</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html
new file mode 100644
index 0000000..a5073ca
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Sendmail.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.7. Sendmail のセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="3.2.6.4. アクセス制御のための TCP Wrappers の使用" /><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="3.2.7.2. NFS と Sendmail" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><u
l class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_Sendmail"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">3.2.7. Sendmail のセキュア化</h3></div></div></div><div class="para">
+ Sendmail は、他の MTA と email クライアントや配送エージェントとの間で電子メッセージを配送するために Simple Mail Transfer Protocol (SMTP) を使用する Mail Transfer Agent (MTA) です。多くの MTA はもう一方との間のトラフィックを暗号化する機能がありますが、多くはそうしないので、あらゆるパブリック・ネットワーク上で email を送信することは、本質的にセキュアではないコミュニケーションの形式であると考えられています。
+ </div><div class="para">
+ Sendmail サーバを導入しようしている人は以下の問題に取り組むことが推奨されます。
+ </div><div class="section" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">3.2.7.1. サービス妨害攻撃の制限</h4></div></div></div><div class="para">
+ email の特性のため、本気になった攻撃者は、極めて簡単にメールを用いてサーバをあふれさせ、サービス妨害を引き起こすことができます。<code class="filename">/etc/mail/sendmail.mc</code> において以下のディレクティブに制限を設定することにより、そのような攻撃者を制限する効果があります。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">confCONNECTION_RATE_THROTTLE</code> — サーバが1秒当たりに受け付ける接続数。デフォルトで、Sendmail は接続数を制限しません。制限が設定され、制限に達すると、さらなる接続は遅延させられます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_DAEMON_CHILDREN</code> — サーバにより生成される子プロセスの最大数。デフォルトで、Sendmail は子プロセスの数の制限を割り当てません。制限が設定され、制限に達すると、さらなる接続は遅延させられます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMIN_FREE_BLOCKS</code> — メールを受け付けるためにサーバが利用可能でなければいけない空きブロックの最小数。デフォルトは 100 ブロックです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_HEADERS_LENGTH</code> — メッセージ・ヘッダの受信可能な最大容量(バイト単位)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">confMAX_MESSAGE_SIZE</code> — 1つのメッセージの受信可能な最大容量(バイト単位)。
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>戻る</strong>3.2.6.4. アクセス制御のための TCP Wrappers の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>次へ</strong>3.2.7.2. NFS と Sendmail</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
new file mode 100644
index 0000000..f83ddc6
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.5. Apache HTTP Server のセキュア化</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html" title="3.2.4.4. NFS ファイアウォールの設定" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="3.2.6. FTP のセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class
="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">3.2.5. Apache HTTP Server のセキュア化</h3></div></div></div><div class="para">
+ Apache HTTP Server は、Fedora に同梱されている、最も安定していてセキュアなサービスの1つです。多くのオプションとテクニックが Apache HTTP Server をセキュアにするために利用できます — ここで深く調べるには多すぎます。以下のセクションは Apache HTTP Server を実行するときのベストプラクティスを簡単に説明します。
+ </div><div class="para">
+ システムで実行するスクリプトは本番環境に置く<span class="emphasis"><em>前に</em></span>意図したとおりに動作することを常に確認します。また、root ユーザーのみが、スクリプトや CGI を含むすべてのディレクトリに対する書き込み権限を持つことを確認します。
+ </div><div class="orderedlist"><ol><li class="listitem"><pre class="screen">chown root <em class="replaceable"><code><directory_name></code></em></pre></li><li class="listitem"><pre class="screen">chmod 755 <em class="replaceable"><code><directory_name></code></em></pre></li></ol></div><div class="para">
+ システム管理者が以下の設定オプションを使用するときは注意が必要です (<code class="filename">/etc/httpd/conf/httpd.conf</code> において設定されます):
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term"><code class="option">FollowSymLinks</code></span></dt><dd><div class="para">
+ このディレクティブはデフォルトで有効です。そのため、ウェブサーバのドキュメントルートにシンボリックリンクを作成するときは確実に注意します。たとえば、<code class="filename">/</code> へのシンボリックリンクを提供することは悪いアイディアです。
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">Indexes</code></span></dt><dd><div class="para">
+ このディレクティブはデフォルトで有効です。しかし、望ましくありません。訪問者がサーバーにあるファイルを探索するのを防ぐため、このディレクティブを削除します。
+ </div></dd><dt class="varlistentry"><span class="term"><code class="option">UserDir</code></span></dt><dd><div class="para">
+ システムのユーザーアカウントの存在を確認できるので、<code class="option">UserDir</code> ディレクティブはデフォルトで無効です。サーバーのユーザーディレクトリのブラウジングを有効にするために、以下のディレクティブを使います:
+ </div><pre class="screen">UserDir enabled
+UserDir disabled root</pre><div class="para">
+ これらのディレクティブは <code class="filename">/root/</code> 以外のすべてのユーザーディレクトリに対するユーザー・ディレクトリのブラウジングを有効にします。無効にされたアカウントの一覧にユーザーを追加するには、<code class="option">UserDir disabled</code> 行にスペース区切りでユーザーの一覧を追加します。
+ </div></dd></dl></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="option">IncludesNoExec</code> ディレクティブを削除しないでください。<em class="firstterm">Server-Side Includes</em> (<abbr class="abbrev">SSI</abbr>) モジュールはデフォルトでコマンドを実行できません。潜在的に、攻撃者がシステムにあるコマンドを実行できるようにできるので、絶対に必要にならない限り、この設定を変更しないことを推奨します。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html"><strong>戻る</strong>3.2.4.4. NFS ファイアウォールの設定</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>次へ</strong>3.2.6. FTP のセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
new file mode 100644
index 0000000..dc9ee25
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2.8. リッスンしているポートの確認</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Server_Security.html" title="3.2. サーバのセキュリティ" /><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="3.2.7.3. メール専用ユーザー" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">3.2.8. リッスンしているポートの確認</h3></div></div></div><div class="para">
+ ネットワーク・サービスを設定した後、システムのネットワーク・インタフェースにおいて実際にどのポートがリッスンしているかに注意することは重要です。すべての開いているポートは侵入の兆候になる可能性があります。
+ </div><div class="para">
+ ネットワークにおいて待ち受けているポートを一覧化するための基本的なアプローチが2つあります。より信頼できないアプローチは、<code class="command">netstat -an</code> や <code class="command">lsof -i</code> のようなコマンドを用いてネットワーク・スタックを問い合わせることです。これらのプログラムはネットワークからマシンへ接続しないので、この方法はより信頼できませんが、システムにおいて実行しているものをよりチェックできます。そのため、これらのアプリケーションは頻繁に攻撃者により置き換えられる対象になります。攻撃者が認可されていないネットワーク・ポートを開くならば、<code class="command">netstat</code> と <code class="command">lsof</code> を自分自身の改変したバージョンに置き換えることにより、その痕跡を隠そうと
します。
+ </div><div class="para">
+ ネットワークにおいてどのポートがリッスンしているかを確認するためのより信頼できる方法は、<code class="command">nmap</code> のようなポート・スキャナーを使用することです。
+ </div><div class="para">
+ コンソールから実行される以下のコマンドは、どのポートがネットワークからの TCP 接続を待ち受けているかを決めます:
+ </div><pre class="screen">nmap -sT -O localhost</pre><div class="para">
+ このコマンドの出力は以下のように表示されます:
+ </div><pre class="screen">Starting Nmap 4.68 ( http://nmap.org ) at 2009-03-06 12:08 EST
+Interesting ports on localhost.localdomain (127.0.0.1):
+Not shown: 1711 closed ports
+PORT STATE SERVICE
+22/tcp open ssh
+25/tcp open smtp
+111/tcp open rpcbind
+113/tcp open auth
+631/tcp open ipp
+834/tcp open unknown
+2601/tcp open zebra
+32774/tcp open sometimes-rpc11
+Device type: general purpose
+Running: Linux 2.6.X
+OS details: Linux 2.6.17 - 2.6.24
+Uptime: 4.122 days (since Mon Mar 2 09:12:31 2009)
+Network Distance: 0 hops
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 1.420 seconds</pre><div class="para">
+ この出力は、<code class="computeroutput">sunrpc</code> の存在により、システムが <code class="command">portmap</code> を実行していることを示しています。しかしながら、ポート834に謎のサービスがあります。そのポートが既知のサービスの公式な一覧に関連づけられるかを確認するため、次を入力します:
+ </div><pre class="screen">cat /etc/services | grep 834</pre><div class="para">
+ このコマンドは何も出力しません。このことは、ポートが予約済み範囲(0から1023を意味します)にあり、開くために root アクセスが必要であり、既知のサービスに関連づけられていないことを意味します。
+ </div><div class="para">
+ 次に、<code class="command">netstat</code> または <code class="command">lsof</code> を用いてポートに関する情報を確認します。<code class="command">netstat</code> を用いてポート834を確認するために、以下のコマンドを使用します:
+ </div><pre class="screen">netstat -anp | grep 834</pre><div class="para">
+ コマンドは以下の出力を返します:
+ </div><pre class="screen">tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind</pre><div class="para">
+ 攻撃者が侵入したホストにおいて密かに開けたポートが、このコマンドにより明らかにされないかもしれないので、<code class="command">netstat</code> で開いているポートの存在を再確認します。また、<code class="option">[p]</code> オプションは、ポートを開いているサービスのプロセス ID (PID) を明らかにします。この場合、開いているポートは <code class="command">ypbind</code> (<abbr class="abbrev">NIS</abbr>) に属しています。これは、<code class="command">portmap</code> サービスとともに取り扱われる <abbr class="abbrev">RPC</abbr> サービスです。
+ </div><div class="para">
+ <code class="command">lsof</code> コマンドは、開いているポートをサービスと対応される機能もあるので、<code class="command">netstat</code> と同じような情報を明らかにします。
+ </div><pre class="screen">lsof -i | grep 834</pre><div class="para">
+ このコマンドからの出力の関連する部分は次のようです:
+ </div><pre class="screen">ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)
+ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)</pre><div class="para">
+ これらのツールは、マシンで実行しているサービスの状態に関する詳細を非常に明らかにします。これらのツールは、柔軟であり、ネットワーク・サービスと設定に関する豊かな情報を提供します。詳細は <code class="command">lsof</code>, <code class="command">netstat</code>, <code class="command">nmap</code>, および <code class="filename">services</code> のマニュアルページを参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>戻る</strong>3.2.7.3. メール専用ユーザー</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>次へ</strong>3.3. Single Sign-on (SSO)</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html
new file mode 100644
index 0000000..fcdf23c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Server_Security.html
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. サーバのセキュリティ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="3.2.2. Portmap のセキュア化" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Server_Security" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Server_Security">3.2. サーバのセキュリティ</h2></div></div></div><div class="para">
+ システムがパブリック・ネットワークにおいてサーバとして使用されるとき、攻撃の対象になります。そのため、システムを堅牢化して、サービスをロックダウンすることは、システム管理者にとって最も重要なことになります。
+ </div><div class="para">
+ 特定の問題を掘り下げて考える前に、サーバのセキュリティを強化するための一般的な以下のヒントについて再考します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 最新の脅威に対して保護するために、すべてのサービスを最新に保ちます。
+ </div></li><li class="listitem"><div class="para">
+ できる限りセキュアなプロトコルを使用します。
+ </div></li><li class="listitem"><div class="para">
+ できる限りマシンあたり1種類のネットワークサービスのみを取り扱います。
+ </div></li><li class="listitem"><div class="para">
+ 疑わしい活動に対してすべてのサーバを注意深く監視します。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">3.2.1. TCP Wrappers と xinetd を用いたサービスのセキュア化</h3></div></div></div><div class="para">
+ <em class="firstterm">TCP Wrappers</em> はさまざまなサービスにアクセス制御を提供します。SSH、Telnet および FTP のような最近のネットワークサービスの多くは TCP Wrappers (入ってくるリクエストと要求されたサービスの間で見張りをします)を使用します。
+ </div><div class="para">
+ TCP Wrappers により提供される利便性は、<code class="command">xinetd</code>(追加のアクセス、ロギング、バインド、リダイレクトおよびリソース活用に関する制御を提供するスーパーサービス)と併用するときに向上します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ サービスのアクセス制御の中に冗長性を持たせるために、TCP Wrappers および <code class="command">xinetd</code> とともに iptables ファイアウォール・ルールを使用することは素晴らしいアイディアです。iptables コマンドを用いたファイアウォールの導入に関する詳細は<a class="xref" href="sect-Security_Guide-Firewalls.html">「ファイアウォール」</a>を参照してください。
+ </div></div></div><div class="para">
+ 以下のサブセクションは、各トピックに関する基本的な知識があることを想定し、特定のセキュリティ・オプションに焦点を合わせています。
+ </div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers">3.2.1.1. TCP Wrappres を用いたセキュリティの強化</h4></div></div></div><div class="para">
+ TCP Wrappers はサービスへのアクセスを拒否する以外にも多くの機能があります。このセクションは、接続バナーを送信し、特定のホストからの攻撃者に警告をし、ログ機能を強化するために、どのように使うことができるかを説明します。TCP Wrapper 機能と制御言語に関する詳細は、 <code class="filename">hosts_options</code> man page を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Connection_Banners">3.2.1.1.1. TCP Wrappers と接続バナー</h5></div></div></div><div class="para">
+ ユーザーがサービスに接続するときに適切なバナーを表示することは、潜在的な攻撃者へとシステム管理者が気を配っていることを知らせるために有用な方法です。システムに関するどのような情報がユーザーへと表示されるかを制御することもできます。サービスに対して TCP Wrappers バナーを導入するために、<code class="option">banner</code> オプションを使用します。
+ </div><div class="para">
+ この例は <code class="command">vsftpd</code> のバナーを導入しています。始めるにはバナーファイルを作成します。それはシステムのどこでも構いませんが、デーモンと同じ名前でなければいけません。たとえば、そのファイルは <code class="filename">/etc/banners/vsftpd</code> と呼ばれ、以下の行を含みます:
+ </div><pre class="screen">220-Hello, %c
+220-All activity on ftp.example.com is logged.
+220-Inappropriate use will result in your access privileges being removed.</pre><div class="para">
+ <code class="command">%c</code> トークンは、より接続をおじけずかせるように、ユーザー名とホスト名、または、ユーザー名と IP アドレスのような、クライアントのさまざまな情報を提供します。
+ </div><div class="para">
+ 受信コネクションに表示するためのこのバナーに対して、<code class="filename">/etc/hosts.allow</code> ファイルに以下の行を追加します:
+ </div><pre class="screen"><code class="command"> vsftpd : ALL : banners /etc/banners/ </code></pre></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Attack_Warnings">3.2.1.1.2. TCP Wrappers と攻撃の警告</h5></div></div></div><div class="para">
+ 特定のホストやネットワークがサーバを攻撃していることを検知したら、TCP Wrappers は <code class="command">spawn</code> ディレクティブを用いて、そのホストまたはネットワークからの後続の攻撃について管理者に警告するために使用されます。
+ </div><div class="para">
+ この例では 206.182.68.0/24 ネットワークからのクラッカーがサーバを攻撃しようとしていることを検知したと仮定しています。そのネットワークからの接続試行をすべて拒否して、その試行を特別なファイルに記録するために、<code class="filename">/etc/hosts.deny</code> ファイルに以下の行を置きます:
+ </div><pre class="screen"><code class="command"> ALL : 206.182.68.0 : spawn /bin/ 'date' %c %d >> /var/log/intruder_alert </code></pre><div class="para">
+ <code class="command">%d</code> トークンは、攻撃者がアクセスしようとしたサービスの名前を提供します。
+ </div><div class="para">
+ 接続を許可して、それを記録するには、<code class="filename">/etc/hosts.allow</code> ファイルに <code class="command">spawn</code> ディレクティブを置きます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="command">spawn</code> ディレクティブはあらゆるシェルコマンドを実行するので、特定のクライアントがサーバへ接続しようとしたときに、管理者に通知したり、一連のコマンドを実行したりする特別なスクリプトを作成することは素晴らしいアイディアです。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">3.2.1.1.3. TCP Wrappers と高度な</h5></div></div></div><div class="para">
+ もし特定の種類の接続が他のものよりも注意する必要があれば、<code class="command">severity</code> オプションを用いて、ログレベルをそのサービスに対して上昇させることができます。
+ </div><div class="para">
+ この例では、FTP サーバのポート23番(Telnet ポート)に接続しようとする者はすべて攻撃者であると仮定しています。このことを示すために、ログファイルにおいてデフォルトのフラグ <code class="command">info</code> の代わりに <code class="command">emerg</code> フラグを立てます。そして、接続を拒否します。
+ </div><div class="para">
+ これを実行するには、<code class="filename">/etc/hosts.deny</code> に以下の行を置きます:
+ </div><pre class="screen"><code class="command"> in.telnetd : ALL : severity emerg </code></pre><div class="para">
+ これはデフォルトの <code class="command">authpriv</code> ログ・ファシリティを使用しますが、プライオリティをデフォルト値の\n <code class="command">info</code> から <code class="command">emerg</code> (ログメッセージを直接コンソールに送ります) へと上昇させます。
+ </div></div></div><div class="section" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_xinetd">3.2.1.2. xinetd を用いた高度なセキュリティ</h4></div></div></div><div class="para">
+ このセクションは、トラップ・サービスを設定するために <code class="command">xinetd</code> を使用すること、および与えられたすべての <code class="command">xinetd</code> サービスが利用可能になるリソース・レベルを制御するために使用することに焦点を当てます。サービスに対するリソース制限を設定することで、<em class="firstterm">Denial of Service</em> (<acronym class="acronym">DoS</acronym>) 攻撃を阻止する助けにできます。利用可能なオプションの一覧は、<code class="command">xinetd</code> と <code class="filename">xinetd.conf</code> のマニュアルページを参照してください。
+ </div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Setting_a_Trap">3.2.1.2.1. トラップの設定</h5></div></div></div><div class="para">
+ <code class="command">xinetd</code> の重要な機能の1つは、全体に影響する <code class="filename">no_access</code> リストにホストを追加する機能です。このリストにあるホストは、指定された期間または <code class="command">xinetd</code> が再起動されるまで <code class="command">xinetd</code> により管理されたサービスへの後続の接続が拒否されます。
+ </div><div class="para">
+ <code class="command">SENSOR</code> をセットアップする最初のステップは、使用しない予定のサービスを選択することです。この例では、Telnet が使われます。
+ </div><div class="para">
+ <code class="filename">/etc/xinetd.d/telnet</code> ファイルを編集して、読み込むために <code class="option">flags</code> 行を変更します:
+ </div><pre class="screen">flags = SENSOR</pre><div class="para">
+ 以下の行を追加します:
+ </div><pre class="screen">deny_time = 30</pre><div class="para">
+ これにより、そのホストによるそのポートへのさらなる接続試行は30分間拒否されます。<code class="command">deny_time</code> 属性に対する他の利用可能な値は FOREVER (<code class="command">xinetd</code> が再起動されるまで禁止効果が続きます) および NEVER (接続を許可して記録します)です。
+ </div><div class="para">
+ 最後に、最終行に次を読み込むべきです:
+ </div><pre class="screen">disable = no</pre><div class="para">
+ これはトラップ自身を有効にします。
+ </div><div class="para">
+ <code class="option">SENSOR</code> を使用することは望ましくないホストからの接続を検知して停止するための素晴らしい方法ですが、欠点が2つあります:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ステルス・スキャンに対してうまく機能しません。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">SENSOR</code> を実行していることを知っている攻撃者は、IP アドレスを偽造して、禁止されたポートに接続することにより、特定のホストに対するサービス妨害攻撃をしかけることができます。
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_xinetd-Controlling_Server_Resources">3.2.1.2.2. サーバ・リソースの制御</h5></div></div></div><div class="para">
+ <code class="command">xinetd</code> の他の重要な機能は、制御下にあるサービスに対してリソース制限を設定する能力です。
+ </div><div class="para">
+ 以下のディレクティブを用いて実施します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">cps = <number_of_connections> <wait_period></code> — 受信コネクションの割合を制限します。このディレクティブは2つの引数をとります。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option"><number_of_connections></code> — 1秒あたりに処理するコネクションの数。受信コネクションの割合がこれよりも多くなると、サービスが一時的に無効にされます。デフォルト値は50です。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option"><wait_period></code> — サービスが無効化された後、再び有効化されるまでの待ち時間(秒単位)。デフォルトの間隔は10秒です。
+ </div></li></ul></div></li><li class="listitem"><div class="para">
+ <code class="option">instances = <number_of_connections></code> — サービスへの許可されるコネクションの合計数を指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">per_source = <number_of_connections></code> — 各ホストあたりのサービスへの許可される接続数を指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_as = <number[K|M]></code> — サービスが占有できるメモリアドレス空間の量をキロバイトまたはメガバイト単位で指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">rlimit_cpu = <number_of_seconds></code> — サービスが CPU を占有できる合計時間を秒単位で指定します。このディレクティブは、整数値もしくは <code class="command">UNLIMITED</code> をとります。
+ </div></li></ul></div><div class="para">
+ これらのディレクティブを使用すると、ある1つの <code class="command">xinetd</code> サービスがシステムを制圧して、サービス妨害を達成することを防ぐ助けにできます。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>戻る</strong>第3章 ネットワークのセキュア化</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>次へ</strong>3.2.2. Portmap のセキュア化</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
new file mode 100644
index 0000000..c7a26af
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="3.3.4. スマートカードのログインはどのように動作しますか" /><link rel="next" href="sect-Security_Guide-Yubikey.html" title="3.4. YubiKey" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="prev
ious"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</h3></div></div></div><div class="para">
+ Firefox がシングルサインオンのために Kerberos を使用するよう設定できます。この機能を正しく動作させるために、Kerberos クレディンシャルを適切な <abbr class="abbrev">KDC</abbr> に送るようウェブブラウザを設定する必要があります。以下のセクションは、これを実現するために、設定の変更点と他の必要事項を説明しています。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Firefox のアドレスバーに、現在の設定オプションの一覧を表示するために <strong class="userinput"><code>about:config</code></strong> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>フィルタ</strong></span> フィールドに、オプションの一覧を制限するために <strong class="userinput"><code>negotiate</code></strong> と入力します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>文字列の入力</em></span>ダイアログボックスを表示するために <span class="emphasis"><em>network.negotiate-auth.trusted-uris</em></span> エントリをダブルクリックします。
+ </div></li><li class="listitem"><div class="para">
+ 認証したいドメイン名を入力します。たとえば、<em class="replaceable"><code>.example.com</code></em> です。
+ </div></li><li class="listitem"><div class="para">
+ 上の手順を <span class="emphasis"><em>network.negotiate-auth.delegation-uris</em></span> エントリに対しても、同じドメインを用いて繰り返します。
+ </div><div class="para">
+ <div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 必要とされない Kerberos チケットをパスできるよう、この値を空白にしたままにできます。
+ </div><div class="para">
+ 表示されたこれら2つの設定オプションが見当たらないならば、Firefox のバージョンが Negotiate 認証をサポートしていない古すぎるバージョンである可能性があります。更新を検討すべきです。
+ </div></div></div>
+
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Configuring_Firefox_for_SSO_with_Kerberos"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firefox_kerberos_SSO.png" width="444" alt="Kerberos を用いた SSO 用に Firefox を設定" /><div class="longdesc"><div class="para">
+ SSO 用に Kerberos を使用するよう Firefox を設定します。
+ </div></div></div></div><h6>図3.6 Kerberos を用いた SSO 用に Firefox を設定</h6></div><br class="figure-break" /><div class="para">
+ Kerberos チケットを持っていることを確実にする必要があります。コマンドシェルにおいて、Kerberos チケットを読み出すために <code class="command">kinit</code> と入力します。利用可能なチケットの一覧を表示するために、<code class="command">klist</code> と入力します。以下は、これらのコマンドの出力例を示しています:
+ </div><pre class="screen">[user at host ~] $ kinit
+Password for user at EXAMPLE.COM:
+
+[user at host ~] $ klist
+Ticket cache: FILE:/tmp/krb5cc_10920
+Default principal: user at EXAMPLE.COM
+
+Valid starting Expires Service principal
+10/26/06 23:47:54 10/27/06 09:47:54 krbtgt/USER.COM at USER.COM
+ renew until 10/26/06 23:47:54
+
+Kerberos 4 ticket cache: /tmp/tkt10920
+klist: You have no tickets cached</pre><div class="section" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Configuring_Firefox_to_use_Kerberos_for_SSO-Troubleshooting">3.3.5.1. トラブルシューティング</h4></div></div></div><div class="para">
+ 上の設定手順にしたがっても Negotiate 認証がうまく動作しないならば、認証プロセスの冗長なログを有効にします。これにより、問題の原因を見つける助けになります。冗長なログを有効にするために、以下の手順を使用します:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Firefox のインスタンスをすべて閉じます。
+ </div></li><li class="listitem"><div class="para">
+ コマンドシェルを開いて、以下のコマンドを入力します:
+ </div><pre class="screen">export NSPR_LOG_MODULES=negotiateauth:5
+export NSPR_LOG_FILE=/tmp/moz.log</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>そのシェルから</em></span> Firefox を再起動して、前に認証できなかったウェブサイトを訪問します。情報が <code class="filename">/tmp/moz.log</code> に記録され、問題へのヒントを与えるかもしれません。たとえば:
+ </div><pre class="screen">-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
+-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
+No credentials cache found</pre><div class="para">
+ これは Kerberos チケットを持っていないことを意味します。<code class="command">kinit</code> を実行する必要があります。
+ </div></li></ol></div><div class="para">
+ マシンから正常に <code class="command">kinit</code> が実行できても、認証がうまくいかないならば、ログファイルにあるこのようなものを見かけるかもしれません:
+ </div><pre class="screen">-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
+-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
+Server not found in Kerberos database</pre><div class="para">
+ これは一般的な Kerberos の設定問題を意味します。<code class="filename">/etc/krb5.conf</code> ファイルの [domain_realm] セクションに正しいエントリを持つことを確実にします。たとえば:
+ </div><pre class="screen">.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM</pre><div class="para">
+ ログに何も表示されない場合、プロキシの内側にいる可能性があります。プロキシは Negotiate 認証に必要となる HTTP リクエストヘッダを取り除きます。回避策として、リクエストが変更されずに通過できるよう、代わりに HTTPS を使用しているサーバに接続を試してみることができます。そして、上で説明されたように、ログファイルを使用してデバッグを進めます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>戻る</strong>3.3.4. スマートカードのログインはどのように動作しますか</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey.html"><strong>次へ</strong>3.4. YubiKey</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
new file mode 100644
index 0000000..7cb84ed
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.2. 新しいスマートカードの開始方法</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="3.3.3. スマートカードの登録はどのように動作しますか" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">3.3.2. 新しいスマートカードの開始方法</h3></div></div></div><div class="para">
+ システムにログインするためにスマートカードを使用でき、この技術が提供する増やされたセキュリティ・オプションの利点を得られる前に、いくつかの基本的なインストールと設定手順を実行する必要があります。これらは以下で説明されます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ このセクションは、スマートカードの始め方を高いレベルでの概要を提供します。より詳細な情報は Red Hat Certificate System Enterprise Security Client Guide において入手可能です。
+ </div></div></div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Kerberos 名とパスワードを用いてログインします。
+ </div></li><li class="step"><div class="para">
+ <code class="filename">nss-tools</code> パッケージがロードされていることを確実にします。
+ </div></li><li class="step"><div class="para">
+ あなたの組織固有のルート証明書をダウンロードしてインストールします。ルート CA 証明書をインストールするために以下のコマンドを使用します:
+ </div><pre class="screen">certutil -A -d /etc/pki/nssdb -n "root ca cert" -t "CT,C,C" -i ./ca_cert_in_base64_format.crt</pre></li><li class="step"><div class="para">
+ システムにインストールされた次の RPM を検証します: esc, pam_pkcs11, coolkey, ifd-egate, ccid, gdm, authconfig, および authconfig-gtk。
+ </div></li><li class="step"><div class="para">
+ スマートカード・ログインのサポートを有効にします
+ </div><ol class="a"><li class="step"><div class="para">
+ Gnome のタイトル・バーにおいて、システム -> 管理 -> 認証を選択します。
+ </div></li><li class="step"><div class="para">
+ 必要に応じてマシンの root パスワードを入力します。
+ </div></li><li class="step"><div class="para">
+ 認証の設定ダイアログにおいて、<span class="guilabel"><strong>認証</strong></span>タブをクリックします。
+ </div></li><li class="step"><div class="para">
+ <span class="guilabel"><strong>スマートカードのサポートを有効にする</strong></span>チェックボックスを選択します。
+ </div></li><li class="step"><div class="para">
+ スマートカードの設定ダイアログを表示するために <span class="guibutton"><strong>スマートカードを設定する...</strong></span> をクリックして、必要な設定を指定します:
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ログインのためにスマートカードを要求する</strong></span> — このチェックボックスを外します。スマートカードを用いて正常にログインした後で、ユーザーがスマートカードなしでログインするを防ぐためにこのオプションを選択します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>カード抜き取り時の動作</strong></span> — これにより、ログインした後にスマートカードを抜いたときに何が起きるかを制御します。
+ </div><div class="para">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>ロック</strong></span> — スマートカードを抜いたときに X 画面をロックします。
+ </div></li><li class="listitem"><div class="para">
+ <span class="guilabel"><strong>無視</strong></span> — スマートカードを抜いても何もしません。
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </div></li></ol></li><li class="step"><div class="para">
+ Online Certificate Status Protocol (<abbr class="abbrev">OCSP</abbr>) を有効にする必要があるなら、<code class="filename">/etc/pam_pkcs11/pam_pkcs11.conf</code> ファイルを開いて、以下の行を探します:
+ </div><div class="para">
+ <code class="command">enable_ocsp = false;</code>
+ </div><div class="para">
+ 次のように、この値を true に変更します:
+ </div><div class="para">
+ <code class="command">enable_ocsp = true;</code>
+ </div></li><li class="step"><div class="para">
+ スマートカードを登録します
+ </div></li><li class="step"><div class="para">
+ CAC カードを使用しているならば、以下の手順も実行する必要があります:
+ </div><ol class="a"><li class="step"><div class="para">
+ root アカウントに変更して、<code class="filename">/etc/pam_pkcs11/cn_map</code> というファイルを作成します。
+ </div></li><li class="step"><div class="para">
+ 以下のエントリを <code class="filename">cn_map</code> ファイルに追加します:
+ </div><div class="para">
+ <em class="replaceable"><code>MY.CAC_CN.123454</code></em> -> <em class="replaceable"><code>myloginid</code></em>
+ </div><div class="para">
+ ここで、<em class="replaceable"><code>MY.CAC_CN.123454</code></em> は CAC の Common Name、<em class="replaceable"><code>myloginid</code></em> は UNIX ログイン ID です。
+ </div></li></ol></li><li class="step"><div class="para">
+ ログアウトします
+ </div></li></ol></div><div class="section" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Getting_Started_with_your_new_Smart_Card-Troubleshooting">3.3.2.1. トラブルシューティング</h4></div></div></div><div class="para">
+ スマートカードを動作させるためにトラブルに遭遇したら、問題のある箇所を特定するために次のコマンドを試してください。
+ </div><pre class="screen">pklogin_finder debug</pre><div class="para">
+ 登録されたスマートカードがプラグインされている間、デバッグモードで <code class="command">pklogin_finder</code> ツールを実行するならば、カードにある証明書からログイン ID を対応づけることがうまくいくと、証明書の検証に関する情報を出力しようとします。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>戻る</strong>3.3. Single Sign-on (SSO)</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>次へ</strong>3.3.3. スマートカードの登録はどのように動作しますか</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
new file mode 100644
index 0000000..5919376
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.3. スマートカードの登録はどのように動作しますか</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="3.3.2. 新しいスマートカードの開始方法" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="3.3.4. スマートカードのログインはどのように動作しますか" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/i
mages/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">3.3.3. スマートカードの登録はどのように動作しますか</h3></div></div></div><div class="para">
+ スマートカードは有効な認証局 (<abbr class="abbrev">CA</abbr>: Certificate Authority) により署名された適切な証明書を受け取ったとき、<em class="firstterm">登録</em>されたと言われます。これは以下で説明されるいくつかの手順に関連します。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ ユーザーがワークステーションのスマートカードリーダにスマートカードを挿入します。このイベントは Enterprise Security Client (<abbr class="abbrev">ESC</abbr>) により認識されます。
+ </div></li><li class="listitem"><div class="para">
+ 登録ページがユーザーのデスクトップに表示されます。ユーザーは必要な詳細とユーザーのシステムを完了します。そして、Token Processing System (<abbr class="abbrev">TPS</abbr>) および <abbr class="abbrev">CA</abbr> に接続します。
+ </div></li><li class="listitem"><div class="para">
+ <abbr class="abbrev">TPS</abbr> は <abbr class="abbrev">CA</abbr> により署名された証明書を使用してスマートカードを登録します。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Enrollment_Works-How_Smart_Card_Enrollment_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLoginEnrollment.png" width="444" alt="スマートカードの登録はどのように動作しますか" /><div class="longdesc"><div class="para">
+ スマートカードの登録はどのように動作しますか。
+ </div></div></div></div><h6>図3.4 スマートカードの登録はどのように動作しますか</h6></div><br class="figure-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>戻る</strong>3.3.2. 新しいスマートカードの開始方法</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>次へ</strong>3.3.4. スマートカードのログインはどのように動作しますか</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
new file mode 100644
index 0000000..131849d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3.4. スマートカードのログインはどのように動作しますか</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="3.3. Single Sign-on (SSO)" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="3.3.3. スマートカードの登録はどのように動作しますか" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">3.3.4. スマートカードのログインはどのように動作しますか</h3></div></div></div><div class="para">
+ このセクションは、スマートカードを用いたログインの流れについて簡単な概要を提供します。
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ ユーザーがスマートカードリーダの中にスマートカードを挿入したとき、このイベントが PAM ファシリティにより認識されます。ここで、ユーザーの PIN に対するプロンプトが出ます。
+ </div></li><li class="listitem"><div class="para">
+ その後、システムはユーザーの現在の証明書を探して、それらの有効性を検証します。そして、証明書はユーザーの UID に対応づけられます。
+ </div></li><li class="listitem"><div class="para">
+ これは KDC に対して検証され、ログインが許可されます。
+ </div></li></ol></div><div class="figure" id="figu-Security_Guide-How_Smart_Card_Login_Works-How_Smart_Card_Login_Works"><div class="figure-contents"><div class="mediaobject"><img src="images/SCLogin.png" width="444" alt="スマートカードのログインはどのように動作しますか" /><div class="longdesc"><div class="para">
+ スマートカードのログインはどのように動作しますか。
+ </div></div></div></div><h6>図3.5 スマートカードのログインはどのように動作しますか</h6></div><br class="figure-break" /><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ フォーマットされていたとしても、登録されていないスマートカードを用いてログインすることはできません。フォーマットされ、登録されたカードを用いてログインする必要があります、もしくは新しいカードを登録できるまではスマートカードを用いたログインはできません。
+ </div></div></div><div class="para">
+ Kerberos と <acronym class="acronym">PAM</acronym> に関する詳細は <a class="xref" href="sect-Security_Guide-Kerberos.html">「Kerberos」</a> および <a class="xref" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">「Pluggable Authentication Modules (PAM)」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>戻る</strong>3.3.3. スマートカードの登録はどのように動作しますか</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>次へ</strong>3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html
new file mode 100644
index 0000000..629ab8f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Single Sign-on (SSO)</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="3.2.8. リッスンしているポートの確認" /><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="3.3.2. 新しいスマートカードの開始方法" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Single_Sign_on_SSO" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">3.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">3.3.1. 概要</h3></div></div></div><div class="para">
+ Fedora の SSO 機能は Fedora デスクトップのユーザーがパスワードを入力しなければいけない回数を減らします。いくつかの有名なアプリケーションは、ユーザーがログイン画面から Fedora にログインでき、パスワードを再入力する必要がないよう、同じ基礎となる認証と認可のメカニズムを導入します。これらのアプリケーションは以下で詳しく説明されます。
+ </div><div class="para">
+ さらに、ネットワークがないとき(<em class="firstterm">オフライン・モード</em>)やネットワーク接続性が信頼できないところ(たとえば、無線アクセス)でさえ、それらのメカニズムにログインすることができます。後者の場合、サービスは緩やかに機能を下げていきます。
+ </div><div class="section" id="sect-Security_Guide-Introduction-Supported_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Applications">3.3.1.1. サポートされるアプリケーション</h4></div></div></div><div class="para">
+ 以下のアプリケーションは Fedora における単一ログインのスキームを現在サポートしています:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ログイン
+ </div></li><li class="listitem"><div class="para">
+ スクリーンセーバー
+ </div></li><li class="listitem"><div class="para">
+ Firefox および Thunderbird
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">3.3.1.2. サポートされる認証メカニズム</h4></div></div></div><div class="para">
+ Fedora は以下の認証メカニズムを現在サポートしています:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ ケルベロス名/パスワードログイン
+ </div></li><li class="listitem"><div class="para">
+ スマートカード/PIN ログイン
+ </div></li></ul></div></div><div class="section" id="sect-Security_Guide-Introduction-Supported_Smart_Cards"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Supported_Smart_Cards">3.3.1.3. サポートされるスマートカード</h4></div></div></div><div class="para">
+ Fedora は Cyberflex e-gate カードとリーダを用いてテストされていますが、Java card 2.1.1 および Global Platform 2.0.1 仕様の両方を用いて組み立てられているすべてのカードは、すべてのリーダが PCSC-lite によりサポートされているので、正しく動作するでしょう。
+ </div><div class="para">
+ Fedora は Common Access Cards (CAC) を用いてもテストされています。CAC 用にサポートされるリーダは SCM SCR 331 USB リーダです。
+ </div><div class="para">
+ Fedora 5.2 現在、Gemalto smart cards (Cyberflex Access 64k v2, PKCSI v2.1 で設定された DER SHA1 値を持つ標準) がサポートされます。これらのスマートカードは、Chip/Smart Card Interface Devices (CCID) と互換のあるリーダを使用します。
+ </div></div><div class="section" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">3.3.1.4. Fedora Single Sign-on の利点</h4></div></div></div><div class="para">
+ 現在、多くのプロトコルやクレディンシャル保管庫を利用する、多くのセキュリティ・メカニズムが存在します。例は、SSL, SSH, IPsec, および Kerberos を含みます。Fedora SSO は上でリストされた要求事項をサポートするために、これらのスキーマを単一化することを目標としています。X.509v3 証明書を用いた Kerberos を置き換えることを意味するわけではありません。むしろ、それらを管理しているシステムユーザーや管理者の負担を減らすために、それらを一体化させることを意味します。
+ </div><div class="para">
+ この目標を達成するために、Fedora は:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 各オペレーティングシステムにおいて単一の、共有された NSS 暗号ライブラリのインスタンスを提供します。
+ </div></li><li class="listitem"><div class="para">
+ 基本オペレーティングシステムに証明書システムの Enterprise Security Client (ESC) を同梱します。ESC アプリケーションは、スマートカードの挿入イベントを監視しています。Fedora Certificate System サーバ製品とともに使用されるよう設計されているスマートカードをユーザーが挿入したことを検知すると、ユーザーにスマートカードを登録する方法を説明するユーザーインタフェースが表示されます。
+ </div></li><li class="listitem"><div class="para">
+ スマートカードを用いてオペレーティングシステムにログインするユーザが、Kerberos クレディンシャル(ファイルサーバにログインできるようにする、など)も取得できるよう、Kerberos と NSS を一体化します。
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>戻る</strong>3.2.8. リッスンしているポートの確認</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>次へ</strong>3.3.2. 新しいスマートカードの開始方法</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
new file mode 100644
index 0000000..008f345
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.4. よく知られたリポジトリからの署名されたパッケージのインストール</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="第7章 ソフトウェアのメンテナンス" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="7.3. 自動更新の調整" /><link rel="next" href="chap-Security_Guide-CVE.html" title="第8章 共通脆弱性識別子 CVE" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-CVE.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">7.4. よく知られたリポジトリからの署名されたパッケージのインストール</h2></div></div></div><div class="para">
+ ソフトウェア・パッケージはリポジトリを通して公開されます。よく知られたリポジトリはすべてパッケージ署名をサポートしています。パッケージ署名は、リポジトリにより公開されているパッケージが、署名を適用されてから変更されていないことを証明するために、公開鍵の技術を使用します。これにより、パッケージが作成された後ユーザーがダウンロードする前に、悪意を持って変更されているかもしれないソフトウェアに対する保護が提供されます。
+ </div><div class="para">
+ 多く過ぎるリポジトリ、信頼できないリポジトリ、または署名のないパッケージを持つリポジトリを使用することは、システムに悪意または脆弱性のあるコードを取り込むリスクをより高くします。yum やソフトウェアの更新にリポジトリを追加するときに注意してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>戻る</strong>7.3. 自動更新の調整</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-CVE.html"><strong>次へ</strong>第8章 共通脆弱性識別子 CVE</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
new file mode 100644
index 0000000..81391df
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. 自動更新の調整</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="第7章 ソフトウェアのメンテナンス" /><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="7.2. セキュリティ・アップデートの計画と設定" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="7.4. よく知られたリポジトリからの署名されたパッケージのインストール" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">7.3. 自動更新の調整</h2></div></div></div><div class="para">
+ Fedora は日次スケジュールですべてのアップデートを適用するよう設定されています。システムがどのようにアップデートをインストールするかを変更したい場合、"ソフトウェア・アップデートの設定" により実施しなければいけません。利用可能なアップデートを適用または通知するために、スケジュールとアップデートの種類を変更できます。
+ </div><div class="para">
+ Gnome では、<code class="code">システム -> 設定 -> ソフトウェアの更新</code>においてアップデートをコントロールできます。KDE では、<code class="code">アプリケーション -> 設定 -> ソフトウェアの更新</code>にあります。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>戻る</strong>7.2. セキュリティ・アップデートの計画と設定</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>次へ</strong>7.4. よく知られたリポジトリからの署名されたパッケージのインストール</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
new file mode 100644
index 0000000..505f55d
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. セキュリティ・アップデートの計画と設定</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="第7章 ソフトウェアのメンテナンス" /><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="第7章 ソフトウェアのメンテナンス" /><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="7.3. 自動更新の調整" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docume
ntation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">7.2. セキュリティ・アップデートの計画と設定</h2></div></div></div><div class="para">
+ すべてのソフトウェアはバグを含みます。しばしば、これらのバグはシステムを悪意のあるユーザーにさらす可能性がある脆弱性となります。パッチを当てていないシステムはコンピューターの侵入の一般的な原因となります。侵入できないようそれらの脆弱性をふさぐために、タイムリーにセキュリティ・パッチをインストールする計画を持つべきです。
+ </div><div class="para">
+ 自宅のユーザーにとって、セキュリティ・アップデートはできる限り早くインストールされるべきです。セキュリティ・アップデートの自動インストールの設定は、覚えておかなければいけないのを避けられますが、あるものがシステムにおける設定または他のソフトウェアと競合する原因となる可能性があるというわずかなリスクをもたらします。
+ </div><div class="para">
+ ビジネスや自宅の高度なユーザーにとって、セキュリティ・アップデートは、テストされ、インストールをスケジュールするべきです。パッチがリリースされてからシステムにインストールされるまでの間、システムを保護するために追加のコントロールを使う必要があります。これらのコントロールはその脆弱性に依存しますが、追加のファイアウォール・ルール、外部ファイアウォールの使用、およびソフトウェア設定の変更を含められます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>戻る</strong>第7章 ソフトウェアのメンテナンス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>次へ</strong>7.3. 自動更新の調整</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
new file mode 100644
index 0000000..9e24b1b
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2.2. オプション・フィールド</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. TCP Wrappers の設定ファイル" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. TCP Wrappers の設定ファイル" /><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="3.6.2.2.2. アクセス制御" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">3.6.2.2. オプション・フィールド</h4></div></div></div><div class="para">
+ アクセスを許可または拒否する基本的なルールに加えて、TCP Wrappers の Fedora 実装は、<em class="firstterm">オプション・フィールド</em>を通してアクセス制御言語への拡張をサポートします。hosts アクセス・ルールにおけるオプション・フィールドを使用することにより、ログ動作の変更、アクセス制御の統合、シェル・コマンドの実行などのさまざまな作業を管理者は達成することができます。
+ </div><div class="section" id="sect-Security_Guide-Option_Fields-Logging"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">3.6.2.2.1. ログ取得</h5></div></div></div><div class="para">
+ オプション・フィールドは、<code class="option">severity</code> ディレクティブを使用することにより、管理者がルールに対するログ・ファシリティおよびプライオリティ・レベルをより簡単に変更できるようにします。
+ </div><div class="para">
+ 以下の例では、<code class="systemitem">example.com</code> ドメインにあるすべてのホストから SSH デーモンへの接続は、デフォルトの <code class="option">authpriv</code> <code class="option">syslog</code> ファシリティ(ファシリティ値が指定されていないため)にプライオリティ <code class="option">emerg</code> で記録されます:
+ </div><pre class="screen">sshd : .example.com : severity emerg</pre><div class="para">
+ <code class="option">severity</code> オプションを使用してファシリティを指定することも可能です。以下の例は、<code class="systemitem">example.com</code> ドメインのホストによるすべての SSH コネクション試行が <code class="option">local0</code> ファシリティに <code class="option">alert</code> プライオリティで記録されます:
+ </div><pre class="screen">sshd : .example.com : severity local0.alert</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 実際には、syslog デーモン (<code class="systemitem">syslogd</code>) が <code class="command">local0</code> ファシリティを記録するよう設定されるまで、この例はうまく働きません。カスタムログ・ファシリティの設定に関する詳細は <code class="filename">syslog.conf</code> マニュアル・ページを参照してください。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>戻る</strong>3.6.2. TCP Wrappers の設定ファイル</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>次へ</strong>3.6.2.2.2. アクセス制御</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
new file mode 100644
index 0000000..97e3e5f
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.5. 追加のリソース</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers と xinetd" /><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="3.6.4.3.4. リソース管理オプション" /><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="3.6.5.2. 有用な TCP Wrappers ウェブサイト" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">3.6.5. 追加のリソース</h3></div></div></div><div class="para">
+ TCP Wrappers と <code class="systemitem">xinetd</code> に関する詳細は、システムのドキュメントとインターネットにおいて入手可能です。
+ </div><div class="section" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">3.6.5.1. インストールされた TCP Wrappers ドキュメント</h4></div></div></div><div class="para">
+ システムにあるドキュメントは、TCP Wrappers, <code class="systemitem">xinetd</code>, およびアクセス制御に対する、追加の設定オプションを探し始めるよい場所です。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/tcp_wrappers-<em class="replaceable"><code><version></code></em>/</code> — このディレクトリは <code class="filename">README</code> ファイルを含みます。これは、TCP Wrappers がどのように働き、さまざまなホスト名やホスト・アドレスのありえる偽装リスクについて議論しています。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/usr/share/doc/xinetd-<em class="replaceable"><code><version></code></em>/</code> — このディレクトリは <code class="filename">README</code> ファイルを含みます。これは、<code class="filename">/etc/xinetd.d/</code> ディレクトリ\nにあるサービス固有の設定ファイルを変更することに対するさまざまなアイディアとともに、アクセス制御や <code class="filename">sample.conf</code> ファイルの観点を議論しています。
+ </div></li><li class="listitem"><div class="para">
+ TCP Wrappers および <code class="systemitem">xinetd</code> に関連するマニュアル・ページ — TCP Wrappers および <code class="systemitem">xinetd</code> に関連するさまざまなアプリケーションや設定ファイルに対する多くのマニュアル・ページが存在します。以下はより重要なマニュアル・ページのいくつかです。
+ </div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">サーバ・アプリケーション</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man xinetd</code> — <code class="systemitem">xinetd</code> のマニュアル・ページ
+ </div></li></ul></div></dd><dt class="varlistentry"><span class="term">設定ファイル</span></dt><dd><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="command">man 5 hosts_access</code> — TCP Wrappers の hosts access 制御ファイルのマニュアル・ページ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man hosts_options</code> — TCP Wrappers オプション・フィールドのマニュアル・ページ。
+ </div></li><li class="listitem"><div class="para">
+ <code class="command">man xinetd.conf</code> — <code class="systemitem">xinetd</code> 設定オプションを一覧にしているマニュアル・ページ。
+ </div></li></ul></div></dd></dl></div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>戻る</strong>3.6.4.3.4. リソース管理オプション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>次へ</strong>3.6.5.2. 有用な TCP Wrappers ウェブサイト</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
new file mode 100644
index 0000000..3bf17c4
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.2. TCP Wrappers の設定ファイル</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers と xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers と xinetd" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="3.6.2.2. オプション・フィールド" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="
previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">3.6.2. TCP Wrappers の設定ファイル</h3></div></div></div><div class="para">
+ クライアントがサービスへ接続を許可するかを決めるために、TCP Wrappers は、一般的に <em class="firstterm">hosts access</em> ファイルとして参照される、以下の2つのファイルを参照します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.allow</code>
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/hosts.deny</code>
+ </div></li></ul></div><div class="para">
+ TCP ラップされたサービスがクライアントのリクエストを受け取ったとき、以下の手順が実行されます:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ <span class="emphasis"><em><code class="filename">/etc/hosts.allow</code>を参照します。</em></span> — TCP ラップされたサービスは順番に <code class="filename">/etc/hosts.allow</code> ファイルを解析し、そのサービスのために指定された最初のルールを適用します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em><code class="filename">/etc/hosts.deny</code> を参照します。</em></span> — TCP ラップされたサービスは <code class="filename">/etc/hosts.deny</code> ファイルを順番に解析します。マッチするルールを見つけると、接続を拒否します。見つからなければ、サービスへのアクセスが許可されます。
+ </div></li></ol></div><div class="para">
+ ネットワーク・サービスを保護するために TCP Wrappers を使用するとき、考慮する重要なポイントは以下のとおりです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">hosts.allow</code> にあるアクセス・ルールが最初に適用されるので、<code class="filename">hosts.deny</code> で指定されたルールに優先されます。そのため、サービスへのアクセスが <code class="filename">hosts.allow</code> で許可されると、同じサービスに対する <code class="filename">hosts.deny</code> にあるアクセス拒否ルールは無視されます。
+ </div></li><li class="listitem"><div class="para">
+ 各ファイルにあるルールは上から下へ読み込まれ、与えられたサービスに最初にマッチするルールが1つだけ適用されます。ルールの順番は極めて重要です。
+ </div></li><li class="listitem"><div class="para">
+ サービスに対するルールがどちらのファイルにも見つからなければ、もしくはファイルが存在しなければ、サービスへのアクセスは許可されます。
+ </div></li><li class="listitem"><div class="para">
+ TCP ラップされたサービスは、hosts access ファイルをキャッシュしません。そのため、<code class="filename">hosts.allow</code> や <code class="filename">hosts.deny</code> の変更はすべて、ネットワーク・サービスを再起動しなくても、直ちに効果を持ちます。
+ </div></li></ul></div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ hosts アクセス・ファイルの最後の行が改行文字(<span class="keycap"><strong>Enter</strong></span> キーを押すことにより作成されます)でなければ、ファイルにある最後のルールは失敗して、エラーが <code class="filename">/var/log/messages</code> または <code class="filename">/var/log/secure</code> のどちらかに記録されます。バックスラッシュ文字を用いることなく複数行にわたるルールに対しても同様です。以下の例は、これらの状況どちらかによる、ルールの失敗に対するログメッセージの関連する部分を説明します:
+ </div><pre class="screen">warning: /etc/hosts.allow, line 20: missing newline or line too long</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Formatting_Access_Rules">3.6.2.1. アクセス・ルールのフォーマット</h4></div></div></div><div class="para">
+ <code class="filename">/etc/hosts.allow</code> と <code class="filename">/etc/hosts.deny</code> のフォーマットは同じです。 空行とハッシュ (#) で始まる行は無視されます。
+ </div><div class="para">
+ 各ルールはネットワーク・サービスへのアクセスを制御するために以下の基本的なフォーマットを使用します:
+ </div><pre class="screen"><em class="replaceable"><code><daemon list></code></em>: <em class="replaceable"><code><client list></code></em> [: <em class="replaceable"><code><option></code></em>: <em class="replaceable"><code><option></code></em>: ...]</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <em class="replaceable"><code><daemon list></code></em> — カンマ区切りのプロセス名(サービス名では<span class="emphasis"><em>ありません</em></span>) の一覧、もしくは <code class="option">ALL</code> ワイルドカード。デーモンの一覧はより柔軟性を許すためにオペレータ(<a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Operators">「演算子」</a>参照)も受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><client list></code></em> — ルールにより影響するホストのホスト名、ホスト IP アドレス、特別なパターン、またはワイルドカードのカンマ区切りのリスト。クライアント・リストはより柔軟性を持たせるために、<a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Operators">「演算子」</a> にリストされた演算子も受け付けます。
+ </div></li><li class="listitem"><div class="para">
+ <em class="replaceable"><code><option></code></em> — ルールが起動されたときに実行されるオプションのアクションまたはアクションのコロン区切りのリスト。オプション・フィールドは、拡張、シェルの起動、アクセスの許可または拒否、および他のロギング動作をサポートします。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 上の専門用語の詳細は、このガイドの他のところで見つけられます:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Wildcards">「ワイルドカード」</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html#sect-Security_Guide-Formatting_Access_Rules-Patterns">「パターン」</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-Option_Fields-Expansions.html">「拡張」</a>
+ </div></li><li class="listitem"><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html">「オプション・フィールド」</a>
+ </div></li></ul></div></div></div><div class="para">
+ 以下はサンプルの hosts アクセス・ルールです:
+ </div><pre class="screen">vsftpd : .example.com</pre><div class="para">
+ このルールは、TCP Wrappers が <code class="systemitem">example.com</code> ドメインにあるすべてのホストからの FTP デーモン (<code class="systemitem">vsftpd</code>) へのコネクションを待つよう指示します。このルールが <code class="filename">hosts.allow</code> に表れると、コネクションは受け付けられます。このルールが <code class="filename">hosts.deny</code> にある表れると、コネクションは拒否されます。
+ </div><div class="para">
+ 次のサンプル hosts access ルールは、より複雑で、2つのオプション・フィールドを使用します:
+ </div><pre class="screen">sshd : .example.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log \ : deny</pre><div class="para">
+ 各オプション・フィールドはバックスラッシュ (\) が先につけられることに注意してください。バックスラッシュを使用すると、長さのためルールが失敗することを防ぎます。
+ </div><div class="para">
+ このサンプル・ルールは次のことをしています。SSH デーモン (<code class="systemitem">sshd</code>) への接続が <code class="systemitem">example.com</code> ドメインにあるホストから試みられると、特別なログファイルに試行を追加するために <code class="command">echo</code> コマンドを実行して、コネクションが拒否されます。オプションの <code class="command">deny</code> ディレクティブが使われているので、この行は <code class="filename">hosts.allow</code> ファイルに表れたとしてもアクセスが拒否されます。利用可能なオプションの詳細は <a class="xref" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html">「オプション・フィールド」</a> を参照してください。
+ </div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Wildcards">3.6.2.1.1. ワイルドカード</h5></div></div></div><div class="para">
+ ワイルドカードは TCP Wrappers がより簡単にデーモンやホストのグループとマッチできるようにします。それらはアクセス・ルールのクライアント・リスト・フィールドにおいてより頻繁に使われます。
+ </div><div class="para">
+ 以下のワイルドカードが利用可能です:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ALL</code> — すべてにマッチします。デーモン・リストとクライアント・リストに対して使えます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">LOCAL</code> — localhost のようなピリオド (.) を含まないすべてのホストにマッチします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">KNOWN</code> — ホスト名またはホスト・アドレスが既知であるかユーザーが既知である、すべてのホストにマッチします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">UNKNOWN</code> — ホスト名またはホスト・アドレスが未知であるかユーザーが未知である、すべてのホストにマッチします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PARANOID</code> — ホスト名とホスト・アドレスが一致しない、すべてのホストにマッチします。
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ <code class="option">KNOWN</code>, <code class="option">UNKNOWN</code>, および <code class="option">PARANOID</code> ワイルドカードは正しい動作が DNS サーバの機能に依存するので、注意して使用するべきです。名前解決の破壊により、正当なユーザーがサービスにアクセスを得るのを妨害するかもしれません。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Patterns"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Patterns">3.6.2.1.2. パターン</h5></div></div></div><div class="para">
+ パターンは、クライアント・ホストのグループをより正確に指定するために、クライアント・フィールドにおいて使用されます。
+ </div><div class="para">
+ 以下は、クライアント・フィールドにおけるエントリーの一般的なパターンのリストです。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>ピリオド (.) で始まるホスト名</em></span> — ホスト名の始めにピリオドを置くことにより、リストされたコンポーネント名を共有するすべてのホストにマッチします。以下の例は<code class="systemitem">example.com</code> ドメインにあるすべてのホストに適用されます。:
+ </div><pre class="screen">ALL : .example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>ピリオド (.) で終わる IP アドレス</em></span> — IP アドレスの最後にピリオドを置くことにより、IP アドレスの最初の数値グループを共有するすべてのホストにマッチします。以下の例は <code class="systemitem">192.168.x.x</code> ネットワークにあるすべてのホストに適用されます:
+ </div><pre class="screen">ALL : 192.168.</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>IP アドレス/ネットマスクのペア</em></span> — ネットマスク表現は、IP アドレスの特定のグループへのアクセスを制御するためのパターンとしても使われます。<code class="systemitem">192.168.0.0</code> から <code class="systemitem">192.168.1.255</code> までのアドレス範囲を持つすべてのホストに適用されます:
+ </div><pre class="screen">ALL : 192.168.0.0/255.255.254.0</pre><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ IPv4 アドレス空間で動作しているとき、アドレス/プレフィックス長 (<em class="firstterm">prefixlen</em>) ペアの宣言 (<abbr class="abbrev">CIDR</abbr> 表記) はサポートされません。IPv6 ルールのみがこの形式を利用できます。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>[IPv6 アドレス]/プレフィックス長ペア</em></span> — [ネット]/プレフィックス長は IPv6 アドレスの特定のグループに対するアクセスを制御するためにパターンとして使われます。以下の例は、<code class="systemitem">3ffe:505:2:1::</code> から <code class="systemitem">3ffe:505:2:1:ffff:ffff:ffff:ffff</code> までのアドレス範囲を持つすべてのホストに適用されます:
+ </div><pre class="screen">ALL : [3ffe:505:2:1::]/64</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>アスタリスク (*)</em></span> — アスタリスクは、他の形式のパターンを含むクライアント・リストと混在されない限り、ホスト名または IP アドレスのグループ全体にマッチするために使用されます。以下の例は <code class="systemitem">example.com</code> ドメインの中にあるホストすべてに:
+ </div><pre class="screen">ALL : *.example.com</pre></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>スラッシュ (/)</em></span> — クライアント・リストがスラッシュで始まっていると、ファイル名として取り扱われます。多数のホストを指定するルールが必要ならば、これは有用です。以下の例は TCP Wrappers がすべての Telnet コネクションに対して <code class="filename">/etc/telnet.hosts</code> ファイルを参照します:
+ </div><pre class="screen">in.telnetd : /etc/telnet.hosts</pre></li></ul></div><div class="para">
+ 他にも、あまり使われないパターンも TCP Wrappers により受け付けられます。詳細は <code class="filename">hosts_access</code> マニュアル 5 ページを参照してください。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ ホスト名とドメイン名を使用するときは非常に注意してください。攻撃者は、正確な名前解決を避けるためにさまざまな技を使用できます。さらに、DNS サービスへの妨害により認可されたユーザーがネットワーク・サービスを使用することを妨害します。そのため、可能なときは必ず IP アドレスを使用するのが一番です。
+ </div></div></div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Portmap_and_TCP_Wrappers">3.6.2.1.3. Portmap と TCP Wrappers</h5></div></div></div><div class="para">
+ <code class="command">Portmap</code> の TCP Wrappers の実装は、ホスト名検索をサポートしません。このことは、<code class="command">portmap</code> がホストを識別するためにホスト名を使えないことを意味します。結果として、<code class="filename">hosts.allow</code> や <code class="filename">hosts.deny</code> における portmap に対するアクセス制御ルールは、ホストを指定するために、IP アドレスを使用するか、キーワード <code class="option">ALL</code> を使用しなければいけません。
+ </div><div class="para">
+ <code class="command">portmap</code> アクセス制御ルールへの変更はすぐに反映されないかもしれません。<code class="command">portmap</code> サービスを再起動する必要があるかもしれません。
+ </div><div class="para">
+ NIS や NFS のような広く使われるサービスは、動作するために <code class="command">portmap</code> に依存します。そのため、これらの制限を意識してください。
+ </div></div><div class="section" id="sect-Security_Guide-Formatting_Access_Rules-Operators"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Formatting_Access_Rules-Operators">3.6.2.1.4. 演算子</h5></div></div></div><div class="para">
+ 現在、アクセス制御ルールは1つの演算子 <code class="option">EXCEPT</code> を受け付けます。ルールのデーモン・リストとクライアント・リストどちらも使用できます。
+ </div><div class="para">
+ <code class="option">EXCEPT</code> 演算子は、同じルールの中でより広くマッチさせるために、特定の例外を許可します。
+ </div><div class="para">
+ <code class="filename">hosts.allow</code> ファイルからの以下の例は、すべての <code class="systemitem">example.com</code> ホストは、<code class="systemitem">cracker.example.com</code> は除き、すべてのサービスに接続を許可されます:
+ </div><pre class="screen">ALL: .example.com EXCEPT cracker.example.com</pre><div class="para">
+ <code class="filename">hosts.allow</code> ファイルの他の例では、<code class="systemitem">192.168.0.<em class="replaceable"><code>x</code></em></code> ネットワークのクライアントは FTP を除くすべてのサービスを使用できます。
+ </div><pre class="screen">ALL EXCEPT vsftpd: 192.168.0.</pre><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 組織的に、<code class="option">EXCEPT</code> 演算子を使用することを避けることは、しばしばより簡単です。これにより、どのホストがサービスにアクセスを許可または拒否をされるかを見るために、<code class="option">EXCEPT</code> 演算子をより分けることなく、他の管理者が適切なファイルを素早く検索できるようになります。
+ </div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>戻る</strong>3.6. TCP Wrappers と xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>次へ</strong>3.6.2.2. オプション・フィールド</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
new file mode 100644
index 0000000..b6328f0
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.3. xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers と xinetd" /><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="3.6.2.2.4. 拡張" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd 設定ファイル" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
esskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">3.6.3. xinetd</h3></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> デーモンは、FTP, IMAP, および Telnet を含む一般的なネットワーク・サービスのサブセットへのアクセスを制御する、TCP ラップされた<em class="firstterm">スーパー・サービス</em>です。アクセス制御、高度なロギング、バインド、リダイレクト、およびリソース使用量制御に対するサービス固有の設定オプションも提供します。
+ </div><div class="para">
+ クライアントが <code class="systemitem">xinetd</code> により制御されているネットワーク・サービスに接続しようとしているとき、スーパー・サービスがリクエストを受け取り、すべての TCP Wrappers アクセス制御ルールをチェックします。
+ </div><div class="para">
+ アクセスが許可されると、<code class="systemitem">xinetd</code> はコネクションがそのサービスに対するそれ自身のアクセス・ルール下で許可されます。サービスがより多くのリソースを割り当てられ、すべての定義されたルールに違反していないこともチェックします。
+ </div><div class="para">
+ これらの条件すべてが満たされた(つまり、サービスへのアクセスが許可され、サービスがそのリソース制限に届かず、そして、サービスが定義されたルールすべてに違反していない)ならば、<code class="systemitem">xinetd</code> はリクエストされたインスタンスを開始して、それへのコネクションの制御を認めます。コネクションが確立された後、<code class="systemitem">xinetd</code> は、クライアントとサーバ間のコミュニケーションにそれ以上参加しません。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>戻る</strong>3.6.2.2.4. 拡張</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>次へ</strong>3.6.4. xinetd 設定ファイル</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
new file mode 100644
index 0000000..d6f4c39
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4. xinetd 設定ファイル</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="3.6. TCP Wrappers と xinetd" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="3.6.3. xinetd" /><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="3.6.4.2. /etc/xinetd.d/ ディレクトリ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">3.6.4. xinetd 設定ファイル</h3></div></div></div><div class="para">
+ <code class="systemitem">xinetd</code> の設定ファイルは以下のとおりです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> — 全体の <code class="systemitem">xinetd</code> 設定ファイル。
+ </div></li><li class="listitem"><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> — サービス固有のすべてのファイルを含むディレクトリ。
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.conf_File">3.6.4.1. /etc/xinetd.conf ファイル</h4></div></div></div><div class="para">
+ <code class="filename">/etc/xinetd.conf</code> ファイルは <code class="systemitem">xinetd</code> の制御下ですべてのサービスに影響する一般的な設定を含みます。<code class="systemitem">xinetd</code> サービスが最初に起動するときに読み込まれます。そのため、設定の変更を反映するためには、<code class="systemitem">xinetd</code> サービスを再起動する必要があります。以下は <code class="filename">/etc/xinetd.conf</code> ファイルのサンプルです:
+ </div><pre class="screen">defaults
+{
+ instances = 60
+ log_type = SYSLOG authpriv
+ log_on_success = HOST PID
+ log_on_failure = HOST
+ cps = 25 30
+}
+includedir /etc/xinetd.d</pre><div class="para">
+ これらの行は <code class="systemitem">xinetd</code> の以下の観点を制御します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">instances</code> — <code class="systemitem">xinetd</code> が処理できる同時リクエストの最大数を指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_type</code> — <code class="systemitem">xinetd</code> が <code class="command">authpriv</code> ログ・ファシリティを使用するよう設定します。それはログ・エントリーを <code class="filename">/var/log/secure</code> ファイルに書き込みます。<code class="option">FILE /var/log/xinetdlog</code> のようなディレクティブを追加することにより、<code class="filename">/var/log/</code> ディレクトリにある <code class="filename">xinetdlog</code>というカスタムログファイルを作成します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_success</code> — 成功したコネクション試行を記録するよう <code class="systemitem">xinetd</code> を編集します。デフォルトで、リクエストを処理するサーバのリモートホストの IP アドレスおよびプロセス ID が記録されます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — コネクションが拒否されると、失敗したコネクション試行を記録するために <code class="systemitem">xinetd</code> を設定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">cps</code> — あらゆる与えられたサービスに1秒あたり25コネクションだけを許可するように <code class="systemitem">xinetd</code> を設定します。サービスが 30 秒間待たされます。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">includedir</code> <code class="filename">/etc/xinetd.d/</code> — <code class="filename">/etc/xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルで宣言されたオプションを取り込みます。詳細は <a class="xref" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html">「/etc/xinetd.d/ ディレクトリ」</a> を参照してください。
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ しばしば、<code class="filename">/etc/xinetd.conf</code> にある <code class="option">log_on_success</code> および <code class="option">log_on_failure</code> の設定は、サービス固有の設定ファイルにおいてさらに修正されます。そのため、詳細は、<code class="filename">/etc/xinetd.conf</code> ファイルが示すところより、与えられたサービスのログファイルに表れるかもしれません。詳細は <a class="xref" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html#sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">「ログ取得オプション」</a> を参照してください。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>戻る</strong>3.6.3. xinetd</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>次へ</strong>3.6.4.2. /etc/xinetd.d/ ディレクトリ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html
new file mode 100644
index 0000000..cc838c3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-TCP_Wrappers_and_xinetd.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6. TCP Wrappers と xinetd</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="3.5.8.2. 有用な PAM ウェブサイト" /><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="3.6.2. TCP Wrappers の設定ファイル" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">3.6. TCP Wrappers と xinetd</h2></div></div></div><div class="para">
+ ãããã¯ã¼ã¯ã»ãµã¼ãã¹ã¸ã®ã¢ã¯ã»ã¹ãå¶å¾¡ãããã¨ã¯ããµã¼ã管çè
ãç´é¢ããæãéè¦ãªã»ãã¥ãªãã£ã®ä»äºã®ã²ã¨ã¤ã§ããFedora ã¯ãã®ããã«ããã¤ãã®ãã¼ã«ãæä¾ãã¾ãããã¨ãã°ã<code class="command">iptables</code> ãã¼ã¹ã®ãã¡ã¤ã«ã¦ã©ã¼ã«ã»ãã£ã«ã¿ã¯ãã«ã¼ãã«ã®ãããã¯ã¼ã¯ã»ã¹ã¿ãã¯ã®ä¸ã§æè¿ãããªããããã¯ã¼ã¯ã»ãã±ãããé¤å»ãã¾ãããããå©ç¨ãããããã¯ã¼ã¯ã»ãµã¼ãã¹ã«å¯¾ãã¦ã<em class="firstterm">TCP Wrappers</em> ã¯ã©ã®ãã¹ãã "<span class="emphasis"><em>ã©ããããã</em></span>" ãããã¯ã¼ã¯ã»ãµã¼ãã¹ã¸ã®æ¥ç¶ã許å¯ãããã¯æå¦ãããããå®ç¾©ãããã¨ã«ããããããªãä¿è·å±¤ã追å ãã¾ãããã®ãããªã©ããããããããã¯ã¼ã¯ã»ãµã¼ãã¹ã®ï¼ã¤ã¯ã<code class="systemitem">xinetd</code> <span class="emphasis"><em>ã¹ã¼ã
ã¼ãµã¼ãã¼</em></span> ã§ããããã¯ãããã¯ã¼ã¯ã»ãµã¼ãã¹ã®ãµãã»ããã¸ã®æ¥ç¶ãå¶å¾¡ããã¢ã¯ã»ã¹å¶å¾¡ãããã«ç²¾é¬ããã®ã§ããã®ãµã¼ãã¹ã¯ã¹ã¼ãã¼ãµã¼ãã¨å¼ã°ãã¾ãã
+ </div><div class="para">
+ <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services">図3.9「ネットワーク・サービスへのアクセス制御」</a>は、これらのツールがネットワーク・サービスを保護するためにどのように動作するかに関する基本的な説明です。
+ </div><div class="figure" id="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services"><div class="figure-contents"><div class="mediaobject"><img src="images/tcp_wrap_diagram.png" alt="ネットワーク・サービスへのアクセス制御" /><div class="longdesc"><div class="para">
+ 図 A: ネットワーク・サービスへのアクセス制御のフローチャート
+ </div></div></div></div><h6>図3.9 ネットワーク・サービスへのアクセス制御</h6></div><br class="figure-break" /><div class="para">
+ この章はネットワーク・サービスへのアクセスを制御することにおける TCP Wrappers および <code class="systemitem">xinetd</code> の役割に焦点を当てます。そして、これらのツールがログ取得と利用管理を向上するためにどのように使われるかを概説します。
+ </div><div class="section" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">3.6.1. TCP Wrappers</h3></div></div></div><div class="para">
+ TCP Wrappers パッケージ (<code class="filename">tcp_wrappers</code>) はデフォルトでインストールされ、ネットワーク・サービスに対するホスト・ベースのアクセス制御を提供します。パッケージの中にある最も重要なコンポーネントは <code class="filename">/usr/lib/libwrap.a</code> ライブラリです。一般的な用語で、TCP ラップされたサービスとは <code class="filename">libwrap.a</code> ライブラリに備えてコンパイルされたものです。
+ </div><div class="para">
+ TCP ラップされたサービスに接続を試行するとき、クライアントが接続を許可されるかどうかを決めるために、サービスはまずホストの access ファイル (<code class="filename">/etc/hosts.allow</code> および <code class="filename">/etc/hosts.deny</code>) を参照します。多くの場合、リクエストしているクライアントとリクエストされたサービスの名前を、<code class="filename">/var/log/secure</code> または <code class="filename">/var/log/messages</code> に書き込むために、syslog デーモンを使用します。
+ </div><div class="para">
+ クライアントが接続を許可されると、TCP Wrappers がコネクションの制御をリクエストされたサービスに開放し、クライアントとサーバ間のコミュニケーションにおいてそれ以上は取り入れません。
+ </div><div class="para">
+ アクセス制御とロギングに加えて、リクエストされたネットワーク・サービスへのコネクションの拒否や開放をする前に、TCP Wrappers はクライアントとやりとりするためにコマンドを実行できます。
+ </div><div class="para">
+ TCP Wrappers はすべてのサーバ管理者のセキュリティ・ツールの備蓄庫へと重要な追加をするので、Fedora に含まれる多くのネットワーク・サービスは <code class="filename">libwrap.a</code> ライブラリへリンクされます。そのようなアプリケーションのいくつかは <code class="systemitem">/usr/sbin/sshd</code>, <code class="command">/usr/sbin/sendmail</code>, および <code class="systemitem">/usr/sbin/xinetd</code> を含みます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ ネットワーク・サービスのバイナリが <code class="filename">libwrap.a</code> とリンクしているかを確認するために、root ユーザーとして以下のコマンドを入力します:
+ </div><pre class="screen">ldd <binary-name> | grep libwrap</pre><div class="para">
+ <em class="replaceable"><code><binary-name></code></em> をネットワーク・サービスのバイナリの名前で置き換えます。
+ </div><div class="para">
+ コマンドが何も出力せずにプロンプトが戻ってくると、ネットワーク・サービスは <code class="filename">libwrap.a</code> へとリンクされて<span class="emphasis"><em>いません</em></span>。
+ </div><div class="para">
+ 以下の例は <code class="systemitem">/usr/sbin/sshd</code> が <code class="filename">libwrap.a</code> とリンクしていることを意味します:
+ </div><pre class="screen">[root at myServer ~]# ldd /usr/sbin/sshd | grep libwrap
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
+[root at myServer ~]#</pre></div></div><div class="section" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">3.6.1.1. TCP Wrappers の利点</h4></div></div></div><div class="para">
+ TCP Wrappers は他のネットワーク・サービス制御のテクニックに比べて以下の利点を提供します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>クライアントとラップされたネットワーク・サービス双方への透過性</em></span> — 接続しているクライアントとラップされたネットワーク・サービス双方が TCP Wrappers が使用されていることに気がつきません。正当なユーザーは記録され、要求したサービスに接続される一方、禁止されたクライアントからの接続は失敗します。
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>複数プロトコルの一元管理</em></span> — TCP Wrappers は、多くのサーバ・アプリケーションがアクセス制御設定ファイルの一般的なセットを共有でき、よりシンプルな管理をできるようにするため、保護するネットワーク・サービスと独立して動作します。
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>戻る</strong>3.5.8.2. 有用な PAM ウェブサイト</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>次へ</strong>3.6.2. TCP Wrappers の設定ファイル</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
new file mode 100644
index 0000000..973b1c1
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.3. 不注意な管理</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. サーバー・セキュリティへの脅威" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.2.3.2. パッチ未適用のサービス" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.2.3.4. 本質的にセキュアではないサービス" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.or
g"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.2.3.3. 不注意な管理</h4></div></div></div><div class="para">
+ システムにパッチを当てることに失敗した管理者は、サーバー・セキュリティへの最も重大な脅威の1つです。<em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>) によると、コンピューター・セキュリティ脆弱性のおもな原因は、「トレーニングされていない人にセキュリティを維持することを割り当て、その仕事をできるようにするためのトレーニングも時間も与えないこと」です。 <sup>[<a id="idp6664496" href="#ftn.idp6664496" class="footnote">10</a>]</sup> これは自信過剰または動機付けられた管理者と同じくらい、経験の少ない管理者に当てはまります。
+ </div><div class="para">
+ ä»ã®äººã
ãã·ã¹ãã ã»ã«ã¼ãã«ã®ãã°ã»ã¡ãã»ã¼ã¸ããããã¯ã¼ã¯ã»ãã©ãã£ãã¯ãè¦è½ã¨ãä¸æ¹ã§ãä½äººãã®ç®¡çè
ã¯ãµã¼ãã¼ã¨ã¯ã¼ã¯ã¹ãã¼ã·ã§ã³ã«ããããå½ã¦ããã¨ã«å¤±æãã¾ããä»ã®ä¸è¬çãªã¨ã©ã¼ã¯ããµã¼ãã¹ã®ããã©ã«ããã¹ã¯ã¼ãã¾ãã¯ãã¼ãå¤æ´ãããã«æ®ã£ã¦ããã¨ãã§ãããã¨ãã°ãããã¤ãã®ãã¼ã¿ãã¼ã¹ã¯ããã¼ã¿ãã¼ã¹éçºè
ãã·ã¹ãã 管çè
ãã¤ã³ã¹ãã¼ã«å¾ããã«ãããã®ãã¹ã¯ã¼ããå¤æ´ããã¨èãã¦ãããã©ã«ãã®ç®¡çãã¹ã¯ã¼ããæã¡ã¾ãããã¼ã¿ãã¼ã¹ç®¡çè
ããã®ãã¹ã¯ã¼ããå¤æ´ãå¿ããã¨ãçµé¨ã®å°ãªãã¯ã©ãã«ã¼ã§ããããã¼ã¿ãã¼ã¹ã®ç®¡çè
権éãå¾ãããã«ãåºãç¥ãããããã©ã«ãã®ãã¹ã¯ã¼ãã使ç¨ã§ãã¾ããä¸æ³¨æãªç®¡çãã©ã®ããã«ã·ã¹ãã ã®ä¾µå®³ã«ã¤ãªããå¯è½æ
§ããããã«é¢ããä¾ãããã¤ãããã¾ãã
+ </div><div class="footnotes"><br /><hr /><div class="footnote"><div class="para"><sup>[<a id="ftn.idp6664496" href="#idp6664496" class="para">10</a>] </sup>
+ http://www.sans.org/resources/errors.php
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>戻る</strong>1.2.3.2. パッチ未適用のサービス</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>次へ</strong>1.2.3.4. 本質的にセキュアではないサービス</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
new file mode 100644
index 0000000..9465aba
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.4. 本質的にセキュアではないサービス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. サーバー・セキュリティへの脅威" /><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.2.3.3. 不注意な管理" /><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. ワークステーションとホーム PC のセキュリティへの脅威" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="righ
t" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.2.3.4. 本質的にセキュアではないサービス</h4></div></div></div><div class="para">
+ 最も注意深い組織でさえ、選択したネットワーク・サービスが本質的にセキュアでなければ、脆弱性の犠牲になる可能性があります。たとえば、信頼されたネットワーク上で使用されるという仮定の下に開発されたサービスがたくさんあります。しかしながら、サービスがインターネット(それ自体は本質的に信頼できません)で利用可能になるとすぐに、この仮定は崩壊します。
+ </div><div class="para">
+ セキュアではないネットワーク・サービスのカテゴリの1つは、認証に対して暗号化されないユーザー名とパスワードを必要とするものです。Telnet と FTP はそのようなサービスの2つです。パケット盗聴ソフトウェアがリモートユーザーとそのようなサービスの間でトラフィックを監視しているならば、ユーザー名とパスワードが簡単に横取りされる可能性があります。
+ </div><div class="para">
+ 本質的に、そのようなサービスもより簡単に、セキュリティ業界は<em class="firstterm">中間者</em>攻撃と呼びますものの犠牲になります。この種類の攻撃において、意図したサーバーの代わりに彼のマシンに向けるために、ネットワークにおいてクラックされたネームサーバーをだますことにより、クラッカーはネットワーク・トラフィックをリダイレクトします。いったん誰かがサーバーへのリモート・セッションをオープンすると、攻撃者のマシンが、リモート・サービスと情報をキャプチャされていることを用心していないユーザーの間に静かに座る、見えないパイプとして動作します。この方法で、クラッカーはサーバーやユーザに気づかれることなく、管理パスワードや生のデータを集められます。
+ </div><div class="para">
+ ã»ãã¥ã¢ã§ã¯ãªããµã¼ãã¹ã®ãã1ã¤ã®ã«ãã´ãªã¯ãLAN å©ç¨ãæå¾
ãã¦éçºãããããä¸å¹¸ã«ã (ãªã¢ã¼ãã»ã¦ã¼ã¶ã¼ã«å¯¾ãã¦) WAN ãå«ããæ¡å¼µãããããNFS ã NIS ã®ãããªãããã¯ã¼ã¯ã»ãã¡ã¤ã«ã»ã·ã¹ãã ããã³ãããã¯ã¼ã¯æ
å ±ãµã¼ãã¹ã§ããNFS ã¯ã¯ã©ãã«ã¼ã NFS å
±æããã¦ã³ããã¦ãããã«å«ã¾ãããã¹ã¦ã®ãã®ã«ã¢ã¯ã»ã¹ããã®ãé²ãããã«è¨å®ããããããããèªè¨¼ãã»ãã¥ãªãã£ã®ã¡ã«ããºã ãããã©ã«ãã§ã¯æã¡ã¾ãããNIS ãåæ§ã«ããã¬ã¤ã³ããã¹ã ASCII ã¾ã㯠DBM (ASCII ããæ´¾çãã) ãã¼ã¿ãã¼ã¹ã®ä¸ã«ããã¹ã¯ã¼ãããã¡ã¤ã«ã»ãã¼ããã·ã§ã³ãå«ãããããã¯ã¼ã¯ã«ãããã¹ã¦ã®ã³ã³ãã¥ã¼ã¿ã«ç¥ãããªããã°ãããªãéè¦ãªæ
å ±ãæã¡ã¾ãããã®ãã¼ã¿ãã¼ã¹ã¸ã®ã¢ã¯ã»ã¹æ¨©ãå¾ãã¯ã©ãã«ã¼ã¯ã管ç
è
ã®ã¢ã«ã¦ã³ããå«ãããããã¯ã¼ã¯ã«ããããã¹ã¦ã®ã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ãã«ã¢ã¯ã»ã¹ã§ãã¾ãã
+ </div><div class="para">
+ Fedora はデフォルトでそのようなサービスをすべてオフにしてリリースされています。しかしながら、管理者がしばしば、これらのサービスを使用するよう強制されることがあるので、注意深く設定することが重要な意味を持ちます。安全なようにサービスをセットアップする方法の詳細は <a class="xref" href="sect-Security_Guide-Server_Security.html">「サーバのセキュリティ」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>戻る</strong>1.2.3.3. 不注意な管理</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>次へ</strong>1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
new file mode 100644
index 0000000..3031063
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.3.2. パッチ未適用のサービス</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. サーバー・セキュリティへの脅威" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.2.3. サーバー・セキュリティへの脅威" /><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.2.3.3. 不注意な管理" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src
="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.2.3.2. パッチ未適用のサービス</h4></div></div></div><div class="para">
+ デフォルトのインストールに含まれる多くのサーバー・アプリケーションは、しっかりとしていて、全体を通してテストされたソフトウェアの集まりです。何年も本番環境において使用していると、それらのコードは全体を通して精錬され、多くのバグが発見され修正されていきます。
+ </div><div class="para">
+ しかしながら、完璧なソフトウェアのようなものはありません。また、さらなる精錬の余地が常にあります。さらに、比較的新しいソフトウェアはしばしば、その最近の本番環境への出現のため、または、他のサーバー・ソフトウェアほど普及していないため、期待されているほど厳しくテストされていません。
+ </div><div class="para">
+ 開発者とシステム管理者はしばしば、サーバー・アプリケーションにおいてエクスプロイト可能なバグを見つけます。そして、Bugtraq メーリングリスト (<a href="http://www.securityfocus.com">http://www.securityfocus.com</a>) や Computer Emergency Response Team (CERT) ウェブサイト (<a href="http://www.cert.org">http://www.cert.org</a>) のような、バグトラックやセキュリティ関連のウェブサイトにおいて情報を公開します。これらのメカニズムはセキュリティ脆弱性をコミュニティに警告する効果的な方法であるにも関わらず、システムに適切にパッチを当てるかはシステム管理者しだいです。クラッカーがこれらの同じ脆弱性トラッキング・サービスにアクセスして、できるときにいつでもパッチ未適用のシステムをクラックするために情報を使うので、これは特に当
てはまります。素晴らしいシステム管理者は、コンピューティング環境を確実によりセキュアにするために、警戒、定期的なバグ・トラッキング、および適切なシステム・メンテナンスを必要とされます。
+ </div><div class="para">
+ システムを最新に保つことに関する詳細は <a class="xref" href="sect-Security_Guide-Security_Updates.html">「セキュリティ・アップデート」</a> を参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>戻る</strong>1.2.3. サーバー・セキュリティへの脅威</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>次へ</strong>1.2.3.3. 不注意な管理</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
new file mode 100644
index 0000000..2172d0c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2.4.2. 脆弱なクライアント・アプリケーション</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. ワークステーションとホーム PC のセキュリティへの脅威" /><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.2.4. ワークステーションとホーム PC のセキュリティへの脅威" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. 脆弱性のアセスメント" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product
Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.2.4.2. 脆弱なクライアント・アプリケーション</h4></div></div></div><div class="para">
+ 管理者が完全にセキュアでパッチを当てたサーバーにしているにも関わらず、リモート・ユーザーがアクセスするときにセキュアであるとは限りません。たとえば、サーバーがパブリックネットワーク上で Telnet や FTP サービスを提供していると、攻撃者は平文のユーザー名とパスワードがネットワーク上を流れているので、それらを取ることができます。そして、リモート・ユーザーのワークステーションにアクセスするためにアカウント情報を使用します。
+ </div><div class="para">
+ SSH のようなセキュアなプロトコルを使用しているときでさえ、リモート・ユーザーは、クライアント・アプリケーションを更新していないと、特定の攻撃に対して脆弱であるかもしれません。たとえば、v.1 SSH クライアントは悪意のある SSH サーバーからの X 転送攻撃に対して脆弱です。一度サーバーに接続すると、攻撃者はネットワーク上でクライアントによるキー入力やマウス操作をひそかにとることができます。この問題は v.2 SSH プロトコルで修正されました。しかしユーザーは、どのアプリケーションがそのような脆弱性を持ち、更新する必要があるのかを把握し続けないといけません。
+ </div><div class="para">
+ <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">「ワークステーションのセキュリティ」</a> は、管理者とホームユーザーがコンピューター・ワークステーションの脆弱性を制限するためにどんなステップをとるべきかをより詳細に説明しています。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>戻る</strong>1.2.4. ワークステーションとホーム PC のセキュリティへの脅威</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>次へ</strong>1.3. 脆弱性のアセスメント</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html
new file mode 100644
index 0000000..bd6c249
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Applying_the_Changes.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.4. 変更の適用</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. セキュリティ・アップデート" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html" title="1.5.3. 署名されたパッケージのインストール" /><link rel="next" href="chap-Security_Guide-Basic_Hardening.html" title="第2章 基本強化ガイド" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Basic_Hardening.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Applying_the_Changes">1.5.4. 変更の適用</h3></div></div></div><div class="para">
+ セキュリティ・エラッタとアップデートをダウンロードしてインストールした後、古いソフトウェアの使用を停止し、新しいソフトウェアの使用を開始します。これがどのように実行されるかは、更新されたソフトウェアの種類によります。以下の一覧は、ソフトウェアの一般的なカテゴリを一覧化し、パッケージのアップグレード後に更新されたバージョンを使用するための説明を提供します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 一般に、システムを再起動することは、ソフトウェア・パッケージの最新バージョンを確実に使用するための最も確実な方法です。しかしながら、この選択肢は必ずしも必要とされません、またはシステム管理者が利用可能ではありません。
+ </div></div></div><div class="variablelist"><dl><dt class="varlistentry"><span class="term">アプリケーション</span></dt><dd><div class="para">
+ ユーザ空間アプリケーションは、システムのユーザーにより開始できるあらゆるプログラムです。一般的に、そのようなアプリケーションは、ユーザー、スクリプトまたは自動化されたタスク・ユーティリティがそれらを起動して、長い期間続かないときにのみ使われます。
+ </div><div class="para">
+ そのようなユーザー空間アプリケーションが更新されると、システムにあるアプリケーションのインスタンスをすべて停止して、更新したバージョンを使用するために再びプログラムを起動します。
+ </div></dd><dt class="varlistentry"><span class="term">カーネル</span></dt><dd><div class="para">
+ カーネルは Fedora オペレーティング・システムの中心的なソフトウェア・コンポーネントです。メモリー、プロセッサおよび周辺機器へのアクセスを管理するだけでなく、すべてのタスクをスケジュールします。
+ </div><div class="para">
+ その中心的な役割のため、カーネルはコンピュータを止めることなく再起動することはできません。そのため、カーネルの更新されたバージョンはシステムが再起動されるまで使うことができません。
+ </div></dd><dt class="varlistentry"><span class="term">共有ライブラリ</span></dt><dd><div class="para">
+ 共有ライブラリは、<code class="filename">glibc</code> のように、多くのアプリケーションやサービスにより使用される、コードの集合です。共有ライブラリを使用しているアプリケーションは、一般的にアプリケーションが初期化されるときに共有コードをロードします。そのため、更新されたライブラリを使用しているすべてのアプリケーションは停止して再起動しなければいけません。
+ </div><div class="para">
+ 実行しているアプリケーションが特定のライブラリにリンクしているかどうかを決めるために、以下の例にあるように <code class="command">lsof</code> コマンドを使用します:
+ </div><pre class="screen"><code class="command">lsof /lib/libwrap.so*</code></pre><div class="para">
+ このコマンドは、ホストのアクセス制御用の TCP Wrappers を使用している、実行中のプログラムをすべて返します。
+ </div></dd><dt class="varlistentry"><span class="term">SysV サービス</span></dt><dd><div class="para">
+ SysV サービスはブート中に起動される永続的なプログラムです。SysV サービスの例は、<code class="command">sshd</code>, <code class="command">vsftpd</code>, および <code class="command">xinetd</code> を含みます。
+ </div><div class="para">
+ 通常これらのプログラムはマシンがブートしている限りはメモリに永続するので、それぞれの更新された SysV サービスはパッケージが更新された後に停止して再起動しなければいけません。これは、<span class="application"><strong>サービス設定ツール</strong></span>を用いるか、rootシェル・プロンプトにログインして、以下の例にあるように <code class="command">/sbin/service</code> コマンドを発行することにより実行されます。
+ </div><pre class="screen"><code class="command">/sbin/service <em class="replaceable"><code><service-name></code></em> restart</code></pre><div class="para">
+ 前の例において、<em class="replaceable"><code><service-name></code></em> を <code class="command">sshd</code> のようなサービスの名前で置き換えます。
+ </div></dd><dt class="varlistentry"><span class="term"><code class="command">xinetd</code> サービス</span></dt><dd><div class="para">
+ <code class="command">xinetd</code> スーパー・サービスにより管理されているサービスは、アクティブな接続があるときのみ実行されます。<code class="command">xinetd</code> により管理されるサービスの例は Telnet, IMAP, および POP3 を含みます。
+ </div><div class="para">
+ これらのサービスの新しいインスタンスは 新しいリクエストが受け取られるたびに <code class="command">xinetd</code> により起動されるので、更新後に発生した接続は更新されたソフトウェアにより取り扱われます。しかしながら、<code class="command">xinetd</code> に管理されたサービスが更新されたときにアクティブな接続があるならば、それらは古いバージョンのソフトウェアによりサービスされます。
+ </div><div class="para">
+ <code class="command">xinetd</code> が管理している特定のサービスの古いインスタンスを止めて、サービスに対するパッケージを更新するために、現在実行中のプロセスをすべて停止します。プロセスが実行中であるかどうかを決めるために、<code class="command">ps</code> コマンドを使用します。そして、現在のサービスのインスタンスを止めるために <code class="command">kill</code> または <code class="command">killall</code> コマンドを使用します。
+ </div><div class="para">
+ たとえば、<code class="filename">imap</code> パッケージのセキュリティ・エラッタがリリースされ、パッケージを更新したならば、シェル・プロンプトの中で root として以下のコマンドを入力します:
+ </div><pre class="screen"><code class="command">ps -aux | grep imap</code></pre><div class="para">
+ このコマンドはすべてのアクティブな IMAP セッションを返します。各セッションは以下のコマンドを発行することにより停止できます:
+ </div><pre class="screen"><code class="command">kill <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ これがセッションを停止するのに失敗したら、代わりに以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">kill -9 <em class="replaceable"><code><PID></code></em></code></pre><div class="para">
+ 前の例において、<em class="replaceable"><code><PID></code></em> を IMAP セッションに対するプロセス識別番号(<code class="command">ps</code> コマンドの2番目の列で見つけられます)に置き換えます。
+ </div><div class="para">
+ すべてのアクティブな IMAP セッションを止めるために、以下のコマンドを発行します:
+ </div><pre class="screen"><code class="command">killall imapd</code></pre></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>戻る</strong>1.5.3. 署名されたパッケージのインストール</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Basic_Hardening.html"><strong>次へ</strong>第2章 基本強化ガイド</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html
new file mode 100644
index 0000000..024d4a9
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.3. 署名されたパッケージのインストール</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. セキュリティ・アップデート" /><link rel="prev" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html" title="1.5.2. 署名されたパッケージの検証" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html" title="1.5.4. 変更の適用" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages">1.5.3. 署名されたパッケージのインストール</h3></div></div></div><div class="para">
+ 多くのパッケージに対するインストールは、(カーネル・パッケージを除いて、)以下のコマンドにより、安全に実行することができます:
+ </div><pre class="screen"><code class="command">rpm -Uvh /tmp/updates/*.rpm</code></pre><div class="para">
+ カーネル・パッケージに対しては、以下のコマンドを使用します:
+ </div><pre class="screen"><code class="command">rpm -ivh /tmp/updates/<em class="replaceable"><code><kernel-package></code></em></code></pre><div class="para">
+ 前の例にある <em class="replaceable"><code><kernel-package></code></em> をカーネル RPM の名前で置き換えます。
+ </div><div class="para">
+ マシンが新しいカーネルを用いて安全に再起動されると、古いカーネルは以下のコマンドを用いて削除することができます:
+ </div><pre class="screen"><code class="command">rpm -e <em class="replaceable"><code><old-kernel-package></code></em></code></pre><div class="para">
+ 前の例にある <em class="replaceable"><code><old-kernel-package></code></em> を古いカーネル RPM で置き換えます。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 古いカーネルを削除することは必要ではありません。デフォルトのブートローダ GRUB は、複数のカーネルがインストールされることを許可します。そして、ブート時にメニューから選択されます。
+ </div></div></div><div class="important"><div class="admonition_header"><h2>重要</h2></div><div class="admonition"><div class="para">
+ あらゆるセキュリティ・エラッタをインストールする前に、エラッタ・レポートに含まれるすべての特別な指示を確実に読み、それに応じてそれらを実行します。エラッタ・アップデートにより行われた変更を適用することに関する一般的な情報は <a class="xref" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html">「変更の適用」</a> を参照してください。
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html"><strong>戻る</strong>1.5.2. 署名されたパッケージの検証</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Applying_the_Changes.html"><strong>次へ</strong>1.5.4. 変更の適用</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html
new file mode 100644
index 0000000..9dd61c5
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5.2. 署名されたパッケージの検証</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Security_Updates.html" title="1.5. セキュリティ・アップデート" /><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. セキュリティ・アップデート" /><link rel="next" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html" title="1.5.3. 署名されたパッケージのインストール" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Security_Updates.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Updating_Packages-Verifying_Signed_Packages">1.5.2. 署名されたパッケージの検証</h3></div></div></div><div class="para">
+ Fedora のパッケージはすべて Fedora <em class="firstterm">GPG</em> キーを用いて署名されています。GPG は GNU Privacy Guard または GnuPG を意味する、配布ファイルの真正性を確実にするために使用されるフリー・ソフトウェアのパッケージです。たとえば、公開鍵がパッケージをロック解除して検証するまで、プライベート鍵(秘密鍵)はパッケージをロックします。Fedora により配布される公開鍵が RPM 検証中に秘密鍵と一致しなければ、パッケージは改ざんされているかもしれず、そのため信頼できません。
+ </div><div class="para">
+ Fedora の中にある RPM ユーティリティは、RPM パッケージのインストール前に自動的に GPG 署名を検証しようとします。Fedora GPG キーがインストールされていないならば、Fedora インストール CD-ROM または DVD のような、安全かつ静的な場所からそれをインストールします。
+ </div><div class="para">
+ ディスクが <code class="filename">/mnt/cdrom</code> にマウントされていると仮定すると、以下のコマンドを用いて <em class="firstterm">keyring</em> (システムにおいて信頼されたキーのデータベース) の中にインポートすることができます:
+ </div><pre class="screen"><code class="command">rpm --import /mnt/cdrom/RPM-GPG-KEY</code></pre><div class="para">
+ RPM 検証のためにインストールされたすべてのキーを一覧表示するために、次のコマンドを実行します:
+ </div><pre class="screen"><code class="command">rpm -qa gpg-pubkey*</code></pre><div class="para">
+ 出力は以下のように見えるでしょう:
+ </div><pre class="screen"><code class="computeroutput">gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ 特定のキーに関する詳細を表示するために、この例のように、前のコマンドの出力にしたがって <code class="command">rpm -qi</code> コマンドを使用します:
+ </div><pre class="screen"><code class="command">rpm -qi gpg-pubkey-db42a60e-37ea5438</code></pre><div class="para">
+ RPM ファイルをインストールする前に、パッケージのオリジナル・ソースから改ざんされていないことを確実にするために、それの署名を検証することは極めて重要です。ダウンロードしたパッケージを一度に検証するために、以下のコマンドを発行します:
+ </div><pre class="screen"><code class="command">rpm -K /tmp/updates/*.rpm</code></pre><div class="para">
+ 各パッケージに対して、GPG キーが正しく検証されると、コマンドは <code class="computeroutput">gpg OK</code> を返します。そうでなければ、コンテンツのソースを検証するだけでなく、正しい Fedora 公開鍵を使用していることを確実にします。GPG 検証を通過しなかったパッケージは、第三者により改ざんされているかもしれないので、インストールすべきではありません。
+ </div><div class="para">
+ GPG キーを検証して、エラッタ・レポートに関連するすべてのパッケージをダウンロードした後、シェル・プロンプトにおいて root としてパッケージをインストールします。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Security_Updates.html"><strong>戻る</strong>1.5. セキュリティ・アップデート</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Updating_Packages-Installing_Signed_Packages.html"><strong>次へ</strong>1.5.3. 署名されたパッケージのインストール</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
new file mode 100644
index 0000000..4aa6752
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3.2. 基本的なファイアウォール・ポリシー</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. IPTables の使用" /><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. IPTables の使用" /><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="3.8.3.3. IPTables ルールの保存と復元" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">3.8.3.2. 基本的なファイアウォール・ポリシー</h4></div></div></div><div class="para">
+ 基本的なファイアウォール・ポリシーを確立することにより、より詳細な、ユーザー定義のルールを構築する基礎を作成します。
+ </div><div class="para">
+ それぞれの <code class="command">iptables</code> チェインはデフォルトのポリシー、および、ファイアウォールに対するルールセット全体を定義するためにデフォルトのポリシーとともに働く、0またはそれより多いルールから構成されます。
+ </div><div class="para">
+ チェインに対するデフォルト・ポリシーは DROP または ACCEPT です。セキュリティに気を配る管理者は一般的に DROP のデフォルト・ポリシーを実装し、ケースバイケースで特定のパケットのみを許可します。たとえば、以下のポリシーはネットワーク・ゲートウェイにおいてすべての入力および出力パケットをブロックします:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P INPUT DROP
+[root at myServer ~ ] # iptables -P OUTPUT DROP</pre><div class="para">
+ 内部クライアントが不注意にインターネットへとさらされるのを制限するため、同じようにすべての<em class="firstterm">転送パケット</em>(ファイアウォールから宛て先ノードへとルートされるネットワーク・トラフィック)が拒否されることも推奨されます。これをするために、以下のルールを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # iptables -P FORWARD DROP</pre><div class="para">
+ 各チェインに対するデフォルトのポリシーが確立されると、特定のネットワークに対するさらなるルールやセキュリティ要件を作成・保存できます。
+ </div><div class="para">
+ 以下のセクションは iptables ルールを保存する方法を説明し、iptables ファイアウォールを構築する間に実装するかもしれないいくつかのルールの概要を示します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>戻る</strong>3.8.3. IPTables の使用</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>次へ</strong>3.8.3.3. IPTables ルールの保存と復元</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
new file mode 100644
index 0000000..f908921
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.8.3.3. IPTables ルールの保存と復元</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="3.8.3. IPTables の使用" /><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="3.8.3.2. 基本的なファイアウォール・ポリシー" /><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="3.8.4. 一般的な IPTables フィルタ" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">3.8.3.3. IPTables ルールの保存と復元</h4></div></div></div><div class="para">
+ <code class="command">iptables</code> への変更は一時的なものです。システムが再起動したり、<code class="command">iptables</code> サービスが再起動したりすると、ルールは自動的に消去されリセットされます。<code class="command">iptables</code> サービスが起動するときにロードされるよう、ルールを保存するために、以下のコマンドを使用します:
+ </div><pre class="screen">[root at myServer ~ ] # service iptables save</pre><div class="para">
+ ルールは <code class="filename">/etc/sysconfig/iptables</code> に保存され、サービスが開始またはマシンが再起動するときは必ず適用されます。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>戻る</strong>3.8.3.2. 基本的なファイアウォール・ポリシー</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>次へ</strong>3.8.4. 一般的な IPTables フィルタ</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
new file mode 100644
index 0000000..6c64029
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.2. アセスメントとテストの定義</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. 脆弱性のアセスメント" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. 脆弱性のアセスメント" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.3.3. ツールの評価" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.3.2. アセスメントとテストの定義</h3></div></div></div><div class="para">
+ 脆弱性アセスメントは2種類に分解できます: <em class="firstterm">外から中を見る</em> および <em class="firstterm">中から外を見る</em>。
+ </div><div class="para">
+ 外から中を見る脆弱性アセスメントを実行するとき、外側からシステムを危険にさらすことを試みます。会社の外側であることは、あなたにクラッカーの観点を与えます。クラッカーが見るものを見ます — 公にルート可能な IP アドレス、<em class="firstterm">DMZ</em> にあるシステム、ファイアウォールの外部インタフェース、およびその他。DMZ は "demilitarized zone" を意味します。ここで、企業プライベート LAN のような信頼された内部ネットワーク、およびパブリックなインターネットのような信頼されない外部ネットワークの間にある、コンピューターまたは小さなサブネットワークに一致します。一般的に、DMZ は ウェブ (HTTP) サーバー、FTP サーバー、SMTP (e-mail) サーバーおよび DNS サーバーのような、インターネットのトラフィック
にアクセス可能なデバイスを含みます。
+ </div><div class="para">
+ 中から外を見る脆弱性アセスメントを実行するとき、あなたは内部にいて、状態が信頼されると昇格されるため、いくらかの優位性があります。これは一度システムにログオンしたあなたや同僚の視点です。プリント・サーバー、ファイル・サーバー、データベースおよび他のリソースを見ます。
+ </div><div class="para">
+ これら2種類の脆弱性アセスメントの著しい区別があります。会社の内部にいることは、どの外部者よりも上昇された権限を与えられます。多くの組織において今でも、セキュリティは侵入者を締め出すという方法で構成されています。(部門内ファイアウォール、ユーザー・レベル・アクセス制御、内部リソースに対する認証手順などのように)組織の内部をセキュアにしていることは非常にまれです。一般的に、多くのシステムが会社の内部にあるので、中から外を見るときより多くのリソースがあります。一度あなた自身を会社の外部者と設定すると、ただちに信頼されない状態を与えられます。あなたが外部的に利用可能なシステムとリソースは一般的に非常に制限されます。
+ </div><div class="para">
+ 脆弱性アセスメントと<em class="firstterm">侵入テスト</em>の違いを検討します。侵入テストへの第一歩として脆弱性アセスメントを考えます。アセスメントから収集された情報はテストのために使用されます。アセスメントがホールや潜在的な脆弱性に対するチェックをするために行われるのに対して、侵入テストは発見したものを実際にエクスプロイトしようとします。
+ </div><div class="para">
+ ネットワーク・インフラストラクチャをアセスメントすることは、ダイナミックなプロセスです。セキュリティ(情報も物理も)はダイナミックです。概要に示されるアセスメントを実行することは、フォールス・ポジティブとフォールス・ネガティブが現れる可能性があります。
+ </div><div class="para">
+ セキュリティ管理者は、使用しているツールと保有している知識を同じくらい素晴らしいです。現在、多くの形態のアセスメント・ツールが利用可能です。それらをシステムに対して実行して、そして、大抵いくつかのフォールス・ネガティブがあることを保証します。プログラムの間違いかユーザーの誤りかによらず、結果は同じです。ツールが実際に存在しない脆弱性を見つけるかもしれません(フォールス・ポジティブ)。もしくはさらに悪いことに、ツールが実際に存在する脆弱性を見つけないかもしれません(フォールス・ネガティブ)。
+ </div><div class="para">
+ これで脆弱性アセスメントと侵入テストの違いが定義されたので、あなたの新しいベスト・プラクティス・アプローチの一部として侵入テストを行う前に、アセスメントの結論を出して、注意深くレビューします。
+ </div><div class="warning"><div class="admonition_header"><h2>警告</h2></div><div class="admonition"><div class="para">
+ 本番リソースにおける脆弱性をエクスプロイトする試みは、システムとネットワークの生産性や効率に悪影響を与える可能性があります。
+ </div></div></div><div class="para">
+ 以下の一覧は脆弱性アセスメントを実施するためにいくつかの有益性を検討します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 情報セキュリティにプロアクティブなフォーカスを当てる
+ </div></li><li class="listitem"><div class="para">
+ クラッカーに見つけられる前に潜在的なエクスプロイトを見つける
+ </div></li><li class="listitem"><div class="para">
+ システムを最新でパッチが当てられた状態をもたらす
+ </div></li><li class="listitem"><div class="para">
+ 成長とスタッフの習熟に役立つよう促進する
+ </div></li><li class="listitem"><div class="para">
+ 経済的損失とネガティブな広報を減らす
+ </div></li></ul></div><div class="section" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Defining_Assessment_and_Testing-Establishing_a_Methodology">1.3.2.1. 方法論の確立</h4></div></div></div><div class="para">
+ 脆弱性アセスメント用のツールを選択する支援のために、脆弱性アセスメントの方法論を確立することは助けになります。不幸にも、現在のところ事前に定義された、もしくは工業的に証明された方法論はありません。しかしながら、一般的な判断およびベスト・プラクティスが十分なガイドとして振る舞います。
+ </div><div class="para">
+ <span class="emphasis"><em>対象は何か?一つのサーバーを見るのか、もしくは、ネットワーク全体およびネットワーク内にあるすべてのものを見るのか? 会社にとって外部または内部なのか?</em></span> これらの質問に対する答えは、どのツールを選択するかだけでなく、そのツールをどのような方法で使用するかを決める助けになるので、重要です。
+ </div><div class="para">
+ 方法論の確立に関する詳細は、以下のウェブサイトを参照してください:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <a href="http://www.isecom.org/osstmm/">http://www.isecom.org/osstmm/</a> <em class="citetitle">The Open Source Security Testing Methodology Manual</em> (OSSTMM)
+ </div></li><li class="listitem"><div class="para">
+ <a href="http://www.owasp.org/">http://www.owasp.org/</a> <em class="citetitle">The Open Web Application Security Project</em>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>戻る</strong>1.3. 脆弱性のアセスメント</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>次へ</strong>1.3.3. ツールの評価</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
new file mode 100644
index 0000000..83caf60
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3.3. ツールの評価</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.3. 脆弱性のアセスメント" /><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.3.2. アセスメントとテストの定義" /><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.3.3.2. Nessus" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.3.3. ツールの評価</h3></div></div></div><div class="para">
+ アセスメントはいくつかの形式の情報収集ツールにより始められます。ネットワーク全体をアセスメントするとき、動作しているホストを見つけるために、まずレイアウトをマップします。一度位置が決められると、それぞれ各ホストを検査します。これらのホストに焦点をあてることは、他のセットのツールを必要とします。使うためのツールを知ることは、脆弱性を見つけるときの最も重要な手順かもしれません。
+ </div><div class="para">
+ 日常生活のあらゆる場面のように、同じ仕事を実行する数多くの異なるツールがあります。この概念は脆弱性アセスメントを実行することにも同様に当てはまります。オペレーティングシステム、アプリケーション、そしてネットワークにさえ(使用されるプロトコルに基づきます)具体的なツールがあります。いくつかのツールはフリーです。他のものはそうではありません。いくつかのツールは直感的で使いやすいです。一方、他のツールは不可解であり、十分に文書化されませんが、他のツールにはない機能を持ちます。
+ </div><div class="para">
+ 正しいツールを見つけることは、気が重い仕事であるかもしれません。最後には経験が重要になります。可能ならば、実験ラボをセットアップして、それぞれの強みと弱みに注目して、できる限り多くのツールを試験します。ツールに対する README ファイルまたはマニュアル・ページをレビューします。さらに、ツールに対する記事、ステップ・バイ・ステップのガイド、またはメーリングリストのような、詳細に関してインターネットに目を向けます。
+ </div><div class="para">
+ 以下で説明されるツールは、単に利用可能なツールの小さなサンプルです。
+ </div><div class="section" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Scanning_Hosts_with_Nmap">1.3.3.1. Nmap を用いたホストのスキャン</h4></div></div></div><div class="para">
+ Nmap はネットワークのレイアウトを決定するために利用される Fedora に含まれる一般的なツールです。Nmap は長年にわたり利用可能であり、おそらく情報を集めるときに最もよく使われるツールです。そのオプションと使用法の詳細な説明を提供する、素晴らしいマニュアル・ページが含まれます。管理者は、ホストシステムとそれらのシステムにおいて開いているポートを見つけるためにネットワークにおいて Nmap を使用できます。
+ </div><div class="para">
+ Nmap は脆弱性アセスメントにおける十分な第一歩です。ネットワークの中にあるホストすべてを図示します。そして、Nmap が特定のホストで実行しているオペレーティング・システムを特定する試行ができるようにするオプションを渡すこともできます。Nmap は、セキュアなサービスの使用と不必要なサービスの停止の方針を確立するための素晴らしい基礎です。
+ </div><div class="section" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Scanning_Hosts_with_Nmap-Using_Nmap">1.3.3.1.1. Nmap の使用</h5></div></div></div><div class="para">
+ Nmap は <code class="command">nmap</code> コマンドを、スキャンするマシンのホスト名または IP アドレスを後ろにつけて、入力することによりシェル・プロンプトから実行することができます。
+ </div><pre class="screen"><code class="command">nmap foo.example.com</code></pre><div class="para">
+ 基本的なスキャン(ホストの位置や他のネットワーク条件に依存して数分かかります)の結果は以下のように見えるでしょう。
+ </div><pre class="screen">
+Starting Nmap 4.68 ( http://nmap.org )
+Interesting ports on foo.example.com:
+Not shown: 1710 filtered ports
+PORT STATE SERVICE
+22/tcp open ssh
+53/tcp open domain
+70/tcp closed gopher
+80/tcp open http
+113/tcp closed auth</pre><div class="para">
+ Nmap は、サービスがリッスンしているまたは待っている、最も一般的なネットワーク・コミュニケーション・ポートをテストします。この知識は、不必要または未使用のサービスを閉じたいと思っている管理者の助けにすることができます。
+ </div><div class="para">
+ Nmap の使用法に関する詳細は、以下の URL にある公式ホームページを参照してください。
+ </div><div class="para">
+ <a href="http://www.insecure.org/">http://www.insecure.org/</a>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>戻る</strong>1.3.2. アセスメントとテストの定義</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>次へ</strong>1.3.3.2. Nessus</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html
new file mode 100644
index 0000000..f82d2b3
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Vulnerability_Assessment.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. 脆弱性のアセスメント</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="第1章 セキュリティの概要" /><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.2.4.2. 脆弱なクライアント・アプリケーション" /><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.3.2. アセスメントとテストの定義" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Vulnerability_Assessment" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.3. 脆弱性のアセスメント</h2></div></div></div><div class="para">
+ 時間、リソースおよびモチベーションを与えられると、クラッカーはほとんどすべてのシステムに侵入できます。結局、現在利用可能なすべてのセキュリティの手順と技術は、あらゆるシステムが侵入から完全に安全であることを保証することはできません。ルーターはインターネットへの安全なゲートウェイの助けになります。ファイアウォールはネットワークの境界の助けになります。VPN は暗号化されたストリームにおいて安全にデータを通過させます。侵入検知システムは悪意のある活動を警告します。しかし、これらの技術のそれぞれの成功は、以下を含む多くの変動要因に依存します。
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 技術の設定、監視および維持に責任のあるスタッフの習熟。
+ </div></li><li class="listitem"><div class="para">
+ サービスとカーネルに迅速かつ効果的にパッチおよび更新する能力。
+ </div></li><li class="listitem"><div class="para">
+ ネットワーク上の一定した警戒を維持する責任のある人の能力
+ </div></li></ul></div><div class="para">
+ システムと技術がデータのダイナミックな状態にすると、企業のリソースをセキュアにすることは極めて難しくなります。しばしばシステムのすべてに対する専門家のリソースを見つけることは難しいです。情報セキュリティの多くの領域における高いレベルの知識を持つ要員を持つことができる間、少し以上の主題領域に精通しているスタッフを維持することは難しいです。これはおもに、情報セキュリティの各主題領域は一定の注意と集中を必要とするからです。情報セキュリティは有効なままではありません。
+ </div><div class="section" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.3.1. 敵のような考え</h3></div></div></div><div class="para">
+ あなたが企業ネットワークの管理者であると仮定します。そのようなネットワークは一般的に、オペレーティングシステム、アプリケーション、サーバ、ネットワーク・モニタ、侵入検知システム等から構成されます。今日のソフトウェアとネットワーク環境の複雑さを与えられると、エクスプロイットとバグは必然性があります。ネットワーク全体をパッチとアップデートで最新に保つことは、異質なシステムを持つ大きなネットワークにおいて気が重い作業であることがわかります。
+ </div><div class="para">
+ 習熟の要件と現状維持の作業を組み合わせます。そして、不利益なインシデントが発生し、システムが侵害され、データが破壊され、サービスが中断されることは不可避です。
+ </div><div class="para">
+ セキュリティ技術を強化して、システム、ネットワーク、およびデータを保護する支援とするため、あなたはクラッカーのように考え、弱さに対するチェックをすることによりシステムのセキュリティを測定しなければいけません。自身のシステムとネットワーク・リソースに対する予防的な脆弱性アセスメントは、クラッカーがエクスプロイトする前に対処できる潜在的な問題を明らかにします。
+ </div><div class="para">
+ 脆弱性アセスメントはあなたのネットワークおよびシステムのセキュリティの内部監査です。(<a class="xref" href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-What_is_Computer_Security-Standardizing_Security">「セキュリティの標準化」</a> に説明されているように)ネットワークの機密性、完全性および可用性を支持する結果です。一般的に、脆弱性アセスメントは、対象システムに関する重要なデータを集めることを通じて、調査フェーズから始めます。このフェーズはシステム準備フェーズにつながります。それによって、対象が基本的にすべての既知の脆弱性をチェックされます。準備フェーズは報告フェーズに達します。ここで、発見したものは高中低のカテゴリに分類され、対象のセキュリティを向上させる(または脆弱性のリスク
を低減させる)方法が議論されます。
+ </div><div class="para">
+ あなたの自宅の脆弱性アセスメントを実行しているならば、自宅のドアが閉められて鍵がかけられているかどうかを確認するために、それぞれのドアをチェックするでしょう。確実にすべての窓が完全に閉まっており、正しく鍵がかけられていることもチェックします。この同じような概念をシステム、ネットワークおよび電子データに適用します。悪意のあるユーザーはあなたのデータの泥棒および心ない破壊者です。ツール、精神性および動機に注目します。そうすると、彼ら彼女らの行動に素早く反応できます。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>戻る</strong>1.2.4.2. 脆弱なクライアント・アプリケーション</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>次へ</strong>1.3.2. アセスメントとテストの定義</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html
new file mode 100644
index 0000000..988cadf
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey-Web_Sites.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4.2. YubiKey を用いたウェブサイトの認証</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-Yubikey.html" title="3.4. YubiKey" /><link rel="prev" href="sect-Security_Guide-Yubikey.html" title="3.4. YubiKey" /><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="3.5. Pluggable Authentication Modules (PAM)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey.html"><stron
g>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-Yubikey-Web_Sites"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Web_Sites">3.4.2. YubiKey を用いたウェブサイトの認証</h3></div></div></div><div class="para">
+ このガイドの範囲外ではありますが、YubiKey はこの認証方法をサポートするウェブサイトへ認証するようにできます。これらのウェブサイトは一般的に Yubico の認証サーバーをサポートしますが、いくつかは上のセンターサーバーと同じようにセットアップすることができます。Yubico は、特定のウェブサイトで利用されている OpenID サービスも提供します。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Yubikey.html"><strong>戻る</strong>3.4. YubiKey</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>次へ</strong>3.5. Pluggable Authentication Modules (PAM)</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html
new file mode 100644
index 0000000..824239c
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-Yubikey.html
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4. YubiKey</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="第3章 ネットワークのセキュア化" /><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します" /><link rel="next" href="sect-Security_Guide-Yubikey-Web_Sites.html" title="3.4.2. YubiKey を用いたウェブサイトの認証" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images
/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>次へ</strong></a></li></ul><div xml:lang="ja-JP" class="section" id="sect-Security_Guide-Yubikey" lang="ja-JP"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="sect-Security_Guide-Yubikey">3.4. YubiKey</h2></div></div></div><div class="para">
+ YubiKey は、動作のためにオープンソースソフトウェアを利用している、ハードウェア認証トークンです。このトークンは、コンピューターへキーボードとして現れる単なる USB デバイスです。トークンの1つのボタンは押すたびに、ユーザーを認証するために使われるワンタイムパスワード(OTP)を提供します。現在、ここで取り扱うこのソリューションは、いくつかの異なる実装があります。
+ </div><div class="section" id="sect-Security_Guide-Yubikey-Centralized_Server"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="sect-Security_Guide-Yubikey-Centralized_Server">3.4.1. センター・サーバーを用いた YubiKey の使用</h3></div></div></div><div class="para">
+ 認証サーバーに問い合わせることができるようにする、コンピューターの認証を許可する PAM モジュールが、すでに Fedora リポジトリに存在します。サーバーは、ドメインのレベルでセットアップすることも、Yubico のサーバーを利用することもできます。この認証の方法は、ドメインにおいて複数のユーザーが複数のコンピューターにアクセスする必要がある、エンタープライズの素晴らしいソリューションです。以下の手順はこのセットアップを説明します。
+ </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+ Install <span class="package">pam_yubico</span>
+ </div></li><li class="step"><div class="para">
+ 二要素認証のために <code class="filename">/etc/pam.d/gdm-password</code> を開き、以下の位置を探します:
+ </div><div class="para">
+ <code class="command">auth substack password-auth </code>
+ </div><div class="para">
+ この後ろの新しい行に、次を追加します:
+ </div><div class="para">
+ <code class="command">auth sufficient pam_yubico.so id=16</code>
+ </div></li><li class="step"><div class="para">
+ パスワード認証なしで YubiKey トークンを単独で使用するために、上の手順から最初の行を削除して、2番目のもので置き換えます。
+ </div></li><li class="step"><div class="para">
+ YubiKey を初めて追加するために YubiKey トークンを置きます。すべての OTP の最初の12文字を見るか、または <a href="http://radius.yubico.com/demo/Modhex_Calculator.php"><em class="citetitle">http://radius.yubico.com/demo/Modhex_Calculator.php</em></a> を訪問して、ページにあるテキストボックスの中に OTP を入力した後 Modhex エンコードされた文字列をコピーすることにより、これがなされます。
+ </div></li><li class="step"><div class="para">
+ ユーザーの YubiKey を設定ファイルに追加します。<code class="filename">/etc/yubikey_mapping</code> においてグローバルに、もしくは<code class="filename">~/.yubico/authorized_yubikeys</code> において個々のユーザーにより、これがなされます。以下はその構文です:
+ </div><div class="para">
+ <code class="command">username:yubikey_token:another_yubikey_token</code>
+ </div></li><li class="step"><div class="para">
+ ログアウトします。再びログインしようとするとき、システムをどのように設定したかにより、パスワードと YubiKey OTP、または両方ともを入力するようプロンプトが出ます。
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ 認証サーバーへの接続が要求されます、もしくは正しく認証されないでしょう。これは、安定したネットワーク接続性をもたないシステムにとって有害でしょう。
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>戻る</strong>3.3.5. Firefox が SSO 用に Kerberos を使用するよう設定します</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Yubikey-Web_Sites.html"><strong>次へ</strong>3.4.2. YubiKey を用いたウェブサイトの認証</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
new file mode 100644
index 0000000..b60f76a
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.3. xinetd 設定ファイルの変更</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd 設定ファイル" /><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="3.6.4.2. /etc/xinetd.d/ ディレクトリ" /><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="3.6.4.3.2. アクセス制御オプション" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/i
mages/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">3.6.4.3. xinetd 設定ファイルの変更</h4></div></div></div><div class="para">
+ ディレクティブの範囲は <code class="systemitem">xinetd</code> により保護されたサービスに対して利用可能です。このセクションは、より一般的に使用されるオプションのいくつかにハイライトします。
+ </div><div class="section" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options"><div class="titlepage"><div><div keep-together.within-column="always"><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">3.6.4.3.1. ログ取得オプション</h5></div></div></div><div class="para">
+ 以下のロギング・オプションは <code class="filename">/etc/xinetd.conf</code> および <code class="filename">/etc/xinetd.d/</code> ディレクトリにあるサービス固有の設定ファイルに対して利用可能です。
+ </div><div class="para">
+ 以下は、より一般的に使われるロギング・オプションのいくつかのリストです:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">ATTEMPT</code> — 失敗した試行がなされたという事実を記録します (<code class="option">log_on_failure</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">DURATION</code> — サービスがリモート・システムにより使用された時間の長さを記録します (<code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">EXIT</code> — 終了ステータスまたはサービスの終了シグナルを記録します (<code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">HOST</code> — リモート・ホストの IP アドレスを記録します (<code class="option">log_on_failure</code> および <code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">PID</code> — リクエストを受け取ったサーバのプロセス ID を記録します (<code class="option">log_on_success</code>)。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">USERID</code> — すべてのマルチ・スレッド stream サービスに対して RFC 1413 で定義された方式を使用してリモート・ユーザーを記録します (<code class="option">log_on_failure</code> および <code class="option">log_on_success</code>)。
+ </div></li></ul></div><div class="para">
+ ロギング・オプションの完全なリストは <code class="filename">xinetd.conf</code> マニュアル・ページを参照してください。
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>戻る</strong>3.6.4.2. /etc/xinetd.d/ ディレクトリ</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>次へ</strong>3.6.4.3.2. アクセス制御オプション</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
new file mode 100644
index 0000000..3da7899
--- /dev/null
+++ b/public_html/ja-JP/Fedora/18/html/Security_Guide/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6.4.2. /etc/xinetd.d/ ディレクトリ</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora-Security_Guide-18-ja-JP-18.0.1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.18');
+
+ addID('Fedora.18.books');
+ addID('Fedora.18.Security_Guide');
+ </script><link rel="home" href="index.html" title="セキュリティガイド" /><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd 設定ファイル" /><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="3.6.4. xinetd 設定ファイル" /><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="3.6.4.3. xinetd 設定ファイルの変更" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>戻る</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>次へ</strong></a></li></ul><div class="section" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">3.6.4.2. /etc/xinetd.d/ ディレクトリ</h4></div></div></div><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> ディレクトリは <code class="systemitem">xinetd</code> により管理される各サービスに対する設定ファイルを含み、ファイルの名前はサービスと一致します。<code class="filename">xinetd.conf</code> にあるように、このディレクトリは <code class="systemitem">xinetd</code> サービスが起動するときのみ読み込まれます。あらゆる変更は効果を持たせるために、管理者が <code class="systemitem">xinetd</code> サービスを再起動しなければいけません。
+ </div><div class="para">
+ <code class="filename">/etc/xinetd.d/</code> ディレクトリにあるファイルのフォーマットは、<code class="filename">/etc/xinetd.conf</code> と同じ規約を使用します。各サービスに対する設定が別々のファイルに保存される一番の理由は、より簡単にカスタマイズでき、他のサービスに影響を与えないようにするためです。
+ </div><div class="para">
+ これらのファイルがどのような構造であるかを理解するために、<code class="filename">/etc/xinetd.d/krb5-telnet</code> ファイルを検討します:
+ </div><pre class="screen">service telnet
+{
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/kerberos/sbin/telnetd
+ log_on_failure += USERID
+ disable = yes
+}</pre><div class="para">
+ これらの行は <code class="command">telnet</code> サービスをさまざまな観点で制御します:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="option">service</code> — サービス名を指定します、通常 <code class="filename">/etc/services</code> ファイルにおいてリストされるものの1つです。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">flags</code> — コネクションに対するいくつかの属性のどれかをセットします。<code class="option">REUSE</code> は Telnet 接続に対するソケットを再利用するよう <code class="systemitem">xinetd</code> に指示します。
+ </div><div class="note"><div class="admonition_header"><h2>注記</h2></div><div class="admonition"><div class="para">
+ <code class="option">REUSE</code> フラグは廃止されました。現在、すべてのサービスは暗黙的に <code class="option">REUSE</code> フラグを使用します。
+ </div></div></div></li><li class="listitem"><div class="para">
+ <code class="option">socket_type</code> — ネットワーク・ソケットの種類を <code class="option">stream</code> にセットします。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">wait</code> — サービスがシングル・スレッド (<code class="option">yes</code>) またはマルチ・スレッド (<code class="option">no</code>) のどちらであるかを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">user</code> — プロセスが実行されるユーザー ID を指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">server</code> — 起動するためにバイナリ実行可能なものを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">log_on_failure</code> — <code class="filename">xinetd.conf</code> においてすでに定義されているものに加えて、<code class="option">log_on_failure</code> に対するログのパラメータを指定します。
+ </div></li><li class="listitem"><div class="para">
+ <code class="option">disable</code> — サービスが無効化 (<code class="option">yes</code>) または有効化 (<code class="option">no</code>) されるかを指定します。
+ </div></li></ul></div><div class="para">
+ これらのオプションとその使用法に関する詳細は <code class="filename">xinetd.conf</code> マニュアル・ページを参照してください。
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>戻る</strong>3.6.4. xinetd 設定ファイル</a></li><li class="up"><a accesskey="u" href="#"><strong>上に戻る</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>ホーム</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>次へ</strong>3.6.4.3. xinetd 設定ファイルの変更</a></li></ul></body></html>
diff --git a/public_html/ja-JP/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf b/public_html/ja-JP/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf
new file mode 100644
index 0000000..e83b6cb
Binary files /dev/null and b/public_html/ja-JP/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf differ
diff --git a/public_html/ja-JP/Site_Statistics.html b/public_html/ja-JP/Site_Statistics.html
index 77231f7..560a149 100644
--- a/public_html/ja-JP/Site_Statistics.html
+++ b/public_html/ja-JP/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>統計</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
-<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">これは iframe です。 表示させるにはブラウザをアップグレードするか iframe 表示を有効にします。</iframe></div>
+<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">統計</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>言語</th>
- <th>コード</th>
- <th>プロダクト</th>
- <th>ブック</th>
- <th>バージョン</th>
- <th>パッケージ</th>
+ <th>Language</th>
+ <th>Code</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>言語数の合計: </b>43<br />
- <b>パッケージ数の合計: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ja-JP/opds-Community_Services_Infrastructure.xml b/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
index 26970e6..bd94fc8 100644
--- a/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora.xml b/public_html/ja-JP/opds-Fedora.xml
index faed864..b3091c0 100644
--- a/public_html/ja-JP/opds-Fedora.xml
+++ b/public_html/ja-JP/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>セキュリティガイド</title>
+ <id>http://docs.fedoraproject.org/ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ja-JP</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>Fedora Linux をセキュアにするためのガイド
+</summary>
+ <content type="text">Fedora セキュリティガイドは、ローカルまたはリモートからの侵入、侵害および悪意のある活動に対してワークステーションとサーバーをセキュアにするプロセスとプラクティスについて、Fedora のユーザーが学習する支援をするために設計されています。Fedora Linux に焦点を合わせており、すべての Linux システムに対して有効な概念や技術を詳細に説明することではありません。Fedora セキュリティガイドはデータセンター、仕事場および自宅用に安全なコンピューティング環境を構築することに関連する計画とツールを詳細に説明します。適切な知識、警戒およびツールを用いて、Linux を実行しているシステムが完全に機能して、かつ多くの一般的な侵入や侵害方法から安全にすることができます。</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>ISO イメージファイルをディスクに書き込む方法</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-ja-JP.epub</id>
<!--author>
diff --git a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
index 8512cb1..2668c2a 100644
--- a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora コントリビュータ用ドキュメント</title>
<subtitle>Fedora コントリビュータ用ドキュメント</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Core.xml b/public_html/ja-JP/opds-Fedora_Core.xml
index 69836a2..0fe2179 100644
--- a/public_html/ja-JP/opds-Fedora_Core.xml
+++ b/public_html/ja-JP/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
index 7f40ca0..d2b06e5 100644
--- a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds.xml b/public_html/ja-JP/opds.xml
index 75aede6..5ee254f 100644
--- a/public_html/ja-JP/opds.xml
+++ b/public_html/ja-JP/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ja-JP/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ja-JP/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora コントリビュータ用ドキュメント</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ja-JP/toc.html b/public_html/ja-JP/toc.html
index c0fde3e..602339b 100644
--- a/public_html/ja-JP/toc.html
+++ b/public_html/ja-JP/toc.html
@@ -22,10 +22,10 @@
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">すべて折り畳む</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">言語</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -72,14 +72,14 @@
</select>
</div>
<div class="hidden" id="nocookie">
- 以下のナビゲーションメニューはページが読み込まれると自動的に折り畳まれます。 ナビゲーションメニューの機能性を修正する場合はクッキーを有効にします。
+ The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
</div>
<div class="product collapsed" onclick="toggle(event, 'Community_Services_Infrastructure');work=1;">
<span class="product">Community Services Infrastructure</span>
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,6 +98,20 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed">
+ <a class="type" href="Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html/Security_Guide/index.html'"><span class="book">セキュリティガイド</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types" onclick="work=0;">
+ <a class="type" href="./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub" >epub</a>
+ <a class="type" href="./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf" onclick="window.top.location='./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -120,7 +134,7 @@
</div>
</div>
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.17.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/17/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -128,7 +142,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -155,7 +169,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +196,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -214,7 +228,7 @@
<a class="type" href="./Fedora/16/epub/Accessibility_Guide/Fedora-16-Accessibility_Guide-ja-JP.epub" >epub</a>
<a class="type" href="./Fedora/16/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/16/html/Accessibility_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/16/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/16/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/16/pdf/Accessibility_Guide/Fedora-14-Accessibility_Guide-ja-JP.pdf" onclick="window.top.location='./Fedora/16/pdf/Accessibility_Guide/Fedora-14-Accessibility_Guide-ja-JP.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/16/pdf/Accessibility_Guide/Fedora-16-Accessibility_Guide-ja-JP.pdf" onclick="window.top.location='./Fedora/16/pdf/Accessibility_Guide/Fedora-16-Accessibility_Guide-ja-JP.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.16.Amateur_Radio_Guide' class="book collapsed">
@@ -232,7 +246,7 @@
<a class="type" href="./Fedora/16/epub/Burning_ISO_images_to_disc/Fedora-16-Burning_ISO_images_to_disc-ja-JP.epub" >epub</a>
<a class="type" href="./Fedora/16/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/16/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/16/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/16/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora_Draft_Documentation-0.1-Burning_ISO_images_to_disc-ja-JP.pdf" onclick="window.top.location='./Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora_Draft_Documentation-0.1-Burning_ISO_images_to_disc-ja-JP.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora-0.1-Burning_ISO_images_to_disc-ja-JP.pdf" onclick="window.top.location='./Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora-0.1-Burning_ISO_images_to_disc-ja-JP.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.16.Fedora_Live_Images' class="book collapsed">
@@ -308,7 +322,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Installation_Quick_Start_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Installation_Quick_Start_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Installation_Quick_Start_Guide/index.html'"><span class="book">Installation Quick Start Guide</span></a>
@@ -389,7 +403,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.FreeIPA_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/FreeIPA_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/FreeIPA_Guide/index.html'"><span class="book">FreeIPA Guide</span></a>
@@ -461,7 +475,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -570,7 +584,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -706,7 +720,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -833,7 +847,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -877,7 +891,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -924,7 +938,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/10/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -970,7 +984,7 @@
</div>
</div>
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/9/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1016,7 +1030,7 @@
</div>
</div>
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.8.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/8/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1053,7 +1067,7 @@
</div>
</div>
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.7.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/7/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/7/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1090,7 +1104,7 @@
</div>
</div>
<div id='Fedora.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora..untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora..untrans_books' class="books hidden">
<div id='Fedora..Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora..Installation_Guide.types');">
<a class="type" href="../en-US/Fedora//html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora//html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1130,7 +1144,7 @@
</div>
</div>
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a>
@@ -1138,7 +1152,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1172,7 +1186,7 @@
<span class="version">6</span>
<div id='Fedora_Core.6.books' class="books hidden">
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1227,7 +1241,7 @@
</div>
</div>
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1264,7 +1278,7 @@
<span class="version">4</span>
<div id='Fedora_Core.4.books' class="books hidden">
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1296,7 +1310,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1336,7 +1350,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1367,7 +1381,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1394,7 +1408,7 @@
<div id='Fedora_Draft_Documentation' class="versions hidden">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1402,7 +1416,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1420,7 +1434,7 @@
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1542,7 +1556,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1562,7 +1576,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">未翻訳</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1580,12 +1594,12 @@
</div>
</div>
<div class="nocookie" id="nojs">
- <p>上記のナビゲーションメニューが正しく動作するには JavaScript が必要になります。</p> <p>JavaScript を有効にするとナビゲーションメニューが動作するようになります。</p> <p>JavaScript を有効にすることなくナビゲーションオプションを表示させる場合は CSS を無効にしてください。</p>
+ <p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >マップ</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >統計</a>
- <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >テクノロジー</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
+ <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
</div>
diff --git a/public_html/kn-IN/Site_Statistics.html b/public_html/kn-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/kn-IN/Site_Statistics.html
+++ b/public_html/kn-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/kn-IN/opds-Community_Services_Infrastructure.xml b/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
index de13dab..6d44e03 100644
--- a/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora.xml b/public_html/kn-IN/opds-Fedora.xml
index b122854..a1684e2 100644
--- a/public_html/kn-IN/opds-Fedora.xml
+++ b/public_html/kn-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>kn-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
index ff71de0..f1f985c 100644
--- a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Core.xml b/public_html/kn-IN/opds-Fedora_Core.xml
index 18cb0f2..c3159a2 100644
--- a/public_html/kn-IN/opds-Fedora_Core.xml
+++ b/public_html/kn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
index 547c08c..7cefaf4 100644
--- a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds.xml b/public_html/kn-IN/opds.xml
index 61cda20..f7dfff5 100644
--- a/public_html/kn-IN/opds.xml
+++ b/public_html/kn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/kn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/kn-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/kn-IN/toc.html b/public_html/kn-IN/toc.html
index 0da525e..f23d350 100644
--- a/public_html/kn-IN/toc.html
+++ b/public_html/kn-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ko-KR/Site_Statistics.html b/public_html/ko-KR/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/ko-KR/Site_Statistics.html
+++ b/public_html/ko-KR/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ko-KR/opds-Community_Services_Infrastructure.xml b/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
index c359b65..63c4339 100644
--- a/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora.xml b/public_html/ko-KR/opds-Fedora.xml
index 0ee3983..2c9d248 100644
--- a/public_html/ko-KR/opds-Fedora.xml
+++ b/public_html/ko-KR/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ko-KR</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
index bce2eb6..c97f7f3 100644
--- a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Core.xml b/public_html/ko-KR/opds-Fedora_Core.xml
index 860d1bf..561c443 100644
--- a/public_html/ko-KR/opds-Fedora_Core.xml
+++ b/public_html/ko-KR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
index 1a5ef2a..79d6e3b 100644
--- a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds.xml b/public_html/ko-KR/opds.xml
index 2b8827e..4b5ee7e 100644
--- a/public_html/ko-KR/opds.xml
+++ b/public_html/ko-KR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ko-KR/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ko-KR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ko-KR/toc.html b/public_html/ko-KR/toc.html
index 24d40b7..b497852 100644
--- a/public_html/ko-KR/toc.html
+++ b/public_html/ko-KR/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ml-IN/Site_Statistics.html b/public_html/ml-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/ml-IN/Site_Statistics.html
+++ b/public_html/ml-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ml-IN/opds-Community_Services_Infrastructure.xml b/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
index bc57c19..1f07cfa 100644
--- a/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora.xml b/public_html/ml-IN/opds-Fedora.xml
index b656ab3..0a8c258 100644
--- a/public_html/ml-IN/opds-Fedora.xml
+++ b/public_html/ml-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ml-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
index 7751e07..0b45f9b 100644
--- a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Core.xml b/public_html/ml-IN/opds-Fedora_Core.xml
index 18778f3..9926c59 100644
--- a/public_html/ml-IN/opds-Fedora_Core.xml
+++ b/public_html/ml-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
index 4265394..88cf05a 100644
--- a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds.xml b/public_html/ml-IN/opds.xml
index b0313e6..5056953 100644
--- a/public_html/ml-IN/opds.xml
+++ b/public_html/ml-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ml-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ml-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ml-IN/toc.html b/public_html/ml-IN/toc.html
index ef15fda..dde7443 100644
--- a/public_html/ml-IN/toc.html
+++ b/public_html/ml-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/mr-IN/Site_Statistics.html b/public_html/mr-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/mr-IN/Site_Statistics.html
+++ b/public_html/mr-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/mr-IN/opds-Community_Services_Infrastructure.xml b/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
index a11cf76..3a7e063 100644
--- a/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora.xml b/public_html/mr-IN/opds-Fedora.xml
index cad97be..ae83043 100644
--- a/public_html/mr-IN/opds-Fedora.xml
+++ b/public_html/mr-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>mr-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
index 8a12008..65d6b85 100644
--- a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Core.xml b/public_html/mr-IN/opds-Fedora_Core.xml
index 4d8e2a4..6626830 100644
--- a/public_html/mr-IN/opds-Fedora_Core.xml
+++ b/public_html/mr-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
index 7d20bae..2690712 100644
--- a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds.xml b/public_html/mr-IN/opds.xml
index be3bb70..501a402 100644
--- a/public_html/mr-IN/opds.xml
+++ b/public_html/mr-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/mr-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/mr-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/mr-IN/toc.html b/public_html/mr-IN/toc.html
index 3ec7134..f6936a2 100644
--- a/public_html/mr-IN/toc.html
+++ b/public_html/mr-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/nb-NO/Site_Statistics.html b/public_html/nb-NO/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/nb-NO/Site_Statistics.html
+++ b/public_html/nb-NO/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/nb-NO/opds-Community_Services_Infrastructure.xml b/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
index 900e722..6a5fdcc 100644
--- a/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
+++ b/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora.xml b/public_html/nb-NO/opds-Fedora.xml
index 070e3a4..5ed8755 100644
--- a/public_html/nb-NO/opds-Fedora.xml
+++ b/public_html/nb-NO/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>nb-NO</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
index 2966452..d05d4ca 100644
--- a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Core.xml b/public_html/nb-NO/opds-Fedora_Core.xml
index ec445b8..6680ea4 100644
--- a/public_html/nb-NO/opds-Fedora_Core.xml
+++ b/public_html/nb-NO/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
index 1167cd9..a850b19 100644
--- a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds.xml b/public_html/nb-NO/opds.xml
index 76f112d..052a333 100644
--- a/public_html/nb-NO/opds.xml
+++ b/public_html/nb-NO/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nb-NO/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/nb-NO/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/nb-NO/toc.html b/public_html/nb-NO/toc.html
index 7f4735e..c99b168 100644
--- a/public_html/nb-NO/toc.html
+++ b/public_html/nb-NO/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/nl-NL/Site_Statistics.html b/public_html/nl-NL/Site_Statistics.html
index 1ae51ca..560a149 100644
--- a/public_html/nl-NL/Site_Statistics.html
+++ b/public_html/nl-NL/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>Statistieken</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
-<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">Dit is een iframe, om het te bekijken upgrade je jouw browser of zet je iframe weergave aan.</iframe></div>
+<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">Statistieken</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>Taal</th>
+ <th>Language</th>
<th>Code</th>
- <th>Producten</th>
- <th>Boeken</th>
- <th>Versies</th>
- <th>Pakketten</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>Totaal talen: </b>43<br />
- <b>Totaal pakketten: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/nl-NL/opds-Community_Services_Infrastructure.xml b/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
index b6dc4ad..31b291c 100644
--- a/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora.xml b/public_html/nl-NL/opds-Fedora.xml
index 5b7e626..8c76123 100644
--- a/public_html/nl-NL/opds-Fedora.xml
+++ b/public_html/nl-NL/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>nl-NL</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>ISO images naar schijf branden</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-nl-NL.epub</id>
<!--author>
diff --git a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
index 4f75dda..814c2c7 100644
--- a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Core.xml b/public_html/nl-NL/opds-Fedora_Core.xml
index 1c5e442..e3a06a7 100644
--- a/public_html/nl-NL/opds-Fedora_Core.xml
+++ b/public_html/nl-NL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
index e11f402..d8e2383 100644
--- a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds.xml b/public_html/nl-NL/opds.xml
index 817479c..4df00d1 100644
--- a/public_html/nl-NL/opds.xml
+++ b/public_html/nl-NL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nl-NL/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/nl-NL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/nl-NL/toc.html b/public_html/nl-NL/toc.html
index b7a1b8d..db0947b 100644
--- a/public_html/nl-NL/toc.html
+++ b/public_html/nl-NL/toc.html
@@ -22,10 +22,10 @@
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">alles samenvouwen</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">Taal</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -72,14 +72,14 @@
</select>
</div>
<div class="hidden" id="nocookie">
- Het navigatie menu hieronder zal automatisch samenvouwen als pagina's worden geladen. Zet cookies aan om de functionaliteit van het navigatie menu te herstellen.
+ The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
</div>
<div class="product collapsed" onclick="toggle(event, 'Community_Services_Infrastructure');work=1;">
<span class="product">Community Services Infrastructure</span>
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -138,7 +157,7 @@
</div>
</div>
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.17.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/17/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -247,7 +266,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -334,7 +353,7 @@
<a class="type" href="./Fedora/15/epub/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-nl-NL.epub" >epub</a>
<a class="type" href="./Fedora/15/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-nl-NL.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-nl-NL.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-nl-NL.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-nl-NL.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.15.Fedora_Live_Images' class="book collapsed">
@@ -353,7 +372,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.Deployment_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.Deployment_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/Deployment_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/Deployment_Guide/index.html'"><span class="book">Deployment Guide</span></a>
@@ -496,7 +515,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -556,7 +575,7 @@
<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.epub" >epub</a>
<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -677,7 +696,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -804,7 +823,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -931,7 +950,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -1022,7 +1041,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/10/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -1113,7 +1132,7 @@
</div>
</div>
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/9/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -1195,7 +1214,7 @@
</div>
</div>
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.8.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/8/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/8/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -1223,7 +1242,7 @@
<span class="version">7</span>
<div id='Fedora.7.books' class="books hidden">
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.7.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/7/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/7/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1269,7 +1288,7 @@
</div>
</div>
<div id='Fedora.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora..untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora..untrans_books' class="books hidden">
<div id='Fedora..Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora..Installation_Guide.types');">
<a class="type" href="../en-US/Fedora//html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora//html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1309,7 +1328,7 @@
<div id='Fedora_Contributor_Documentation' class="versions hidden">
<div id='Fedora_Contributor_Documentation.1' class="version collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.books');"> <div id='Fedora_Contributor_Documentation.1.books' class="books">
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a>
@@ -1317,7 +1336,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1360,7 +1379,7 @@
<span class="version">6</span>
<div id='Fedora_Core.6.books' class="books hidden">
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1406,7 +1425,7 @@
<span class="version">5</span>
<div id='Fedora_Core.5.books' class="books hidden">
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1452,7 +1471,7 @@
<span class="version">4</span>
<div id='Fedora_Core.4.books' class="books hidden">
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1484,7 +1503,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1524,7 +1543,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1555,7 +1574,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1582,7 +1601,7 @@
<div id='Fedora_Draft_Documentation' class="versions hidden">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1590,7 +1609,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1599,7 +1618,7 @@
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.books');"> <div id='Fedora_Draft_Documentation.0.1.books' class="books">
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1730,7 +1749,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1750,7 +1769,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">Onvertaald</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1768,11 +1787,11 @@
</div>
</div>
<div class="nocookie" id="nojs">
- <p>Het navigatie menu hierboven vereist JavaScript functionaliteit.</p><p>Zet JavaScript aan om het navigatie menu te laten werken.</p><p>Zet CSS uit om de navigatie opties te tonen zonder dat JavaScript aangezet is</p>
+ <p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >Kaart</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistieken</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
<a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
diff --git a/public_html/opds.xml b/public_html/opds.xml
index 08a8b0a..3388b95 100644
--- a/public_html/opds.xml
+++ b/public_html/opds.xml
@@ -7,7 +7,7 @@
<link rel="start" href="http://docs.fedoraproject.org/opds.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<title>Fedora Documentation</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -16,7 +16,7 @@
<entry>
<title>অসমীয়া</title>
<id>as-IN/opds.xml</id>
- <updated>2012-09-28T06:09:07</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="as-IN/opds.xml"/>
@@ -24,7 +24,7 @@
<entry>
<title>български</title>
<id>bg-BG/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bg-BG/opds.xml"/>
@@ -32,7 +32,7 @@
<entry>
<title>বাংলা</title>
<id>bn-IN/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:21</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bn-IN/opds.xml"/>
@@ -40,7 +40,7 @@
<entry>
<title>Bosanski</title>
<id>bs-BA/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bs-BA/opds.xml"/>
@@ -48,7 +48,7 @@
<entry>
<title>Català</title>
<id>ca-ES/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ca-ES/opds.xml"/>
@@ -56,7 +56,7 @@
<entry>
<title>Čeština</title>
<id>cs-CZ/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="cs-CZ/opds.xml"/>
@@ -64,7 +64,7 @@
<entry>
<title>Dansk</title>
<id>da-DK/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="da-DK/opds.xml"/>
@@ -72,7 +72,7 @@
<entry>
<title>Deutsch</title>
<id>de-DE/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="de-DE/opds.xml"/>
@@ -80,7 +80,7 @@
<entry>
<title>Ελληνικά</title>
<id>el-GR/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="el-GR/opds.xml"/>
@@ -88,7 +88,7 @@
<entry>
<title>English</title>
<id>en-US/opds.xml</id>
- <updated>2012-09-28T06:09:08</updated>
+ <updated>2012-10-29T16:44:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="en-US/opds.xml"/>
@@ -96,7 +96,7 @@
<entry>
<title>Español</title>
<id>es-ES/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="es-ES/opds.xml"/>
@@ -104,7 +104,7 @@
<entry>
<title>فارسی</title>
<id>fa-IR/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fa-IR/opds.xml"/>
@@ -112,7 +112,7 @@
<entry>
<title>Suomi</title>
<id>fi-FI/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fi-FI/opds.xml"/>
@@ -120,7 +120,7 @@
<entry>
<title>Français</title>
<id>fr-FR/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fr-FR/opds.xml"/>
@@ -128,7 +128,7 @@
<entry>
<title>ગુજરાતી</title>
<id>gu-IN/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="gu-IN/opds.xml"/>
@@ -136,7 +136,7 @@
<entry>
<title>עברית</title>
<id>he-IL/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="he-IL/opds.xml"/>
@@ -144,7 +144,7 @@
<entry>
<title>हिन्दी</title>
<id>hi-IN/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:23</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hi-IN/opds.xml"/>
@@ -152,7 +152,7 @@
<entry>
<title>Magyar</title>
<id>hu-HU/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hu-HU/opds.xml"/>
@@ -160,7 +160,7 @@
<entry>
<title>Indonesia</title>
<id>id-ID/opds.xml</id>
- <updated>2012-09-28T06:09:09</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="id-ID/opds.xml"/>
@@ -168,7 +168,7 @@
<entry>
<title>Italiano</title>
<id>it-IT/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="it-IT/opds.xml"/>
@@ -176,7 +176,7 @@
<entry>
<title>日本語</title>
<id>ja-JP/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ja-JP/opds.xml"/>
@@ -184,7 +184,7 @@
<entry>
<title>ಕನ್ನಡ</title>
<id>kn-IN/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="kn-IN/opds.xml"/>
@@ -192,7 +192,7 @@
<entry>
<title>한국어</title>
<id>ko-KR/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ko-KR/opds.xml"/>
@@ -200,7 +200,7 @@
<entry>
<title>മലയാളം</title>
<id>ml-IN/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:24</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ml-IN/opds.xml"/>
@@ -208,7 +208,7 @@
<entry>
<title>मराठी</title>
<id>mr-IN/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="mr-IN/opds.xml"/>
@@ -216,7 +216,7 @@
<entry>
<title>Norsk (bokmål)</title>
<id>nb-NO/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nb-NO/opds.xml"/>
@@ -224,7 +224,7 @@
<entry>
<title>Nederlands</title>
<id>nl-NL/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nl-NL/opds.xml"/>
@@ -232,7 +232,7 @@
<entry>
<title>ଓଡ଼ିଆ</title>
<id>or-IN/opds.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="or-IN/opds.xml"/>
@@ -240,7 +240,7 @@
<entry>
<title>ਪੰਜਾਬੀ</title>
<id>pa-IN/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pa-IN/opds.xml"/>
@@ -248,7 +248,7 @@
<entry>
<title>Polski</title>
<id>pl-PL/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pl-PL/opds.xml"/>
@@ -256,7 +256,7 @@
<entry>
<title>Português Brasileiro</title>
<id>pt-BR/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-BR/opds.xml"/>
@@ -264,7 +264,7 @@
<entry>
<title>Português</title>
<id>pt-PT/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-PT/opds.xml"/>
@@ -272,7 +272,7 @@
<entry>
<title>Romanian</title>
<id>ro/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ro/opds.xml"/>
@@ -280,7 +280,7 @@
<entry>
<title>Русский</title>
<id>ru-RU/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ru-RU/opds.xml"/>
@@ -288,7 +288,7 @@
<entry>
<title>Slovenščina</title>
<id>sk-SK/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sk-SK/opds.xml"/>
@@ -296,7 +296,7 @@
<entry>
<title>Srpski (latinica)</title>
<id>sr-Latn-RS/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-Latn-RS/opds.xml"/>
@@ -304,7 +304,7 @@
<entry>
<title>Српски</title>
<id>sr-RS/opds.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-RS/opds.xml"/>
@@ -312,7 +312,7 @@
<entry>
<title>Svenska</title>
<id>sv-SE/opds.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sv-SE/opds.xml"/>
@@ -320,7 +320,7 @@
<entry>
<title>தமிழ்</title>
<id>ta-IN/opds.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ta-IN/opds.xml"/>
@@ -328,7 +328,7 @@
<entry>
<title>తెలుగు</title>
<id>te-IN/opds.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="te-IN/opds.xml"/>
@@ -336,7 +336,7 @@
<entry>
<title>Українська</title>
<id>uk-UA/opds.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="uk-UA/opds.xml"/>
@@ -344,7 +344,7 @@
<entry>
<title>简体中文</title>
<id>zh-CN/opds.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-CN/opds.xml"/>
@@ -352,7 +352,7 @@
<entry>
<title>繁體中文</title>
<id>zh-TW/opds.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-TW/opds.xml"/>
diff --git a/public_html/or-IN/Site_Statistics.html b/public_html/or-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/or-IN/Site_Statistics.html
+++ b/public_html/or-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/or-IN/opds-Community_Services_Infrastructure.xml b/public_html/or-IN/opds-Community_Services_Infrastructure.xml
index 6a58cf1..2cefdc0 100644
--- a/public_html/or-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/or-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora.xml b/public_html/or-IN/opds-Fedora.xml
index 465e96d..493c3d5 100644
--- a/public_html/or-IN/opds-Fedora.xml
+++ b/public_html/or-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>or-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
index 007a7bb..f86c6c3 100644
--- a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Core.xml b/public_html/or-IN/opds-Fedora_Core.xml
index c1e6c87..3bb3e30 100644
--- a/public_html/or-IN/opds-Fedora_Core.xml
+++ b/public_html/or-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
index 0ad230c..92d9674 100644
--- a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds.xml b/public_html/or-IN/opds.xml
index d5cf870..fd0a118 100644
--- a/public_html/or-IN/opds.xml
+++ b/public_html/or-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/or-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/or-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/or-IN/toc.html b/public_html/or-IN/toc.html
index 96d8375..49b71b0 100644
--- a/public_html/or-IN/toc.html
+++ b/public_html/or-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/pa-IN/Site_Statistics.html b/public_html/pa-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/pa-IN/Site_Statistics.html
+++ b/public_html/pa-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/pa-IN/opds-Community_Services_Infrastructure.xml b/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
index e2ac127..2bc85db 100644
--- a/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora.xml b/public_html/pa-IN/opds-Fedora.xml
index da15b3e..ae31d62 100644
--- a/public_html/pa-IN/opds-Fedora.xml
+++ b/public_html/pa-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>pa-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
index 09105b1..a9a3b64 100644
--- a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Core.xml b/public_html/pa-IN/opds-Fedora_Core.xml
index d1b1c4f..007081c 100644
--- a/public_html/pa-IN/opds-Fedora_Core.xml
+++ b/public_html/pa-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
index 1bbe369..0a0f4e0 100644
--- a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds.xml b/public_html/pa-IN/opds.xml
index 78ccbf4..7be883f 100644
--- a/public_html/pa-IN/opds.xml
+++ b/public_html/pa-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pa-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pa-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:10</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pa-IN/toc.html b/public_html/pa-IN/toc.html
index 3c9840d..2584e0f 100644
--- a/public_html/pa-IN/toc.html
+++ b/public_html/pa-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/pl-PL/Site_Statistics.html b/public_html/pl-PL/Site_Statistics.html
index 15a2c0a..560a149 100644
--- a/public_html/pl-PL/Site_Statistics.html
+++ b/public_html/pl-PL/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>Statystyki</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
-<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">To jest ramka "iframe", aby ją wyświetlić należy zaktualizować przeglądarkę lub włączyć wyświetlanie ramek "iframe".</iframe></div>
+<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">Statystyki</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>Język</th>
- <th>Kod</th>
- <th>Produkty</th>
- <th>Książki</th>
- <th>Wersje</th>
- <th>Pakiety</th>
+ <th>Language</th>
+ <th>Code</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>Razem języków: </b>43<br />
- <b>Razem pakietów: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/pl-PL/opds-Community_Services_Infrastructure.xml b/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
index edec8a8..bd91540 100644
--- a/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora.xml b/public_html/pl-PL/opds-Fedora.xml
index d34f663..4889ab1 100644
--- a/public_html/pl-PL/opds-Fedora.xml
+++ b/public_html/pl-PL/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>pl-PL</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
index d560d41..7214a7e 100644
--- a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Dokumentacja dla współtwórców Fedory</title>
<subtitle>Dokumentacja dla współtwórców Fedory</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Core.xml b/public_html/pl-PL/opds-Fedora_Core.xml
index e547f56..9e9b45a 100644
--- a/public_html/pl-PL/opds-Fedora_Core.xml
+++ b/public_html/pl-PL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
index 7452147..1af86b3 100644
--- a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds.xml b/public_html/pl-PL/opds.xml
index 6dd4801..bbb5657 100644
--- a/public_html/pl-PL/opds.xml
+++ b/public_html/pl-PL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pl-PL/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pl-PL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Dokumentacja dla współtwórców Fedory</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pl-PL/toc.html b/public_html/pl-PL/toc.html
index 1ec3a9a..990301b 100644
--- a/public_html/pl-PL/toc.html
+++ b/public_html/pl-PL/toc.html
@@ -5,27 +5,27 @@
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
<script type="text/javascript" src="../toc.js"></script>
- <title>nawigacja spisu treści</title>
+ <title>toc nav</title>
</head>
<body class="tocnav" onload="hideNoJS();getCookie();checkCookie();checkMenu();">
<div id="closemenu" class="closemenu visible">
- <a href="#" title="Ukryj menu" onclick="hideMenu();" ><img src="../images/close.png"/></a>
+ <a href="#" title="Hide Menu" onclick="hideMenu();" ><img src="../images/close.png"/></a>
</div>
<div id="openmenu" class="openmenu hidden">
- <a href="#" title="Wyświetl menu" onclick="showMenu();"><img src="../images/open.png"/></a>
+ <a href="#" title="Show Menu" onclick="showMenu();"><img src="../images/open.png"/></a>
</div>
<div id="outer" class="outer visible">
<h1>
- <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Witaj</span></a>
+ <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Welcome</span></a>
</h1>
<div class="tocnavwrap">
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">zwiń wszystko</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">Język</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -72,14 +72,14 @@
</select>
</div>
<div class="hidden" id="nocookie">
- Poniższe menu nawigacji zostanie automatycznie zwinięte po wczytaniu strony. Należy włączyć obsługę ciasteczek, aby naprawić działanie meni nawigacji.
+ The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
</div>
<div class="product collapsed" onclick="toggle(event, 'Community_Services_Infrastructure');work=1;">
<span class="product">Community Services Infrastructure</span>
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,11 +98,30 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.17.Burning_ISO_images_to_disc.types');">
<a class="type" href="../en-US/Fedora/17/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='../en-US/Fedora/17/html/Burning_ISO_images_to_disc/index.html'"><span class="book">Burning ISO images to disc</span></a>
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -220,7 +239,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -334,7 +353,7 @@
<a class="type" href="./Fedora/15/epub/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-pl-PL.epub" >epub</a>
<a class="type" href="./Fedora/15/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-pl-PL.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-pl-PL.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-pl-PL.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-pl-PL.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.15.Fedora_Live_Images' class="book collapsed">
@@ -346,7 +365,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.Deployment_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.Deployment_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/Deployment_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/Deployment_Guide/index.html'"><span class="book">Deployment Guide</span></a>
@@ -462,7 +481,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -607,7 +626,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -725,7 +744,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -852,7 +871,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -934,7 +953,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/10/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -960,7 +979,7 @@
<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -1016,7 +1035,7 @@
</div>
</div>
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/9/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1042,7 +1061,7 @@
<a class="type" href="../en-US/./Fedora/9/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/9/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/9/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.9.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.User_Guide.types');">
@@ -1098,7 +1117,7 @@
</div>
</div>
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
<a class="type" href="../en-US/Fedora/8/html/SELinux_FAQ/index.html" onclick="window.top.location='../en-US/Fedora/8/html/SELinux_FAQ/index.html'"><span class="book">SELinux FAQ</span></a>
@@ -1135,7 +1154,7 @@
</div>
</div>
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.Release_Notes' class="book collapsed" onclick="toggle(event, 'Fedora.7.Release_Notes.types');">
<a class="type" href="../en-US/Fedora/7/html/Release_Notes/index.html" onclick="window.top.location='../en-US/Fedora/7/html/Release_Notes/index.html'"><span class="book">Release Notes</span></a>
@@ -1166,7 +1185,7 @@
</div>
</div>
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a>
@@ -1174,7 +1193,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1235,7 +1254,7 @@
</div>
</div>
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.User_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1254,7 +1273,7 @@
<span class="version">5</span>
<div id='Fedora_Core.5.books' class="books hidden">
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1300,7 +1319,7 @@
<span class="version">4</span>
<div id='Fedora_Core.4.books' class="books hidden">
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1332,7 +1351,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1372,7 +1391,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1403,7 +1422,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1430,7 +1449,7 @@
<div id='Fedora_Draft_Documentation' class="versions hidden">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1438,7 +1457,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1447,7 +1466,7 @@
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.books');"> <div id='Fedora_Draft_Documentation.0.1.books' class="books">
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1578,7 +1597,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1598,7 +1617,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">Nieprzetłumaczone</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1616,12 +1635,12 @@
</div>
</div>
<div class="nocookie" id="nojs">
- <p>Powyższe menu nawigacji wymaga do działania obsługi języka JavaScript.</p><p>Należy włączyć obsługę języka JavaScript, aby umożliwić menu nawigacji działanie.</p><p>Należy wyłączyć obsługę styli CSS, aby wyświetlić opcje nawigacji bez włączonej obsługi języka JavaScript</p>
+ <p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >Mapa</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statystyki</a>
- <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Techniczne</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
+ <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
</div>
diff --git a/public_html/pt-BR/Site_Statistics.html b/public_html/pt-BR/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/pt-BR/Site_Statistics.html
+++ b/public_html/pt-BR/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/pt-BR/opds-Community_Services_Infrastructure.xml b/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
index aaad9aa..7b35f50 100644
--- a/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora.xml b/public_html/pt-BR/opds-Fedora.xml
index 2d9b460..6622360 100644
--- a/public_html/pt-BR/opds-Fedora.xml
+++ b/public_html/pt-BR/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>pt-BR</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
index 14c6b7d..07af899 100644
--- a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Core.xml b/public_html/pt-BR/opds-Fedora_Core.xml
index 03102bb..06b9701 100644
--- a/public_html/pt-BR/opds-Fedora_Core.xml
+++ b/public_html/pt-BR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
index 02878a8..dde1942 100644
--- a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds.xml b/public_html/pt-BR/opds.xml
index 1078699..6b54d08 100644
--- a/public_html/pt-BR/opds.xml
+++ b/public_html/pt-BR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-BR/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pt-BR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:25</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pt-BR/toc.html b/public_html/pt-BR/toc.html
index ed21ac9..ab4a93d 100644
--- a/public_html/pt-BR/toc.html
+++ b/public_html/pt-BR/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1102,7 +1121,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1375,7 +1394,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1515,7 +1534,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/pt-PT/Site_Statistics.html b/public_html/pt-PT/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/pt-PT/Site_Statistics.html
+++ b/public_html/pt-PT/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/pt-PT/opds-Community_Services_Infrastructure.xml b/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
index a885675..c240955 100644
--- a/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora.xml b/public_html/pt-PT/opds-Fedora.xml
index 78dc98d..95b07de 100644
--- a/public_html/pt-PT/opds-Fedora.xml
+++ b/public_html/pt-PT/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>pt-PT</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
index 8e49f90..13022fa 100644
--- a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Core.xml b/public_html/pt-PT/opds-Fedora_Core.xml
index af2e1fd..4ab590c 100644
--- a/public_html/pt-PT/opds-Fedora_Core.xml
+++ b/public_html/pt-PT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
index b4bbd03..cea177b 100644
--- a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds.xml b/public_html/pt-PT/opds.xml
index 6b006ca..7a56a6b 100644
--- a/public_html/pt-PT/opds.xml
+++ b/public_html/pt-PT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-PT/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pt-PT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pt-PT/toc.html b/public_html/pt-PT/toc.html
index ad49fff..9631980 100644
--- a/public_html/pt-PT/toc.html
+++ b/public_html/pt-PT/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1102,7 +1121,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1365,7 +1384,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1505,7 +1524,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ro/Site_Statistics.html b/public_html/ro/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/ro/Site_Statistics.html
+++ b/public_html/ro/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ro/opds-Community_Services_Infrastructure.xml b/public_html/ro/opds-Community_Services_Infrastructure.xml
index aa76e14..684fded 100644
--- a/public_html/ro/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ro/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora.xml b/public_html/ro/opds-Fedora.xml
index a300d87..d0f73d6 100644
--- a/public_html/ro/opds-Fedora.xml
+++ b/public_html/ro/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ro</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/ro/opds-Fedora_Contributor_Documentation.xml b/public_html/ro/opds-Fedora_Contributor_Documentation.xml
index 54b4ac1..372fe2b 100644
--- a/public_html/ro/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Core.xml b/public_html/ro/opds-Fedora_Core.xml
index 78dbcc7..640603a 100644
--- a/public_html/ro/opds-Fedora_Core.xml
+++ b/public_html/ro/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Draft_Documentation.xml b/public_html/ro/opds-Fedora_Draft_Documentation.xml
index 371abc7..6ff2aaa 100644
--- a/public_html/ro/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Draft_Documentation.xml</id>
<title>Schiță Documentație Fedora</title>
<subtitle>Schiță Documentație Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds.xml b/public_html/ro/opds.xml
index c6b566b..f2b42a2 100644
--- a/public_html/ro/opds.xml
+++ b/public_html/ro/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ro/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ro/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ro/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Schiță Documentație Fedora</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ro/toc.html b/public_html/ro/toc.html
index 7035f3e..1cf55a2 100644
--- a/public_html/ro/toc.html
+++ b/public_html/ro/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ru-RU/Site_Statistics.html b/public_html/ru-RU/Site_Statistics.html
index 3c4956c..560a149 100644
--- a/public_html/ru-RU/Site_Statistics.html
+++ b/public_html/ru-RU/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>Статистика</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">Статистика</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>Язык</th>
- <th>Код</th>
- <th>Продукты</th>
- <th>Книги</th>
- <th>Версии</th>
- <th>Пакеты</th>
+ <th>Language</th>
+ <th>Code</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>Всего языков: </b>43<br />
- <b>Всего пакетов: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ru-RU/opds-Community_Services_Infrastructure.xml b/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
index d306bb0..065e01e 100644
--- a/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora.xml b/public_html/ru-RU/opds-Fedora.xml
index 3b77a4b..3991ca1 100644
--- a/public_html/ru-RU/opds-Fedora.xml
+++ b/public_html/ru-RU/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ru-RU</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Запись ISO-образов на диск</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-ru-RU.epub</id>
<!--author>
diff --git a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
index b5ce352..e7154ca 100644
--- a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документация участника Fedora</title>
<subtitle>Документация участника Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Core.xml b/public_html/ru-RU/opds-Fedora_Core.xml
index 2a7740e..0010de6 100644
--- a/public_html/ru-RU/opds-Fedora_Core.xml
+++ b/public_html/ru-RU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
index b335b8e..814d29b 100644
--- a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds.xml b/public_html/ru-RU/opds.xml
index 24e8e6d..73727a7 100644
--- a/public_html/ru-RU/opds.xml
+++ b/public_html/ru-RU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ru-RU/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ru-RU/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Документация участника Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ru-RU/toc.html b/public_html/ru-RU/toc.html
index 8a2b75e..3dadbf1 100644
--- a/public_html/ru-RU/toc.html
+++ b/public_html/ru-RU/toc.html
@@ -16,16 +16,16 @@
</div>
<div id="outer" class="outer visible">
<h1>
- <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Добро пожаловать</span></a>
+ <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Welcome</span></a>
</h1>
<div class="tocnavwrap">
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">свернуть</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">Язык</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -79,7 +79,7 @@
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -129,7 +148,7 @@
</div>
</div>
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
<a class="type" href="../en-US/Fedora/17/html/FreeIPA_Guide/index.html" onclick="window.top.location='../en-US/Fedora/17/html/FreeIPA_Guide/index.html'"><span class="book">FreeIPA Guide</span></a>
@@ -155,7 +174,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -238,7 +257,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -346,7 +365,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.Deployment_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.Deployment_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/Deployment_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/Deployment_Guide/index.html'"><span class="book">Deployment Guide</span></a>
@@ -444,7 +463,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -558,7 +577,7 @@
<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-ru-RU.epub" >epub</a>
<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-ru-RU.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-ru-RU.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-ru-RU.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-ru-RU.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -625,7 +644,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -743,7 +762,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -834,7 +853,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -907,7 +926,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.10.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/10/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -944,7 +963,7 @@
<span class="version">9</span>
<div id='Fedora.9.books' class="books hidden">
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.9.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/9/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -990,7 +1009,7 @@
<span class="version">8</span>
<div id='Fedora.8.books' class="books hidden">
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.8.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/8/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/8/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -1045,7 +1064,7 @@
<span class="version">7</span>
<div id='Fedora.7.books' class="books hidden">
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.7.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/7/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/7/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1112,7 +1131,7 @@
</div>
</div>
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Users_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Users_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Users_Guide/index.html'"><span class="book">Publican Users Guide</span></a>
@@ -1154,7 +1173,7 @@
</div>
</div>
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1191,7 +1210,7 @@
</div>
</div>
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1235,7 +1254,7 @@
</div>
</div>
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1260,7 +1279,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1300,7 +1319,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1331,7 +1350,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1358,7 +1377,7 @@
<div id='Fedora_Draft_Documentation' class="versions hidden">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1375,7 +1394,7 @@
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.books');"> <div id='Fedora_Draft_Documentation.0.1.books' class="books">
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1526,7 +1545,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">Не переведено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1547,9 +1566,9 @@
<p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >Карта сайта</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Статистика</a>
- <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Тех.</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
+ <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
</div>
diff --git a/public_html/sk-SK/Site_Statistics.html b/public_html/sk-SK/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/sk-SK/Site_Statistics.html
+++ b/public_html/sk-SK/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/sk-SK/opds-Community_Services_Infrastructure.xml b/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
index b1a4792..6430d21 100644
--- a/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora.xml b/public_html/sk-SK/opds-Fedora.xml
index ae75161..fe49c3e 100644
--- a/public_html/sk-SK/opds-Fedora.xml
+++ b/public_html/sk-SK/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>sk-SK</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
index 7a33f03..2cfa8b8 100644
--- a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Core.xml b/public_html/sk-SK/opds-Fedora_Core.xml
index 4018cfa..50ac527 100644
--- a/public_html/sk-SK/opds-Fedora_Core.xml
+++ b/public_html/sk-SK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
index 7d2c7dd..4e55715 100644
--- a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds.xml b/public_html/sk-SK/opds.xml
index c4652a2..ac5e904 100644
--- a/public_html/sk-SK/opds.xml
+++ b/public_html/sk-SK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sk-SK/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sk-SK/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sk-SK/toc.html b/public_html/sk-SK/toc.html
index 89e840d..fb04bf0 100644
--- a/public_html/sk-SK/toc.html
+++ b/public_html/sk-SK/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/sr-Latn-RS/Site_Statistics.html b/public_html/sr-Latn-RS/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/sr-Latn-RS/Site_Statistics.html
+++ b/public_html/sr-Latn-RS/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml b/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
index 55418ac..ae047bb 100644
--- a/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora.xml b/public_html/sr-Latn-RS/opds-Fedora.xml
index a28884a..4d3d493 100644
--- a/public_html/sr-Latn-RS/opds-Fedora.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>sr-Latn-RS</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
index e12b78d..85a69b7 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Core.xml b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
index 569bbb5..75e80bb 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
index fdebbec..3d1da63 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds.xml b/public_html/sr-Latn-RS/opds.xml
index ae74049..9418620 100644
--- a/public_html/sr-Latn-RS/opds.xml
+++ b/public_html/sr-Latn-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:26</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sr-Latn-RS/toc.html b/public_html/sr-Latn-RS/toc.html
index efc480c..0ec7008 100644
--- a/public_html/sr-Latn-RS/toc.html
+++ b/public_html/sr-Latn-RS/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/sr-RS/Site_Statistics.html b/public_html/sr-RS/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/sr-RS/Site_Statistics.html
+++ b/public_html/sr-RS/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/sr-RS/opds-Community_Services_Infrastructure.xml b/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
index edf841f..c73553d 100644
--- a/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora.xml b/public_html/sr-RS/opds-Fedora.xml
index a7b8f1c..85ff575 100644
--- a/public_html/sr-RS/opds-Fedora.xml
+++ b/public_html/sr-RS/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>sr-RS</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
index 4968413..27dda99 100644
--- a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Core.xml b/public_html/sr-RS/opds-Fedora_Core.xml
index d03b205..ced0589 100644
--- a/public_html/sr-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
index 7eb24dd..c8621a1 100644
--- a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds.xml b/public_html/sr-RS/opds.xml
index b937f10..5a36979 100644
--- a/public_html/sr-RS/opds.xml
+++ b/public_html/sr-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-RS/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sr-RS/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:11</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sr-RS/toc.html b/public_html/sr-RS/toc.html
index 29d8879..6cee498 100644
--- a/public_html/sr-RS/toc.html
+++ b/public_html/sr-RS/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1102,7 +1121,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1375,7 +1394,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1515,7 +1534,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/sv-SE/Site_Statistics.html b/public_html/sv-SE/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/sv-SE/Site_Statistics.html
+++ b/public_html/sv-SE/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/sv-SE/opds-Community_Services_Infrastructure.xml b/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
index b0b1f25..74f6ca6 100644
--- a/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora.xml b/public_html/sv-SE/opds-Fedora.xml
index db1a23e..f8baf2f 100644
--- a/public_html/sv-SE/opds-Fedora.xml
+++ b/public_html/sv-SE/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>sv-SE</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
index ca33274..483d6df 100644
--- a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Core.xml b/public_html/sv-SE/opds-Fedora_Core.xml
index faf3ce3..4d4bc32 100644
--- a/public_html/sv-SE/opds-Fedora_Core.xml
+++ b/public_html/sv-SE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
index d4cd8a0..3a3591c 100644
--- a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds.xml b/public_html/sv-SE/opds.xml
index 89bb695..2412f50 100644
--- a/public_html/sv-SE/opds.xml
+++ b/public_html/sv-SE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sv-SE/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sv-SE/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sv-SE/toc.html b/public_html/sv-SE/toc.html
index 9a064f2..bf1eba4 100644
--- a/public_html/sv-SE/toc.html
+++ b/public_html/sv-SE/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -334,7 +353,7 @@
<a class="type" href="./Fedora/15/epub/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-sv-SE.epub" >epub</a>
<a class="type" href="./Fedora/15/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-sv-SE.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-sv-SE.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-sv-SE.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-sv-SE.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.15.Fedora_Live_Images' class="book collapsed">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1138,7 +1157,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1411,7 +1430,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1551,7 +1570,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/ta-IN/Site_Statistics.html b/public_html/ta-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/ta-IN/Site_Statistics.html
+++ b/public_html/ta-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/ta-IN/opds-Community_Services_Infrastructure.xml b/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
index 8b9b25d..3b688c1 100644
--- a/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora.xml b/public_html/ta-IN/opds-Fedora.xml
index 804c04a..bf5fd92 100644
--- a/public_html/ta-IN/opds-Fedora.xml
+++ b/public_html/ta-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>ta-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
index 39f3185..7a1c08f 100644
--- a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Core.xml b/public_html/ta-IN/opds-Fedora_Core.xml
index 7ed8bc7..44b03ef 100644
--- a/public_html/ta-IN/opds-Fedora_Core.xml
+++ b/public_html/ta-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
index 112f133..c9d6091 100644
--- a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds.xml b/public_html/ta-IN/opds.xml
index a3f4978..8b452b0 100644
--- a/public_html/ta-IN/opds.xml
+++ b/public_html/ta-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ta-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ta-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ta-IN/toc.html b/public_html/ta-IN/toc.html
index 74c52f4..f1bc560 100644
--- a/public_html/ta-IN/toc.html
+++ b/public_html/ta-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/te-IN/Site_Statistics.html b/public_html/te-IN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/te-IN/Site_Statistics.html
+++ b/public_html/te-IN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/te-IN/opds-Community_Services_Infrastructure.xml b/public_html/te-IN/opds-Community_Services_Infrastructure.xml
index 5a09bc2..95bd901 100644
--- a/public_html/te-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/te-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora.xml b/public_html/te-IN/opds-Fedora.xml
index c9179f4..6ed0bf0 100644
--- a/public_html/te-IN/opds-Fedora.xml
+++ b/public_html/te-IN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>te-IN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
index b701fdb..69281fa 100644
--- a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Core.xml b/public_html/te-IN/opds-Fedora_Core.xml
index 6a9d275..2f21519 100644
--- a/public_html/te-IN/opds-Fedora_Core.xml
+++ b/public_html/te-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
index ebb606a..6e555aa 100644
--- a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds.xml b/public_html/te-IN/opds.xml
index fba3996..377de54 100644
--- a/public_html/te-IN/opds.xml
+++ b/public_html/te-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/te-IN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/te-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/te-IN/toc.html b/public_html/te-IN/toc.html
index 1ccdf61..3895684 100644
--- a/public_html/te-IN/toc.html
+++ b/public_html/te-IN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -119,7 +138,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -146,7 +165,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/toc.html b/public_html/toc.html
index 906e9a8..2b7be08 100644
--- a/public_html/toc.html
+++ b/public_html/toc.html
@@ -1499,6 +1499,24 @@
<span id="Fedora" class="product">Fedora</span>
<div class="versions">
<div class="version">
+ <span class="version">18</span> <div class="books">
+
+ <div class="book">
+ <span id="Security_Guide" class="book">Security Guide</span>
+ <div class="types">
+
+ <a class="type" href="./en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">epub</a>
+
+ <a class="type" href="./en-US/Fedora/18/html/Security_Guide/index.html">html</a>
+
+ <a class="type" href="./en-US/Fedora/18/html-single/Security_Guide/index.html">html-single</a>
+
+ <a class="type" href="./en-US/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf">pdf</a>
+
+ </div>
+ </div>
+
+ </div> </div> <div class="version">
<span class="version">17</span> <div class="books">
<div class="book">
@@ -1526,7 +1544,7 @@
<a class="type" href="./en-US/Fedora/17/html-single/Fedora_Live_Images/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf">pdf</a>
</div>
</div>
@@ -1571,7 +1589,7 @@
<a class="type" href="./en-US/Fedora/17/html-single/Installation_Quick_Start_Guide/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf">pdf</a>
</div>
</div>
@@ -1631,7 +1649,7 @@
<a class="type" href="./en-US/Fedora/17/html-single/Security_Guide/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf">pdf</a>
</div>
</div>
@@ -2708,7 +2726,7 @@
<a class="type" href="./en-US/Fedora/11/html-single/Security_Guide/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf">pdf</a>
</div>
</div>
@@ -2999,7 +3017,7 @@
<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf">pdf</a>
</div>
</div>
@@ -3351,7 +3369,7 @@
<a class="type" href="./en-US/Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf">pdf</a>
</div>
</div>
@@ -3572,7 +3590,7 @@
<a class="type" href="./en-US/Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html">html-single</a>
- <a class="type" href="./en-US/Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf">pdf</a>
+ <a class="type" href="./en-US/Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf">pdf</a>
</div>
</div>
@@ -4352,7 +4370,7 @@
<a class="type" href="./es-ES/Fedora/11/html-single/Security_Guide/index.html">html-single</a>
- <a class="type" href="./es-ES/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-es-ES.pdf">pdf</a>
+ <a class="type" href="./es-ES/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-es-ES.pdf">pdf</a>
</div>
</div>
@@ -4920,7 +4938,7 @@
<a class="type" href="./fi-FI/Fedora/12/html-single/Fedora_Live_images/index.html">html-single</a>
- <a class="type" href="./fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf">pdf</a>
+ <a class="type" href="./fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf">pdf</a>
</div>
</div>
@@ -4953,7 +4971,7 @@
<a class="type" href="./fi-FI/Fedora/11/html-single/Fedora_Live_images/index.html">html-single</a>
- <a class="type" href="./fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf">pdf</a>
+ <a class="type" href="./fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf">pdf</a>
</div>
</div>
@@ -4971,7 +4989,7 @@
<a class="type" href="./fi-FI/Fedora/10/html-single/Fedora_Live_Images/index.html">html-single</a>
- <a class="type" href="./fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf">pdf</a>
+ <a class="type" href="./fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf">pdf</a>
</div>
</div>
@@ -5664,7 +5682,7 @@
<a class="type" href="./he-IL/Fedora/15/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./he-IL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-he-IL.pdf">pdf</a>
+ <a class="type" href="./he-IL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-he-IL.pdf">pdf</a>
</div>
</div>
@@ -5955,6 +5973,24 @@
<span id="Fedora" class="product">Fedora</span>
<div class="versions">
<div class="version">
+ <span class="version">18</span> <div class="books">
+
+ <div class="book">
+ <span id="Security_Guide" class="book">Guida alla Sicurezza</span>
+ <div class="types">
+
+ <a class="type" href="./it-IT/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-it-IT.epub">epub</a>
+
+ <a class="type" href="./it-IT/Fedora/18/html/Security_Guide/index.html">html</a>
+
+ <a class="type" href="./it-IT/Fedora/18/html-single/Security_Guide/index.html">html-single</a>
+
+ <a class="type" href="./it-IT/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-it-IT.pdf">pdf</a>
+
+ </div>
+ </div>
+
+ </div> </div> <div class="version">
<span class="version">17</span> <div class="books">
<div class="book">
@@ -6709,6 +6745,24 @@
<span id="Fedora" class="product">Fedora</span>
<div class="versions">
<div class="version">
+ <span class="version">18</span> <div class="books">
+
+ <div class="book">
+ <span id="Security_Guide" class="book">セキュリティガイド</span>
+ <div class="types">
+
+ <a class="type" href="./ja-JP/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-ja-JP.epub">epub</a>
+
+ <a class="type" href="./ja-JP/Fedora/18/html/Security_Guide/index.html">html</a>
+
+ <a class="type" href="./ja-JP/Fedora/18/html-single/Security_Guide/index.html">html-single</a>
+
+ <a class="type" href="./ja-JP/Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-ja-JP.pdf">pdf</a>
+
+ </div>
+ </div>
+
+ </div> </div> <div class="version">
<span class="version">17</span> <div class="books">
<div class="book">
@@ -6753,7 +6807,7 @@
<a class="type" href="./ja-JP/Fedora/16/html-single/Accessibility_Guide/index.html">html-single</a>
- <a class="type" href="./ja-JP/Fedora/16/pdf/Accessibility_Guide/Fedora-14-Accessibility_Guide-ja-JP.pdf">pdf</a>
+ <a class="type" href="./ja-JP/Fedora/16/pdf/Accessibility_Guide/Fedora-16-Accessibility_Guide-ja-JP.pdf">pdf</a>
</div>
</div>
@@ -6783,7 +6837,7 @@
<a class="type" href="./ja-JP/Fedora/16/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./ja-JP/Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora_Draft_Documentation-0.1-Burning_ISO_images_to_disc-ja-JP.pdf">pdf</a>
+ <a class="type" href="./ja-JP/Fedora/16/pdf/Burning_ISO_images_to_disc/Fedora-0.1-Burning_ISO_images_to_disc-ja-JP.pdf">pdf</a>
</div>
</div>
@@ -7979,7 +8033,7 @@
<a class="type" href="./nl-NL/Fedora/15/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./nl-NL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-nl-NL.pdf">pdf</a>
+ <a class="type" href="./nl-NL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-nl-NL.pdf">pdf</a>
</div>
</div>
@@ -8144,7 +8198,7 @@
<a class="type" href="./nl-NL/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
- <a class="type" href="./nl-NL/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf">pdf</a>
+ <a class="type" href="./nl-NL/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf">pdf</a>
</div>
</div>
@@ -8936,7 +8990,7 @@
<a class="type" href="./pl-PL/Fedora/15/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./pl-PL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-pl-PL.pdf">pdf</a>
+ <a class="type" href="./pl-PL/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-pl-PL.pdf">pdf</a>
</div>
</div>
@@ -10669,7 +10723,7 @@
<a class="type" href="./ru-RU/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
- <a class="type" href="./ru-RU/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-ru-RU.pdf">pdf</a>
+ <a class="type" href="./ru-RU/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-ru-RU.pdf">pdf</a>
</div>
</div>
@@ -11808,7 +11862,7 @@
<a class="type" href="./sv-SE/Fedora/15/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./sv-SE/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-sv-SE.pdf">pdf</a>
+ <a class="type" href="./sv-SE/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-sv-SE.pdf">pdf</a>
</div>
</div>
@@ -12446,7 +12500,7 @@
<a class="type" href="./uk-UA/Fedora/15/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./uk-UA/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-uk-UA.pdf">pdf</a>
+ <a class="type" href="./uk-UA/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-uk-UA.pdf">pdf</a>
</div>
</div>
@@ -12555,7 +12609,7 @@
<a class="type" href="./uk-UA/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
- <a class="type" href="./uk-UA/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf">pdf</a>
+ <a class="type" href="./uk-UA/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf">pdf</a>
</div>
</div>
@@ -13059,7 +13113,7 @@
<a class="type" href="./zh-CN/Fedora/15/html-single/Burning_ISO_images_to_disc/index.html">html-single</a>
- <a class="type" href="./zh-CN/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-zh-CN.pdf">pdf</a>
+ <a class="type" href="./zh-CN/Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-zh-CN.pdf">pdf</a>
</div>
</div>
@@ -13119,7 +13173,7 @@
<a class="type" href="./zh-CN/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
- <a class="type" href="./zh-CN/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf">pdf</a>
+ <a class="type" href="./zh-CN/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf">pdf</a>
</div>
</div>
diff --git a/public_html/uk-UA/Site_Statistics.html b/public_html/uk-UA/Site_Statistics.html
index e4e3c8f..560a149 100644
--- a/public_html/uk-UA/Site_Statistics.html
+++ b/public_html/uk-UA/Site_Statistics.html
@@ -4,22 +4,22 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
- <title>Статистика</title>
+ <title>Statistics</title>
</head>
<body class="toc_embeded">
-<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">Використано iframe. Щоб переглянути вміст цього блоку, вам слід скористатися новішою версією переглядача Інтернету, або увімкнути показ iframe.</iframe></div>
+<div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div>
<div>
-<h1 class="producttitle">Статистика</h1>
+<h1 class="producttitle">Statistics</h1>
<p>
</p>
<table class="stats">
<tr>
- <th>Мова</th>
- <th>Код</th>
- <th>Продукти</th>
- <th>Книги</th>
- <th>Версії</th>
- <th>Пакунки</th>
+ <th>Language</th>
+ <th>Code</th>
+ <th>Products</th>
+ <th>Books</th>
+ <th>Versions</th>
+ <th>Packages</th>
</tr>
<tr>
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -411,8 +411,8 @@
</table>
<div class="totals">
- <b>Загалом мов: </b>43<br />
- <b>Загалом пакунків: </b>813
+ <b>Total Languages: </b>43<br />
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/uk-UA/opds-Community_Services_Infrastructure.xml b/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
index 107bc45..c3b7f38 100644
--- a/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
+++ b/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora.xml b/public_html/uk-UA/opds-Fedora.xml
index 717c5c7..0a70dec 100644
--- a/public_html/uk-UA/opds-Fedora.xml
+++ b/public_html/uk-UA/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>uk-UA</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Запис образів ISO на диск</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-uk-UA.epub</id>
<!--author>
diff --git a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
index f3328a1..71c4de6 100644
--- a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документація для учасника розробки Fedora</title>
<subtitle>Документація для учасника розробки Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Core.xml b/public_html/uk-UA/opds-Fedora_Core.xml
index 2593bf5..adbe33f 100644
--- a/public_html/uk-UA/opds-Fedora_Core.xml
+++ b/public_html/uk-UA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
index 213ee8b..e0dea28 100644
--- a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Draft_Documentation.xml</id>
<title>Чернетки документації з Fedora</title>
<subtitle>Чернетки документації з Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds.xml b/public_html/uk-UA/opds.xml
index 922752b..3bce39b 100644
--- a/public_html/uk-UA/opds.xml
+++ b/public_html/uk-UA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/uk-UA/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/uk-UA/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Документація для учасника розробки Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Чернетки документації з Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/uk-UA/toc.html b/public_html/uk-UA/toc.html
index e357064..7d2a7c6 100644
--- a/public_html/uk-UA/toc.html
+++ b/public_html/uk-UA/toc.html
@@ -5,27 +5,27 @@
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../interactive.css" type="text/css" />
<script type="text/javascript" src="../toc.js"></script>
- <title>нав. змістом</title>
+ <title>toc nav</title>
</head>
<body class="tocnav" onload="hideNoJS();getCookie();checkCookie();checkMenu();">
<div id="closemenu" class="closemenu visible">
- <a href="#" title="Сховати меню" onclick="hideMenu();" ><img src="../images/close.png"/></a>
+ <a href="#" title="Hide Menu" onclick="hideMenu();" ><img src="../images/close.png"/></a>
</div>
<div id="openmenu" class="openmenu hidden">
- <a href="#" title="Показати меню" onclick="showMenu();"><img src="../images/open.png"/></a>
+ <a href="#" title="Show Menu" onclick="showMenu();"><img src="../images/open.png"/></a>
</div>
<div id="outer" class="outer visible">
<h1>
- <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Вітаємо</span></a>
+ <a style="background-image:url(images/web_logo.png)" href="index.html" onclick="window.top.location='index.html'" ><span>Welcome</span></a>
</h1>
<div class="tocnavwrap">
<p/>
<div class="lang">
<div class="reset">
- <a href="#" title="collapse document navigation" onclick="clearCookie();">згорнути всі</a>
+ <a href="#" title="collapse document navigation" onclick="clearCookie();">collapse all</a>
</div>
<select id="langselect" class="langselect" onchange="loadToc();">
- <option disabled="disabled" value="">Мова</option>
+ <option disabled="disabled" value="">Language</option>
<option value="as-IN">অসমীয়া</option>
<option value="bg-BG">български</option>
<option value="bn-IN">বাংলা</option>
@@ -72,14 +72,14 @@
</select>
</div>
<div class="hidden" id="nocookie">
- Після завантаження сторінок навігаційне меню буде автоматично згортатися. Увімкніть використання кук у переглядачі, щоб виправити роботу навігаційного меню.
+ The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
</div>
<div class="product collapsed" onclick="toggle(event, 'Community_Services_Infrastructure');work=1;">
<span class="product">Community Services Infrastructure</span>
<div id='Community_Services_Infrastructure' class="versions hidden">
<div id='Community_Services_Infrastructure.1' class="version collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.books');"> <div id='Community_Services_Infrastructure.1.books' class="books">
<div id='Community_Services_Infrastructure.1' class="version collapsed untranslated" onclick="toggle(event, 'Community_Services_Infrastructure.1.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Community_Services_Infrastructure.1.untrans_books' class="books hidden">
<div id='Community_Services_Infrastructure.1.Security_Policy' class="book collapsed" onclick="toggle(event, 'Community_Services_Infrastructure.1.Security_Policy.types');">
<a class="type" href="../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html" onclick="window.top.location='../en-US/Community_Services_Infrastructure/1/html/Security_Policy/index.html'"><span class="book">Security Policy</span></a>
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -138,7 +157,7 @@
</div>
</div>
<div id='Fedora.17' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.17.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.17.untrans_books' class="books hidden">
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
<a class="type" href="../en-US/Fedora/17/html/FreeIPA_Guide/index.html" onclick="window.top.location='../en-US/Fedora/17/html/FreeIPA_Guide/index.html'"><span class="book">FreeIPA Guide</span></a>
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -238,7 +257,7 @@
</div>
</div>
<div id='Fedora.16' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.16.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.16.untrans_books' class="books hidden">
<div id='Fedora.16.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.16.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/16/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -334,7 +353,7 @@
<a class="type" href="./Fedora/15/epub/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-uk-UA.epub" >epub</a>
<a class="type" href="./Fedora/15/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-uk-UA.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-uk-UA.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-uk-UA.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-uk-UA.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.15.Fedora_Live_Images' class="book collapsed">
@@ -346,7 +365,7 @@
</div>
</div>
<div id='Fedora.15' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.15.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.15.untrans_books' class="books hidden">
<div id='Fedora.15.Deployment_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.15.Deployment_Guide.types');">
<a class="type" href="../en-US/Fedora/15/html/Deployment_Guide/index.html" onclick="window.top.location='../en-US/Fedora/15/html/Deployment_Guide/index.html'"><span class="book">Deployment Guide</span></a>
@@ -471,7 +490,7 @@
</div>
</div>
<div id='Fedora.14' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.14.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.14.untrans_books' class="books hidden">
<div id='Fedora.14.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.14.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora/14/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -558,7 +577,7 @@
<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.epub" >epub</a>
<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -634,7 +653,7 @@
</div>
</div>
<div id='Fedora.13' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.13.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.13.untrans_books' class="books hidden">
<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/13/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/13/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -698,7 +717,7 @@
</div>
</div>
<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.12.untrans_books' class="books hidden">
<div id='Fedora.12.Accessibility_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.12.Accessibility_Guide.types');">
<a class="type" href="../en-US/Fedora/12/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/Fedora/12/html/Accessibility_Guide/index.html'"><span class="book">Accessibility Guide</span></a>
@@ -834,7 +853,7 @@
</div>
</div>
<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.11.untrans_books' class="books hidden">
<div id='Fedora.11.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/11/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/11/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -907,7 +926,7 @@
</div>
</div>
<div id='Fedora.10' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.10.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.10.untrans_books' class="books hidden">
<div id='Fedora.10.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/10/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/10/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -962,7 +981,7 @@
</div>
</div>
<div id='Fedora.9' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.9.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.9.untrans_books' class="books hidden">
<div id='Fedora.9.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/9/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/9/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1008,7 +1027,7 @@
</div>
</div>
<div id='Fedora.8' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.8.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.8.untrans_books' class="books hidden">
<div id='Fedora.8.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.8.Fedora_Live_Images.types');">
<a class="type" href="../en-US/Fedora/8/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/Fedora/8/html/Fedora_Live_Images/index.html'"><span class="book">Fedora Live Images</span></a>
@@ -1054,7 +1073,7 @@
</div>
</div>
<div id='Fedora.7' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.7.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora.7.untrans_books' class="books hidden">
<div id='Fedora.7.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.7.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora/7/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora/7/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1094,7 +1113,7 @@
</div>
</div>
<div id='Fedora_Contributor_Documentation.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Contributor_Documentation.1.untrans_books' class="books hidden">
<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a>
@@ -1102,7 +1121,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1154,7 +1173,7 @@
</div>
</div>
<div id='Fedora_Core.6' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.6.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.6.untrans_books' class="books hidden">
<div id='Fedora_Core.6.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.6.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/6/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/6/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1182,7 +1201,7 @@
<span class="version">5</span>
<div id='Fedora_Core.5.books' class="books hidden">
<div id='Fedora_Core.5' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.5.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.5.untrans_books' class="books hidden">
<div id='Fedora_Core.5.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.5.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/5/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/5/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1228,7 +1247,7 @@
<span class="version">4</span>
<div id='Fedora_Core.4.books' class="books hidden">
<div id='Fedora_Core.4' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.4.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.4.untrans_books' class="books hidden">
<div id='Fedora_Core.4.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Core.4.Installation_Guide.types');">
<a class="type" href="../en-US/Fedora_Core/4/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Core/4/html/Installation_Guide/index.html'"><span class="book">Installation Guide</span></a>
@@ -1260,7 +1279,7 @@
<span class="version">3</span>
<div id='Fedora_Core.3.books' class="books hidden">
<div id='Fedora_Core.3' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.3.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.3.untrans_books' class="books hidden">
<div id='Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.3.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/3/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1300,7 +1319,7 @@
<span class="version">2</span>
<div id='Fedora_Core.2.books' class="books hidden">
<div id='Fedora_Core.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.2.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.2.untrans_books' class="books hidden">
<div id='Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.2.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/2/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1331,7 +1350,7 @@
<span class="version">1</span>
<div id='Fedora_Core.1.books' class="books hidden">
<div id='Fedora_Core.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Core.1.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Core.1.untrans_books' class="books hidden">
<div id='Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems' class="book collapsed" onclick="toggle(event, 'Fedora_Core.1.Release_Notes_for_32-bit_x86_Systems.types');">
<a class="type" href="../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html" onclick="window.top.location='../en-US/Fedora_Core/1/html/Release_Notes_for_32-bit_x86_Systems/index.html'"><span class="book">Release Notes for 32-bit x86 Systems</span></a>
@@ -1370,7 +1389,7 @@
</div>
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.books');"> <div id='Fedora_Draft_Documentation.0.2.books' class="books">
<div id='Fedora_Draft_Documentation.0.2' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.2.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.2.OpenSSH_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.2.OpenSSH_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html'"><span class="book">OpenSSH Guide</span></a>
@@ -1378,7 +1397,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1396,7 +1415,7 @@
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation.0.1.untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Amateur_Radio_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation/0.1/html/Amateur_Radio_Guide/index.html'"><span class="book">Amateur Radio Guide</span></a>
@@ -1518,7 +1537,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
@@ -1538,7 +1557,7 @@
<span class="version"></span>
<div id='Fedora_Draft_Documentation..books' class="books hidden">
<div id='Fedora_Draft_Documentation.' class="version collapsed untranslated" onclick="toggle(event, 'Fedora_Draft_Documentation..untrans_books');">
- <span class="version">Не перекладено</span>
+ <span class="version">Untranslated</span>
<div id='Fedora_Draft_Documentation..untrans_books' class="books hidden">
<div id='Fedora_Draft_Documentation..User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation..User_Guide.types');">
<a class="type" href="../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Draft_Documentation//html/User_Guide/index.html'"><span class="book">User Guide</span></a>
@@ -1556,12 +1575,12 @@
</div>
</div>
<div class="nocookie" id="nojs">
- <p>Для того, щоб можна було скористатися меню навігації, слід увімкнути JavaScript.</p><p>Увімкніть JavaScript, якщо бажаєте користуватися меню навігації.</p><p>Вимкніть CSS, щоб переглянути пункти меню навігації без вмикання JavaScript.</p>
+ <p>The Navigation Menu above requires JavaScript to function.</p><p>Enable JavaScript to allow the Navigation Menu to function.</p><p>Disable CSS to view the Navigation options without JavaScript enabled</p>
</div>
<div class="bottom_links">
- <a href="../toc.html" onclick="window.top.location='../toc.html'" >Карта</a>
- <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Статистика</a>
- <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Технологія</a>
+ <a href="../toc.html" onclick="window.top.location='../toc.html'" >Map</a>
+ <a href="./Site_Statistics.html" onclick="window.top.location='./Site_Statistics.html'" >Statistics</a>
+ <a href="./Site_Tech.html" onclick="window.top.location='./Site_Tech.html'" >Tech</a>
</div>
</div>
</div>
diff --git a/public_html/zh-CN/Site_Statistics.html b/public_html/zh-CN/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/zh-CN/Site_Statistics.html
+++ b/public_html/zh-CN/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/zh-CN/opds-Community_Services_Infrastructure.xml b/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
index ae14a4b..e4b2e3a 100644
--- a/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora.xml b/public_html/zh-CN/opds-Fedora.xml
index 7db7204..50c2dd4 100644
--- a/public_html/zh-CN/opds-Fedora.xml
+++ b/public_html/zh-CN/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>zh-CN</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>将 ISO 镜像刻录到光盘</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-zh-CN.epub</id>
<!--author>
diff --git a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
index de09041..01f04f9 100644
--- a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Core.xml b/public_html/zh-CN/opds-Fedora_Core.xml
index e2652da..7487674 100644
--- a/public_html/zh-CN/opds-Fedora_Core.xml
+++ b/public_html/zh-CN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
index 21780b3..10d4c92 100644
--- a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds.xml b/public_html/zh-CN/opds.xml
index ffe6adf..a7feb5b 100644
--- a/public_html/zh-CN/opds.xml
+++ b/public_html/zh-CN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-CN/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/zh-CN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/zh-CN/toc.html b/public_html/zh-CN/toc.html
index 0e0bf48..c0b5703 100644
--- a/public_html/zh-CN/toc.html
+++ b/public_html/zh-CN/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -155,7 +174,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -334,7 +353,7 @@
<a class="type" href="./Fedora/15/epub/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-zh-CN.epub" >epub</a>
<a class="type" href="./Fedora/15/html/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html/Burning_ISO_images_to_disc/index.html';return false;">html</a>
<a class="type" href="./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html" onclick="window.top.location='./Fedora/15/html-single/Burning_ISO_images_to_disc/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-zh-CN.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15.0-Burning_ISO_images_to_disc-zh-CN.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-zh-CN.pdf" onclick="window.top.location='./Fedora/15/pdf/Burning_ISO_images_to_disc/Fedora-15-Burning_ISO_images_to_disc-zh-CN.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.15.Fedora_Live_Images' class="book collapsed">
@@ -556,7 +575,7 @@
<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.epub" >epub</a>
<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
- <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf';return false;">pdf</a>
+ <a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -876,7 +895,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -994,7 +1013,7 @@
<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -1172,7 +1191,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1436,7 +1455,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1576,7 +1595,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
diff --git a/public_html/zh-TW/Site_Statistics.html b/public_html/zh-TW/Site_Statistics.html
index ed9490f..560a149 100644
--- a/public_html/zh-TW/Site_Statistics.html
+++ b/public_html/zh-TW/Site_Statistics.html
@@ -27,8 +27,8 @@
<td>en-US</td>
<td>5</td>
<td>41</td>
- <td>20</td>
- <td>140</td>
+ <td>21</td>
+ <td>141</td>
</tr>
<tr>
@@ -54,8 +54,8 @@
<td>it-IT</td>
<td>3</td>
<td>15</td>
- <td>15</td>
- <td>46</td>
+ <td>16</td>
+ <td>47</td>
</tr>
<tr>
@@ -63,8 +63,8 @@
<td>ja-JP</td>
<td>4</td>
<td>19</td>
- <td>15</td>
- <td>44</td>
+ <td>16</td>
+ <td>45</td>
</tr>
<tr>
@@ -412,7 +412,7 @@
</table>
<div class="totals">
<b>Total Languages: </b>43<br />
- <b>Total Packages: </b>813
+ <b>Total Packages: </b>816
</div>
</body>
</html>
diff --git a/public_html/zh-TW/opds-Community_Services_Infrastructure.xml b/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
index 4d43cd8..06b3dbd 100644
--- a/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
+++ b/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora.xml b/public_html/zh-TW/opds-Fedora.xml
index ff47474..0cb98e3 100644
--- a/public_html/zh-TW/opds-Fedora.xml
+++ b/public_html/zh-TW/opds-Fedora.xml
@@ -6,13 +6,32 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<!--author>
<name></name>
<uri></uri>
</author-->
<entry>
+ <title>Security Guide</title>
+ <id>http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub</id>
+ <!--author>
+ <name></name>
+ <uri></uri>
+ </author-->
+ <updated>2012-10-29</updated>
+ <dc:language>zh-TW</dc:language>
+ <category label="18" scheme="http://lexcycle.com/stanza/header" term="free"/>
+ <!--dc:issued></dc:issued-->
+ <summary>A Guide to Securing Fedora Linux
+</summary>
+ <content type="text">The Fedora Security Guide is designed to assist users of Fedora in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused on Fedora Linux but detailing concepts and techniques valid for all Linux systems, the Fedora Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.</content>
+ <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub">
+ <dc:format>application/epub+zip</dc:format>
+ </link>
+ <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+ <entry>
<title>Burning ISO images to disc</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/17/epub/Burning_ISO_images_to_disc/Fedora-17-Burning_ISO_images_to_disc-en-US.epub</id>
<!--author>
diff --git a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
index 0474ce7..4b1c4bf 100644
--- a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Core.xml b/public_html/zh-TW/opds-Fedora_Core.xml
index b928ffd..ee293f0 100644
--- a/public_html/zh-TW/opds-Fedora_Core.xml
+++ b/public_html/zh-TW/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
index d065d38..931a7a6 100644
--- a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds.xml b/public_html/zh-TW/opds.xml
index ffa2523..fe8945e 100644
--- a/public_html/zh-TW/opds.xml
+++ b/public_html/zh-TW/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-TW/opds.xml</id>
<title>Product List</title>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/zh-TW/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:27</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora/opds-Fedora.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2012-09-28T06:09:12</updated>
+ <updated>2012-10-29T16:44:28</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/zh-TW/toc.html b/public_html/zh-TW/toc.html
index 0fa6eb7..4474e2e 100644
--- a/public_html/zh-TW/toc.html
+++ b/public_html/zh-TW/toc.html
@@ -98,6 +98,25 @@
<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
<span class="product">Fedora</span>
<div id='Fedora' class="versions hidden">
+ <div id='Fedora.18' class="version collapsed" onclick="toggle(event, 'Fedora.18.books');">
+ <span class="version">18</span>
+ <div id='Fedora.18.books' class="books hidden">
+ <div id='Fedora.18' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.18.untrans_books');">
+ <span class="version">Untranslated</span>
+ <div id='Fedora.18.untrans_books' class="books hidden">
+ <div id='Fedora.18.Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.18.Security_Guide.types');">
+ <a class="type" href="../en-US/Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/Fedora/18/html/Security_Guide/index.html'"><span class="book">Security Guide</span></a>
+ <div id='Fedora.18.Security_Guide.types' class="types hidden" onclick="work=0;">
+ <a class="type" href="../en-US/./Fedora/18/epub/Security_Guide/Fedora-18-Security_Guide-en-US.epub" >epub</a>
+ <a class="type" href="../en-US/./Fedora/18/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html/Security_Guide/index.html';return false;">html</a>
+ <a class="type" href="../en-US/./Fedora/18/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/18/html-single/Security_Guide/index.html';return false;">html-single</a>
+ <a class="type" href="../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/18/pdf/Security_Guide/Fedora-18-Security_Guide-en-US.pdf';return false;">pdf</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
<div id='Fedora.17' class="version collapsed" onclick="toggle(event, 'Fedora.17.books');">
<span class="version">17</span>
<div id='Fedora.17.books' class="books hidden">
@@ -128,7 +147,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Fedora_Live_Images/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-16-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Fedora_Live_Images/Fedora-17-Fedora_Live_Images-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.FreeIPA_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.FreeIPA_Guide.types');">
@@ -155,7 +174,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora_Draft_Documentation--Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Installation_Quick_Start_Guide/Fedora-17-Installation_Quick_Start_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.Power_Management_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.Power_Management_Guide.types');">
@@ -182,7 +201,7 @@
<a class="type" href="../en-US/./Fedora/17/epub/Security_Guide/Fedora-17-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/17/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/17/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/17/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/Fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/17/pdf/Security_Guide/fedora-17-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.17.System_Administrators_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.17.System_Administrators_Guide.types');">
@@ -878,7 +897,7 @@
<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -1093,7 +1112,7 @@
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Contributor_Documentation.1.Software_Collections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Software_Collections_Guide.types');">
@@ -1366,7 +1385,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
</div>
@@ -1506,7 +1525,7 @@
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/epub/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.epub" >epub</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html/Virtualization_Getting_Started_Guide/index.html';return false;">html</a>
<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/html-single/Virtualization_Getting_Started_Guide/index.html';return false;">html-single</a>
- <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora_Draft_Documentation-0.1-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
+ <a class="type" href="../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.1/pdf/Virtualization_Getting_Started_Guide/Fedora-18-Virtualization_Getting_Started_Guide-en-US.pdf';return false;">pdf</a>
</div>
</div>
<div id='Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Draft_Documentation.0.1.Virtualization_Security_Guide.types');">
More information about the docs-commits
mailing list